ASA snmp enable

Posted on 2010-11-23
Last Modified: 2012-05-10
i want enable snmp on the ASA firewall.. So which command for enable snmp ? Please send solution ...
Question by:nisartlaa
1 Comment

Accepted Solution

ShareefHuddle earned 500 total points
Comment Utility
Enabling SNMP
The SNMP agent that runs on the security appliance performs two functions:

•Replies to SNMP requests from NMSs.

•Sends traps (event notifications) to NMSs.

To enable the SNMP agent and identify an NMS that can connect to the security appliance, perform the following steps:


Step 1 Ensure that the SNMP server on the security appliance is enabled by entering the following command:

hostname(config)# snmp-server enable
The SNMP server is enabled by default.

Step 2 To identify the IP address of the NMS that can connect to the security appliance, enter the following command:

hostname(config)# snmp-server host interface_name ip_address [trap | poll] [community
text] [version 1 | 2c] [udp-port port]
Where interface_name is the name of the NMS and ip_address is the IP address of the NMS.

Specify trap or poll if you want to limit the NMS to receiving traps only or browsing (polling) only. By default, the NMS can use both functions.

SNMP traps are sent on UDP port 162 by default. You can change the port number using the udp-port keyword.

Step 3 To specify the community string, enter the following command:

hostname(config)# snmp-server community key
The SNMP community string is a shared secret between the security appliance and the NMS. The key is a case-sensitive value up to 32 characters in length. Spaces are not permitted.

Step 4 (Optional) To set the SNMP server location or contact information, enter the following command:

hostname(config)# snmp-server {contact | location} text
Where text defines the SNMP server location or lists contact information.

Step 5 To enable the security appliance to send traps to the NMS, enter the following command:

hostname(config)# snmp-server enable traps [all | syslog | snmp [trap] [...] |
entity [trap] [...] | ipsec [trap] [...] | remote-access [trap]]
Enter this command for each feature type to enable individual traps or sets of traps, or enter the all keyword to enable all traps.

The default configuration has all SNMP traps enabled (snmp-server enable traps snmp authentication linkup linkdown coldstart). You can disable these traps using the no form of this command with the snmp keyword. However, use the clear configure snmp-server command to restore the default enabling of SNMP traps.

If you enter this command and do not specify a trap type, then the default is the syslog trap. (The default SNMP traps continue to be enabled along with the syslog trap.)

SNMP traps include:





Entity traps include:

•config-change—The trigger for an SNMP configuration change trap is the creation or the deletion of a context.



IPSec traps include:



Remote-access traps include:


Step 6 To enable system log messages to be sent as traps to the NMS, enter the following command:

hostname(config)# logging history level
Where level defines the logging severity level.

You must also enable syslog traps using the snmp-server enable traps command.

Step 7 To enable logging, so that system messages are generated and can then be sent to an NMS, enter the following command:

hostname(config)# logging enable


Note If SNMP traffic is not being allowed through the security appliance interfaces, you might also need to permit ICMP traffic from the remote SNMP server using the icmp permit command.



The following example sets the security appliance to receive requests from host on the inside interface:

hostname(config)# snmp-server host
hostname(config)# snmp-server location building 42
hostname(config)# snmp-server contact Pat lee
hostname(config)# snmp-server community ohwhatakeyisthee

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Internet Data Cap Based On MAC Address 10 99
DHCP relay on Sonicwall 7 291
Sonicwall site to site VPN 10 66
Firewall Appliance 3 34
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now