06-24-2024 11:31 AM
I have seen other threads regarding issues with SNMP to an ASA through a VPN tunnel. I can't tell 100% if this is a bug or feature:
Cisco Bug: CSCvx69918 -- SNMP queries to ASA inside over VTI tunnel does not work
Or...
This is an ASA 5506 version 9.16(4)42 using a VTI with an NMS in another network over the VPN which isn't a Cisco device. A lot of the fixes and workarounds don't seem to apply to a VTI since they are crypto map access list related. Does anybody else have this issue and how have you gotten around it? I have no "crypto map" related to this VPN connection so I can't change anything there. I have no access-list with respect to this VTI either.
Is this a feature with a solution/workaround or a bug with no way to fix other than downgrading firmware?
Solved! Go to Solution.
06-24-2024 11:38 AM
@eyetea6 what about trying Query VTI IP instead by applying snmp-server host on VTI nameif, as per the workaround in the bug you provided?
Else use SNMPV3 to query the outside interface directly, also use the control-plane ACL to restrict IP address/networks to send SNMP to interface.
06-24-2024 11:38 AM
@eyetea6 what about trying Query VTI IP instead by applying snmp-server host on VTI nameif, as per the workaround in the bug you provided?
Else use SNMPV3 to query the outside interface directly, also use the control-plane ACL to restrict IP address/networks to send SNMP to interface.
06-24-2024 12:09 PM
I had tried adding VTI as snmp-server host in ASDM but that interface wasn't an option unlike the other inside and outside interfaces. Shoud I try to add the command manually in the CLI and it still be valid? Just not sure if it's valid since ASDM didn't want to offer it as an SNMP interface.
I can try looking into querying outside interface with SNMPv3 and an ACL as well.
06-24-2024 01:24 PM
I added the snmp-server command to poll on the virtual tunnel interface and then it started working. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide