|
RE: [NV-L] Pix/ASA Firewall status monitoring problem
2008-04-30 16:30:05
|
Yes, I'm doing that for the paired ones. Some of the
ASA appliances are not paired. This particular one is appropriately marked
in the seed file. We have eleven boxes with four pairs and three
loners. We have this problem with nine of the boxes and DNS
lookup problems with the other two. I have yet to get any of the PIX
or ASA systems functioning as advertised.
I don't know if it's hardware, configuration or bugs on my
end. Since a normal SNMPWALK for the INTERFACES table works perfectly well
but the demand poll doesn't I figured I'd query the community for input then
open a PMR on this part of the problem if necessary. Demand poll
should work if SNMPWALK does. Once I'm sure my side is clean I can
start beating on the PIX/ASA side.
Bill Evans
Senior Tivoli NetView Support Analyst
Energy
Enterprise Solutions (EES)
Support to OCIO HQ DOE IM-651
e-mail:
bill.evans AT hq.doe DOT gov
301-903-0057 office
570-852-9549
cell
570-639-5691 home
Isn't this the kind of device you
can identify to Netview as a pix failover pair, and have it poll the
proprietary MIB? Are you doing that in the seedfile with the >
sighn?
Cordially,
Leslie A.
Clark
IT Services Specialist, Network Mgmt
Information Technology Services
Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax,
Pager
"Evans, Bill"
<Bill.Evans AT hq.doe DOT gov>
Sent by: nv-l-bounces AT lists.ca.ibm DOT com
04/30/2008 03:28 PM
|
Please respond
to
Tivoli NetView Discussions
<nv-l AT lists.ca.ibm DOT com> |
|
|
To
| NV-L AT lists.ca.ibm DOT com
|
|
cc
|
|
|
Subject
| [NV-L] Pix/ASA Firewall status
monitoring problem |
|
Down below my signature is an extract from the netmon.trace -M12
output
from a demand poll issued to the inside address of a PIX/ASA
firewall.
I've removed what I could to make it esier to see the data
returned.
Names and addresses have been altered.
Part way down the
listing I see "ifIndex = 2, ifPhysAddress =
0x000000010011, iftype = 135,
adminStatus = 1, operStatus = 1" for each
of the interfaces. Later I get
"Interface 10.10.100.11(index 2): No
Admin/Oper Status in ifTable" for the
same interface and this is true
for all the interfaces present. This
makes it very difficult to monitor
the device with SNMP.
The text
returned by the nmdemandpoll is:
15:09:49 SNMP error: noSuchName
15:09:49 Interface 10.10.100.11(index
2): No Admin/Oper Status
in ifTable
There was a discussion of similar
problems with PIX firewalls over a
year ago and this resembles some of those
issues but it's been a long
time since including the installation of NetView
7.1.5.2 for Red Hat 4
on my side of the wire. The firewall device
claims to be a "Cisco
Adaptive Security Appliance Version
7.2(3)12".
Does anyone have any ideas why I get to see this?
Bill Evans
Senior Tivoli NetView Support Analyst
Energy
Enterprise Solutions (EES)
Support to OCIO HQ DOE IM-651
e-mail:
bill.evans AT hq.doe DOT gov
301-903-0057 office
570-852-9549
cell
570-639-5691 home
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = Objid reqid =
1591301
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = Descr reqid = 1591302
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SysName reqid =
1591303
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = Forward reqid = 1591304
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591305
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.3.1, ipAdEntNetMask
=
255.255.255.248, ipAdEntIfIndex = 1
./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591306
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.3,
ipAdEntNetMask =
255.255.255.248, ipAdEntIfIndex = 3
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591307
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.11,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 2
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591308
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.19,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 4
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591309
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.27,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 5
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591310
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.35,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 6
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591311
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.43,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 7
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591312
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.52,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 8
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591313
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.60,
ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 9
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid =
1591314
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = cHsrpGrpTable reqid = 1591315
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFnumber reqid =
1591316
./nl_snmpstate.c[5530] : ### ifNumber = 9
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid =
1591317
./nl_snmpstate.c[6254] : ### ifIndex = 1, ifPhysAddress
=
0x000000010001, iftype = 6, adminStatus = 1, operStatus =
1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591318
./nl_snmpstate.c[6254] : ### ifIndex =
2, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591319
./nl_snmpstate.c[6254] : ### ifIndex =
3, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591320
./nl_snmpstate.c[6254] : ### ifIndex =
4, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591321
./nl_snmpstate.c[6254] : ### ifIndex =
5, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591322
./nl_snmpstate.c[6254] : ### ifIndex =
6, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591323
./nl_snmpstate.c[6254] : ### ifIndex =
7, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591324
./nl_snmpstate.c[6254] : ### ifIndex =
8, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591325
./nl_snmpstate.c[6254] : ### ifIndex =
9, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = IFtab reqid = 1591326
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = GetSecIF reqid =
1591327
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = CDPCache reqid = 1591328
./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED
req = RouteD reqid =
1591329
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = XIFtable reqid = 1591330
./nl_snmpstate.c[6153] : ### ifIndex
= 1, ifName = inside, ifAlias =
<none>
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid =
1591331
./nl_snmpstate.c[6153] : ### ifIndex = 2, ifName = cna, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = XIFtable reqid = 1591332
./nl_snmpstate.c[6153] : ### ifIndex
= 3, ifName = intel, ifAlias =
<none>
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid =
1591333
./nl_snmpstate.c[6153] : ### ifIndex = 4, ifName = eia, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = XIFtable reqid = 1591334
./nl_snmpstate.c[6153] : ### ifIndex
= 5, ifName = sca, ifAlias = <none>
./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid =
1591335
./nl_snmpstate.c[6153] : ### ifIndex = 6, ifName = eea, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = XIFtable reqid = 1591336
./nl_snmpstate.c[6153] : ### ifIndex
= 7, ifName = outbound, ifAlias =
<none>
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid =
1591337
./nl_snmpstate.c[6153] : ### ifIndex = 8, ifName = sipnet, ifAlias
=
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1)
op = FORCED
req = XIFtable reqid = 1591338
./nl_snmpstate.c[6153] : ###
ifIndex = 9, ifName = diskless, ifAlias =
<none>
./nl_snmper.c[1355]
: recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid =
1591339
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = PIXFailover reqid = 1591340
./nl_snmpstate.c[6043] : ###
cfwHardwareStatus.6 = 9,
cfwHardwareStatus.7 = 10, PIX Firewall currently in
RECOVERED state.
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1)
op = FORCED
req = SNMPStatus reqid = 1591341
./nl_snmpstate.c[2565] :
Interface 10.10.3.1(index 1): No Admin/Oper
Status in
ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = SNMPStatus reqid = 1591342
./nl_snmpstate.c[2565] : Interface
10.10.100.11(index 2): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355]
: recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591343
./nl_snmpstate.c[2565] : Interface 10.10.100.3(index 3): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591344
./nl_snmpstate.c[2565] : Interface 10.10.100.19(index 4): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591345
./nl_snmpstate.c[2565] : Interface 10.10.100.27(index 5): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591346
./nl_snmpstate.c[2565] : Interface 10.10.100.35(index 6): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591347
./nl_snmpstate.c[2565] : Interface 10.10.100.43(index 7): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591348
./nl_snmpstate.c[2565] : Interface 10.10.100.52(index 8): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid =
1591349
./nl_snmpstate.c[2565] : Interface 10.10.100.60(index 9): No
Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = Loc reqid =
1591350
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = Contact reqid = 1591351
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = MPLS MIB reqid =
1591352
./nl_snmpstate.c[2045] : ### MPLS MIB not
present
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = dot1dBridge MIB reqid = 1591353
./nl_snmpstate.c[2058] : ###
xnet-fw1 does not support the dot1dBridge
MIB
./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = GetIpNetToMedia reqid
= 1591354
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = ARP reqid = 1591355
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED
req = GetSGVers reqid =
1591356
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = GetSIAVers reqid = 1591357
./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED
req = Get Mgr reqid =
1591358
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED
req = Get SIAOS2 reqid =
1591359
_______________________________________________
NV-L
mailing
list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l
(Browser access limited to internal IBM'ers
only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|
|
|
