Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4759
Views
0
Helpful
6
Replies

Monitoring ASA from Zabbix behind the site-to-site

dvecherkin1
Level 1
Level 1

‎03-22-2017 10:07 AM

Hello.

I need help with configuring ASA to monitor via SNMP from Zabbix.

On Zabbix for a given pattern, it tries to read the data via SNMP from the ASA from the address 10.82.130.1.
In the ASA Logs, you can see that the packets reach ASA. But there are no answers on OID. Schema of network is  in attachement.

Result of the command: "sh run | inc snmp"

snmp-server host LAN 10.82.150.2 trap community ***** version 2c udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
inspect snmp

crypto map vpn-to-etex 2 match address TO_DC
crypto map vpn-to-etex 2 set peer IP-Address
crypto map vpn-to-etex 2 set ikev1 transform-set TO_DC
crypto map vpn-to-etex 2 set reverse-route

Result of the command: "sh run | inc nat"

nat (LAN,any) source static obj-10.82.130.0 obj-10.82.130.0 destination static obj-10.0.0.0 obj-10.0.0.0 no-proxy-arp route-lookup

Thank you.

PS. We solved our problem, we allowed connect on Wan interface.

Labels:
Preview file
49 KB
0 Helpful
6 Replies 6

Karsten Iwen
VIP
VIP

‎03-22-2017 01:34 PM

you need to configure the following command on the ASA:

management-access inside
0 Helpful

dvecherkin1
Level 1
Level 1
In response to Karsten Iwen

‎03-22-2017 01:46 PM

management-access inside

I have this command in configuration and it's not help.

0 Helpful

Karsten Iwen
VIP
VIP

‎03-22-2017 01:54 PM

I just see that you have configured your "snmp-server" with the "trap" keyword. That means that only the sending of traps are allowed and not the polling of the device. Reconfigure it without that keyword.

0 Helpful

dvecherkin1
Level 1
Level 1
In response to Karsten Iwen

‎03-23-2017 02:51 AM

I changed configuration:

snmp-server host LAN 10.82.150.2 community ***** version 2c udp-port 161

But It's not help:

root@zabbix:~# snmpwalk -v2c -c public 10.82.130.1
Timeout: No Response from 10.82.130.1

Have you any ideas?

0 Helpful

dvecherkin1
Level 1
Level 1

‎03-23-2017 08:40 AM

I can see packets from zabbix, but snmp isn't working. Packets is lost.


6 Mar 23 2017 17:34:36 302015 10.82.150.2 59249 10.82.130.1 161 Built inbound UDP connection 1912500 for inetukr:10.82.150.2/59249 (10.82.150.2/59249) to identity:10.82.130.1/161 (10.82.130.1/161)

0 Helpful

Karsten Iwen
VIP
VIP
In response to dvecherkin1

‎03-23-2017 08:48 AM

Try "debug snmp", perhaps something meaningful shows up ...

0 Helpful
Customers Also Viewed These Support Documents