Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco PIX snmp not working

Hi, I'm trying to get info about a PIX with snmp but it's not working, I get a timeout when I try to query it. I'm asking to the inside interface over VPN, It works fine and I see all the computers on that subnet. I think I just need an ACL but I'm not managing to do it right. The config is posted, it's pretty simple. Thanks.

13 REPLIES

Re: Cisco PIX snmp not working

Can you ping 192.168.3.29 from the pix? If you can, then try to allow udp 161 through your acl for just that one host.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Cisco PIX snmp not working

No, I can't ping that host from the PIX. But I can ping from the computers on that subnet to the 192.168.3.0 net. Thanks.

Re: Cisco PIX snmp not working

Hi,

Can you do the test again, and right after, show us the output of the command below on your firewall:

show logging | inc A.B.C.D

where A.B.C.D is the IP address of the machine you are testing from.

New Member

Re: Cisco PIX snmp not working

Return is null. Back to the command prompt, empty result.

Re: Cisco PIX snmp not working

Try changing the snmp-server line to outside.

snmp-server host outside 192.168.3.29

See if that works.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Re: Cisco PIX snmp not working

Is not working . . . anyways why would I allow to send to the outside iface ? The connection is encrypted and so I ask the inside iface, right ?

Cisco Employee

Re: Cisco PIX snmp not working

Xavier,

If I understand the set up correctly, you are trying to do a SNMP Poll through the VPN Tunnel. If so, you need the below command:

management-access inside

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/mr.html#wp1137951

Without the above command, you will not able to ping, https, http, snmp, etc to the inside interface of the pix across a VPN Tunnel.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: Cisco PIX snmp not working

Ok, good ! Now I can ping, but I get a "CRITICAL" on the nagios script when I try to get the info for the iface "ethernet0". Do you have any experience around ? It works on all my other cisco routers, load balancers etc.

New Member

Re: Cisco PIX snmp not working

When I do a snmpwalk to the router, It does not give me back nothing . . . Maybe I have to do something more to make snmp work =?

Cisco Employee

Re: Cisco PIX snmp not working

Hi,

Can you change the below configuration:

snmp-server host inside 192.168.3.29

to

snmp-server host outside 192.168.3.29

And let me know if it works.

Regards,

Arul

*Pls rate all helpful posts*

New Member

Re: Cisco PIX snmp not working

It's done, working. The guy that said management is closed for inside interface by default was correct. I'm monitoring the inside and outside interfaces with graphing via nagios. Thank you all.

Cisco Employee

Re: Cisco PIX snmp not working

Thanks for the update! Also, please do update the forum that the issue is resolved, so others who run into similar issues can benefit out of the post.

Regards,

Arul

New Member

Re: Cisco PIX snmp not working

This resolved the same issue I had with nagios monitoring of my ASA firewall over a VPN.

1226
Views
4
Helpful
13
Replies
CreatePlease login to create content