Thanks for everyone's help. This gives me a good direction to pursue. I am leaving on a trip so i can't check today. I'll let you all know what I did (or need on help on!) and post final configs here for posterity if anyone else runs into this in the future.
--Bruce -----Original Message----- From: Steve C Busby [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 10:34 AM To: [email protected] Subject: RE: [WhatsUp Forum] Monitoring a PIX 501 Bruce, It depends on where Whatsup is in relation to your pix, as stated you'll have know what interface (outside/inside). If you're using PDM you can go to Configure>System Properties>Administration>SNMP Server and enter your Whatsup information. Generally, all you need are your RO string, your Whatsup server ip address, and the type of polling. Additionally, in your first post you mentioned VPN, if you're accessing the inside interface on the PIX through a VPN tunnel to the PIX, you'll need to enable the "Management Access Interface" on the inside interface (Configuration>System Properties>Administration>Management Access). BTW, if you need the CLI commands to do all this, I also have those available. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks, Steve Busby Information Technology Services University of Nebraska Medical Center 985030 Nebraska Medical Center [EMAIL PROTECTED] 402.559.9621 If Linux doesn't have the solution, you have the wrong problem. ***************University of Nebraska Medical Center E-mail Confidentiality Disclaimer *************** The information in this e-mail is privileged and confidential, intended only for the use of the addressee(s) above. Any unauthorized use or disclosure of this information is prohibited. If you have received this e-mail by mistake please delete it and immediately contact the sender. "Paul Jasa" <[EMAIL PROTECTED] net> To Sent by: <[email protected]> WhatsUp_Forum-own cc [EMAIL PROTECTED] com Subject RE: [WhatsUp Forum] Monitoring a PIX 501 08/02/05 09:16 AM Please respond to [EMAIL PROTECTED] t.ipswitch.com You have to enable SNMP on the PIX, yes, but you also have to tell the PIX which IP addresses are allowed to query SNMP from it (which implies you know the precise IP address WUG looks like when it gets to the PIX). If you're using NAT or the PIX in a VPN configuration, you may have to do some sniffing to make sure the IP of WUG is the one you expected it to be. Aditionally, you'll have to write a rule on the PIX to allow SNMP gets from the WUG IP address. Best thing to do in these situations is to do packet captures on the PIX interface each time you make a change, until you see communications going both ways, you don't necessarily have to do that but it's a thorough approach. Hope that helps, pj -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Krygeris Sent: Tuesday, August 02, 2005 10:11 AM To: [email protected] Subject: RE: [WhatsUp Forum] Monitoring a PIX 501 Bruce, Just enable SNMP on the device in WUG and run "autodiscover". This should pick up all the interfaces on the PIX. Delete all the interfaces you don't care about and voila! You are monitoring interface status. Regards, Mike Krygeris Somix Technologies, INC [EMAIL PROTECTED] 207-324-8805 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Meyer, Bruce Sent: Tuesday, August 02, 2005 9:46 AM To: '[email protected]' Subject: RE: [WhatsUp Forum] Monitoring a PIX 501 Sorry Steve, I wasn't clear on my original question. Yes, I am looking for the PIX config to allow WUG to monitor the pix on its internal interface. I have the MIB's compiled in WUG. Most of what I monitor are Cisco routers and switches. Bottom line, I am just going to monitor the ports on the PIX 501, if a port disappears, connectivity has been lost. The 501 has an integrated 4 port switch. (fa1-4) and the wan connection is fa0. So I basically just wanted to monitor fa0 as being up or down. Anyway short answer is: I am asking for help on how to configure the PIX to allow WUG to monitor SNMP on the PIX. --bruce -----Original Message----- From: Steve C Busby [mailto:[EMAIL PROTECTED] Sent: Monday, August 01, 2005 5:24 PM To: [email protected] Cc: '[email protected]'; [EMAIL PROTECTED] Subject: Re: [WhatsUp Forum] Monitoring a PIX 501 Hi Bruce, Are you looking for the configuration needed on your Whatsup Server to monitor the Pix via SNMP? If so, then wouldn't the IP address and SNMP RO community string provide that? Or are you looking for what changes need to be made on the PIX to allow it to be monitored/accessed via SNMP? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks, Steve Busby Information Technology Services University of Nebraska Medical Center 985030 Nebraska Medical Center [EMAIL PROTECTED] 402.559.9621 If Linux doesn't have the solution, you have the wrong problem. ***************University of Nebraska Medical Center E-mail Confidentiality Disclaimer *************** The information in this e-mail is privileged and confidential, intended only for the use of the addressee(s) above. Any unauthorized use or disclosure of this information is prohibited. If you have received this e-mail by mistake please delete it and immediately contact the sender. "Meyer, Bruce" <[EMAIL PROTECTED] sc.net> To Sent by: "'[email protected]'" WhatsUp_Forum-own <[email protected]> [EMAIL PROTECTED] cc com Subject [WhatsUp Forum] Monitoring a PIX 08/01/05 02:48 PM 501 Please respond to [EMAIL PROTECTED] t.ipswitch.com Does anyone have a working config for SNMP monitoring of a PIX? The scenario is: We have a few remote locations that we can't hit with our traditional methods, so we use Cable and a PIX, and IP over RF and a PIX. Both are public lines, with a nailed VPN tunnel. I just want to monitor the PIX for snmp. Thanks for any help. ----------------------- Bruce D. Meyer, CCNA, MCSE Network Analyst City of Columbia Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ The information contained in this e-mail and any attached documents may be privileged, confidential and protected from disclosure. If you are not the intended recipient you may not read, copy, distribute or use this information. If you have received this communication in error, please notify the sender immediately by replying to this message and then delete it from your system. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
