how to configure Cacti to link to Cisco ASA (VM)?

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
isdept
Posts: 4
Joined: Fri Aug 17, 2018 1:10 am

how to configure Cacti to link to Cisco ASA (VM)?

Post by isdept »

Hi Professional,

I tried many ways to configure, but ALL failed. Please provide step by step for configuration of Cacti and Cisco ASA ?

Please refer to the attachment files for details.

Cheers
Attachments
CiscoASA-SNMP.jpg
CiscoASA-SNMP.jpg (164.38 KiB) Viewed 1907 times
Cacti-CiscoASA.jpg
Cacti-CiscoASA.jpg (92.27 KiB) Viewed 1907 times
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by netniV »

So you have the SNMP configuration setup there, and you can snmp a Cisco ASA as I do it:

Image

Make sure that the Cacti box can see the firewall and route to it correctly. Also, make sure that the IP you put in the SNMP configuration on the firewall is the cacti servers (if it is another server, you need to add a second line). Make sure that Cacti is using the same SNMP version, community (and if required auth details if it's v3).
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
MrRat
Cacti User
Posts: 135
Joined: Thu Jan 07, 2010 10:33 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by MrRat »

You have hidden all of the information of value to assist. We would assume you would be using internal addressing so it’s probably not of any use to hide it. In short configure snmp on the interface you want to communicate on, allow the src ip in the acl and snmp config. Post more specific config for more specific info.
isdept
Posts: 4
Joined: Fri Aug 17, 2018 1:10 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by isdept »

netniV wrote:So you have the SNMP configuration setup there, and you can snmp a Cisco ASA as I do it:

Image

Make sure that the Cacti box can see the firewall and route to it correctly. Also, make sure that the IP you put in the SNMP configuration on the firewall is the cacti servers (if it is another server, you need to add a second line). Make sure that Cacti is using the same SNMP version, community (and if required auth details if it's v3).
---------------------------------------------
Thanks !

The gateway used in Cacti is the Cisco AVA (Firewall) IP address. Cacti can ping Cisco AVA, Cisco AVA also can ping Cacti.
Using the same SNMP version, community for connection. But it still failed.
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by netniV »

Does it work using SNMPWALK from the console of the cacti server?
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by Pucho »

I'm assuming Cisco ASA is not your area of expertise.

On your first post you posted an screenshot that could lead to where the issue is. Make sure the interface you have specified under SNMP host access list section is the interface the Cacti servers is coming from.

Additional to that you could go to Monitoring pane and fire up the logging view console and filter by cacti's server ip and see if you see the traffic, either allowed or dropped.

If the traffic doesn't show up there, you could also either run a packet capture from ASDM or Packet tracer to emulate the traffic and see if it spots anything. Next if would be, if you see the traffic while running the packet capture but still doesn't work, ssh to the ASA and set up a capture as follow: capture _SomeName_ type asp-drop all and after a few attempts from the cacti server try "show capture _SomeName_ | include _what_ever_cacti_server_ip_is
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
isdept
Posts: 4
Joined: Fri Aug 17, 2018 1:10 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by isdept »

netniV wrote:Does it work using SNMPWALK from the console of the cacti server?

Sorry ! where is the SNMPWALK in Cacti ?
Attachments
Cacti-Console-Menu.jpg
Cacti-Console-Menu.jpg (47.86 KiB) Viewed 1835 times
isdept
Posts: 4
Joined: Fri Aug 17, 2018 1:10 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by isdept »

Pucho wrote:I'm assuming Cisco ASA is not your area of expertise.

On your first post you posted an screenshot that could lead to where the issue is. Make sure the interface you have specified under SNMP host access list section is the interface the Cacti servers is coming from.

Additional to that you could go to Monitoring pane and fire up the logging view console and filter by cacti's server ip and see if you see the traffic, either allowed or dropped.

If the traffic doesn't show up there, you could also either run a packet capture from ASDM or Packet tracer to emulate the traffic and see if it spots anything. Next if would be, if you see the traffic while running the packet capture but still doesn't work, ssh to the ASA and set up a capture as follow: capture _SomeName_ type asp-drop all and after a few attempts from the cacti server try "show capture _SomeName_ | include _what_ever_cacti_server_ip_is
============================

Thanks for your reply.

(1) You mean I need to input the Cacti IP Address into the IP Address field in SNMP Host Access List in Cisco ASA, right ?
(2) "go to Monitoring pane and fire up the logging view console and filter by cacti's server ip", --> Please refer the attachment File.
I tried to input the Cacti server IP in "Search" field, but no log.
Attachments
Cacti-Logs-Search.jpg
Cacti-Logs-Search.jpg (31.03 KiB) Viewed 1834 times
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by netniV »

What I would do if I was you, use the Packet Capture Wizard on the ASA, see if you see any snmp traffic from the cacti server. Best way to do that is use snmpwalk at the command line so you know exactly when it's being initiated (I would actually disable the device in Cacti prior to this to ensure Cacti does attempt it at the same time).
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
User avatar
Pucho
Cacti User
Posts: 185
Joined: Wed Jul 20, 2016 8:00 pm

Re: how to configure Cacti to link to Cisco ASA (VM)?

Post by Pucho »

I'm sorry, you got it wrong...

(1) You mean I need to input the Cacti IP Address into the IP Address field in SNMP Host Access List in Cisco ASA, right ?
Of course, SNMP host access list should include the interface the Cacti server is coming from, eg INSIDE or whatever you named it AND the ip of the Cacti Server plus making sure snmp version and community match as well.

(2) "go to Monitoring pane and fire up the logging view console and filter by cacti's server ip", --> Please refer the attachment File.
I was talking about ASDM interface, see picture attached.
CiscoASA-SNMP.jpg
CiscoASA-SNMP.jpg (183.18 KiB) Viewed 1822 times
I tried to input the Cacti server IP in "Search" field, but no log.
Cacti - 1.2.15
Poller Type - Spine
Weathermap 0.98a
Server Info - Linux 3.10.0 - Centos 7
Web Server - Apache/2.4.6 PHP 5.4.16
MySQL - 5.5 ;RRDTool - 1.4.8 ;SNMP - 5.7.2
Religion - Anti forum pets
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests