PIX 515 6.3(3) initial setup for SNMP

[churchi]

Good afternoon guys,

now i have read over lots of pix posts and i can't get seem to get the pix to respond to the snmp requests. i add the pix to the devices but always says snmp error when trying to get the device info.

so i am guessing that i haven't got the snmp setup on there correctly. now my cacti box is sitting behind the PIX on a VLAN sub interface. do you think this could be the problem?

or does anyone have some simple steps on setting up snmp and cacti on the pix please.

thank you

[churchi]

i gues my next question would be, has onyone out there got their cacti server behind their PIX and monitoring that same PIX?

i have my cacti box on a VLAN behind our PIX. Does anyone out there have this setup and still monitor that same PIX?

Thanks

[TheWitness]

Can you do an snmpget -c <yourcommunity> -v <yourversion> <yourpix> sysUpTime and let me know what comes back.

Thanks,

TheWitness

[gkuchera]

In order for a pix to respond to snmp requests you must define the snmp server in the pix. Such as below: In this case the snmp (cacti) machine is on the ip address of: 192.168.25.1. You must also assign a community as shown, public is the community used here:

(On the Pix Firewall)
snmp-server host inside 192.168.25.1
snmp-server community public



-Geoff Kuchera

[churchi]

gkuchera, mate you were SPOT ON!! thanks mate for that.

TheWitness thank you for the comman line option. that helped to see if what gkuchera had got me to do was working.

i got all the 3 graphs of connections, mem and cpu.

just one other question, if i wan't to do the in/out + total BW thats going through our pix is this another template i need? the normal router ones don't seem to be working

thanks guys

[sesquipedalian_id]

As a security precaution, you'll want to have the Cacti server have POLL rights only, not write:

snmp-server host inside xxx.xxx.xxx.xxx poll

Just a best-practice tip