02-16-2007 10:56 AM - edited 03-11-2019 02:34 AM
Hi all,
I have question related to downloading
configuration of PIX with snmp protocol.
Iv configured support of snmp on our PIX
but when I want to download config I see
that I have only RO access.
Is it possible to have RW access to PIX and which MIBs should I compile to be able download config from PIX?
Thanks a lot for help in advance.
BR.
jl
02-16-2007 11:24 AM
To my knowledge PIX doesn't support RW access because it considers it a security risk. Use open source tool RANCID for config backup. It works across SSH and uses "write term" command to capture the config.
02-16-2007 12:51 PM
Hi jl
the PIX doesn't provide SNMP write access for sure, it only provides SNMP read and trap access, so I am sorry but there is no way to have SNMP write access :)
check the following link:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/trouble.htm#wp1042029
Kindest Regards,
Shadi`
02-17-2007 03:31 AM
Hi all,
now Im really unhappy. Iv installed
a new free monitoring tool and I can
download to database config from our
switches. But PIX config no.
Ill try to install RANCID.
Do you know some other similar tool like RACID?
Or is it the best?
When I want to browse MIB I use GetIF.
Thanks a lot for advice.
BR
jl
02-22-2007 06:21 AM
It's not disappointing at all mate ... I would be really disappointed if the PIX did support RW SNMP ...
SNMP is not a secure protocol and using it to write to a security appliance is mad ... Cisco did the right thing ...
Cheers.
S.
02-22-2007 06:48 AM
what makes you thing that SNMP is not a secure
protocol? Have you ever used SNMP version 3?
Cisco should make snmp version 3 available on
security appliance and let the market decides.
Nokia/CP and Juniper firewalls have snmp version
3 available on their firewalls for years.
David
CCIE Security
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: