?
Solved

Cisco ASA 5510 routing by protocol

Posted on 2014-03-10
1
Medium Priority
?
431 Views
Last Modified: 2014-03-16
I want to be able to route snmp traps from a public IP address at a client site to a private IP address within our LAN.  Is it possible to configure the ASA 5510 so that incoming SNMP traffic on port 161 from a specified public IP address will be routed to the internal/private IP address of our monitoring server?
If so, how is this done?
0
Comment
Question by:mtkaiser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 2000 total points
ID: 39920585
Just add NAT for that private IP, create allowing ACL on your outside interface for the IP that will send the package

YouPrivateIP<->NAT<-> yourPublicIP :: ACL open for port UDP/161 and UDP/162 :: for SenderIP

At your Sender device just set your NAT IP address, and when packet hit ASA interface it will be directed in to your LAN Monitor device.
You can also open for TCP 10161 and 10162.

It depend if you use SNMPv 2 or v3
The best way will be to run Wireshark and see what packages are send and received, it will help you to write right ACL, or just open it for sender IP.

NMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question