Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

How do I configure SNMP Traps for port 80 on ASA??

Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??


Hi- We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if someone has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE.  So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.

Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all. great, Im there.

I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.

I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.

thanks

bryan

1 REPLY
Hall of Fame Super Silver

How do I configure SNMP Traps for port 80 on ASA??

I'd see this as a two step process: 1. create events based on the behavior you want to monitor and then 2. have the ASA alert you when those events occur.

1. I'd think if you create an explicit allow ACE for port 80 outbound and set it to log hits you could then parse your syslog for those hits. ASA syslogs tend to be pretty chatty though so you might have a lot to go through. It depends on what you're using as a syslog server as to how easy that might be. You could crank the log level up to critical or whatever for that ACE and then use that that as sort of a pre-processing filter.

2. You could then send logging events of the specified severity level (or of a defined message list - perhaps best option for this use case) out as traps or e-mails. See the entries for event lists, logging traps and logging mail in this document.

579
Views
0
Helpful
1
Replies
CreatePlease to create content