|
Question : CISCO PIX 501 - SNMP
|
|
Hi There
I have checked my pix and i have no snmp running or active
If it were a new pix which has never had snmp enabled how would i set it up as in (names,ip,port and so on)
Please supply the command line for me from start to finish - I AM NOT TO HOT WITH PIX
Here is my current config on the pix 501....
Hi-Tech(config)# show config : Saved : Written by enable_15 at 22:28:31.530 UTC Tue Feb 1 2005 PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password nC1TgPA/j9j.bzQi encrypted passwd nC1TgPA/j9j.bzQi encrypted hostname Hi-Tech fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1273 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list OUT_IN permit tcp any host 196.34.84.1 eq smtp access-list OUT_IN permit tcp any host 196.34.84.1 eq pop3 access-list OUT_IN permit icmp any any echo-reply access-list OUT_IN permit icmp any any time-exceeded access-list OUT_IN permit icmp any any timestamp-reply access-list OUT_IN permit tcp any host 196.34.84.1 eq www access-list OUT_IN permit tcp any host 196.34.84.1 eq ftp access-list OUT_IN permit tcp any host 196.34.84.4 eq ftp access-list IN_OUT permit ip host 192.168.0.1 any access-list IN_OUT permit ip host 192.168.0.2 any access-list IN_OUT permit udp any any eq isakmp access-list IN_OUT permit esp any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 196.34.84.13 255.255.255.240 ip address inside 192.168.0.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.0.1 255.255.255.255 inside pdm location 192.168.0.2 255.255.255.255 inside pdm history enable arp timeout 14400 global (outside) 1 196.34.84.4-196.34.84.12 netmask 255.255.255.240 global (outside) 1 196.34.84.3 netmask 255.255.255.240 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 196.34.84.1 smtp 192.168.0.1 smtp netmask 255.255.25 5.255 0 0 static (inside,outside) 196.34.84.1 192.168.0.1 netmask 255.255.255.255 0 0 access-group OUT_IN in interface outside route outside 0.0.0.0 0.0.0.0 196.34.84.14 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable telnet 192.168.0.254 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:d1c887f8904b409ada53805681d3cbaa Hi-Tech(config)# Hi-Tech(config)# Hi-Tech(config)#
|
Answer : CISCO PIX 501 - SNMP
|
|
i am sure you have seen the command line "snmp-server community public" in this line "public" is the read key or password which the snmp software will use to get the snmp info from the PIX. generally public is used as default which is not good if you dont want other people on your network to be able to reach snmp management info of the fw.
so if you dont want to change the "public"; next step is to enter the same word ("public") in your SNMP software community string box.
|
|
|