Enabling SNMP polling on a Cisco Pix firewall is configuration process that requires a few steps, but can yield valuable information. Getting SNMP from the Pix can include: number of connections, CPU utilization, memory utilization and interface traffic. Configuring SNMP with a community string, indicating the interface and allow this connection via an access-list are the steps involved.

Login to your Cisco Pix and enter configuration mode. You need to enter specify the host IP address of the host or networkingg monitoring station that will be polling the pix, the interface and the community string to be used. The Pix is very specific, all these variable must be correct in order for data to be gathered. The commands are (example commands from a Pix running 7.0 code). SNMP - server host inside 10.1.1.1 community SECRET.

This enables one host to connect and gather data from the Pix using the configured SNMP string. The access-list on the interface 'inside' must be configured to allow this connection. Many inside interfaces simply have an "any any" access list. Whatever interface the polling station comes in to connect on must have an acl entry allowing the communication.
The command for the access-list is: access-list inside extended permit tcp host 10.1.1.1 eq SNMP.

Once SNMP is enabled on the pix and communication is confirmed from the 10.1.1.1 host, you can then walk the pix for snmp data. You can also use MRTG's configmaker to generate a config file for interface traffic graphing of all the interfaces.




Article Source: http://EzineArticles.com/?expert=Kevin_Howard