05-14-2010 12:31 PM - edited 03-11-2019 10:45 AM
I have the following setup:
R--H1
|
F
|
H2
R: 3840
F: ASA 5510
H: Hosts 1 and 2
I am trying to get SNMP info from the router to H2 but snmpwalk errors with no response from router. I can get info from H1 and neither interface on router is preventing SNMP traffic from coming or going.
Is there something that needs to be configured to allow SNMP traffic (orginating from INSIDE) to reply? (Also note that there is no Inspect Maps blocking and SNMP versions).
Thanks
05-14-2010 12:34 PM
Hi,
On the ASA you would need a STATIC NAT (if nat-control is enabled) and an ACL permitting the traffic. --> This is if the connection originates from the outside
If the connection originates from the inside, then you need NAT (if nat-control is enabled) and if there's an ACLapplied to the inside interface, you need to make sure the traffic is permitted.
Federico.
05-14-2010 12:48 PM
Yes, there is NAT where H2 is on the INSIDE, and the router is on the OUTSIDE.
I have allowed all IP inbound on the INSIDE interface and I do not have this issue with other UDP protocols (such as ntp).
05-14-2010 12:52 PM
Ok,
So you mentioned that the SNMP traffic will be originated from the inside (from H2)?
If there's NAT and ACL permission, then it should work.
You can do a Packet Tracer test from ASDM or from CLI to see if the traffic is passing through fine.
Federico.
11-25-2012 01:30 AM
I also have a similar problem. I have gone through the Cisco Documentation, It says that ASA Firewall by default have NAT and PAT Limitations for SNMP traffic. That means the the NAT traffic for routers SNMP can not be passed through ASA by default. Please check table 40-1 on http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html
I am also looking for the solution by which the defaullt can be twiked and the SNMP traffic is allowed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide