Cisco Firewall :: ASA 5510 / SNMP Server To Receive Trap?
Apr 9, 2011
How to prepare my network for snmp,currently i don't have SNMP configured with community,so what is the requirement for that?what server i need to configure in order to receive SNMP traps coz last time i had issue ,one of my tunnels (terminated on asa 5510) goes down for 2 hours and i didn't realized that
View 7 Replies
ADVERTISEMENT
Jul 1, 2011
send me step by step guide of how to configure SNP server for SNMp trap
View 2 Replies
View Related
Apr 16, 2012
Below is my config for IP SLA. I would like a SNMP trap to be sent when my primary fails over to my secondary and so on.
sla monitor 20
type echo protocol ipIcmpEcho 100.X.X.1 interface INET-FIOS150
num-packets 2
[Code].....
View 4 Replies
View Related
Feb 1, 2012
Upgraded LMS to 4.1. Yep basically reinstalled. However I can't remember how I did a couple of thing on the original system.
I am trying to take the traps from the Cisco equipment to the LMS and generate e-mail. How do I take the incoming traps (Crit and Warning) and send an e-mail alarm. I'll plan to control what to trap on at the Cisco Equipment.
SNMP trap is set from a fan fault, the Cisco send a trap to the LMS. Now I want take that trap and forward via an email.
I have been reading the admin documentation on "Notification and Action Setting". I see how to take the Cisco LMS created trap and email alarm. (In this case I need a specific trap that LMS did not have.) I see how to take Cisco Traps and resend them to other NMS.
View 1 Replies
View Related
Dec 7, 2012
We are implementing fault management tool and for that we need information such as what type of traps are being triggered by router on what events..currently we have BGP, interface,reachability,h/w,syslog,authfail,config, trap types configured..All these are hitting in our fm tool but I need to know when these traps are being triggered by router.more importantly authfail, config, syslog, bgp.
View 4 Replies
View Related
Nov 22, 2011
I want to make my switch send trap when failed SSH login is detected. I found the "login Enhancement" feature and enabled the trap and logging for the failed attempt.
3750# sh run | in login
aaa authentication login default local
login delay 1
[Code].....
View 7 Replies
View Related
Jun 20, 2012
I am in the process of testing VA5(1.2) version of ACE on ACE4710 appliance.I did redundnacy configuration and it is working fine.I have done the snmp configuration and SNMP trap receiver is able to recieve traps like link up/down, so it proves that SNMP configuration is working fine, but i am not able to generate the SNMP trap notification for "clrRedundancyStateChange".I tried two things:
1) Via CLI, ran the command "ft switchover all" and i could see redundancy state changes.
2) Powered down Active 4710 appliance and standby ACE 4710 appliance taking over as Active.
However, none of the above could generate the trap clrRedundancyStateChange. how this trap can be generated? In snmp-server enable traps commands doesn't have any option for enabling FT related traps.
View 1 Replies
View Related
Mar 30, 2013
how to enable snmp traps for syslog message in Cisco Nexus platform ?
Mean what would be equivalent CLI for the below
"snmp-server enable traps syslog"
View 2 Replies
View Related
Feb 21, 2012
I want to be able to send snmp traps to my NMS alerting our NOC to when we reach our configured max-associations on an ap. We currently use both 1130 AG and 1140-2N in autonomous mode, no controller. I have found a debug command "debug dot11 station connection failure" and the output of a test AP shows us the fact that the maximum number was reached. I need to find if it is possible to trap on such information.
View 1 Replies
View Related
Aug 22, 2011
Now I'm trying to write software that get information from Syslog message, but I'm facing with the problem about getting statistic of client de-authenticated in a WLC (Software Version: 7.0.98.0), because I cannot find any log about this information on WLC except only this SNMP trap:
Tue Aug 23 09:52:28 2011Client Deauthenticated: MACAddress:00:xx:77:2c:06:db Base Radio MAC:00:xx:5d:0c:fc:30 Slot: 0 User Name: unknown Ip Address: 10.2xx.47.15 Reason:Unspecified ReasonCode: 1
So, is there any way that I can configure WLC to convert this SNMP trap to send to Syslog server as a normal Syslog message?
View 2 Replies
View Related
Jan 25, 2011
I use SNMP and I dont have access to a router to test.Can the SNMP Trap to: Field in the SMNP section be configured for multiple IP addresses.?
View 1 Replies
View Related
Sep 10, 2012
I have Cisco 2960's, 3750's and 3750x's all running IOS on the access layer. I have Cisco 6504's running IOS on the Distribution and Core layers. I am looking to monitor redundant links through Spectrum by having specific ports send traps but I have run into trouble finding how to configure it. I would like to have:
1. Logging enabled for all links (Fiber and Copper) so that I see all links up/down messages in the syslog
2. SNMP traps sent for linkup/link down messages only for redundant links (ex. Dual Up links from Access Layer or Redundant Ether channel Links on Dist Layer)
3. SNMP traps should be ignored/not sent for all copper ports.
View 3 Replies
View Related
Dec 17, 2012
I have a snmp trap sent every 30 seconds from one of my cisco switches (a stack of 3750 to be precise): ccStatusMemberStatusChange. Do you know what it is and why it is sent continuously?
View 1 Replies
View Related
Feb 6, 2013
We have two ACE4710 in a failover configuration with Software version A4(2.0). SNMP is setup and the receiver is able to receive SNMP traps.The issue is we are receiving a linkDown trap notification at least once every other day, followed shortly by a linkUp notification a minute later. We have checked all layer 2 devices connected to the ACE and cannot see any evidence that any link actually disconnected. We experienced no traffic lost, but this could be because a couple of the ACE links are bundled. The trap notification does not actually indicate which interface changed status. All links are Gigabits, and there are no packet drops either on the ACE or the layer 2 switch.
View 3 Replies
View Related
Jan 17, 2012
We are upgrading from a Pix 515e to a ASA 5510 with CSC SSM. We cannot send outbound email or receive any email from the outside world. I have placed a call with Cisco Support with no luck. [code]
View 1 Replies
View Related
Mar 26, 2013
I am in the process of switching firewalls. Currently I have a Sonic Firewall inplace. I have been tasked to switch the firewall out with a cisco asa firewall 5510. The sonic firewall currently allows email traffic, web traffic, and dns traffic. When I use the current config below on the asa I am unable to receive email from the outside network. I can send and browse websites but I cannot receive email.
ASA Version 9.1(1)
! hostname ciscoasa
enable password kdkfdjdjflkadjdsfj
[Code]......
View 3 Replies
View Related
May 13, 2010
I have the following setup:
R--H1
|
F
|
H2
R: 3840
F: ASA 5510
H: Hosts 1 and 2
I am trying to get SNMP info from the router to H2 but snmpwalk errors with no response from router. I can get info from H1 and neither interface on router is preventing SNMP traffic from coming or going.Is there something that needs to be configured to allow SNMP traffic (orginating from INSIDE) to reply? (Also note that there is no Inspect Maps blocking and SNMP versions).
View 4 Replies
View Related
Sep 4, 2011
I have a simple query for the issues I m facing currently.I have @ remote site remote site PIX firewall which is configurd to get the Snmp poll on the server locate outside via site to site VPN.There is another snmp server located also in inside which I’m not managing it .
========================================================================
below are the command for the snmp configured on PIX.
snmp-server host inside x.x.x.x community XXXXX ---This is not managed by us
snmp-server host inside x.x.x.x community XXXXX
snmp-server host outside y.y.y.y (private IP tunneled though VPN) poll community YYYYY ---Managed by us
snmp-server host outside y.y.y.y poll community YYYYY
[code]....
there are 2 snmp community & server defined in snmp-server host command for 2 different IP address belongs to snmp server and we can only define one global snmp-server community for any one of them .Question is how the snmp community take a precedence currently I am able to ping from my snmp server from outside to the PIX firewall outside interface over L2L VPN but somehow the snmp server is not listening when i do port query on 161 por!.
View 3 Replies
View Related
May 1, 2012
I am using ASA 5510 Firewall and i have established VPN tunnels too , now i want to Monitor the bandwidth utilization , i have installed PRTG Monitor application and want to add the firewall , how to enable the SNMP in ASA .
View 1 Replies
View Related
Apr 4, 2013
I'm currently implementing Microsoft System Center 2012 Operations Manager, the curent stage of the project is to add the network devices to SCOM via SNMP in order to monitor them, I am able to add them all and monitor; however, my ASA 5510, although SCOM discovers the ASA via SNMP and adds it to the network monitoring list, it loses SNMP connectivy every 30 minutes, and 15 later it reconnect with SCOM, then after another 15 minutes it loses the connection again, and so on and so for.
View 1 Replies
View Related
Oct 23, 2012
i am wanting to open up snmp on a pix 501 6.3 version. I am planning on doing it with the following configuration: [code]
I noticed you cannot specify RO on the snmp-server command with the older pix. I don't want this configuration to open up any write access to the pix. Is there a way to specify only read only for snmp
View 1 Replies
View Related
Jul 24, 2011
I'am using ASA 5510 and I try to understand how PAT is working.I want to add a Mail Server in the LAN and a webmail using port 3000 on the server. ( webmail must be reachable from the WAN)This is my Configuration :actually LAN users access internet using NAT with one global IP ( 194.x.x.69) which is the ASA WAN interface.
WAN ----- ISP Router ---------- FW ---------- LAN -------- Mail Server + Webmail
| (25) | (3000)
194.x.x.69 192.168.1.254 192.168.1.6
I need to forward port 3000 and port 25 from outside to inside.For example, from the WAN : [URL] must be redirect toward 192.168.1.6:3000 . What is the Correct Configuration ? And what about the Inside/Outside Traffic,Is there any configuration to add ?
View 2 Replies
View Related
Nov 19, 2012
Is this possible and if so what commands do i need to configure on my ASA 5510 for it to work.I have two web server within my DMZ and i want to access the outside url of on on the web server from the other. Currently i can access the internet from both webserver server but not the url form either webservers.
E.g. config
webserver 1 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
webserver 2 https://xxxxxx.xxxxxxx.com ---> public ip---> dmz ip
View 2 Replies
View Related
Mar 23, 2013
I bought ASA 5510 about a week ago, very basic configuration and my priority was and still to get access list inbound the outside “Security Level 0 “so I can access my web server from the cloud but unfortunately I could not make it work (((TCP access denied by ACL from 92.40.X.X/52511 to outside:81.108.X.X/80))). ••à>> 92.40.X.X is a pc from the cloud that I used to access my web server and the 81.108.X.X is my public ip address My recent Conf is as follow:
Nat Section:
==================================================================================
Dynamic:
nat (inside,outside) source dynamic any interface <<<To have the PCs that inside the Network to have access to Internet>>>>
[Code].....
View 4 Replies
View Related
Apr 5, 2011
I can not have "dns server-group" on my asa 5510, could you tell me how to get this command in my ASA 5510.
View 3 Replies
View Related
Nov 17, 2011
i did just had a rogue anti-virus infection i did a removal of it AV Security 2012
View 1 Replies
View Related
Dec 30, 2012
when we are configuring ASA 5510 8.2(5) for Authenticating with ACS 5.X Server is not authentication fail error.
View 2 Replies
View Related
Nov 16, 2011
I added a new server and created a new static NAT assignment on the ASA 5510 to the server's IP. When I browse to the web to check what public IP it's reporting, it shows the wrong IP. I disabled the network interface on the server, ran "clear xslate", reenabled the network interface, ran "sho xlate" and while the correct translation was in the table, the server still reported the wrong IP address.I even ran a packet trace and it showed the IP address being correctly translated to the proper public IP, but when I browse to the web I get the same erroneous public IP. [code]
View 8 Replies
View Related
Jun 5, 2011
I have a little problem with my ASA 5510 version 8.2(1) with a IAS server RADIUS for strong authentication.
I have configured a double authentication for my client to access SSL portal:
First authentication: AD serverSecondary authentication: IAS for my token SAFENET ALADDIN The server IAS is declared on a W2K3 and it's standard.
The problem I have is that after more than 24hours of unutilization, when i try to log in, my authentication failed the first time and then the other tries work fine as long as I use it in a period of 24hours.
I first thought about the timeout so i tried to put a "timeout" of 15seconds for AD and IAS servers and a "retry intervall" of 3 seconds, it doesn't change much.
Is there a tool/option in the ASA to check connectivity with the radius every 1h for example.
View 4 Replies
View Related
May 29, 2012
ow to backup Cisco ASA-5510 from a Linux server via TFTP?I do know how to backup a switch or a router. Basically creating an access list such as:
access-list 55 remark PERMIT hosts requesting TFTP access
access-list 55 permit host 172.16.0.27
and allowing access to
tftp-server nvram:startup-config 55
all this inside the router or the switch. From the Linux box just running a simple command such as:
tftp 172.16.0.3 -c get startup-config newbackup.conf
where 172.16.0.3 is the IP address of the switch and newbackup.conf is the name of the config file stored on the Linux machine.So, how do I do that with an ASA box? how to backup ASA from inside it.
View 1 Replies
View Related
Sep 7, 2011
First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA. I do however, have an above average understanding of switches/routers.
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess. All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems. Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks. Everything seems to be working as it should be with the exception of one of our servers. The IT subnet is 192.168.150.0/24 and the problem server is on the 192.168.10.xxx network. I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public. Let me give you an overview of what our network looks like:
ISP ---->ASA----->3750----->2960
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960. I'm able to ping this server by both IP and hostname. However, I cannot access port 80 by IP or hostname. The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem. Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server. However, it doesn't seem to be working that way. It look like it's being routed to the ASA then being dropped. I guess there's an access rule or firewall rule preventing me from getting to the server. Is there a specific part of my config you will need to see...
View 15 Replies
View Related
Feb 26, 2011
We have cisco 5510 and on our floor we have client who we provide internet connection. One of our client has small server and 2 computers and they want setup vpn connection so they can access their server from outside. We have only one static public ip for firewall and exchange. We don't want provide another public static ip to the our client so they can setup the vpn. Is their any other way to setup vpn for them? can they the use our 1 public ip for vpn?
View 11 Replies
View Related
Mar 5, 2011
I am having two issues:
1. my email going out is working along with internal, but inbound email is not working. My barracuda email filter is 192.168.1.107 and my exchange 2007 is 192.168.1.222 along with this OWA does not work.
2. Terminal Services does not work when I try from the home pc in I get server not available or disconnected
Below is my congig
ASA Version 8.3(1)!hostname wsigatewaydomain-name wsystems.comenable password yVSkMxWRc/S396FB encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 nameif outside security-level 0 ip address 64.XXX.XXX.XXX 255.XXX.XXX.XXXinterface Ethernet0/1 nameif inside security-level 100 ip address 192.168.1.1 255.255.0.0!interface Ethernet0/2 shutdown no nameif no security-level no ip address!interface Ethernet0/3 [Code]....
View 2 Replies
View Related