anyone using the Cisco ASA?
we are about to deploy some Cisco ASA (5505) and i'm curious how these are working with Orion and which SNMP version folks mostly use.
we mainly have SNMP v1 and v2 in Orion. i have not worked with SNMP v3 yet. does the ASA force you to use v3?
i'm finding some good documents about ASA and such here https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management?view=documents
thanks.
I've got the doc for you:
http://www.cisco.com/application/pdf/paws/13822/pixsnmp.pdf
This helped me out more than most of the other stuff I could find anywhere.
This part is helpful:
These are the versions of MIB support in the PIX:
PIX Firewall Software Versions 4.0 until 5.1—System and Interface groups of MIB-II (refer to RFC 1213 ) but not the AT, ICMP, TCP, UDP, EGP, transmission, IP, or SNMP groups CISCO-SYSLOG-MIB-V1SMI.my.
PIX Firewall Software Versions 5.1.x and later—Previous MIBs and CISCO-MEMORY-POOL-MIB.my and the cfwSystem branch of the CISCO-FIREWALL-MIB.my.
PIX Firewall Software Versions 5.2.x and later—Previous MIBs and the ipAddrTable of the IP group.
PIX Firewall Software Versions 6.0.x and later—Previous MIBs and modification of the MIB-II OID to identify PIX by model (and enable CiscoView 5.2 support). The new object identifiers (OIDs) are found in the CISCO-PRODUCTS-MIB; for example, the PIX 515 has the OID 1.3.6.1.4.1.9.1.390.
PIX Firewall Software Versions 6.2.x and later—Previous MIBs and CISCO-PROCESS-MIB-V1SMI.my.
PIX/ASA Software Version 7.x—Previous MIBs and IF-MIB, SNMPv2-MIB, ENTITY-MIB, CISCO-REMOTE-ACCESS-MONITOR-MIB, CISCO-CRYPTO-ACCELERATOR-MIB, ALTIGA-GLOBAL-REG.
Note: The supported section of the PROCESS MIB is the cpmCPUTotalTable branch of the cpmCPU branch of the ciscoProcessMIBObjects branch. There is no support for the ciscoProcessMIBNotifications branch, ciscoProcessMIBconformance branch, or the two tables, cpmProcessTable and cpmProcessExtTable, in the cpmProcess branch of the ciscoProcessMIBObjects branch of the MIB.
lchance,
We've got a few ASA 5505s out there that we are monitoring with Orion. We're using snmp v2, so they don't force you to use v3. One thing I've noticed (but haven't really dug into much) is although we get bandwidth utilization stats for the interfaces in bps, we don't get percent utilization stats.
Hope this helps.
Also not sure if you saw this or not lchance but it helps if you want netflow data from your ASA's:
http://support.solarwinds.com/kbase/ProblemDetail.cfm?ID=1264
great info - thanks
i guess UnDP works pretty well with it?
i have some custom pollers working for our older VPN Concentrators and hope the ASA might offer some good MIBs too.
