Cisco ASA firewall 4.2 & earlier fails to respond
Modified on: Tue, 20 Sep, 2016 at 2:33 PM
Cisco ASA firewalls 4.2 & earlier have a maximum SNMP packet size of 512 bytes. As a result of this small packet size, many SNMP requests may be truncated or the device may fail to respond. This issue has been resolved with 4.3 and later.
By default, if PathSolutions TotalView is configured to monitor a Cisco ASA firewall, the firewall may not provide accurate statistics and the PathSolutions TotalView service may also crash as a result of the improperly formatted reply packets.
A workaround to this problem is to configure PathSolutions TotalView to use SNMPv1 to monitor the ASA firewall, as the packet sizes are smaller (but more requests must be made to fetch the information).
Use the below procedure to configure your ASA firewalls to be monitored using SNMPv1:
1) Edit the SNMPv1.cfg file with a text editor like Notepad. This file is located in the C:\Program Files (x86)\PathSolutions\TotalView directory.
2) Add the IP address of the ASA firewall to this list.
3) Save the file
4) Use the Config Tool and add the ASA firewall to monitoring.
Note: If the ASA firewall is already in the configuration, then after saving the SNMPv1.cfg file you must stop and restart the service to have this change take effect.
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.