if it is the second case -> of allowing SNMP access you can configure access-lists... by default ASA allows traffic from inside to outside (unless you have an ACL already).. for access from outside to inside, you need ACLs
I believe this answers Raj's question to some extent. Meaning I understand it is "THROUGH" the firewall and not "TO" the firewall. Still, I am not sure where the monitoring server is and where the windows servers are.
monitoring server-----(inside)---------ASA-----(dmz or outside)---- windows server
You do not need to configure anything special since you have the following configured already.
access-list inside1 extended permit ip any any
windows servers ----(inside) --------ASA------(dmz or outside)---monitoring server.
If it is the above, then we need to create static translation for all the inside servers.
You can do either nat exemption with acl or static identity or static pat for udp port 161
Permission you already have this configured ccess-list outside1 extended permit ip any any
You may want to tighten this ACL.
assuming the monitoring server is on the outside:
static (i,o) i.i.i.i i.i.i.i ----> this is identity static
static (i,o)o.o.o.o i.i.i.i -----> where o.o.o.o is the translated address and i.i.i.i is the internal address
nat (inside) 0 access-list nat0 - --> this is nat exemption with acl
access-list nat0 permit ip i.i.i.0/24 x.x.x.x
Now, knowing what whatsup gold does and how it needs to be configured I would place whatsup gold where all the servers are so, it can monitor them without having to go through the firewall. But, you know your network better than we do so, the above are your options.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...