Saturday, January 3, 2015

Configuring SNMP on Cisco ASA Firewall

I was populating ASA firewalls to our new Network Management System (NMS), which is Solarwinds Orion. First, I need to enable and allow SNMP on the ASA firewall before it can be polled for statistical data. The NMS IP address should also be reachable by the ASA, so I created a static route to point the NMS IP subnet which is located on the "inside" network.

ciscoasa(config)# route inside 10.111.0.0 255.255.255.0 172.27.6.1

ciscoasa(config)# snmp-server ?

configure mode commands/options:
  community    Configure the community string
  contact      Text for mib object sysContact
  enable       Enable/Disable snmp-server or particular traps
  group        Define User Security Model Group
  host         Specify hosts to receive SNMP traps and send SNMP polls
  host-group   Provide range of hosts
  listen-port  Configure the SNMP engine's listening port
  location     Text for mib object sysLocation
  user         Define a user who can access the SNMP engine
  user-list    Define a user list to be associated with hostname
ciscoasa(config)# snmp-server host ?

configure mode commands/options:
Current available interface(s):
  inside          Name of interface GigabitEthernet0/1.300
  management      Name of interface Management0/0
  outside         Name of interface GigabitEthernet0/0
ciscoasa(config)# snmp-server host inside ?

configure mode commands/options:
  Hostname or A.B.C.D  IP address of SNMP notification host
ciscoasa(config)# snmp-server host inside 10.111.0.10 ?

configure mode commands/options:
  community  SNMP community string for this host
  poll       Only allow polling from this host
  trap       Only send traps to this host
  udp-port   The notification host's UDP port number
  version    SNMP version to use for notification messages
  <cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community ?

configure mode commands/options:
  0               Specifies an UNENCRYPTED password will follow
  8               Specifies an ENCRYPTED password will follow
  WORD < 33 char  SNMP community string
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco ? 

configure mode commands/options:
  udp-port  The notification host's UDP port number
  version   SNMP version to use for notification messages
  <cr>
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version ?                       

configure mode commands/options:
  1   Use SNMPv1
  2c  Use SNMPv2c
  3   Use SNMPv3
ciscoasa(config)# snmp-server host inside 10.111.0.10 community cisco version 2c







No comments:

Post a Comment