Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3236
Views
5
Helpful
5
Replies

Can't connect with SNMP

Go to solution
qbakies11
Level 1
Level 1

‎02-02-2010 01:14 PM - edited ‎03-11-2019 10:04 AM

I have a third party tool I'm trying to use and it wants to connect through SNMP to gather information.  I can connect to my Cisco switches and routers but not my ASAs.  They all use the same community 'pubs'.

DAYASA# sh run snmp-server
snmp-server host Inside 192.168.200.13 poll community pubs version 2c
snmp-server host Inside 192.168.200.53 community pubs
snmp-server location Day
no snmp-server contact
snmp-server community pubs
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog

The 192.168.200.53 IP is my MARS unit and it talks to the ASA so I know SNMP works, at least, in part.  The tool I'm trying to use isn't on a specific machine but shouldn't 'snmp-server community pubs' allow anything to connect?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9
In response to qbakies11

‎02-02-2010 02:15 PM

what is the IP of your PC ?

YOu need to allow SNMP access from your PC to the ASA...

snmp-server host inside 192.168.x.x poll community public

where 192.168.x.x is the ip address of your PC...

refer to the following URL for more info:

http://www.ciscosystems.ch/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml#snmptothepix

Hope this helps.. all the best..

Raj

View solution in original post

0 Helpful
5 Replies 5

Go to solution
sachinraja
Level 9
Level 9

‎02-02-2010 01:42 PM

What is the IP address of your tool ? you can define another snmp-server host inside 192.168.200.x (ip of your tool) to make the tool access the ASA via SNMP..

Raj

0 Helpful

Go to solution
qbakies11
Level 1
Level 1
In response to sachinraja

‎02-02-2010 02:08 PM

It is on my laptop which is DHCP so I didn't want to lock it down to a specific IP.

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to qbakies11

‎02-02-2010 02:15 PM

what is the IP of your PC ?

YOu need to allow SNMP access from your PC to the ASA...

snmp-server host inside 192.168.x.x poll community public

where 192.168.x.x is the ip address of your PC...

refer to the following URL for more info:

http://www.ciscosystems.ch/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml#snmptothepix

Hope this helps.. all the best..

Raj

0 Helpful

Go to solution
qbakies11
Level 1
Level 1
In response to sachinraja

‎02-03-2010 05:23 AM

Thanks for the help.  I'll put the tool on one of my utility servers so I don't have to worry about changing the IP in the future.

Just to be clear the statement:

snmp-server community pubs

is not a generic snmp statement to allow any device to connect to the ASA as long as they have the correct community string?

0 Helpful

Go to solution
francisco_1
Level 7
Level 7
In response to qbakies11

‎02-03-2010 05:33 AM

You will need to define the SNMP community string on the ASA to martch the string on your SNMP server. A community string acts as a shared secret password that authenticates any management station's SNMP polls that should match between the incoming pools and the firewall itself. Default string on the frewall is "public". Make sure both your NNM and Firewall match..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card