Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA/PIX Discovery in topology


   I  am wondering whether there are any protocols/mibs that can be used for discovering ASA/pix in network just like CDP for Cisco Routers/Switches?

Hall of Fame Super Silver

ASA/PIX Discovery in topology

No. The best you can do is query the device with snmp to do things like retrieve the configuration and values of counters (input, output, etc.).

That's 'by design'. The theory is that firewalls should not be giving up too much information about themselves to discuvery type of tools. Some people even recommend turning off CDP on routers and switches - a bit extreme in general in my opinion good practive for publicly exposed devices / interfaces anyhow.

Community Member

Re: ASA/PIX Discovery in topology


  Thanks for your response. I  do understand the design considerations of an ASA for not publishing through CDP. I  am interested in a way  to figure out all the connections ASA has with other devices in the network,  like interface info etc.

I am wondering whether there is any specific MIB or some other means to query for the connectivity info.



Hall of Fame Super Silver

ASA/PIX Discovery in topology

You can query the ASA using SNMP, if you have allowed it, and get information as noted in this document. Of particular use may be the following:


To get information about interfaces in either the admin or user context, you can use the IF-MIB's:

snmpwalk -v 2c -c public  ifDescr
IF-MIB::ifDescr.1 = STRING: Adaptive Security Appliance 'inside' interface
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'outside' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'mgmt' interface


CreatePlease to create content