Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

able to ping PIX 501 but not SNMP

i'm able to ping the outside interface of our PIX 501 but i'm not able to get any SNMP stats. i'm sure the PIX is config-ed alittle too tightly.

i'm not the one who set it up so i'm don't know which command will loosen it up.

Thanks

here is the config for reference:

PIX Version 6.3(1)

interface ethernet0 10baset

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password yRWxZrM.WqHNW5QV encrypted

passwd 6xrNSBzsamLXqLkj encrypted

hostname KWCH-statefair

domain-name themeganet.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

access-list 102 permit ip 10.30.6.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list 102 permit ip 10.30.6.0 255.255.255.0 10.200.0.0 255.255.0.0

access-list 103 permit ip 10.30.6.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list 103 permit ip 10.30.6.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list 101 permit ip 10.30.6.0 255.255.255.0 10.30.40.0 255.255.248.0

access-list 101 permit ip 10.30.6.0 255.255.255.0 10.30.16.0 255.255.248.0

access-list 101 permit ip 10.30.6.0 255.255.255.0 10.30.24.0 255.255.248.0

access-list 101 permit ip 10.30.6.0 255.255.255.0 10.31.40.0 255.255.255.0

pager lines 24

logging on

logging monitor debugging

logging buffered debugging

mtu outside 1400

mtu inside 1500

ip address outside 68.99.115.199 255.255.255.224

ip address inside 10.30.6.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 103

nat (inside) 1 10.30.6.0 255.255.255.0 0 0

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 68.99.115.193 1

route outside 207.243.40.7 255.255.255.255 70.165.98.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 10.30.6.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community hiway

no snmp-server enable traps

no floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set strong esp-3des esp-md5-hmac

crypto map toRichmond 5 ipsec-isakmp

crypto map toRichmond 5 match address 101

crypto map toRichmond 5 set peer 64.148.165.242

crypto map toRichmond 5 set transform-set strong

crypto map toRichmond 10 ipsec-isakmp

crypto map toRichmond 10 match address 102

crypto map toRichmond 10 set peer 12.5.1.200

crypto map toRichmond 10 set transform-set strong

crypto map toRichmond interface outside

isakmp enable outside

isakmp key ******** address 12.5.1.200 netmask 255.255.255.255

isakmp key ******** address 64.148.165.242 netmask 255.255.255.255

isakmp identity address

isakmp keepalive 500 60

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 28800

telnet 64.148.165.242 255.255.255.255 outside

telnet 172.16.0.0 255.255.0.0 inside

telnet 10.30.6.0 255.255.255.0 inside

telnet 10.30.40.0 255.255.248.0 inside

telnet timeout 5

ssh 207.243.40.7 255.255.255.255 outside

ssh 66.136.242.129 255.255.255.255 outside

ssh 10.30.6.0 255.255.255.0 inside

ssh 10.200.24.0 255.255.248.0 inside

ssh 10.30.40.0 255.255.248.0 inside

ssh timeout 5

console timeout 0

dhcpd address 10.30.6.1-10.30.6.32 inside

dhcpd dns 10.30.47.4 10.30.47.7

dhcpd wins 10.30.47.4

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain kbsad.local

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:f0cc1b0a4205617b2b0bdb70b2a84c5a

1 ACCEPTED SOLUTION

Accepted Solutions

Re: able to ping PIX 501 but not SNMP

7 REPLIES

Re: able to ping PIX 501 but not SNMP

You need to configure a location that is allowed to query SNMP. Here's an example-

snmp-server host inside 172.16.210.252 poll

This will allow the host 172.16.210.252 to access SNMP on the PIX.

Hope that helps.

New Member

Re: able to ping PIX 501 but not SNMP

the 172.16.210.252 is the source IP or the target?

Thanks

Re: able to ping PIX 501 but not SNMP

Source IP. The host that will be querying the PIX.

New Member

Re: able to ping PIX 501 but not SNMP

okay, cool. i will give it a shot.

Thanks

New Member

Re: able to ping PIX 501 but not SNMP

i put:

snmp-server host inside 10.30.41.60 poll

and it's still not working.

BUT i wasn't able to ping that 41.60 IP.

so i guess i'll need to open the PIX so that i can do that 1st.

New Member

Re: able to ping PIX 501 but not SNMP

do you rmemeber what the cmd is to let pings out the PIX?

Re: able to ping PIX 501 but not SNMP

998
Views
0
Helpful
7
Replies
CreatePlease to create content