RE: [NV-L] Pix/ASA Firewall status monitoring problem
2008-04-30 16:30:05
Yes, I'm doing that for the paired ones. Some of the
ASA appliances are not paired. This particular one is appropriately marked
in the seed file. We have eleven boxes with four pairs and three
loners. We have this problem with nine of the boxes and DNS
lookup problems with the other two. I have yet to get any of the PIX
or ASA systems functioning as advertised.
I don't know if it's hardware, configuration or bugs on my
end. Since a normal SNMPWALK for the INTERFACES table works perfectly well
but the demand poll doesn't I figured I'd query the community for input then
open a PMR on this part of the problem if necessary. Demand poll
should work if SNMPWALK does. Once I'm sure my side is clean I can
start beating on the PIX/ASA side.
Bill Evans Senior Tivoli NetView Support Analyst Energy
Enterprise Solutions (EES) Support to OCIO HQ DOE IM-651 e-mail:
bill.evans AT hq.doe DOT gov 301-903-0057 office 570-852-9549
cell 570-639-5691 home
Isn't this the kind of device you
can identify to Netview as a pix failover pair, and have it poll the
proprietary MIB? Are you doing that in the seedfile with the >
sighn?
Cordially,
Leslie A.
Clark IT Services Specialist, Network Mgmt Information Technology Services
Americas IBM Global Services (248) 552-4968 Voicemail, Fax,
Pager
"Evans, Bill"
<Bill.Evans AT hq.doe DOT gov> Sent by: nv-l-bounces AT lists.ca.ibm DOT com
04/30/2008 03:28 PM
Please respond
to Tivoli NetView Discussions
<nv-l AT lists.ca.ibm DOT com> |
|
To
| NV-L AT lists.ca.ibm DOT com
|
cc
|
|
Subject
| [NV-L] Pix/ASA Firewall status
monitoring problem |
|
Down below my signature is an extract from the netmon.trace -M12
output from a demand poll issued to the inside address of a PIX/ASA
firewall. I've removed what I could to make it esier to see the data
returned. Names and addresses have been altered.
Part way down the
listing I see "ifIndex = 2, ifPhysAddress = 0x000000010011, iftype = 135,
adminStatus = 1, operStatus = 1" for each of the interfaces. Later I get
"Interface 10.10.100.11(index 2): No Admin/Oper Status in ifTable" for the
same interface and this is true for all the interfaces present. This
makes it very difficult to monitor the device with SNMP.
The text
returned by the nmdemandpoll is:
15:09:49 SNMP error: noSuchName
15:09:49 Interface 10.10.100.11(index
2): No Admin/Oper Status in ifTable
There was a discussion of similar
problems with PIX firewalls over a year ago and this resembles some of those
issues but it's been a long time since including the installation of NetView
7.1.5.2 for Red Hat 4 on my side of the wire. The firewall device
claims to be a "Cisco Adaptive Security Appliance Version
7.2(3)12".
Does anyone have any ideas why I get to see this?
Bill Evans Senior Tivoli NetView Support Analyst Energy
Enterprise Solutions (EES) Support to OCIO HQ DOE IM-651 e-mail:
bill.evans AT hq.doe DOT gov 301-903-0057 office 570-852-9549
cell 570-639-5691 home
./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = Objid reqid =
1591301 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = Descr reqid = 1591302 ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SysName reqid =
1591303 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = Forward reqid = 1591304 ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591305 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.3.1, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 1 ./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591306 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.3,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 3 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591307 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.11,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 2 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591308 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.19,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 4 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591309 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.27,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 5 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591310 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.35,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 6 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591311 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.43,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 7 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591312 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.52,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 8 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591313 ./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.60,
ipAdEntNetMask = 255.255.255.248, ipAdEntIfIndex = 9 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IPaddr reqid =
1591314 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = cHsrpGrpTable reqid = 1591315 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IFnumber reqid =
1591316 ./nl_snmpstate.c[5530] : ### ifNumber = 9 ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = IFtab reqid =
1591317 ./nl_snmpstate.c[6254] : ### ifIndex = 1, ifPhysAddress
= 0x000000010001, iftype = 6, adminStatus = 1, operStatus =
1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591318 ./nl_snmpstate.c[6254] : ### ifIndex =
2, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591319 ./nl_snmpstate.c[6254] : ### ifIndex =
3, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591320 ./nl_snmpstate.c[6254] : ### ifIndex =
4, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591321 ./nl_snmpstate.c[6254] : ### ifIndex =
5, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591322 ./nl_snmpstate.c[6254] : ### ifIndex =
6, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591323 ./nl_snmpstate.c[6254] : ### ifIndex =
7, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591324 ./nl_snmpstate.c[6254] : ### ifIndex =
8, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591325 ./nl_snmpstate.c[6254] : ### ifIndex =
9, ifPhysAddress = 0x000000010011, iftype = 135, adminStatus = 1, operStatus
= 1 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = IFtab reqid = 1591326 ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = GetSecIF reqid =
1591327 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = CDPCache reqid = 1591328 ./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED req = RouteD reqid =
1591329 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = XIFtable reqid = 1591330 ./nl_snmpstate.c[6153] : ### ifIndex
= 1, ifName = inside, ifAlias = <none> ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = XIFtable reqid =
1591331 ./nl_snmpstate.c[6153] : ### ifIndex = 2, ifName = cna, ifAlias =
<none> ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = XIFtable reqid = 1591332 ./nl_snmpstate.c[6153] : ### ifIndex
= 3, ifName = intel, ifAlias = <none> ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = XIFtable reqid =
1591333 ./nl_snmpstate.c[6153] : ### ifIndex = 4, ifName = eia, ifAlias =
<none> ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = XIFtable reqid = 1591334 ./nl_snmpstate.c[6153] : ### ifIndex
= 5, ifName = sca, ifAlias = <none> ./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED req = XIFtable reqid =
1591335 ./nl_snmpstate.c[6153] : ### ifIndex = 6, ifName = eea, ifAlias =
<none> ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = XIFtable reqid = 1591336 ./nl_snmpstate.c[6153] : ### ifIndex
= 7, ifName = outbound, ifAlias = <none> ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = XIFtable reqid =
1591337 ./nl_snmpstate.c[6153] : ### ifIndex = 8, ifName = sipnet, ifAlias
= <none> ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1)
op = FORCED req = XIFtable reqid = 1591338 ./nl_snmpstate.c[6153] : ###
ifIndex = 9, ifName = diskless, ifAlias = <none> ./nl_snmper.c[1355]
: recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = XIFtable reqid =
1591339 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = PIXFailover reqid = 1591340 ./nl_snmpstate.c[6043] : ###
cfwHardwareStatus.6 = 9, cfwHardwareStatus.7 = 10, PIX Firewall currently in
RECOVERED state. ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1)
op = FORCED req = SNMPStatus reqid = 1591341 ./nl_snmpstate.c[2565] :
Interface 10.10.3.1(index 1): No Admin/Oper Status in
ifTable ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = SNMPStatus reqid = 1591342 ./nl_snmpstate.c[2565] : Interface
10.10.100.11(index 2): No Admin/Oper Status in ifTable ./nl_snmper.c[1355]
: recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591343 ./nl_snmpstate.c[2565] : Interface 10.10.100.3(index 3): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591344 ./nl_snmpstate.c[2565] : Interface 10.10.100.19(index 4): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591345 ./nl_snmpstate.c[2565] : Interface 10.10.100.27(index 5): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591346 ./nl_snmpstate.c[2565] : Interface 10.10.100.35(index 6): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591347 ./nl_snmpstate.c[2565] : Interface 10.10.100.43(index 7): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591348 ./nl_snmpstate.c[2565] : Interface 10.10.100.52(index 8): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = SNMPStatus reqid =
1591349 ./nl_snmpstate.c[2565] : Interface 10.10.100.60(index 9): No
Admin/Oper Status in ifTable ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = Loc reqid =
1591350 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = Contact reqid = 1591351 ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = MPLS MIB reqid =
1591352 ./nl_snmpstate.c[2045] : ### MPLS MIB not
present ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = dot1dBridge MIB reqid = 1591353 ./nl_snmpstate.c[2058] : ###
xnet-fw1 does not support the dot1dBridge MIB ./nl_snmper.c[1355] :
recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED req = GetIpNetToMedia reqid
= 1591354 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = ARP reqid = 1591355 ./nl_snmper.c[1355] : recv_snmp: from
xnet-fw1 (10.10.3.1) op = FORCED req = GetSGVers reqid =
1591356 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = GetSIAVers reqid = 1591357 ./nl_snmper.c[1355] : recv_snmp:
from xnet-fw1 (10.10.3.1) op = FORCED req = Get Mgr reqid =
1591358 ./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op =
FORCED req = Get SIAOS2 reqid =
1591359
_______________________________________________ NV-L
mailing
list NV-L AT lists.ca.ibm DOT com Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com http://lists.ca.ibm.com/mailman/listinfo/nv-l
(Browser access limited to internal IBM'ers
only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|
|
|