Cisco ASA 5510 & SNMPv3 Contexts

Not sure if I totally understand the question but here goes.

The System context is not really a context and therefore has no external monitoring available to it. Once you have created a context you can set up SNMP for each of those separately. You monitor each context as if it were a different firewall that's the reason for setting it up in each individual context.

Hope that answers your question

Hi,

thanks for your reply. I was i rushing out the door when I wrote that question so I didn't fully explain it sorry about that. I'm not referring to the firewall contexts I'm talking about the SNMP 'context name' which appears to be a required feild when configuring SNMP v3.

Just for others reading this post - there are 2 types of contexts referred to within.

1. Is a Firewall context as mentioned above in Myanta's post, I will refer to this as FW context

2. The other I will refer to as the SNMPv3 Context. This is one of the required fields to fill out in NPM when entering SNMPv3 credentials.

I monitor the Firewalls as Myanta mentioned above where each FW context is considered an individual device by NPM. What I'm trying to do is configure one of these individual FW contexts for SNMPv3. When I am configuring the SNMPv3 credentials it asks for the SNMPv3 Context however on my FW I do not have (or cannot find) any where to configure or discover the SNMPv3 Context name. Has anyone else configured an ASA 5510 for SNMPv3?

Did you ever get this figured out? I'm trying to use v3 as well and having trouble.

For anyone else having issues like I was the SNMPv3 Context is old and not used in the Solarwinds configuration of SNMP.

here is the Cisco/ASA configuration that I used on the ASA when configuring snmp, I found that it was much easier to use the command line than the ASDM:

SNMP Version 3 Tools Implementation Guide, 8.2 - Overview of SNMP Version 3  [Cisco ASA 5500 Series Adaptive Security Appliances] - Cisco Systems

hostname# snmp-server group authPriv v3 priv

hostname# snmp-server user md5des authPriv v3 auth md5 mysecretpass priv des passphrase

hostname# snmp-server host mgmt 10.0.0.1 version 3 md5des

So it is possible to monitor a firewall with multiple contexts with each context being seen as a different firewall? Have you achieved this yourself? We have an ASA 5585 with multiple contexts configured and I would like to monitor traffic on an interface on one of these contexts. This box is presently running SNMPv2  and when I go to list resources on the box it is only displaying interfaces on the admin context. If we were to upgrade the box to use SNMPv3 would it be possible to monitor interfaces within each context? Thanks

Hi there,

You will need to make the interface(s) visible using the following command:

allocate-interface <ifnameX/X> visible

Re-list resources after that and you should now be able to see the interface.

One thing to be aware of is the possible lack of interface persistence, depending on which version IOS you're running.

So if the firewall reboots, the interfaces will get random IDs and Orion won't be able to locate them any longer.

Cisco Bug: CSCtx33616