[c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN (PIX 7.2(2))

Bagosi Rómeó Romeo.Bagosi at integris.hu
Wed Nov 28 03:20:54 EST 2007


The management-access is alredy configured (I can use the syslog for example)
But this vpn-filter thing is not clear for me. I've searched about it, but didn't found anything to allow snmp traffic (I can "filter" it, with this command).

-----Original Message-----
From: Fred Reimer [mailto:freimer at ctiusa.com] 
Sent: Tuesday, November 27, 2007 7:34 PM
To: Bagosi Rómeó; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN (PIX 7.2(2))

group-policy attributes
  vpn-filter

and/or

management-access

Look them up.

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697




> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Bagosi Rómeó
> Sent: Tuesday, November 27, 2007 10:38 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN (PIX
> 7.2(2))
> 
> 
> 
> 
> 
> ________________________________
> 
> From: Bagosi Rómeó
> Sent: Tuesday, November 27, 2007 4:37 PM
> To: 'gagandeep singh'
> Subject: RE: [c-nsp] SNMP from OUTSIDE to DMZ over VPN (PIX
> 7.2(2))
> 
> 
> 
> Thank you, i've found this link, but the problem is that we
> don't want to snmp query the outside interface (it's not
> permitted to communicate through VPN).
> 
> 
> 
> ________________________________
> 
> From: gagandeep singh [mailto:gpanjeta2003 at yahoo.co.in]
> Sent: Tuesday, November 27, 2007 8:53 AM
> To: Bagosi Rómeó
> Subject: Re: [c-nsp] SNMP from OUTSIDE to DMZ over VPN (PIX
> 7.2(2))
> 
> 
> 
> Try this link.
> 
> 
> 
> http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/produ
> cts_configuration_example09186a0080094497.shtml
> 
> Bagosi Rómeó <Romeo.Bagosi at integris.hu> wrote:
> 
> 	Hello Experts!
> 
> 	I have the following problem.
> 	I want to monitor my PIX with SNMP over VPN.
> 
> 	The network look like this:
> 	inside --- ASA ---------- PIX --- dmz
> 
> 	I have a monitoring server on the ASA inside interface
> (ex. 10.200.0.205). The PIX dmz interface: 10.250.130.1
> 	The traffic from ASA inside network to PIX dmz network
> travels through VPN.
> 
> 	I want to query PIX's dmz interface with SNMP from the
> monitoring server, I can't.
> 	I've configured the snmp things (snmp-server host
> outside 10.200.0.205 poll community ****** version 2c) and
> the "management-access dmz" command, but still doesn't
> works, and I found nothing with G**gle, about this.
> 
> 	Anybody has alredy the same scenario?
> 
> 	Thank you,
> 	RB
> 	_______________________________________________
> 	cisco-nsp mailing list cisco-nsp at puck.nether.net
> 	https://puck.nether.net/mailman/listinfo/cisco-nsp
> 	archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> 
> 
> ________________________________
> 
> size=1 width="100%" align=center>
> 
> Now you can chat without downloading messenger. Click here
> <http://in.rd.yahoo.com/tagline_webmessenger_5/*http:/in.mes
> senger.yahoo.com/webmessengerpromo.php>  to know how.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list