Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ISA570 - SNMP on WAN Interface

Hi,

anyone collecting SNMP statistics over the WAN Interface? I can walk the tree from the DEFAULT Lan, but when I set trusted host to 0.0.0.0 I don't get a resonse from the WAN IF. Created a new firewall rule for this, doesn't help.

Any ideas?

Michael

Please rate all helpful posts       

Michael Please rate all helpful posts
7 REPLIES

Re: ISA570 - SNMP on WAN Interface

I'm not, but you did add a permit for source ANY (or whatever IP) to WAN service SNMP and it still didn't work? I know technically speaking to polling SNMP over the Internet is a security risk because it's all clear text. I wonder if Cisco has it off for WAN with no means of turning it on.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Re: ISA570 - SNMP on WAN Interface

Yep, I add a rule for SNMP, also I saw some hitcounts on the rule (but have accept), but no action.

I did a capture on the WAN seeing the inbound SNMP but no reply.

Seems that it's only allowed on the LAN IF

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Re: ISA570 - SNMP on WAN Interface

I'm assuming you're using SNMP v1/v2.  Have you tried SNMP v3?  Since it includes security, including encryption, it may be that SNMP access via the WAN interface is limited to v3.  It uses the same TCP/UDP Ports of 161/162 if you want to try it.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Re: ISA570 - SNMP on WAN Interface

I found the error, under Remote Administration, the Allow Address must match your source, even if you set 0.0.0.0 (like recommended from the docs)

Thanks

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Re: ISA570 - SNMP on WAN Interface

What??!! That sounds more like a bug than a fix. Are you going to open a case with SBSC so they can address it? Nice catch nonetheless.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Cisco Employee

ISA570 - SNMP on WAN Interface

Hi Ciscomax,

We cannot reproduce this issue. Could you please send me your

system diagnostic files ? or open a case with SBCS.

thanks

Wei

ISA570 - SNMP on WAN Interface

I'm fine with my solution, thanks

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
1096
Views
0
Helpful
7
Replies
CreatePlease login to create content