you out there...got another question for you.
Configured SNMP community string on at 6509 FWSM. appears I can only set a RO (which is not a problem). I'm able to SSH to the FWSM IP, but when i config CiscoWorks Common Services to add the device, using standard credentials and the SNMP v2 community string, it bombs with the following error:
"session to device failed. Cause: Authentication failed on device."
It appears to be auth, but I'm certain, both the standard credentials and the SNMP community string are correct.
I ran an SNMP walk with OID .18.104.22.168.22.214.171.124 and it also fails with:
Failed to snmpwalk the device. Please check your community string and starting OID, and try again.
I thought possibly the SNMP timeout was catching me again, but after setting to 10secs, continues to fail.
Checked the ICServer.log, and nothing that would indicate the problem.
Any help would be appreciated.
some additional info from the IC_Server.log:
ERROR,[Thread-15],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,547, Unreachable device
You need to add a line like:
snmp-server host inside HOST poll community STRING
Where HOST is the IP address of the LMS server.
This is what you would do for the PIX/ASA. I assume there is a similar (if not the same) command for the FWSM.
Well, that doesnt appear to be the issue either.
when i run the command for snmp-server host, it prompts that there is only a VLAN available (which is a vlan that we use for access)...when i use the vlan, and then the IP of LMS, results are the same...authentication failure.
FWNAME/context(config)# snmp-server host ?
configure mode commands/options:
Current available interface(s):
The symptoms point to you either using the wrong community string, or SNMP traffic is being denied. You might want to enable some logging on the FWSM to see if the SNMP packets are arriving on the module.
roger..i've pounded that community string in there multiple times, so i'm confident, it isnt that...access through the FW allows IP any...so, i'm scratchin the ole head right now...i'll turn on some logging and gather some anay on it...thanks for the thoughts...