how to configure Cacti to link to Cisco ASA (VM)?
Moderators: Developers, Moderators
how to configure Cacti to link to Cisco ASA (VM)?
Hi Professional,
I tried many ways to configure, but ALL failed. Please provide step by step for configuration of Cacti and Cisco ASA ?
Please refer to the attachment files for details.
Cheers
I tried many ways to configure, but ALL failed. Please provide step by step for configuration of Cacti and Cisco ASA ?
Please refer to the attachment files for details.
Cheers
- Attachments
-
- CiscoASA-SNMP.jpg (164.38 KiB) Viewed 1907 times
-
- Cacti-CiscoASA.jpg (92.27 KiB) Viewed 1907 times
Re: how to configure Cacti to link to Cisco ASA (VM)?
So you have the SNMP configuration setup there, and you can snmp a Cisco ASA as I do it:
Make sure that the Cacti box can see the firewall and route to it correctly. Also, make sure that the IP you put in the SNMP configuration on the firewall is the cacti servers (if it is another server, you need to add a second line). Make sure that Cacti is using the same SNMP version, community (and if required auth details if it's v3).
Make sure that the Cacti box can see the firewall and route to it correctly. Also, make sure that the IP you put in the SNMP configuration on the firewall is the cacti servers (if it is another server, you need to add a second line). Make sure that Cacti is using the same SNMP version, community (and if required auth details if it's v3).
Cacti Developer & Release Manager
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Re: how to configure Cacti to link to Cisco ASA (VM)?
You have hidden all of the information of value to assist. We would assume you would be using internal addressing so it’s probably not of any use to hide it. In short configure snmp on the interface you want to communicate on, allow the src ip in the acl and snmp config. Post more specific config for more specific info.
Re: how to configure Cacti to link to Cisco ASA (VM)?
---------------------------------------------netniV wrote:So you have the SNMP configuration setup there, and you can snmp a Cisco ASA as I do it:
Make sure that the Cacti box can see the firewall and route to it correctly. Also, make sure that the IP you put in the SNMP configuration on the firewall is the cacti servers (if it is another server, you need to add a second line). Make sure that Cacti is using the same SNMP version, community (and if required auth details if it's v3).
Thanks !
The gateway used in Cacti is the Cisco AVA (Firewall) IP address. Cacti can ping Cisco AVA, Cisco AVA also can ping Cacti.
Using the same SNMP version, community for connection. But it still failed.
Re: how to configure Cacti to link to Cisco ASA (VM)?
Does it work using SNMPWALK from the console of the cacti server?
Cacti Developer & Release Manager
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Re: how to configure Cacti to link to Cisco ASA (VM)?
I'm assuming Cisco ASA is not your area of expertise.
On your first post you posted an screenshot that could lead to where the issue is. Make sure the interface you have specified under SNMP host access list section is the interface the Cacti servers is coming from.
Additional to that you could go to Monitoring pane and fire up the logging view console and filter by cacti's server ip and see if you see the traffic, either allowed or dropped.
If the traffic doesn't show up there, you could also either run a packet capture from ASDM or Packet tracer to emulate the traffic and see if it spots anything. Next if would be, if you see the traffic while running the packet capture but still doesn't work, ssh to the ASA and set up a capture as follow: capture _SomeName_ type asp-drop all and after a few attempts from the cacti server try "show capture _SomeName_ | include _what_ever_cacti_server_ip_is
On your first post you posted an screenshot that could lead to where the issue is. Make sure the interface you have specified under SNMP host access list section is the interface the Cacti servers is coming from.
Additional to that you could go to Monitoring pane and fire up the logging view console and filter by cacti's server ip and see if you see the traffic, either allowed or dropped.
If the traffic doesn't show up there, you could also either run a packet capture from ASDM or Packet tracer to emulate the traffic and see if it spots anything. Next if would be, if you see the traffic while running the packet capture but still doesn't work, ssh to the ASA and set up a capture as follow: capture _SomeName_ type asp-drop all and after a few attempts from the cacti server try "show capture _SomeName_ | include _what_ever_cacti_server_ip_is
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Re: how to configure Cacti to link to Cisco ASA (VM)?
netniV wrote:Does it work using SNMPWALK from the console of the cacti server?
Sorry ! where is the SNMPWALK in Cacti ?
- Attachments
-
- Cacti-Console-Menu.jpg (47.86 KiB) Viewed 1835 times
Re: how to configure Cacti to link to Cisco ASA (VM)?
============================Pucho wrote:I'm assuming Cisco ASA is not your area of expertise.
On your first post you posted an screenshot that could lead to where the issue is. Make sure the interface you have specified under SNMP host access list section is the interface the Cacti servers is coming from.
Additional to that you could go to Monitoring pane and fire up the logging view console and filter by cacti's server ip and see if you see the traffic, either allowed or dropped.
If the traffic doesn't show up there, you could also either run a packet capture from ASDM or Packet tracer to emulate the traffic and see if it spots anything. Next if would be, if you see the traffic while running the packet capture but still doesn't work, ssh to the ASA and set up a capture as follow: capture _SomeName_ type asp-drop all and after a few attempts from the cacti server try "show capture _SomeName_ | include _what_ever_cacti_server_ip_is
Thanks for your reply.
(1) You mean I need to input the Cacti IP Address into the IP Address field in SNMP Host Access List in Cisco ASA, right ?
(2) "go to Monitoring pane and fire up the logging view console and filter by cacti's server ip", --> Please refer the attachment File.
I tried to input the Cacti server IP in "Search" field, but no log.
- Attachments
-
- Cacti-Logs-Search.jpg (31.03 KiB) Viewed 1834 times
Re: how to configure Cacti to link to Cisco ASA (VM)?
What I would do if I was you, use the Packet Capture Wizard on the ASA, see if you see any snmp traffic from the cacti server. Best way to do that is use snmpwalk at the command line so you know exactly when it's being initiated (I would actually disable the device in Cacti prior to this to ensure Cacti does attempt it at the same time).
Cacti Developer & Release Manager
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
The Cacti Group
Director
BV IT Solutions Ltd
+--------------------------------------------------------------------------+
Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
Re: how to configure Cacti to link to Cisco ASA (VM)?
I'm sorry, you got it wrong...
(1) You mean I need to input the Cacti IP Address into the IP Address field in SNMP Host Access List in Cisco ASA, right ?
Of course, SNMP host access list should include the interface the Cacti server is coming from, eg INSIDE or whatever you named it AND the ip of the Cacti Server plus making sure snmp version and community match as well.
(2) "go to Monitoring pane and fire up the logging view console and filter by cacti's server ip", --> Please refer the attachment File.
I was talking about ASDM interface, see picture attached.
I tried to input the Cacti server IP in "Search" field, but no log.
(1) You mean I need to input the Cacti IP Address into the IP Address field in SNMP Host Access List in Cisco ASA, right ?
Of course, SNMP host access list should include the interface the Cacti server is coming from, eg INSIDE or whatever you named it AND the ip of the Cacti Server plus making sure snmp version and community match as well.
(2) "go to Monitoring pane and fire up the logging view console and filter by cacti's server ip", --> Please refer the attachment File.
I was talking about ASDM interface, see picture attached.
I tried to input the Cacti server IP in "Search" field, but no log.
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Who is online
Users browsing this forum: No registered users and 0 guests