?
Solved

515 & external snmp

Posted on 2003-03-04
1
Medium Priority
?
218 Views
Last Modified: 2010-04-17
c2650<----->PIX515<----->My box
        Ext.                                  Int.  

I need to access the c2650 snmp from my box, and the pix only let pass throught a very few ports. Because of sec level between ifaces, my request reach the 2650 but the response packets are incoming from the ext. iface so I need a rule for it.
But I don't know the sport, so I need some kind of association mechanism alike the ftp fixup, where the pix associate the outbound with the inbound conn. Or any other solution.
Thnx.
0
Comment
Question by:heartbit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 8063897
Are you trying to telnet to it? Use SNMP? Telnet should already work, snmp would need a new rule in your inbound acl

access-list inbound permit udp host <router ip> host <mybox> eq snmp
access-list inbound permit udp host <router ip> host <mybox> eq syslog

I normally exempt the syslog and snmp host from nat:
access-list no_nat permit ip host <mybox> host <routerip>
nat(inside)0 access-list no_nat

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question