I have several remote office that I poll using Orion and RRD. I have one office inparticular that will not let me poll from the outside . I am using the same type of router with the same access rules but it will not work. This router can be pinged and accesses from outside but SNMP won't work. SNMP works from the inside however.
The router being used is a 3825 with IOS 12.4(20)T1
Any suggestions would be greatly appreciated.
The most likely causes are interface ACLs, control-plane ACLs, or SNMP community ACLs. Therefore, it would be helpful to see the running config from this router. You might also consider enabling "debug snmp packet" on the router to confirm the packets are making it to the outside interface.
I turned on debugging and it isn't even hitting that interface. Now I need to investigate why that router out of all of the ones I am monitoring is not getting accessed.
I am wondering if the router is faulty. I tried using SNMP from a completely different location and still could not get in. I took the access-list off of the community string as well as the serial interface and still nothing. Even when I turnaed all debugging off and took the access-list off of the interface, I was still getting messages on the router with block and permit statements pertaining to the access-list that wasn't even applied to an interface.
I don't know what errors you're seeing now, but you still have access-lists applied to your Serial0/0/0:0.101 interface, your ip http server, and your vtys. Your interface ACL does not appear to allow SNMP queries to the serial IP:
access-list 101 permit udp host 18.104.22.168 host 22.214.171.124 eq snmp log-input
access-list 101 permit udp host 126.96.36.199 host 188.8.131.52 eq snmp log-input
access-list 101 deny udp any any eq snmp log-input
However, it should allow polling of the GigabitEthernet IP. from those two hosts.
i am trying to poll the GigabitEthernet IP. I am not getting any errors. when i ran the debug snmp packets, I never saw any hits at all. The upstream router is from the ISP obviously but i can't imagine them blocking only SNMP.
If you're not seeing any debug messages nor are you seeing the ACL 101 hit counter increasing, then it is logical to assume that something upstream is blocking SNMP. This may be the ISP, or something else on your local end.
If you want to verify SNMP is working at all, you can enable snmp-server manager on the router, then use the following to poll it:
snmp get v1 184.108.40.206 COMMUNITY oid system.1.0
Where COMMUNITY is your community string.
This should provide you with the device's sysDescr.