Solved: Re: SNMP Poll PIX Through VPN Tunnel

d.tickell · ‎06-22-2006

I have a pix in the UK that connects via the internet to a VPN concentraiter in Aus.

I have a network monitoring box in AUS that I want to poll the PIX in the UK.

The problem is that I want to monitor the internal interface of the pix, and have the traffic go via the ipsec tunnel.

So it looks like:

NMBox --FW--VPN CON--Internet--PIX-Inside

I can see the udp connection hit the pix in the logs, but it does not appear to return the traffic. The SNMP config off the pix is:

snmp-server host inside 1.1.1.1 poll

!

snmp-server community someDodgeySNMPstring

snmp-server enable traps

Any ideas would be most appreciated :)

Thanks

jmia · ‎06-23-2006

Daniel,

What you need to do is enable on your UK PIX management access (presuming your PIX code is 6.3+), for the inside interface i.e.

(in config mode)

management-access inside

Now if you ping the inside interface IP from Aus you'll get a reply from the PIX. BTW, you can also run PDM now too.

Hope this helps and pls rate posts! :)

Jay

View solution in original post

genght · ‎06-22-2006

hi,

Hope this link can solve your question.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094469.shtml

grant.maynard · ‎06-23-2006

I don't know about polling the inside interface over a VPN to the outside, but you can defintely monitor the outside interface. We NAT on the local (to the NMS) pix to make the addresses more convenient.

jmia · ‎06-23-2006