?
Solved

515 & external snmp

Posted on 2003-03-04
1
Medium Priority
?
219 Views
Last Modified: 2010-04-17
c2650<----->PIX515<----->My box
        Ext.                                  Int.  

I need to access the c2650 snmp from my box, and the pix only let pass throught a very few ports. Because of sec level between ifaces, my request reach the 2650 but the response packets are incoming from the ext. iface so I need a rule for it.
But I don't know the sport, so I need some kind of association mechanism alike the ftp fixup, where the pix associate the outbound with the inbound conn. Or any other solution.
Thnx.
0
Comment
Question by:heartbit
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 300 total points
ID: 8063897
Are you trying to telnet to it? Use SNMP? Telnet should already work, snmp would need a new rule in your inbound acl

access-list inbound permit udp host <router ip> host <mybox> eq snmp
access-list inbound permit udp host <router ip> host <mybox> eq syslog

I normally exempt the syslog and snmp host from nat:
access-list no_nat permit ip host <mybox> host <routerip>
nat(inside)0 access-list no_nat

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question