configure SNMP on pix 515E to use it with (Cirrus Configuration Manager )

hi
i want to setup and configure SNMP on PIX 515E  to use it with (Cirrus Configuration Manager )
i write this command

PIX(config) # snmp-server community test
PIX(config) # snmp-server host inside 172.16.0.88
PIX(config) # snmp-server enable traps
PIX(config) # logging history errors
PIX(config) # logging on

when i use Cirrus Configuration Manager and try to test using verify SNMP credentials and using SNMP V1   i get error (IP dose not respond to SNMP queries)

what must i do
thanks
nasemabdullaaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

from_expCommented:
do you allow connections from 172.16.0.88 to pix in ACLs?
0
nasemabdullaaAuthor Commented:
hi
i write this command in pix
access-list 101 permit tcp host 172.16.0.88 any eq 161
access-list 101 permit udp host 172.16.0.88 any eq 161
access-list 101 permit tcp host 172.16.0.88  any eq 162
access-list 101 permit udp host 172.16.0.88  any eq 162

thanks
0
from_expCommented:
just one more point to check: does access-list 101 is bound to interface?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

nasemabdullaaAuthor Commented:
hi
thanks for your reply
i put this access list

access-list 101 in interface inside

thanks
0
from_expCommented:
nice!
suppose the question is solved?
0
nasemabdullaaAuthor Commented:
hi
thanks for your reply
but i remove this command because when i add it the internet stop

still snmp not work
thanks
0
from_expCommented:
ok, i see.
can you post your config here.
I suppose you already have one acl bound to the inside interface, and when you issued
access-list 101 in interface inside
you just changed original settings.
please post your config and I'll try to put correct lines there
0
nasemabdullaaAuthor Commented:
hi
thanks for your reply

this is pix configuration


thanks
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password RLPMUQ26KL4blgFN encrypted
passwd RLPMUQ26KL4blgFN encrypted
hostname nic
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list OutsideIn permit tcp any host 193.19.188.101 eq www
access-list OutsideIn permit tcp any host 193.19.188.101 eq smtp
access-list OutsideIn permit tcp any host 193.19.188.101 eq pop3
access-list OutsideIn permit tcp any host 193.19.188.101 eq ftp
access-list OutsideIn permit tcp any host 193.19.188.101 eq 3389
access-list OutsideIn permit icmp any any
access-list 101 permit tcp host 172.16.0.88 any eq 161
access-list 101 permit udp host 172.16.0.88 any eq snmp
access-list 101 permit tcp host 172.16.0.88 any eq 162
access-list 101 permit udp host 172.16.0.88 any eq snmptrap
no pager
logging on
mtu outside 1500
mtu inside 1500
ip address outside 193.19.188.99 255.255.255.248
ip address inside 10.100.100.1 255.0.0.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.100.100.2 255.255.255.255 inside
pdm location 172.16.0.88 255.255.255.255 inside
pdm location 172.16.0.0 255.255.255.0 inside
pdm history enable
arp timeout 14400
global (outside) 1 193.19.188.100
nat (inside) 1 10.0.0.0 255.0.0.0 0 0
static (inside,outside) 193.19.188.101 10.100.100.2 netmask 255.255.255.255 0 0
access-group OutsideIn in interface outside
route outside 0.0.0.0 0.0.0.0 193.19.188.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
http server enable
http 172.16.0.0 255.255.255.0 inside
http 172.16.0.88 255.255.255.255 inside
http 10.100.100.2 255.255.255.255 inside
snmp-server host inside 172.16.0.88
no snmp-server location
no snmp-server contact
snmp-server community nasem
snmp-server enable traps
floodguard enable
telnet 172.16.0.0 255.255.255.0 inside
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
username nasem password N2fvGjqrdBOsNOVd encrypted privilege 2
terminal width 80
Cryptochecksum:811ffa0b2697e979c66e2f604e9c1d66
: end

Open in new window

0
from_expCommented:
hmm, i suppose you don't need acl 101 at all.
everithing should work perfectly if you can telnet to the pix from 172.16.0.88
btw, when you are trying to access your box via snmp do you use nasem community instead of default public?
0
nasemabdullaaAuthor Commented:
hi
thanks for your reply
yes i can telnet to my pix from 172.16.0.88
yes iam change the community to nasem but i can not enter to pix using SNMP

in ISA server which between pix and pc 172.16.0.88 iam allow all traffic
but still i can not enter to my pix
what must i do


thanks
0
from_expCommented:
hi nasemabdullaa,
i suppose you should try to configure your snmp server from the closest subnet to pix (just to exclude isa server)
and test if snmp works.
0
from_expCommented:
you can also try to configure
snmp-server host 172.16.0.88
0
nasemabdullaaAuthor Commented:
hi
thanks for your reply
i think must i add
snmp-server host inside 10.100.100.2
(ip address of server) but i have question can add two snmp-server host  or not
because when iam setup PIX i can not telnet to pix till i add the network of pix
telnet 10.0.0.0 255.0.0.0 inside

thanks
0
from_expCommented:
you can add multiple snmp-server inside strings.
btw, when heading to snmp on pix, are you sure you are not nated by isa?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nasemabdullaaAuthor Commented:
hi   from_exp
thanks for all your reply and your time

iam add this snmp-server host inside 10.100.100.2
and its work you help me

thanks for your  help to solve my problem


0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.