SNMP and PIX ver. 7.x question.

johnleeee · ‎02-16-2007

Hi all,

I have question related to downloading

configuration of PIX with snmp protocol.

Iv configured support of snmp on our PIX

but when I want to download config I see

that I have only RO access.

Is it possible to have RW access to PIX and which MIBs should I compile to be able download config from PIX?

Thanks a lot for help in advance.

BR.

jl

smunzani · ‎02-16-2007

To my knowledge PIX doesn't support RW access because it considers it a security risk. Use open source tool RANCID for config backup. It works across SSH and uses "write term" command to capture the config.

shomar · ‎02-16-2007

Hi jl

the PIX doesn't provide SNMP write access for sure, it only provides SNMP read and trap access, so I am sorry but there is no way to have SNMP write access :)

check the following link:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/trouble.htm#wp1042029

Kindest Regards,

Shadi`

johnleeee · ‎02-17-2007

Hi all,

now Im really unhappy. Iv installed

a new free monitoring tool and I can

download to database config from our

switches. But PIX config no.

Ill try to install RANCID.

Do you know some other similar tool like RACID?

Or is it the best?

When I want to browse MIB I use GetIF.

Thanks a lot for advice.

BR

jl

scheikhnajib · ‎02-22-2007

It's not disappointing at all mate ... I would be really disappointed if the PIX did support RW SNMP ...

SNMP is not a secure protocol and using it to write to a security appliance is mad ... Cisco did the right thing ...

Cheers.

S.

daviddtran · ‎02-22-2007

what makes you thing that SNMP is not a secure

protocol? Have you ever used SNMP version 3?

Cisco should make snmp version 3 available on

security appliance and let the market decides.

Nokia/CP and Juniper firewalls have snmp version

3 available on their firewalls for years.

David

CCIE Security