[mrtg] Re: Cisco PIX 520

Congdon, Christopher CCongdon at WorkNET.net
Mon Feb 7 20:59:55 MET 2000 

Thanks to someone earlier, I did get this figured out. There is a reason
Cisco calls this thing the SECURE PIX Firewall... =)

Apparently if you don't tell the PIX which IP's are allowed to SNMP Query,
you can't make an SNMP query. So using the snmp-server command, I can do
SNMP now just fine.

The big question is, where can I get a good Cisco MIB that is compatible
with Get IF, and what should I monitor? I know I'd like to monitor the
number of inbound and outbound connections. I just don't know what else
Cisco allows to be viewed with SNMP.

Christopher

-----Original Message-----
From: Chris Williams [mailto:pierce at columbus.rr.com]
Sent: Monday, February 07, 2000 2:16 PM
To: MRTG; Congdon, Christopher
Subject: [mrtg] Re: Cisco PIX 520


You may need a console session to determine this.  Otherwise try using a
port scanner.
Don't know if this helps - you may already know this.


Chris

-----Original Message-----
From: mrtg-bounce at list.ee.ethz.ch [mailto:mrtg-bounce at list.ee.ethz.ch]On
Behalf Of Congdon, Christopher
Sent: Monday, February 07, 2000 9:29 AM
To: MRTG Mailing List (E-mail)
Subject: [mrtg] Re: Cisco PIX 520

Actually, I can telnet into our PIX. The settings I listed in my e-mail came
straight from a screen capture of a 'write terminal' command whilst inside
the PIX...

How do I find out which port SNMP might be on?

Christopher


-----Original Message-----
From: cpt2 at daimlerchrysler.com [mailto:cpt2 at daimlerchrysler.com]
Sent: Friday, February 04, 2000 5:11 PM
To: Congdon, Christopher
Cc: mrtg at list.ee.ethz.ch
Subject: Re: [mrtg] Re: Cisco PIX 520



SNMP might be enabled but on a different port besides the default 161.
Also, there probably is a serial port on it you can connect to, to
configure and check all these settings.

Where did you get the setting for the community, etc?  From the manual?
These can be changed, perhaps someone has changed them and never documented
these changes, as it often happens.

chris




"Congdon, Christopher" <CCongdon at WorkNET.net>@list.ee.ethz.ch on 02/04/2000
04:49:18 PM

Sent by:  mrtg-bounce at list.ee.ethz.ch


To:   mrtg at list.ee.ethz.ch
cc:

Subject:  [mrtg] Re: Cisco PIX 520


It would appear the SNMP is not open on the PIX. There are no firewalls
between myself and the PIX, so that wouldn't be the problem.

These are the following SNMP commands that are part of the PIX's config:
(Community not published, of course!)

snmp-server location Indianapolis Base Station
snmp-server contact WCI NOC
snmp-server community *******
no snmp-server enable traps


I have verified that the community name I'm using with Getif is the same as
listed in the PIC's config.


Christopher



-----Original Message-----
From: cpt2 at daimlerchrysler.com [mailto:cpt2 at daimlerchrysler.com]
Sent: Friday, February 04, 2000 4:37 PM
To: Congdon, Christopher
Cc: mrtg at list.ee.ethz.ch
Subject: [mrtg] Re: Cisco PIX 520



Use the reachability function on Getif to see if port 161 (SNMP) is
available.  If it is, perhaps the packets are blocked by a firewall, or
maybe the community is something different than the default "public".

Chris





"Congdon, Christopher" <CCongdon at WorkNET.net>@list.ee.ethz.ch on 02/04/2000
04:28:44 PM

Sent by:  mrtg-bounce at list.ee.ethz.ch


To:   "MRTG Mailing List (E-mail)" <mrtg at list.ee.ethz.ch>
cc:

Subject:  [mrtg] Cisco PIX 520


I have a Cisco PIX 520 Firewall on my network. Thing is, I can't seem to
make SNMP function on it.I simply get a NO SNMP RESPONSE from Getif 2.2.

Can anyone help me with this?

Thanks,
Christopher Congdon

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg





--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg




--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:mrtg-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/mrtg

More information about the mrtg mailing list