Go Premium for a chance to win a PS4. Enter to Win


ASA snmp enable

Posted on 2010-11-23
Medium Priority
Last Modified: 2012-05-10
i want enable snmp on the ASA firewall.. So which command for enable snmp ? Please send solution ...
Question by:nisartlaa
1 Comment

Accepted Solution

ShareefHuddle earned 2000 total points
ID: 34200180
Enabling SNMP
The SNMP agent that runs on the security appliance performs two functions:

•Replies to SNMP requests from NMSs.

•Sends traps (event notifications) to NMSs.

To enable the SNMP agent and identify an NMS that can connect to the security appliance, perform the following steps:


Step 1 Ensure that the SNMP server on the security appliance is enabled by entering the following command:

hostname(config)# snmp-server enable
The SNMP server is enabled by default.

Step 2 To identify the IP address of the NMS that can connect to the security appliance, enter the following command:

hostname(config)# snmp-server host interface_name ip_address [trap | poll] [community
text] [version 1 | 2c] [udp-port port]
Where interface_name is the name of the NMS and ip_address is the IP address of the NMS.

Specify trap or poll if you want to limit the NMS to receiving traps only or browsing (polling) only. By default, the NMS can use both functions.

SNMP traps are sent on UDP port 162 by default. You can change the port number using the udp-port keyword.

Step 3 To specify the community string, enter the following command:

hostname(config)# snmp-server community key
The SNMP community string is a shared secret between the security appliance and the NMS. The key is a case-sensitive value up to 32 characters in length. Spaces are not permitted.

Step 4 (Optional) To set the SNMP server location or contact information, enter the following command:

hostname(config)# snmp-server {contact | location} text
Where text defines the SNMP server location or lists contact information.

Step 5 To enable the security appliance to send traps to the NMS, enter the following command:

hostname(config)# snmp-server enable traps [all | syslog | snmp [trap] [...] |
entity [trap] [...] | ipsec [trap] [...] | remote-access [trap]]
Enter this command for each feature type to enable individual traps or sets of traps, or enter the all keyword to enable all traps.

The default configuration has all SNMP traps enabled (snmp-server enable traps snmp authentication linkup linkdown coldstart). You can disable these traps using the no form of this command with the snmp keyword. However, use the clear configure snmp-server command to restore the default enabling of SNMP traps.

If you enter this command and do not specify a trap type, then the default is the syslog trap. (The default SNMP traps continue to be enabled along with the syslog trap.)

SNMP traps include:





Entity traps include:

•config-change—The trigger for an SNMP configuration change trap is the creation or the deletion of a context.



IPSec traps include:



Remote-access traps include:


Step 6 To enable system log messages to be sent as traps to the NMS, enter the following command:

hostname(config)# logging history level
Where level defines the logging severity level.

You must also enable syslog traps using the snmp-server enable traps command.

Step 7 To enable logging, so that system messages are generated and can then be sent to an NMS, enter the following command:

hostname(config)# logging enable


Note If SNMP traffic is not being allowed through the security appliance interfaces, you might also need to permit ICMP traffic from the remote SNMP server using the icmp permit command.



The following example sets the security appliance to receive requests from host on the inside interface:

hostname(config)# snmp-server host
hostname(config)# snmp-server location building 42
hostname(config)# snmp-server contact Pat lee
hostname(config)# snmp-server community ohwhatakeyisthee

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Integration Management Part 2
Loops Section Overview
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question