Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Passing SNMP traffic through pix firewall

Hello,

I have enabled SNMP-Server in my Cisco router and passing the traps to a host in the inside network of the pix firewall.

The SNMP monitoring application, says that it is unavailaible to gather information from the router.

I checked the router and it says it is passing snmp traps to the router.

I believe snmp traffic is blocked by my pix firewall. what command should I issue for the pix firewall to allow snmp traffic to the inside host

Here is the output of my sh snmp from server

User Access Verification

Password:

routerA#sh snmp

Chassis: JAD07030DW6 (2680431549)

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

4 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

4 Trap PDUs

SNMP logging: enabled

Logging to A.B.C.D.162, 0/10, 4 sent, 0 dropped.

routerA#

I also dont understand, why .162 is added after my internal host receiving snmp traps.

Thanks,

Chandru

1 REPLY
Purple

Re: Passing SNMP traffic through pix firewall

Hi Chandru,

Firstly, the reason you see the .162 is that SNMP traps are sent to UDP port 162. The output is merely indicating this with the .162 following the server IP...

Now, if you wish to allow SNMP traffic through your firewall, ensure that the following line is present in the appropriate access-list on your firewall...

access-list permit udp x.x.x.x m.m.m.m x.x.x.x m.m.m.m eq snmp

access-list permit udp x.x.x.x m.m.m.m x.x.x.x m.m.m.m eq snmptrap

Hope that helps.

Pls remember to rate posts.

Regards,

Paresh.

861
Views
3
Helpful
1
Replies