4 Replies Latest reply on Sep 5, 2014 10:51 AM by simitpatel

    SNMP getting blocked by ASA recently

    simitpatel

      I have 2 ASA's in 2 different locations, with a Barracuda Link Balancer in front of each one. As of recently, all 4 of the devices are showing "Unknown" for all of their interfaces. I tracked this down to it being an issue with SNMP. I can't connect to any of them via SNMP(The test in the Node Properties screen fails). And then I came across this article:

       

      SolarWinds Knowledge Base :: Why are my interfaces changing to "unknown" status, even when I know they are active?

       

      My question is, what exactly do I need to configure on the ASA to get it to pass SNMP traffic again. The article states that rebooting the Orion server will fix the issue, but that's not working for me either.

       

      Does anyone else have any ideas what might be causing this?

        • Re: SNMP getting blocked by ASA recently
          rob.hock

          Assuming the ASAs are allowed to communicate to the SolarWinds server (EX: snmp-server host inside 10.1.1.1 community YourSNMP_RO_String) the next most likely culprit would be the Barracuda if you are polling through it. If not, any recent updates to the ASAs? Potentially the interfaces table on the devices was re-indexed- try to remove / re-add the devices.

          1 of 1 people found this helpful
            • Re: SNMP getting blocked by ASA recently
              simitpatel

              Thanks for your help with this. I've removed and re-added the devices, and that didn't work. No changes(configs or updates) have been made to the ASAs. This problem started at the same time for both pairs of ASA/Link Balancers. I don't think the Barracuda's are the problem because the traffic appears to be getting blocked at the ASA, since I'm not able to poll them either(I'm going through the ASAs to get to the Barracuda. I've got the correct rules in place on the ASA as well.

                • Re: SNMP getting blocked by ASA recently
                  wbrown

                  Have any of the policy maps or service policies changed lately?

                  Has there been a routing change such that the SNMP get request is coming in through a different interface than the response is being sent?

                   

                  What are your ASA logs telling you about this traffic?

                   

                  Have you tried running the traffic through packet-tracer?

                  1 of 1 people found this helpful
                    • Re: SNMP getting blocked by ASA recently
                      simitpatel

                      I figured it out. We actually had a web filter that had a change made to it recently that blocked Skype. Apparently, it thought that this SNMP traffic was Skype traffic. I have no clue why that is. The weird thing is that I did a packet cap on the ASA, and it was actually getting the packets for the periodic polling from NPM every 10 minutes. But if I did an ad hoc test of the SNMP settings, those packets weren't getting blocked.

                       

                      Anyways, it's all working now. Thanks for everyone's help.