I am trying to monitor my ASA 5505. This asa is connect via a ip-sec tunnel to our network. I have no problems with snmp monitoring devices behind the ASA, but when trying to monitor the asa itself I do not get a SNMP response.
View 2 RepliesHow I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
I am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies View RelatedI'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies View RelatedNeed to know the step by step procedure for monitoring site-to-site VPN tunnel (up/down) using SNMP on Cisco ASA 5505.
View 1 Replies View RelatedI have a question regarding failover monitoring on the ASA5505 in an active/standby configuration.
I understand that on the 5505 you create VLAN interfaces and then assign the VLANs to the 5505 switchports. With failover configured on the 5505, the VLAN interface names are monitored. For example, VLAN 100 interface named Inside is assigned to ethernet0/1, switchport mode access. When issuing a show failover command the output will show the monitor status of interface Inside..
Does failover monitor the VLAN virtual interface only? Does failover also monitor the link status of the ethernet0/1 switchport?
We have one pair Cisco ASA 5505 located in different location and there are two point to point links between those two locations, one for primary link (static route w/ low metric) and the other for backup (static route w/ high metric). The tracked options is enabled for monitoring the state of the primary route. the detail parameters regarding options as below,
Frequency: 30 seconds Data Size: 28 bytes
Threshold: 3000 milliseconds Tos: 0
Time out: 3000 milliseconds Number of Packets: 8
[code]....
I'm not sure if the setting is so sensitive that the secondary static route begins to work right away, even when some small link flappings occur. What is the best practice to set those parameters up in the production environment. How can we specify the reasonanble monitoring options to fit our needs.
Before upgrading to 8.4(4)1 I was able to ping our inside interface accross the VPN. Now I cannot. Because ping is not working, my SNMP server thinks that the device is offline however I know the VPN tunnel is still up and the remote branch office is working fine. Here is the config of the branch office ASA 5505 in question. How to get icmp working again?
ASA Version 8.4(4)1
!
hostname BranchASA5505
domain-name houston.deh
[Code].....
We currently have a few 5505s installed at client sites which are connected via s2s ipsec VPN to our datacenter's 5510. We are using Nagios to monitor the local data center and remote client infrastructure (over the VPNs) which has been working well.
We would like to also monitor the remote 5505s using SNMP over the s2s tunnels but it doesn't seem to be working, the connection is timing out. We've configured the remote 5505s with the same snmp statement we used on the 5510 (snmp-server host inside <remote datacenter IP> poll community ***** version 2c) yet the Nagios SNMP check cannot connect to the remote 5505s. We've also tried the command using 'outside' without any luck, not sure how to get SNMP to route over the VPN.
I am trying to poll the 5 minute average CPU utilization of my Cisco Aironet 1252 (IOS version 12.4(25d)JA) using SNMP OID .1.3.6.1.4.1.9.2.1.58.0.However for some reason I am not getting any response back from the aironet. Note I am able to retrive the memory utilization without a problem.
View 1 Replies View RelatedI am trying to add ACS 1121 (ver 5.3) to monitoring and seems that MIB are missing. Need MIB for this device which I can use in monitoring tool.
View 1 Replies View Related how snmp monitoring works when we have WLC in the networking.Before the WLC 5508 instalation, we had the Nagios monitoring each Access Point in the networking. Today, the Nagios still monitoring the networking, but the Nagios cannot get the same information of the APs (CPU, status interface, memory, etc).Now, the WLC controls each AP, the IP address, netmask, community (of all AP) are the same before the WLC instalation. I have tried to configure the SNMP information in Management>>SNMP>>Communities, but these configuration are from WLC and not from each AP.
How can I configure the SNMP setting in my AP to still use the Nagios to monitoring the networking?
I have 5 installations of ACS appliances (ACS 1121 running ACS 5.3). Is there a way to monitor them via SNMP? The AD client keeps dying on one of them, and even with the newest patch it's not up. Also, i want to monitor them up/down, CPU, memory... basic network monitoring to make sure my devices are healthy.
Any one know if that can be configured? I figured i'd ask here before opening a TAC.
I am building a few 3750 stacks, I want to be able to poll/monitor each individual switch in the stack but as it only has 1 ip associated with the stack how can I do this. I am polling the uplink interfaces but as I only have uplinks on the top and bottom switch I am blind to a switch going down in the middle of the stack.
View 4 Replies View RelatedI'm a C# programmer and as part of my software I need to monitor some Cisco Catalyst 3560V2 24 switches using SNMP (By reading MIB/S data).Apparently this switch supports more than 50 different MIBs.My question is which MIB/MIBS contains general health data (parameters) that may determine if the switch is OK, Degraded or Malfunctioned.
View 0 Replies View RelatedI was positively surprised to find the optical transmit/receive values using the show fiber-ports optical-transceiver detailed command on a SG300-10.
Now I'm wondering if there is also a SNMP-MIB to query these values? I've already tried the CISCO-ENTITY-SENSOR-MIB used by the larger devices running Cisco IOS, but this didn't work.
I have two 6509E's configured with VSS. In this configuration, is it possible to monitor the CPU and memory of each switch independently using SNMP?
View 1 Replies View RelatedI'm running 12.2(33)SXJ1 on a 6500 with several IPv6 BGP peers. Is there any way to monitor the BGP status of IPv6 peers? I've been through the BGP4 mib and cant seem find a way to check the status of IPv6 peers.
View 4 Replies View RelatedWe have C7206VXR NPE-G2 platform with transceiver which support DOM.Could we monitor DOM tx/rx level statistic through snmp for 7206 platform?In CLI result of command "sh interf GigabitEthernet0/1 transceiver" give some information.We tried search for some MIB In "MIB locator" on cisco.com.
View 2 Replies View RelatedIs temperature monitoring via snmp supported on Cisco 2801 routers? when i perform a snmpwalk i donot get the associated value for the oids.
View 2 Replies View RelatedHaving a strange issue with RDP to a XP machine through a L2L tunnel.Tunnel is between an ASA5505 and ASA5510. Site A 5510, Site B 5505 I have a handful of Win7 and XP Dev machines running on ESXi 4.1 within Site A.Site B to Site A I can RDP to all Server 2008 and W7 machines(physical and virtual).I can also RDP to a physical XP machine.I can ping the XP VMs by name and IP successfully.I cannot RDP to the 5 XP VMs running on the ESXi 4.1 host Site A to Site B I can RDP from the XP VMs on the ESXi 4.1 host to any machine within Site B.Within Site A I can RDP to these XP VMs AnyConnect I can AnyConnect into Site A and RDP to the XP VMs I have tried to Telnet on 3389 to the XP VMs with no success.
View 4 Replies View Relatedis there a way in LMS 4.0 to generate a notification when a VPN tunnel drops on an ASA 5500?
View 1 Replies View RelatedWe have around 20 VPN tunnel via Cisco Router 2821 (Intranet) and around 30 VPN tunnel via Cisco ASA (Internet) with 3rd Parties/Vendors.I wanna know if there is any monitoring tools from Cisco or any others providers who can give me information/trend report about VPN tunnel Up/Down time, Volumns of Traffic, Protocols etc.
View 2 Replies View RelatedI'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client.
Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
I'm trying to establish a VPN tunnel between our main office running a Cisco ASA 5505 [8.3(2)] and a remote user using a Cisco Small Business WRVS4400N firmware version V2.0.1.3.
The Cisco ASA 5505 is already configured to allow incoming IPSec VPN connections via the Cisco VPN Client. Is this possible, and if so, how would I go about doing so? The remote user has a static IP address as well as the main office.
For a customer I have configured a new ASA 5505 firewall with 8.42 software. I had to build 3 ipsec tunnels to different locations and firewalls. All tunnels are working except one. I have to translate the inside network 1 to 1 to a different private range before it is sent over the tunnel. Each host from network 192.168.133.0 /24 has to be translated to a 192.168.112.0 /24 host and then sent over the tunnel. (e.g. 192.168.133.22 translated to 192.168.112.22)
View 3 Replies View RelatedWe have a Cisco ASA 5520 supporting multiple VPNs - both remote-access and Lan-to-Lan. We would like to monitor the bandwidth utilization of the IPSec Lan-to-Lan tunnels.
View 3 Replies View RelatedI have weird problem with a Site to site VPN tunnel from a Cisco ASA 5505 to an Clavister Firewall.When I restart the Cisco ASA 5505 the tunnel is up and down,up, down, down, and I get all strange messages when I see if the tunnel is up or down with the syntax: [code]
After a while like 5-10 min the vpn site to site tunnel is up and here is the strange thing happening I have all accesslists and tunnel accesslists right I can only access one remote network (Main site Clavister Firewall) trought the vpn tunnel behind the Cisco ASA 5505, and I have 5 more remote networks that I want to access but only one remote network is working trought the vpn tunnel behind the Cisco ASA. I see that when I do this syntax in ASA: show crypto ipsec sa.They had a Clavister Firewall before on that site before and now they have a Cisco ASA 5505 and all the rules on the main site thats have the big Clavister Firewall is intact so the problems are in the Cisco ASA 5505. [code]
All these remote networks are at the Main Site Clavister Firewall.
I have a 5505 asa code version 8.3(2). Trying to set up a site to site tunnel with someone and he is asking if I can use ike v2. How do I go about setting up the tunnel to use ikev2? Is ikev2 an option with site to site tunnels?
View 5 Replies View RelatedWe use Cacti to get interfaces statistics of a ASR1002 router (version 03.04.02.S.151-3.S2).A new GRE tunnel has been created, but unfortunately we are not able to get basic interface average during the day.What is surprising is the fact the graphs are built on the night only.
It seems as soon as we exceed some level of Bandwidth (~ 700-800k) the tool does not get the information.The OID I try to get are ifHCInOctets (.1.3.6.1.2.1.31.1.1.1.6) and ifHCOutOctets (.1.3.6.1.2.1.31.1.1.1.10) and some other interface statistics for both 64 and 32 bits. [code]
I have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies View RelatedIs there a way I can generate bandwidth reports on Cisco PIX 535 ?
View 1 Replies View Relatedhow to configure ip sla monitoring on asa ver 7.0 (6) ?
View 4 Replies View Relatedi got a person who connect with vpn on a adsl connection to the corporate network.this person is using cisco ip phone on his remote location and i did configure the ASA 5505 to priorize voice over data.i still get voice skips when the remote pc is uploading data to the corporate network...what i've done is :
1.with asdm i did create 2 priority queues one for inside (queue limit 2048 trans ring limit 512) and outside (queue limit 2048 trans limit 256)
2. with the service policy wizard i did create a global service policy (all interface) and a traffic class for dscp 46 ef and on qos tab i did check the "enable priority for this flow"...
3. When using the phone, i clearly see that packets are growing on the LLQ queue (show priority-queue statistics)
4. i still get voice skips when uploading data to the corporate network... upload bandwidth is about 800k for upload the pc and the phone is on the same subnet