Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

All SNMP to DMZ

I need help configuring my PIX to allow SNMP to the DMZ from my management subnet.

the management subnet is 192.168.45.0/24(inside firewall), the lan subnet 10.1.40.0/24 (inside) and the DMZ is 172.17.6.0/24

I need to have my management station alert me if my web server goes down. The management station works with all subnets but the DMZ.

I've tried several different acl combinations but none seems to work.

Things I've tried:

access-list 100 permit udp 192.168.45.0 255.255.255.0 172.17.6.0 255.255.255.0 eq snmp

static (dmz,inside) udp CCNETMON snmp 172.17.6.0 snmp netmask 255.255.255.255 0 0

static (inside,dmz) udp 172.17.6.0 snmp CCNETMON snmp netmask 255.255.255.255 0 0

1 REPLY
New Member

Re: All SNMP to DMZ

Can inside hit DMZ at all?

To allow management to dmz you need...

static (inside,dmz) 192.168.45.0 192.168.45.0 netmask 255.255.255.0

Where is access-list 100 applied to?

207
Views
0
Helpful
1
Replies