I was populating ASA firewalls to our new Network Management System (NMS), which is Solarwinds Orion. First, I need to enable and allow SNMP on the ASA firewall before it can be polled for statistical data. The NMS IP address should also be reachable by the ASA, so I created a static route to point the NMS IP subnet which is located on the "inside" network.
ciscoasa(config)# route inside 10.111.0.0 255.255.255.0 172.27.6.1
ciscoasa(config)# snmp-server ?
configure mode commands/options:
community Configure the community string
contact Text for mib object sysContact
enable Enable/Disable snmp-server or particular traps
group Define User Security Model Group
host Specify hosts to receive SNMP traps and send SNMP polls
host-group Provide range of hosts
listen-port Configure the SNMP engine's listening port
location Text for mib object sysLocation
user Define a user who can access the SNMP engine
user-list Define a user list to be associated with hostname
ciscoasa(config)# snmp-server host ?
configure mode commands/options:
Current available interface(s):
inside Name of interface GigabitEthernet0/1.300
management Name of interface Management0/0
outside Name of interface GigabitEthernet0/0
ciscoasa(config)# snmp-server host inside ?
configure mode commands/options:
Hostname or A.B.C.D IP address of SNMP notification host
ciscoasa(config)# snmp-server host inside 10.111.0.10 ?
configure mode commands/options:
community SNMP community string for this host
poll Only allow polling from this host
trap Only send traps to this host
udp-port The notification host's UDP port number
version SNMP version to use for notification messages
<cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community ?
configure mode commands/options:
0 Specifies an UNENCRYPTED password will follow
8 Specifies an ENCRYPTED password will follow
WORD < 33 char SNMP community string
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco ?
configure mode commands/options:
udp-port The notification host's UDP port number
version SNMP version to use for notification messages
<cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version ?
configure mode commands/options:
1 Use SNMPv1
2c Use SNMPv2c
3 Use SNMPv3
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version 2c
ciscoasa(config)# route inside 10.111.0.0 255.255.255.0 172.27.6.1
ciscoasa(config)# snmp-server ?
configure mode commands/options:
community Configure the community string
contact Text for mib object sysContact
enable Enable/Disable snmp-server or particular traps
group Define User Security Model Group
host Specify hosts to receive SNMP traps and send SNMP polls
host-group Provide range of hosts
listen-port Configure the SNMP engine's listening port
location Text for mib object sysLocation
user Define a user who can access the SNMP engine
user-list Define a user list to be associated with hostname
ciscoasa(config)# snmp-server host ?
configure mode commands/options:
Current available interface(s):
inside Name of interface GigabitEthernet0/1.300
management Name of interface Management0/0
outside Name of interface GigabitEthernet0/0
ciscoasa(config)# snmp-server host inside ?
configure mode commands/options:
Hostname or A.B.C.D IP address of SNMP notification host
ciscoasa(config)# snmp-server host inside 10.111.0.10 ?
configure mode commands/options:
community SNMP community string for this host
poll Only allow polling from this host
trap Only send traps to this host
udp-port The notification host's UDP port number
version SNMP version to use for notification messages
<cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community ?
configure mode commands/options:
0 Specifies an UNENCRYPTED password will follow
8 Specifies an ENCRYPTED password will follow
WORD < 33 char SNMP community string
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco ?
configure mode commands/options:
udp-port The notification host's UDP port number
version SNMP version to use for notification messages
<cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version ?
configure mode commands/options:
1 Use SNMPv1
2c Use SNMPv2c
3 Use SNMPv3
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version 2c
