?
Solved

RO SNMP string from PIX

Posted on 2008-11-05
18
Medium Priority
?
491 Views
Last Modified: 2008-11-07
Hi Everyone
I need to have a Read Only SNMP string to the PIX for one of my client managers the PIX inside interface is 172.21.100.x the manager computer is 172.21.104.x how to cconfigure that on PIX, is it required a reboot?
Also I think he needs SNMP agent? what is that agent and where to find?

Thanks guys

0
Comment
Question by:modathir
  • 10
  • 8
18 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887156
This should do it:

conf t
snmp-server host inside 172.21.104.x community <community string>
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887158
Oh and it does not require a reboot.
0
 
LVL 5

Author Comment

by:modathir
ID: 22887237
What about the snmp agent ? how is he going to read the log?
 
Thanks
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887323
He just needs an application that can SNMP poll.  There is no agent per se that needs to be installed on the computer.  What SNMP software is on the management computer?
0
 
LVL 5

Author Comment

by:modathir
ID: 22887374
He doesn't have any! I am asking is there a free one we can use or we need to buy one
Is there a recommended one user freindly?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887431
There are plenty of "pay for" applications (Ciscoworks, SiteScope, Solarwinds, etc...) but I'm not sure about free ones.  I have to believe there are some free linux based applications that can be used to SNMP poll.  What are you looking to collect from the Firewall?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887641
Oh, I forgot about a couple free ones.

Cacti - linux based (http://www.cacti.net/)

MRTG is another one for bandwidth utilization, etc..
0
 
LVL 5

Author Comment

by:modathir
ID: 22887786
Just need to collect the Syslog Traps
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22887895
If you are just looking to collect syslog messages and SNMP traps, you can use Kiwi which is a Windows based syslog/SNMP trap collector.  It is free for the non-enterprise version and simple to setup.

http://www.kiwisyslog.com/

You also need to setup logging on the PIX as well as enable SNMP traps:

logging enable
logging timestamp
logging buffered informational
logging trap informational
logging device-id hostname
logging host inside 172.21.104.x
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server host inside 172.21.104.x community <community string>
0
 
LVL 5

Author Comment

by:modathir
ID: 22888765
I just learned that they have Solarwinds. I sthe same config will do the job?
 
Thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22888860
Yes.
0
 
LVL 5

Author Comment

by:modathir
ID: 22899189
can the streng name be anything else other than community string because they have anther one for servers?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22899402
<community string> was just an example.  I really meant for you to substitute that with a password.
0
 
LVL 5

Author Comment

by:modathir
ID: 22900380
snmp-server host inside 172.21.104.x community <secure>
this is not accepted by the pix only this command give me an error
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 22903720
Okay, try this on the PIX (you must be running older code that doesn't support it):

snmp-server host inside 172.21.104.x
snmp-server community <secure>
0
 
LVL 5

Author Comment

by:modathir
ID: 22907138
I did that I am not getting any error but I don't see it on my config when I do show run config:
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging trap informational
logging asdm warnings
logging from-address pix@nacg.ca
logging device-id hostname
logging host inside 172.21.104.60
I don't see the streng name here+ it is failed test from Solarwinds with name that I entered!!
 
Thanks
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22907164
Can you post a "show run | i snmp" and a "show version".
0
 
LVL 5

Author Comment

by:modathir
ID: 22907686
Sorry man it is working!
 
Thank you so much,
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question