FWSM vs PIX515E - OVO SNMP walk denied on FWSM, PIX OK
I SNMP walk (udp 161) to an AS/400 from one server behind a PIX515E and the return udp packet picks a random port between 5000 and 6000 and the PIX lets it back in OK w/o an ACL specifically allowing it.
I SNMP walk (udp 161) to an AS/400 from another server behind a FWSM and the return udp packet picks a random port between 5000 and 6000 and the FWSM denies it back in logging a message that ACL "outside" is blocking.
If I allow the entire udp range the FWSM allows it.
How can this be? What's the difference between the PIX 7.1(2) and the FWSM 3.1(4) and how it handles returning SNMP walks on random udp ports?
Might a fixup or inspect help on the FWSM? I don't want to open a 1000-port range if I can help it.
Re: FWSM vs PIX515E - OVO SNMP walk denied on FWSM, PIX OK
The security appliance provides support for network monitoring using SNMP V1 and V2c. The security appliance supports traps and SNMP read access, but does not support SNMP write access.You can configure the security appliance to send traps (event notifications) to a network management station (NMS), or you can use the NMS to browse the MIBs on the security appliance. MIBs are a collection of definitions, and the security appliance maintains a database of values for each definition.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...