[mrtg] Re: PIX

FabioAlKas at aol.com FabioAlKas at aol.com
Fri Jun 18 21:35:46 MEST 2004


In a message dated 18/06/2004 15:33:29 E. South America Standard Tim, 
JPierini at mmlive.com writes:
With the kindest of regards, I disagree. I have MRTG monitoring all my Cisco
PIX firewalls via the outside interface. Add the following line to your PIX
config:
snmp-server host outside xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address of your MRTG server. Ensure that
your allow SNMP through the firewall protecting your MRTG server.

Joseph Pierini
Here is the configs for my cisco in a lab enviroment:

INTS:

access-group PERMIT_ICMP in interface outside1
access-group PERMIT_ICMP in interface inside1

ACL:

access-list PERMIT_ICMP line 1 permit icmp any any (hitcnt=777)
access-list PERMIT_ICMP line 16 permit udp any any eq snmp (hitcnt=0)


SNMP:

snmp-server host outside2 10.10.10.10
snmp-server location public
snmp-server contact public
snmp-server community public
snmp-server enable traps

and i´m using this line on mrtg:

/usr/local/mrtg-2/bin/cfgmaker public at 10.10.10.10

The mrtg host is direct connected at the outside interface, and there is no 
firewalls between host and pix.

This is only for test, if works i will use the correct MIB for this 
equipament.

And the Public comunity and ip was change on the information above.

I still got the error no response received.

Thanks for your help.

Best Regards
================================================
Fabio Al kas
ICNET Network Coordinator
Infrastructure & IT 
America OnLine - Brazil

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the mrtg mailing list