Bill:
I would love to see what a Wireshark trace would show. Is the demand
poll actually sending out what we think and if so, what is actually coming
back.
Thank you,
.................................................................................
Mike Pearson
SWG Client Support - Tivoli Software
NetView & Precision Support
o/l 1-919-254-2270 t/l 444-2270
pearsom AT us.ibm DOT com
(Embedded image moved to file: pic31392.jpg)
http://www-306.ibm.com/software/support/toolbar/index.html?ibmsst=ibmTbMenu
"Evans, Bill"
<Bill.Evans AT hq DOT do
e.gov> To
Sent by: "Tivoli NetView Discussions"
nv-l-bounces@list <nv-l AT lists.ca.ibm DOT com>
s.ca.ibm.com cc
Subject
04/30/2008 04:29 RE: [NV-L] Pix/ASA Firewall status
PM monitoring problem
Please respond to
Tivoli NetView
Discussions
<nv-l AT lists.ca DOT ib
m.com>
Yes, I'm doing that for the paired ones. Some of the ASA appliances are
not paired. This particular one is appropriately marked in the seed file.
We have eleven boxes with four pairs and three loners. We have this
problem with nine of the boxes and DNS lookup problems with the other two.
I have yet to get any of the PIX or ASA systems functioning as advertised.
I don't know if it's hardware, configuration or bugs on my end. Since a
normal SNMPWALK for the INTERFACES table works perfectly well but the
demand poll doesn't I figured I'd query the community for input then open a
PMR on this part of the problem if necessary. Demand poll should work if
SNMPWALK does. Once I'm sure my side is clean I can start beating on the
PIX/ASA side.
Bill Evans
Senior Tivoli NetView Support Analyst
Energy Enterprise Solutions (EES)
Support to OCIO HQ DOE IM-651
e-mail: bill.evans AT hq.doe DOT gov
301-903-0057 office
570-852-9549 cell
570-639-5691 home
From: nv-l-bounces AT lists.ca.ibm DOT com [mailto:nv-l-bounces AT lists.ca.ibm
DOT com]
On Behalf Of Leslie Clark
Sent: Wednesday, April 30, 2008 4:04 PM
To: Tivoli NetView Discussions
Subject: Re: [NV-L] Pix/ASA Firewall status monitoring problem
Isn't this the kind of device you can identify to Netview as a pix
failover pair, and have it poll the proprietary MIB? Are you doing that in
the seedfile with the > sighn?
Cordially,
Leslie A. Clark
IT Services Specialist, Network Mgmt
Information Technology Services Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax, Pager
"Evans, Bill"
<Bill.Evans AT hq.doe DOT gov>
Sent by:
nv-l-bounces AT lists.ca.ibm DOT com
To
NV-L AT lists.ca.ibm DOT com
cc
04/30/2008 03:28 PM
Subject
[NV-L] Pix/ASA Firewall
Please respond to status monitoring problem
Tivoli NetView Discussions
<nv-l AT lists.ca.ibm DOT com>
Down below my signature is an extract from the netmon.trace -M12 output
from a demand poll issued to the inside address of a PIX/ASA firewall.
I've removed what I could to make it esier to see the data returned.
Names and addresses have been altered.
Part way down the listing I see "ifIndex = 2, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1" for each
of the interfaces. Later I get "Interface 10.10.100.11(index 2): No
Admin/Oper Status in ifTable" for the same interface and this is true
for all the interfaces present. This makes it very difficult to monitor
the device with SNMP.
The text returned by the nmdemandpoll is:
15:09:49 SNMP error: noSuchName
15:09:49 Interface 10.10.100.11(index 2): No Admin/Oper
Status
in ifTable
There was a discussion of similar problems with PIX firewalls over a
year ago and this resembles some of those issues but it's been a long
time since including the installation of NetView 7.1.5.2 for Red Hat 4
on my side of the wire. The firewall device claims to be a "Cisco
Adaptive Security Appliance Version 7.2(3)12".
Does anyone have any ideas why I get to see this?
Bill Evans
Senior Tivoli NetView Support Analyst
Energy Enterprise Solutions (EES)
Support to OCIO HQ DOE IM-651
e-mail: bill.evans AT hq.doe DOT gov
301-903-0057 office
570-852-9549 cell
570-639-5691 home
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Objid reqid = 1591301
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Descr reqid = 1591302
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SysName reqid = 1591303
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Forward reqid = 1591304
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591305
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.3.1, ipAdEntNetMask =
255.255.255.248, ipAdEntIfIndex = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591306
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.3, ipAdEntNetMask =
255.255.255.248, ipAdEntIfIndex = 3
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591307
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.11, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 2
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591308
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.19, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 4
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591309
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.27, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 5
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591310
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.35, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 6
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591311
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.43, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 7
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591312
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.52, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 8
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591313
./nl_snmpstate.c[6512] : ### ipAdEntAddr = 10.10.100.60, ipAdEntNetMask
= 255.255.255.248, ipAdEntIfIndex = 9
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IPaddr reqid = 1591314
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = cHsrpGrpTable reqid = 1591315
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFnumber reqid = 1591316
./nl_snmpstate.c[5530] : ### ifNumber = 9
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591317
./nl_snmpstate.c[6254] : ### ifIndex = 1, ifPhysAddress =
0x000000010001, iftype = 6, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591318
./nl_snmpstate.c[6254] : ### ifIndex = 2, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591319
./nl_snmpstate.c[6254] : ### ifIndex = 3, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591320
./nl_snmpstate.c[6254] : ### ifIndex = 4, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591321
./nl_snmpstate.c[6254] : ### ifIndex = 5, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591322
./nl_snmpstate.c[6254] : ### ifIndex = 6, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591323
./nl_snmpstate.c[6254] : ### ifIndex = 7, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591324
./nl_snmpstate.c[6254] : ### ifIndex = 8, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591325
./nl_snmpstate.c[6254] : ### ifIndex = 9, ifPhysAddress =
0x000000010011, iftype = 135, adminStatus = 1, operStatus = 1
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = IFtab reqid = 1591326
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = GetSecIF reqid = 1591327
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = CDPCache reqid = 1591328
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = RouteD reqid = 1591329
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591330
./nl_snmpstate.c[6153] : ### ifIndex = 1, ifName = inside, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591331
./nl_snmpstate.c[6153] : ### ifIndex = 2, ifName = cna, ifAlias = <none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591332
./nl_snmpstate.c[6153] : ### ifIndex = 3, ifName = intel, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591333
./nl_snmpstate.c[6153] : ### ifIndex = 4, ifName = eia, ifAlias = <none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591334
./nl_snmpstate.c[6153] : ### ifIndex = 5, ifName = sca, ifAlias = <none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591335
./nl_snmpstate.c[6153] : ### ifIndex = 6, ifName = eea, ifAlias = <none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591336
./nl_snmpstate.c[6153] : ### ifIndex = 7, ifName = outbound, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591337
./nl_snmpstate.c[6153] : ### ifIndex = 8, ifName = sipnet, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591338
./nl_snmpstate.c[6153] : ### ifIndex = 9, ifName = diskless, ifAlias =
<none>
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = XIFtable reqid = 1591339
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = PIXFailover reqid = 1591340
./nl_snmpstate.c[6043] : ### cfwHardwareStatus.6 = 9,
cfwHardwareStatus.7 = 10, PIX Firewall currently in RECOVERED state.
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591341
./nl_snmpstate.c[2565] : Interface 10.10.3.1(index 1): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591342
./nl_snmpstate.c[2565] : Interface 10.10.100.11(index 2): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591343
./nl_snmpstate.c[2565] : Interface 10.10.100.3(index 3): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591344
./nl_snmpstate.c[2565] : Interface 10.10.100.19(index 4): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591345
./nl_snmpstate.c[2565] : Interface 10.10.100.27(index 5): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591346
./nl_snmpstate.c[2565] : Interface 10.10.100.35(index 6): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591347
./nl_snmpstate.c[2565] : Interface 10.10.100.43(index 7): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591348
./nl_snmpstate.c[2565] : Interface 10.10.100.52(index 8): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = SNMPStatus reqid = 1591349
./nl_snmpstate.c[2565] : Interface 10.10.100.60(index 9): No Admin/Oper
Status in ifTable
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Loc reqid = 1591350
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Contact reqid = 1591351
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = MPLS MIB reqid = 1591352
./nl_snmpstate.c[2045] : ### MPLS MIB not present
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = dot1dBridge MIB reqid = 1591353
./nl_snmpstate.c[2058] : ### xnet-fw1 does not support the dot1dBridge
MIB
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = GetIpNetToMedia reqid = 1591354
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = ARP reqid = 1591355
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = GetSGVers reqid = 1591356
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = GetSIAVers reqid = 1591357
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Get Mgr reqid = 1591358
./nl_snmper.c[1355] : recv_snmp: from xnet-fw1 (10.10.3.1) op = FORCED
req = Get SIAOS2 reqid = 1591359
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
pic31392.jpg
Description: JPEG image
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|
