Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
0
Helpful
2
Replies

cisco asa 5580 standby firewall failed respond to snmp requests

CSCO11492216
Level 1
Level 1

‎07-15-2014 11:36 PM - edited ‎03-11-2019 09:28 PM

Hi All,

we have cisco asa 8.2(5), observed that snmp server is not getting the reply from the standby firewall sometimes for a fraction of seconds and some times it lasts for 5-6 mins, and automatically it comes up. Snmp server is getting connected to Inside interface of the firewalls through cisco switches.

Below is the snmp & failover cfg. Can some one help ??

failover

failover lan unit secondary
failover lan interface faillink GigabitEthernet3/3
failover polltime unit 2 holdtime 6
failover replication http
failover link faillink GigabitEthernet3/3
failover interface ip faillink 10.1.2.1 255.255.255.252 standby 10.1.2.2

 

snmp-server host inside 10.x.x.x poll community ****** version 2c
snmp-server host inside 10.y.y.y.y poll community ****** version 2c
snmp-server location 1st Floor ABCDE
snmp-server contact Vendor
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps entity config-change fru-insert fru-remove

Labels:
0 Helpful
2 Replies 2

CSCO11492216
Level 1
Level 1

‎07-15-2014 11:48 PM

Hi,

 

Below is the show snmp-server statistics output from the standby ASA.

 

SDCFWLINET01# sho snm st
774463 SNMP packets input
    0 Bad SNMP version errors
    2 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    1201914 Number of requested variables
    0 Number of altered variables
    47628 Get-request PDUs
    726833 Get-next PDUs
    0 Get-bulk PDUs
    0 Set-request PDUs (Not supported)
774461 SNMP packets output
    0 Too big errors (Maximum packet size 512)
    613 No such name errors ( In Active ASA this value shows as "0")
    0 Bad values errors
    0 General errors
    774461 Response PDUs
    0 Trap PDUs

 

0 Helpful

CSCO11492216
Level 1
Level 1
In response to CSCO11492216

‎07-20-2014 10:54 PM

Hi ,

 

I am getting the below mentioned alert from ASA during the issue.

 

Jul 21 2014 11:19:00 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:03 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:06 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:20 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:23 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:26 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:40 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:43 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.
Jul 21 2014 11:19:46 FWLINET01 : %ASA-3-212005: incoming SNMP request (523 bytes) from IP address X.X.X.X  Port 57239  Interface "inside" exceeds data buffer size, discarding this SNMP request.

Suggestion From Cisco : 

ASA-3-212005: incoming SNMP request (number bytes) on interface int_name
exceeds data buffer size, discarding this SNMP request. 

Explanation This is an SNMP message. This message reports that the length
of the incoming SNMP request, destined for the PIX Firewall, exceeds the
size of the internal data buffer (512 bytes) used for storing the request
during internal processing; therefore, PIX Firewall is unable to process
this request. This does not affect the SNMP traffic passing through the PIX
Firewall via any interface. 

Action Have the SNMP management station resend the request with a shorter
length, for example, instead of querying multiple MIB variables in one
request, try querying only one MIB variable in a request. This may involve
modifying the configuration of the SNMP manager software. 
"

Regards,

Jhony

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card