cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
2
Replies

Trouble with SNMP polling new VPN peer

zeu7
Level 1
Level 1

Am in a spot of bother with getting my SNMP management station (running Solarwinds) to poll a PIX501 firewall at a remote location connected via VPN.

The remote PIX501 had its peer changed from the PIX535 to a VPN Concentrator that sits side-by-side with the PIX535.

Although i can ping, etc to the devices behind the PIX, i still cant telnet to the remote PIX501 or get SNMP to poll it.

I also changed the default routing to get to the remote network, to not point to the PIX535's inside interface, but to point instead to the VPN Concentrator's inside interface.

Attached is a sketch layout for a better idea.

How can i correct this ?

Mark

2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

Try the following:

pix(config)#management-access inside

Poll the inside interface and it should work.

HTH and please rate.

I was able to identify and fix the problem.

Problem was the SNMP management station was attempting to poll the outside interface of the remote peer (the PIX 501). This firewall had traffic from its outside interface to the network that the SNMP management station resides in specified as interesting traffic in the ACL that the crypto map specified.

On the VPN Concentrator side though, I had only specified the remote peer's local network in the "Configuration | Tunneling and Security | IPSec | LAN-to-LAN" connection section's Remote network.

I changed this to use a Network List i created to include both the remote local network and the remote peer's outside interface.

This sorted the problem straight away, as now the remote peer (PIX 501) was receiving encrypted traffic to its outside interface from the SNMP management station's local network, as it was expecting to, whereas before it was receiving unencrypted traffic, yet it was expecting to receive it encrypted.

Goes to prove that ACLs on each peer must match, else you get into all sorts of a muddle.

I will try out your solution in a test environment, and see if that works too.

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: