8 Replies Latest reply on Feb 4, 2015 9:33 AM by mikegrocket

    Solarwinds Orion and Cisco ASA-5500 SNMPv3 compatibility?

    stevea513

      When I setup SNMPv3 on my Cisco ASA-5510, and then "ADD NODE" to my Solarwinds Orion and then try to test = fails.

      When I hit the next button I get the message popup "Node does not respond with the suplied read/write snmpv3 credentials"

       

      on the cisco asa config: Version 8.2(5)46

      --------------------------------------------------------------------------------------------------------------------------------------

      snmp-server group Orion-WRITE v3 priv

      snmp-server user Orion Orion-WRITE v3 encrypted auth sha PASSWORD priv aes PASSWORD

      anmp-server host MANAGEMENT 10.10.10.10 version 3 Orion

      no snmp-server location

      no snmp-server contact

      snmp-server enable traps snmp authentication linkup linkdown coldstart

      snmp-server enable traps syslog

      snmp-server enable traps ipsec start stop

      snmp-server enable traps entity config-change fru-insert fru-remove

      snmp-server enable traps remote-access session-threshold-exceded

       

      when I look at the ASA logs as I am testing the Solorawinds Node, I see permited traffic:

       

      Built local-host management:10.10.10.10

      Built inbound UDP connection 123456789 for MANAGEMENT:10.10.10.10/20030 (10.10.10.10/20020) to identity 10.10.10.20/161 (10.10.10.20/161)

      UDP access permitted deom 10.10.10.10/20032 to MANAGEMENT:10.10.10.20/snmp

      Built inbound UDP connection 123456799 for MANAGEMENT:10.10.10.10/20022 (10.10.10.10/20022) to identity 10.10.10.20/161 (10.10.10.20/161)

       

       

      I have to question... is Solarwinds Orion compatible with Cisco ASA-5500's ?

      Is there anyone out there that got this working?

        • Re: Solarwinds Orion and Cisco ASA-5500 SNMPv3 compatibility?
          mikegrocket

          Yes, Solarwinds Orion is compatable with Cisco ASA-5500, I have 5510's and I have it working. My configs are as follows:

          ASA...

          snmp-server group Authentication&Encryption v3 priv

          snmp-server user netspy Authentication&Encryption v3 encrypted

          snmp-server Authentication md5 hash priv aes128 hash

          snmp-server host inside ip address version 3 netspy

          snmp-server enable traps...

           

          Solarwinds...

          Select Node

          Edit Node

          SNMPv3

          SNMP Port: 161

              check box Allow 64 bit counters

          SNMP v3 Authentication

              Method: md5

              Password: ***** (obviously must be exactly same as your ASA)

          SNMP Privacy/Encryption

              Method: AES128

              Password *****

           

          One thing I noticed in your config, not sure if you copied and pasted, but in your line "snmp-server host MANAGEMENT 10.10.10.10 version 3 Orion" you have a typo anmp-server host...

           

          For me it was pretty simple to get running. I did initially have a problem with a typo in my password in the ASA and that was difficult to see since it was converted to HEX. I would suggest you check for these types of errors. Good luck!

          • Re: Solarwinds Orion and Cisco ASA-5500 SNMPv3 compatibility?
            JessicaWalsh

            Did you ever get this working? I am having a similar issue. I have been over my config numerous times, but I can't get v3 to work. Wireshark captures on both the host and SW server show the snmp report getting to Solarwinds, but after that the software never sees it. This is happening with more than one model of Cisco device.  I don't it. I am stumped. I don't know if there is some obvious config element I keep missing or what.

              • Re: Solarwinds Orion and Cisco ASA-5500 SNMPv3 compatibility?
                mikegrocket

                Yes, I did. Below are the steps I took.

                 

                In SolarWinds:

                Go to:

                Settings, Manage Windows Credentials, Add Windows Credentials (this is the username you will use in you ASA config).

                Now go to:

                Manage Node, Edit Node, select Most Devices: SNMP and ICMP, select SNMP version VNMPv3, SNMP Port: 161, check box to allow 64 bit counters

                SNMPv3 Credentials: your username

                SNMPv3 Authentication:

                     Method: MD5

                     Password: ******

                SNMPv3 Privacy/Encryption:

                     Method: 3DES

                     Password: ******

                 

                On the ASA:

                Add SNMP User, go to Configuration, Device Management, Management Access, SNMPv3 Users, click dropdown by Add and select SNMP User

                     Username: username created in Windows Credentials in SolarWinds

                     Password Type: Encrypted

                        Authentication Algorithm: MD5

                          Type in Authentication password (same used in SolarWinds)

                        Encryption Algorithm: 3DES

                          Type in Encrypted password (same used in SolarWinds)

                 

                This worked for me, I hope it does for you as well. Good luck.

                 

                v/r,

                Mike Greene

                Network Engineer

                Missile Defense Space Center

                Northrop Grumman Information Systems

                Comm: 719.721.9714

                DSN: 721.9714

                NIPR: michael.greene.ctr@mda.mil

                SIPR: michael.greene.ctr@smil.mil

              • Re: Solarwinds Orion and Cisco ASA-5500 SNMPv3 compatibility?
                JessicaWalsh

                So I finally got this to work. The fix was when editing the node in node properties, for SNMPv3, you only enter the user name and its password. You have to leave the context blank. Now I have 3 of my test devices added and will add a 4th today.