Enable SNMP on PIX 515?|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by John Oliver on May 16, 2006, 10:30 pm
Please log in for more thread options
interface) for polls only to try to monitor traffic, etc. However, a portscan shows 161 as closed. What else do I need to do? -- * John Oliver http://www.john-oliver.net/ * * Reform California gun laws - http://www.reformcagunlaws.com/ * * http://www.gunownersca.com - http://www.crpa.org/ * * San Diego shooters come to http://shooting.forsandiego.com/ * | ||||||||||||||||||||||
|
Posted by Walter Roberson on May 17, 2006, 12:05 am
Please log in for more thread options It's a firewall -- it isn't going to respond to a portscan ;-) More to the point: SNMP is designed so that if you do not use the correct community name in the packet, then no response will be generated. You don't get an "incorrect community" response packet, there just isn't any answer. Thus, a trial packet doesn't show anything useful; and the PIX doesn't send back ICMP port-unreachable or network-unreachable messages for anything. | ||||||||||||||||||||||
|
Posted by Martin Latos on May 17, 2006, 6:11 am
Please log in for more thread options
> It's a firewall -- it isn't going to respond to a portscan ;-)
Not true. > More to the point: SNMP is designed so that if you do not use
> the correct community name in the packet, then no response will > be generated. You don't get an "incorrect community" response packet, > there just isn't any answer. Thus, a trial packet doesn't show > anything useful; and the PIX doesn't send back ICMP > port-unreachable or network-unreachable messages for anything. Basic config could look like this access-list inside_access_in permit udp host 192.168.255.110 any eq snmp snmp-server host inside 192.168.255.110 poll snmp-server location My_location snmp-server contact bigballs@yahoo.com snmp-server community mycommunitystring Tho I have my polling station inside (thus the ACL name). I check if it's working by doing snmpwalk -v1 -c mycommunitystring ip.of.my.pix ML | ||||||||||||||||||||||
|
Posted by Merv on May 17, 2006, 6:56 am
Please log in for more thread options Try using the PIX capture command to see if the box is actually
receiving SNMP packets If you want to receive SNMP traps, then also config: snmp-server host inside 192.168.255.110 trap | ||||||||||||||||||||||
|
Posted by John Oliver on May 17, 2006, 12:22 pm
Please log in for more thread options On 17 May 2006 03:56:36 -0700, Merv wrote:
> Try using the PIX capture command to see if the box is actually
> receiving SNMP packets > > If you want to receive SNMP traps, then also config: > snmp-server host inside 192.168.255.110 trap Turned out that the problem was I hadn't used snmpwalk in a long, looong time, and I didn't know you had to specify the SNMP version or use a -c now :-) All is well. Thanks, all! -- * John Oliver http://www.john-oliver.net/ * * Reform California gun laws - http://www.reformcagunlaws.com/ * * http://www.gunownersca.com - http://www.crpa.org/ * * San Diego shooters come to http://shooting.forsandiego.com/ * | ||||||||||||||||||||||
| Similar Threads | Posted |
| Enable SNMP on PIX 515? | May 16, 2006, 10:30 pm |
| enable 3500 snmp agent | March 20, 2009, 8:04 pm |
| Enable SSH | September 27, 2005, 7:41 am |
| How to enable SSH access? | April 11, 2006, 10:34 am |
| VPDN Enable | December 1, 2006, 10:10 am |
| ctcp enable | May 15, 2007, 7:29 am |
| cdp enable/disable? | May 18, 2007, 10:16 am |
| Using AAA for enable mode | June 7, 2007, 10:16 pm |
| Can't enable ipv6 | October 19, 2007, 8:09 pm |
| have 2 enable passwords? | November 27, 2007, 3:57 pm |
| no enable prompt | January 9, 2008, 11:54 pm |
| enable 3des on pix | March 11, 2005, 6:23 am |
| how to enable the vpn ports in the pix firewall | September 13, 2005, 9:23 am |
| Enable SSL for Outlook Web Access | September 22, 2005, 1:11 pm |
| Cisco 2600 using Enable | October 13, 2005, 9:33 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>interface) for polls only to try to monitor traffic, etc. However, a
>portscan shows 161 as closed. What else do I need to do?