[c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN (PIX 7.2(2))

Fred Reimer freimer at ctiusa.com
Wed Nov 28 10:20:07 EST 2007 

I have not configured this myself, but...  

What does your syslog configuration look like?

Would

snmp-server host dmz

instead of

snmp-server host outside

help?

What do your logs show?

And lastly, have you opened a case with Cisco?

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697




> -----Original Message-----
> From: Bagosi Rómeó [mailto:Romeo.Bagosi at integris.hu]
> Sent: Wednesday, November 28, 2007 3:21 AM
> To: Fred Reimer; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN
> (PIX 7.2(2))
> 
> The management-access is alredy configured (I can use the
> syslog for example)
> But this vpn-filter thing is not clear for me. I've searched
> about it, but didn't found anything to allow snmp traffic (I
> can "filter" it, with this command).
> 
> -----Original Message-----
> From: Fred Reimer [mailto:freimer at ctiusa.com]
> Sent: Tuesday, November 27, 2007 7:34 PM
> To: Bagosi Rómeó; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN
> (PIX 7.2(2))
> 
> group-policy attributes
>   vpn-filter
> 
> and/or
> 
> management-access
> 
> Look them up.
> 
> Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> Senior Network Engineer
> Coleman Technologies, Inc.
> 954-298-1697
> 
> 
> 
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Bagosi Rómeó
> > Sent: Tuesday, November 27, 2007 10:38 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] FW: SNMP from OUTSIDE to DMZ over VPN
> (PIX
> > 7.2(2))
> >
> >
> >
> >
> >
> > ________________________________
> >
> > From: Bagosi Rómeó
> > Sent: Tuesday, November 27, 2007 4:37 PM
> > To: 'gagandeep singh'
> > Subject: RE: [c-nsp] SNMP from OUTSIDE to DMZ over VPN
> (PIX
> > 7.2(2))
> >
> >
> >
> > Thank you, i've found this link, but the problem is that
> we
> > don't want to snmp query the outside interface (it's not
> > permitted to communicate through VPN).
> >
> >
> >
> > ________________________________
> >
> > From: gagandeep singh [mailto:gpanjeta2003 at yahoo.co.in]
> > Sent: Tuesday, November 27, 2007 8:53 AM
> > To: Bagosi Rómeó
> > Subject: Re: [c-nsp] SNMP from OUTSIDE to DMZ over VPN
> (PIX
> > 7.2(2))
> >
> >
> >
> > Try this link.
> >
> >
> >
> >
> http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/produ
> > cts_configuration_example09186a0080094497.shtml
> >
> > Bagosi Rómeó <Romeo.Bagosi at integris.hu> wrote:
> >
> > 	Hello Experts!
> >
> > 	I have the following problem.
> > 	I want to monitor my PIX with SNMP over VPN.
> >
> > 	The network look like this:
> > 	inside --- ASA ---------- PIX --- dmz
> >
> > 	I have a monitoring server on the ASA inside interface
> > (ex. 10.200.0.205). The PIX dmz interface: 10.250.130.1
> > 	The traffic from ASA inside network to PIX dmz network
> > travels through VPN.
> >
> > 	I want to query PIX's dmz interface with SNMP from the
> > monitoring server, I can't.
> > 	I've configured the snmp things (snmp-server host
> > outside 10.200.0.205 poll community ****** version 2c) and
> > the "management-access dmz" command, but still doesn't
> > works, and I found nothing with G**gle, about this.
> >
> > 	Anybody has alredy the same scenario?
> >
> > 	Thank you,
> > 	RB
> > 	_______________________________________________
> > 	cisco-nsp mailing list cisco-nsp at puck.nether.net
> > 	https://puck.nether.net/mailman/listinfo/cisco-nsp
> > 	archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> >
> >
> >
> > ________________________________
> >
> > size=1 width="100%" align=center>
> >
> > Now you can chat without downloading messenger. Click here
> >
> <http://in.rd.yahoo.com/tagline_webmessenger_5/*http:/in.mes
> > senger.yahoo.com/webmessengerpromo.php>  to know how.
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20071128/48a1ba92/attachment.bin

More information about the cisco-nsp mailing list