Solved

ASA snmp enable

Posted on 2010-11-23
1
1,055 Views
Last Modified: 2012-05-10
i want enable snmp on the ASA firewall.. So which command for enable snmp ? Please send solution ...
0
Comment
Question by:nisartlaa
1 Comment
 
LVL 8

Accepted Solution

by:
ShareefHuddle earned 500 total points
ID: 34200180
Enabling SNMP
The SNMP agent that runs on the security appliance performs two functions:

•Replies to SNMP requests from NMSs.

•Sends traps (event notifications) to NMSs.

To enable the SNMP agent and identify an NMS that can connect to the security appliance, perform the following steps:


--------------------------------------------------------------------------------

Step 1 Ensure that the SNMP server on the security appliance is enabled by entering the following command:

hostname(config)# snmp-server enable
The SNMP server is enabled by default.

Step 2 To identify the IP address of the NMS that can connect to the security appliance, enter the following command:

hostname(config)# snmp-server host interface_name ip_address [trap | poll] [community
text] [version 1 | 2c] [udp-port port]
Where interface_name is the name of the NMS and ip_address is the IP address of the NMS.

Specify trap or poll if you want to limit the NMS to receiving traps only or browsing (polling) only. By default, the NMS can use both functions.

SNMP traps are sent on UDP port 162 by default. You can change the port number using the udp-port keyword.

Step 3 To specify the community string, enter the following command:

hostname(config)# snmp-server community key
The SNMP community string is a shared secret between the security appliance and the NMS. The key is a case-sensitive value up to 32 characters in length. Spaces are not permitted.

Step 4 (Optional) To set the SNMP server location or contact information, enter the following command:

hostname(config)# snmp-server {contact | location} text
Where text defines the SNMP server location or lists contact information.

Step 5 To enable the security appliance to send traps to the NMS, enter the following command:

hostname(config)# snmp-server enable traps [all | syslog | snmp [trap] [...] |
entity [trap] [...] | ipsec [trap] [...] | remote-access [trap]]
Enter this command for each feature type to enable individual traps or sets of traps, or enter the all keyword to enable all traps.

The default configuration has all SNMP traps enabled (snmp-server enable traps snmp authentication linkup linkdown coldstart). You can disable these traps using the no form of this command with the snmp keyword. However, use the clear configure snmp-server command to restore the default enabling of SNMP traps.

If you enter this command and do not specify a trap type, then the default is the syslog trap. (The default SNMP traps continue to be enabled along with the syslog trap.)

SNMP traps include:

•authentication

•linkup

•linkdown

•coldstart

Entity traps include:

•config-change—The trigger for an SNMP configuration change trap is the creation or the deletion of a context.

•fru-insert

•fru-remove

IPSec traps include:

•start

•stop

Remote-access traps include:

•session-threshold-exceeded

Step 6 To enable system log messages to be sent as traps to the NMS, enter the following command:

hostname(config)# logging history level
Where level defines the logging severity level.

You must also enable syslog traps using the snmp-server enable traps command.

Step 7 To enable logging, so that system messages are generated and can then be sent to an NMS, enter the following command:

hostname(config)# logging enable


--------------------------------------------------------------------------------

Note If SNMP traffic is not being allowed through the security appliance interfaces, you might also need to permit ICMP traffic from the remote SNMP server using the icmp permit command.


--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

The following example sets the security appliance to receive requests from host 192.168.3.2 on the inside interface:

hostname(config)# snmp-server host 192.168.3.2
hostname(config)# snmp-server location building 42
hostname(config)# snmp-server contact Pat lee
hostname(config)# snmp-server community ohwhatakeyisthee
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question