Solved: ASA firewall 5520 in ciscoworks 2.6

thetnaing00 · ‎08-06-2007

i have asa firewall that need to be monitored but when i try to discover using snmp string,i say unreachable.is it because i need to upgrade my CM OR RME package.i upgraded CS device package.i check with network guys and i is not blocking ping from LMS server.at least it should discover,right?thanks for your reply in advance.

Joe Clarke · ‎08-08-2007

You need to pick a starting OID, or expect to wait a _long_ time. It's best to test something simple like sysObjectID as a starting OID. Yes, you can use SNMP Walk on devices that are reported as unreachable, but you will need to use correct SNMP credentials before the SNMP Walk utility will work. So, if you know the credentials are correct when using SNMP Walk, but it reports that the walk timed out, then there is something blocking the SNMP traffic, or your credentials or device configuration is still wrong.

View solution in original post

Joe Clarke · ‎08-07-2007

If the device is not SNMP reachable, then no package updates will ever fix that. Verify the SNMP community strings with your network guys, and make sure the CiscoWorks server is allowed to query it via SNMP (this is completely independent from pings, but ICMP will also be required for DFM).

You can use the SNMP Walk utility under Device Center to test to make sure the community string configured in the Device Credential Repository is correct.

thetnaing00 · ‎08-08-2007

hi

yes i used snmp walk under device center for some devices,but the windows appear with blank white screen and take a few minutes and i end up closing that windows.why is that so?for asa firewall,it is appearing as unreachable.can i also use snmp walk on devices which is shown unreachable?thanks for your reply.

Joe Clarke · ‎08-08-2007

You need to pick a starting OID, or expect to wait a _long_ time. It's best to test something simple like sysObjectID as a starting OID. Yes, you can use SNMP Walk on devices that are reported as unreachable, but you will need to use correct SNMP credentials before the SNMP Walk utility will work. So, if you know the credentials are correct when using SNMP Walk, but it reports that the walk timed out, then there is something blocking the SNMP traffic, or your credentials or device configuration is still wrong.

thetnaing00 · ‎08-09-2007

hi

i used snmp walk on the asa firewall 5520 and it works.i can see device hostname and other information shown in snmp walk result.but it still shows me unreachable under device discovery and device data collection unknown.any comments?thanks

Joe Clarke · ‎08-09-2007

The ASA devices are not supported by Campus Manager, so they will not show up as known in Data Collection. Provided the community strings are correct in your Device Discovery settings, and the ASA devices are added as seed devices, they should be reachable for discovery. However, if they are already in DCR, then you don't need to worry about discovery finding them. What really matters if apps like RME and DFM can communicate with them.