Unable to poll Cisco ASA 5520s running ASA 8.0.4

[ehunt@m2s.com]

My company has just recently purchased two Cisco ASA 5520s to replace our aging PIX 525s. I added them to Cacti monitoring to so we get data before actually moving all of our traffic through. The device addition worked fine and detected all the interfaces. However, when it goes to actually poll the data it fails, always showing "nan" on the graphs.

The Cacti log shows errors like the following:
WARNING: SNMP timeout detected [1000 ms], ignoring host 'asa1'

The ASA logs show errors like this:
incoming SNMP request (566 bytes) from IP address 192.168.50.5 Port 38447 Interface "inside" exceeds data buffer size, discarding the SNMP request.

I've tried to find an answer out there already, but have had no luck. Mostly I'm confused why the ASAs would have this problem, but the PIX didn't. May also take up the issue with Cisco, but figured someone here must have run across this before.

All help greatly appreciated.

[d0nni3q]

This error is documented on Cisco's Web site (for a PIX):

http://www.cisco.com/en/US/docs/securit ... tml#212005

The change you could make in Cacti would be to the "Maximum SNMP OID's Per SNMP Get Request" setting. Try lowering it until the errors go away; however, it might cause an increased polling time overall.


Don Q.

[ehunt@m2s.com]

That Cisco article is the one I found as well, unfortunately it doesn't include how Cacti works and therefore what parameter to change. :)

I had found the one you mentioned changing and had dropped it to a value of 0, this still resulted in the same problem. Is 0 a special value as opposed to just setting it at 5 or 10?

[d0nni3q]

I'm not 100% certain; however, if 0 was accepted by the Web GUI I'll tend to think 0 means unlimited. I would start with 1 and work your way up.


Don Q.

[ehunt@m2s.com]

Do you know if it makes a difference that I'm using Spine rather than the built in poller? I'd hate to be barking up a wrong tree if Spine ignores that value and uses something compiled in.

[ehunt@m2s.com]

I just tried a setting of both 1 and 2 for separate runs. No love from either, still getting the buffer size exceeded warnings.

[Rattlesnake_bac]

Hello,
i see you have some similar problems
I have CiscoWorks that sends some SNMP requests that seems to exceed ASA buffer size. The exact error is:

incoming SNMP request (736 bytes) from IP address <address> Port 2946 Interface "inside" exceeds data buffer size, discarding this SNMP request.

I couln't find any setting in CiscoWorks to adjust the request buffer size, is there any command that can be entered on ASA's CLI to expand its buffer size?
Also i have only one poller on CW that polls only System Memory and still i get about 8 syslog messages per minute from the ASA. Any suggestions?
Thanks in advance

[tricky_1972]

Rattlesnake_bac,

You probably need to change the "Maximum SNMP OID's Per SNMP Get Request" setting, like said earlier, I changed it down from 45 to 20 and it fixed my problem. If your device has really high traffic and is running hard, IE the processor spikes, you may not get a response from the device in a timely manner, hence the time out error.