Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP V2 FWSM

J,

You monitoring today? Have another question for you...running snmp v2 on a cisco fwsm...i'm running into an issue when attempting to perform inventory, I'm getting credentials invalid error. Have adjusted the SNMP timeout to 30 secs (incrementally), I've reviewed the firewall to ensure SNMP is being allowed (acl - ip any any). Have verified the credential setup in works and on the FW (very simple community string). I've reviewed the IC_Server.log, with the following output provided (in part)...

[ Mon Feb 09 14:22:06 CST 2009 ],ERROR,[Thread-18],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,547, Unreachable device <MY IP ADDRESS OF FWSM> com.cisco.nm.xms.xdi.DeviceAccessException: SnmpRequestTimeout on <MY IP ADDRESS OF FWSM> while performing SnmpGet at index = -1

com.cisco.nm.xms.xdi.DeviceAccessException: SnmpRequestTimeout on <MY IP ADDRESS OF FWSM> while performing SnmpGet at index = -1

It appears to be an SNMP timeout issue, but???

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SNMP V2 FWSM

This error indicates that either SNMP is not making it to the FWSM, the FWSM is denying it, or the community string is wrong.

For SNMP, you also need to allow polling. For the PIX/ASA, the command is:

snmp-server host INTERFACE HOST poll community COMMUNITY

Where INTERFACE is the interface name on which SNMP traffic will be arriving, HOST is the IP address of the polling host, and COMMUNITY is the community string to be used.

You can verify that SNMP is working by using the SNMP Walk tool from CiscoWorks' Device Center. Use sysObjectID as a starting OID.

9 REPLIES
Cisco Employee

Re: SNMP V2 FWSM

This error indicates that either SNMP is not making it to the FWSM, the FWSM is denying it, or the community string is wrong.

For SNMP, you also need to allow polling. For the PIX/ASA, the command is:

snmp-server host INTERFACE HOST poll community COMMUNITY

Where INTERFACE is the interface name on which SNMP traffic will be arriving, HOST is the IP address of the polling host, and COMMUNITY is the community string to be used.

You can verify that SNMP is working by using the SNMP Walk tool from CiscoWorks' Device Center. Use sysObjectID as a starting OID.

New Member

Re: SNMP V2 FWSM

thanks J...I believe my co-worker discovered the snmp-server host information last night...thanks for you quick response as always.

New Member

Re: SNMP V2 FWSM

Hey J,

another situation, same systems...got the snmp working (with your advise above), the device credential verification succeeds on telnet, snmp v2c and ssh (turned on telnet temporarily only). however, when i run the config archive, it fails with a credentials or snmp timeout error...I increased the snmp timeout to 10 secs, and same error...I checked the IC_server.log and see no errors during the timeframe I ran the config archive...I'm using SSH as the primary config archive protocol and telnet as a second...am i missing something here?

Cisco Employee

Re: SNMP V2 FWSM

IC_Server.log has nothing to do with configuration archive. The log is dcmaservice.log. What is the exact error you get when performing a Sync Archive?

New Member

Re: SNMP V2 FWSM

my bad...thanks for setting me straight on the logs...

heres the exact error:

CM00139 Could not archive config Cause: Action: Verify that device is managed and credentials are correct. Increase timeout value, if required.

thnks

bruce

New Member

Re: SNMP V2 FWSM

another development...I ran the credential verification again using both the ssh protocol and the "SSH Enable Mode User Name and Password" check. it passes the protocol check, but fails with "Enable username credential missing." However, I do have the enable password set in device management/edit device credentials.

Cisco Employee

Re: SNMP V2 FWSM

Go ahead and start a new thread for the configuration management issue. It does not appear to have anything to do with SNMP.

New Member

Re: SNMP V2 FWSM

another development...I ran the credential verification again using both the ssh protocol and the "SSH Enable Mode User Name and Password" check. it passes the protocol check, but fails with "Enable username credential missing." However, I do have the enable password set in device management/edit device credentials.

New Member

Re: SNMP V2 FWSM

Hey J,

another situation, same systems...got the snmp working (with your advise above), the device credential verification succeeds on telnet, snmp v2c and ssh (turned on telnet temporarily only). however, when i run the config archive, it fails with a credentials or snmp timeout error...I increased the snmp timeout to 10 secs, and same error...I checked the IC_server.log and see no errors during the timeframe I ran the config archive...I'm using SSH as the primary config archive protocol and telnet as a second...am i missing something here?

606
Views
0
Helpful
9
Replies