Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
0
Helpful
4
Replies

SNMP Monitor PIX throught VPN tunnel

network
Level 1
Level 1

‎01-23-2005 06:37 PM - edited ‎02-21-2020 01:33 PM

I have two Cisco PIX 515e firewalls configured in fail-over. The primary PIX has private address 192.168.1.5 and the secondary PIX (standby) has a private address 192.168.1.6. The PIX firewalls are running IOS 6.3.3. I'm connecting to the PIX firewalls through a VPN tunnel (PIXes terminate VPN tunnel) and my monitoring system uses SNMP to monitor devices behind the PIX firewalls and the primary PIX private IP address. I would also like to monitor the standby IP address 192.168.1.6 from the tunnel and have been unsuccessful thus far. I can do this from behind the PIX, but not through the tunnel (only the primary PIX).

Is there a way I can SNMP monitor (and PING) the IP address of the standby PIX through the VPN tunnel?

Please send email to frank.pikelner@blue-dot.ca

Thank you,

frank

Labels:
0 Helpful
4 Replies 4

turnbull
Level 1
Level 1

‎01-23-2005 09:17 PM

Hi Frank,

Normally you cannot access the inside interface of the PIX from outside. Only the local interface is pingable.

The following command bypasses this feature for just the situation you have.

management-access

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#wp1137951

Give this a try and see how it goes,

Cheers,

Paul.

0 Helpful

turnbull
Level 1
Level 1
In response to turnbull

‎01-24-2005 01:26 PM

Paul,

Thank you for your email. Yes, we currently use this command to monitor the active private IP of the active PIX firewall through the VPN tunnel. What I would like to be able to monitor is the private IP address of the standby PIX firewall (has a different IP address while in standby mode) – would like to make sure that it too is up and running (I can do this today for other PIX firewalls from the inside, but not through the tunnel.

Best regards,

Frank Pikelner

Hi Frank,

Don’t think you are going to get that to work due to the routing issues. Sending syslog messages to the snmp server is the only way I’ve done it in the past. Have you given this a try?

http://cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html#wp1052111

http://cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide09186a00800896ac.html

I hope this is of some help.

Cheers,

Paul.

0 Helpful

network
Level 1
Level 1
In response to turnbull

‎01-30-2005 08:26 PM

Paul,

Thank you for the information. I will use your suggestion. Can you or anyone else explain why I can not monitor the IP address of the standby PIX (while in standby mode) through the VPN tunnel terminating on the PIX? Is this just not possible due to routing or just not a feature Cisco included in the IOS? Keep in mind that monitoring the IP from the inside works just fine.

I need this to monitor customer equipment from a central site.

Thank you,

Frank

0 Helpful

mohsinali9
Level 1
Level 1
In response to network

‎05-23-2011 03:41 AM

Hi,

I am facing similar kind of problem. Over VPN I am not able to poll secondary PIX interfaces. I was not able to locate any solution to this problem. Can anyone help on this. thanks!

Best

Ali

0 Helpful
Customers Also Viewed These Support Documents