Solved

Cisco ASA 5510 routing by protocol

Posted on 2014-03-10
1
429 Views
Last Modified: 2014-03-16
I want to be able to route snmp traps from a public IP address at a client site to a private IP address within our LAN.  Is it possible to configure the ASA 5510 so that incoming SNMP traffic on port 161 from a specified public IP address will be routed to the internal/private IP address of our monitoring server?
If so, how is this done?
0
Comment
Question by:mtkaiser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
Martin Tarlink earned 500 total points
ID: 39920585
Just add NAT for that private IP, create allowing ACL on your outside interface for the IP that will send the package

YouPrivateIP<->NAT<-> yourPublicIP :: ACL open for port UDP/161 and UDP/162 :: for SenderIP

At your Sender device just set your NAT IP address, and when packet hit ASA interface it will be directed in to your LAN Monitor device.
You can also open for TCP 10161 and 10162.

It depend if you use SNMPv 2 or v3
The best way will be to run Wireshark and see what packages are send and received, it will help you to write right ACL, or just open it for sender IP.

NMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the OSI model). The SNMP agent receives requests on UDP port 161. The manager may send requests from any available source port to port 161 in the agent. The agent response will be sent back to the source port on the manager. The manager receives notifications (Traps and InformRequests) on port 162. The agent may generate notifications from any available port. When used with Transport Layer Security or Datagram Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question