Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco ASA 5510 routing by protocol

Posted on 2014-03-10
1
Medium Priority
?
436 Views
Last Modified: 2014-03-16
I want to be able to route snmp traps from a public IP address at a client site to a private IP address within our LAN.  Is it possible to configure the ASA 5510 so that incoming SNMP traffic on port 161 from a specified public IP address will be routed to the internal/private IP address of our monitoring server?
If so, how is this done?
0
Comment
Question by:mtkaiser
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 2000 total points
ID: 39920585
Just add NAT for that private IP, create allowing ACL on your outside interface for the IP that will send the package

YouPrivateIP<->NAT<-> yourPublicIP :: ACL open for port UDP/161 and UDP/162 :: for SenderIP

At your Sender device just set your NAT IP address, and when packet hit ASA interface it will be directed in to your LAN Monitor device.
You can also open for TCP 10161 and 10162.

It depend if you use SNMPv 2 or v3
The best way will be to run Wireshark and see what packages are send and received, it will help you to write right ACL, or just open it for sender IP.

NMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question