RE: [nv-l] Authorization Failure - format Error

2005-05-23 12:50:31
Subject: RE: [nv-l] Authorization Failure - format Error
From: "Glen Warn" <Glen.Warn AT pemcocorp DOT com>
To: <nv-l AT lists.us.ibm DOT com>
Date: Mon, 23 May 2005 09:49:59 -0700
Hi Anvaj,
One technique you might use to ID the culprit is do a debug on the firewall.
Your syntax would be something like this (assuming your SNMP config is setup for the "inside" interface)
debug packet inside dst NV_insideIP_ADDR proto udp dport 161 both 
Here are all the options
[no] debug packet <if_name> [src <s_ip> [netmask <m>]]
                [dst <d_ip> [netmask <m>]]
                [[proto icmp]|[proto tcp [sport <s_p>] [dport <d_p>]]
                |[proto udp [sport <s_p>] [dport d_p]] [rx|tx|both]
With this debug, you should be able to see the source IP address and the community string it's trying to use that's triggering the auth fail trap.
Good luck,
Glen Warn
PEMCO Corporation Computer Services (PCCS)

From: owner-nv-l AT lists.us.ibm DOT com [mailto:owner-nv-l AT lists.us.ibm DOT com] On Behalf Of Anvaj A B
Sent: Sunday, May 22, 2005 10:23 PM
To: nv-l AT lists.us.ibm DOT com
Subject: [nv-l] Authorization Failure - format Error


I am using Netview 7.1.4 FP03 on Win2K Server.  I am getting quite lot of authorization failure from one of my Cisco PIX 515E firewall.  But from the message I am not able to find out the IP address of the device which is trying to access. I have checked the snmp configuration on NetView for this device and found everything correct, and Polling the device with correct string.


Below is the message. How will I identify the source IP?


authenticationFailure trap received from enterprise cisco with 0 arguments:  authAddr=FMT ERROR: accessing element #1, only 0 available




Best regards,


Anvaj Aliyarukutty

Global Network Operations Center (GNOC)

US Technology

Nila, Technopark

Phone : +91 471 233 5777 ext 8651

Mobile: +91 944 772 8103


<Prev in Thread] Current Thread [Next in Thread>