06-13-2008 11:54 AM - edited 03-11-2019 05:59 AM
We get the following error message on the ASA5505 on 8.03/ASDM 603 from our Network monitoring device.
Adaptive Security Appliance 'outside' interface [ifIndex=2].
Please advise.
Thanks in anticipation.
06-13-2008 12:05 PM
You never mentioned any error?
What NMS are you using?
Perhaps its placed on the inside and it is trying to SNMP Poll/Ping the Outside interface as well (like most NMS). And this is not allowed by the elite security rules of the Cisco firewall :). By default you cannot ping any of the firewall's interface while traversing THROUGH the firewall (i.e. you have to be at the 'back' of the interface to ping it).
Regards
Farrukh
06-13-2008 12:16 PM
Hi Farrukh,
We are using "intermapper".
This is the NMS statemnt we have on the ASA:
snmp-server host inside 10.20.2.245 community xxx version 2c.
The error message is:
Probe Type: SNMP - Cisco Pix (port 161 SNMPv1)
Condition: Adaptive Security Appliance 'outside' interface [ifIndex=2]
Thanks.
06-13-2008 12:33 PM
The command you mentioned is correct, but its for sending traps. The error you see is for polls. I think the error most probably is the one I mentioned earlier:
"Perhaps its placed on the inside and it is trying to SNMP Poll/Ping the Outside interface as well (most NMS try to ping/poll all interfaces/IP discovered on a device). And this is not allowed by the elite security rules of the Cisco firewall :). By default you cannot ping any of the firewall's interface while traversing THROUGH the firewall (i.e. you have to be at the 'back' of the interface to ping it). " For example if you are on the inside interface, you cannot ping the firewall's outside interface, however you can ping machines BEYOND the firewall's interface on the outside.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide