Solved

Cisco ASA 5510 routing by protocol

Posted on 2014-03-10
1
424 Views
Last Modified: 2014-03-16
I want to be able to route snmp traps from a public IP address at a client site to a private IP address within our LAN.  Is it possible to configure the ASA 5510 so that incoming SNMP traffic on port 161 from a specified public IP address will be routed to the internal/private IP address of our monitoring server?
If so, how is this done?
0
Comment
Question by:mtkaiser
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 500 total points
ID: 39920585
Just add NAT for that private IP, create allowing ACL on your outside interface for the IP that will send the package

YouPrivateIP<->NAT<-> yourPublicIP :: ACL open for port UDP/161 and UDP/162 :: for SenderIP

At your Sender device just set your NAT IP address, and when packet hit ASA interface it will be directed in to your LAN Monitor device.
You can also open for TCP 10161 and 10162.

It depend if you use SNMPv 2 or v3
The best way will be to run Wireshark and see what packages are send and received, it will help you to write right ACL, or just open it for sender IP.

NMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now