Im running a SA4500 Cluster with software 6.1R6 (build 13733) and Im having an issue with SNMP.
SNMP has been configured, but I am unable to reach the device using snmp.
The device is fully ip reachable, with ping working fine, but when ever we try to discover the vpn boxes using snmp or even do a snmp walk the requests times out. The traffic is being seen through the firewall which is the next hop to the device, so I can only assume that the traffic is reaching the device.
Any ideas on why this occuring or is there a way I can troubleshoot the traffic hitting the SA?
Under Troubleshooting, there is a capability to do a packet trace from any interface of the SA. That would certainly allow you to see if the SNMP Get packet is being received by the SA.
Thanks the response.
I have run a trace on the device and can indeed see the SNMP GET request hitting the external interface, followed by the community string arriving, but there is never any response from the SA back to the NMS server.
x.x.x.x.3322 > x.x.x.x.161: GetRequest(83) .126.96.36.199.188.8.131.52.0 .184.108.40.206.220.127.116.11.0 .18.104.22.168.22.214.171.124.0 .126.96.36.199.188.8.131.52.0 .184.108.40.206.220.127.116.11.0
x.x.x.x.3322 > x.x.x.x.161: C=<commstring> GetRequest(83) .18.104.22.168.22.214.171.124.0 .126.96.36.199.188.8.131.52.0 .184.108.40.206.220.127.116.11.0 .18.104.22.168.22.214.171.124.0 .126.96.36.199.188.8.131.52.0
Any ideas why the SA is failing to respond?
I thought it might be something to do with monitoring the external interface but we have that working fine elsewhere.
You will not be able to query SNMP from the external interface.
You should come via internal interface (or management interface on SA6000/SA65000 if its enabled).
Assuming that you already enabled "SNMP Queries" and filled the System Name, Location and most important Community under Log/Monitoring > SNMP
Thanks for the response.
Yup all of the above has been configured.
So that confirms my theory then.
Is this a recent change in behaviour, as we are definitely managing these devices for another client to the external interface, but using an earlier version of code?
How much earlier version of the code ?
I tested on a 5.5R1, 6.0R12 and a 6.4R4, only get response to SNMP query on the internal IF, nothing on the external IF.
Are you not querying the internal interface (via a Mapped IP maybe) ?
We are running code version 5.5R1 (build 11711). And its definitely native to the external interface IP.
Hence why i was trying to do the same here.
SNMP can't be enabled through external interface, this is not supported. SNMP traffic can be routeed only through
internal port or Management port of the SA.
Hope this clarifies your query.
Stuart - you said managing - you can enable management of the device from the external interface. That will allow you to perform web based management. Is that what you were thinking of? I have been working with these guys for four years and to the best of my recollection you could never do SNMP externally.