Solved

Cisco ASA 5510 routing by protocol

Posted on 2014-03-10
1
426 Views
Last Modified: 2014-03-16
I want to be able to route snmp traps from a public IP address at a client site to a private IP address within our LAN.  Is it possible to configure the ASA 5510 so that incoming SNMP traffic on port 161 from a specified public IP address will be routed to the internal/private IP address of our monitoring server?
If so, how is this done?
0
Comment
Question by:mtkaiser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 500 total points
ID: 39920585
Just add NAT for that private IP, create allowing ACL on your outside interface for the IP that will send the package

YouPrivateIP<->NAT<-> yourPublicIP :: ACL open for port UDP/161 and UDP/162 :: for SenderIP

At your Sender device just set your NAT IP address, and when packet hit ASA interface it will be directed in to your LAN Monitor device.
You can also open for TCP 10161 and 10162.

It depend if you use SNMPv 2 or v3
The best way will be to run Wireshark and see what packages are send and received, it will help you to write right ACL, or just open it for sender IP.

NMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question