Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
842
Views
0
Helpful
3
Replies

ASA/PIX Discovery in topology

chandra1677
Level 1
Level 1

‎01-18-2012 04:50 PM - edited ‎03-11-2019 03:16 PM

Hi:

   I  am wondering whether there are any protocols/mibs that can be used for discovering ASA/pix in network just like CDP for Cisco Routers/Switches?

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2012 07:46 AM

No. The best you can do is query the device with snmp to do things like retrieve the configuration and values of counters (input, output, etc.).

That's 'by design'. The theory is that firewalls should not be giving up too much information about themselves to discuvery type of tools. Some people even recommend turning off CDP on routers and switches - a bit extreme in general in my opinion good practive for publicly exposed devices / interfaces anyhow.

0 Helpful

chandra1677
Level 1
Level 1
In response to Marvin Rhoads

‎01-19-2012 11:07 AM

Marvin:

  Thanks for your response. I  do understand the design considerations of an ASA for not publishing through CDP. I  am interested in a way  to figure out all the connections ASA has with other devices in the network,  like interface info etc.

I am wondering whether there is any specific MIB or some other means to query for the connectivity info.

Thanks,

Chandra.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to chandra1677

‎01-19-2012 03:54 PM

You can query the ASA using SNMP, if you have allowed it, and get information as noted in this document. Of particular use may be the following:

"

To get information about interfaces in either the admin or user context, you can use the IF-MIB's:

snmpwalk -v 2c -c public  ifDescr

IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'inside' interface
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'outside' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'mgmt' interface

"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card