ASA 5580 not sending traps

Unanswered Question
May 13th, 2010
User Badges:

I must be missing something in the config as this is happening on multiple ASA's. I have the following config in place and not receiving any traps on our management servers. I don't even see the Trap PDU's increasing in the snmp-server statistics. Any suggestions and advice is much appreciated.



snmp-server host inside 10.235.42.38 community ****

snmp-server host inside 10.236.32.34 community ****

snmp-server host inside 10.236.36.34 community ****

snmp-server host inside 10.236.43.34 community ****

snmp-server location MEH

no snmp-server contact

snmp-server community *****

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

snmp-server enable traps ipsec start stop

snmp-server enable traps entity config-change fru-insert fru-remove

snmp-server enable traps remote-access session-threshold-exceeded



logging enable

logging standby

logging list snmp message 212001-212015

logging console snmp

logging trap debugging

logging asdm informational

logging host inside 10.236.38.36

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Fri, 05/14/2010 - 02:08
User Badges:
  • Cisco Employee,

You are missing the famous "snmp-server enable" line.

You have all the enable on specific feature but didn't globally enable snmp


Hope that resolves the issue.

jjbbiirrdd_73 Fri, 05/14/2010 - 14:09
User Badges:

I did put this command in but I believe it's already on by default as you will only see the "no snmp-server enable" listed in the running config. Either way were still not getting or sending traps from these firewalls. Any other suggestions?

Jennifer Halim Fri, 05/14/2010 - 21:21
User Badges:
  • Cisco Employee,

Are you able to ping the snmp servers from the firewall? Is the snmp server subnet directly connected to the firewall, or multiple hops away? Another thing to note is between the ASA and the snmp servers, are there any other firewall, or ACL that might be blocking the snmp traps?


If you run packet capture on the ASA firewall inside interface, are you seeing the snmp traps being sent out?


Lastly, what does the output of "show snmp-server statistics" show?

Actions

This Discussion