We have a substantial amount of properties segmented off by cisco asa and UDT can't pull ARP information like it can on a switch/router. Is there any plan to better poll ASA?
+1 to this Request
We also have this problem and my information is that the ASA is not supported by UDT.
Maybe any of the Product Managers do know something about that.
Regards,
Mario
Count me in on this.... our ASA's segment a huge DMZ....
We definitely hear you and understand this request. Unfortunately Cisco doesn't expose the data we need via SNMP so it's much more complicated than adding some additional internal pollers.
Makes sense... Thanks
It really dosnt make sense, Why cant we enter credentials for the asa and pull additional information?
Hi,
For pieces of information that are not available via SNMP, products like CatTools or NCM are available.
Jiri
I would also like to add my desire for this feature. We are limited on IP address tracking for hundreds of devices in our datacenters because of it. I would add that using VRF's, where ARP information is on the routers has been a workaround.
I agree, NCM can execute command lines using SSH/Telnet against the devices and use the output for configuration capture, etc. it seems there should be an opportunity for those with UDT/NCM licenses to potentially gather ARP information that way.
count me in as well typically our subnets use ASA's a there gatway
I would also love this feature, we are in a unique situation. Most of our non Enterprise networks (Manufacturing Networks) sits behind Firewalls.
We have about 60 Cisco ASA Firewalls each with at least 2 routable subnets and using UDT we cannot retreive the IP's duo to the ASA's SNMP limitations due to security risk etc.
But we also have NCM and retreiving arp with a ssh session should be possible.
A question for the product manager's.
Will it pull this information from IPAM if it's monitoring DHCP on an Cisco ASA (or an Windows DHCP server)? Currently I'm starting to set up UDT and I'm seeing patchy mapping of MAC addresses to IP addresses. This seems to be down to different hardware at different sites (i.e. L3 Cisco switches as the default gateway vs ASA's).
unfortunatelly, UDT and IPAM are not integrated on this level so UDT won't show the IP information from ASAs.
Peter
Oh dear,
So with an Cisco ASA as the gateway, we don't have any option to get an mapping of IP address to Mac address with UDT?
Jon.
bump - just found this problem ourselves. can SW mention to Cisco as i know you disucuss a lot of functionality with them?
The cisco ASA supports getting the ARP entries from the CLI, which NCM has the capability of doing. Is this being considered?
Couldn't agree more. One thing that has helped in the mean time is having DHCP Snooping enabled on a switch behind the ASA so that the ARP table can be gathered. Not 100% effective, but, at least it is something.
We have given up on UDT, it's not really fit for use without this feature and we have been waiting for 2+ years for the features that are required to make it useful.
