RO SNMP string from PIX

Hi Everyone
I need to have a Read Only SNMP string to the PIX for one of my client managers the PIX inside interface is 172.21.100.x the manager computer is 172.21.104.x how to cconfigure that on PIX, is it required a reboot?
Also I think he needs SNMP agent? what is that agent and where to find?

Thanks guys

LVL 5
modathirAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Okay, try this on the PIX (you must be running older code that doesn't support it):

snmp-server host inside 172.21.104.x
snmp-server community <secure>
0
 
JFrederick29Commented:
This should do it:

conf t
snmp-server host inside 172.21.104.x community <community string>
0
 
JFrederick29Commented:
Oh and it does not require a reboot.
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
modathirAuthor Commented:
What about the snmp agent ? how is he going to read the log?
 
Thanks
0
 
JFrederick29Commented:
He just needs an application that can SNMP poll.  There is no agent per se that needs to be installed on the computer.  What SNMP software is on the management computer?
0
 
modathirAuthor Commented:
He doesn't have any! I am asking is there a free one we can use or we need to buy one
Is there a recommended one user freindly?
0
 
JFrederick29Commented:
There are plenty of "pay for" applications (Ciscoworks, SiteScope, Solarwinds, etc...) but I'm not sure about free ones.  I have to believe there are some free linux based applications that can be used to SNMP poll.  What are you looking to collect from the Firewall?
0
 
JFrederick29Commented:
Oh, I forgot about a couple free ones.

Cacti - linux based (http://www.cacti.net/)

MRTG is another one for bandwidth utilization, etc..
0
 
modathirAuthor Commented:
Just need to collect the Syslog Traps
0
 
JFrederick29Commented:
If you are just looking to collect syslog messages and SNMP traps, you can use Kiwi which is a Windows based syslog/SNMP trap collector.  It is free for the non-enterprise version and simple to setup.

http://www.kiwisyslog.com/

You also need to setup logging on the PIX as well as enable SNMP traps:

logging enable
logging timestamp
logging buffered informational
logging trap informational
logging device-id hostname
logging host inside 172.21.104.x
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server host inside 172.21.104.x community <community string>
0
 
modathirAuthor Commented:
I just learned that they have Solarwinds. I sthe same config will do the job?
 
Thanks
0
 
JFrederick29Commented:
Yes.
0
 
modathirAuthor Commented:
can the streng name be anything else other than community string because they have anther one for servers?
0
 
JFrederick29Commented:
<community string> was just an example.  I really meant for you to substitute that with a password.
0
 
modathirAuthor Commented:
snmp-server host inside 172.21.104.x community <secure>
this is not accepted by the pix only this command give me an error
0
 
modathirAuthor Commented:
I did that I am not getting any error but I don't see it on my config when I do show run config:
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging trap informational
logging asdm warnings
logging from-address pix@nacg.ca
logging device-id hostname
logging host inside 172.21.104.60
I don't see the streng name here+ it is failed test from Solarwinds with name that I entered!!
 
Thanks
0
 
JFrederick29Commented:
Can you post a "show run | i snmp" and a "show version".
0
 
modathirAuthor Commented:
Sorry man it is working!
 
Thank you so much,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.