SSL VPN
Reply
Contributor
StuartHare
Posts: 11
Registered: ‎07-09-2009
0

SNMP Not responding

Hi

 

Im running a SA4500 Cluster with software 6.1R6 (build 13733) and Im having an issue with SNMP.

SNMP has been configured, but I am unable to reach the device using snmp.

 

The device is fully ip reachable, with ping working fine, but when ever we try to discover the vpn boxes  using snmp or even do a snmp walk the requests times out. The traffic is being seen through the firewall which is the next hop to the device, so I can only assume that the traffic is reaching the device.

 

Any ideas on why this occuring or is there a way I can troubleshoot the traffic hitting the SA?

 

Thanks

Stuart

 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: SNMP Not responding

Under Troubleshooting, there is a capability to do a packet trace from any interface of the SA.  That would certainly allow you to see if the SNMP Get packet is being received by the SA.

 

Ken

Contributor
StuartHare
Posts: 11
Registered: ‎07-09-2009
0

Re: SNMP Not responding

Ken

 

Thanks the response.

 

I have run a trace on the device and can indeed see the SNMP GET request hitting the external interface, followed by the community string arriving, but there is never any response from the SA back to the NMS server.

 

x.x.x.x.3322 > x.x.x.x.161:  GetRequest(83)  .1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.1.2.0 .1.3.6.1.2.1.1.4.0 .1.3.6.1.2.1.1.5.0 .1.3.6.1.2.1.1.6.0
x.x.x.x.3322 > x.x.x.x.161:  C=<commstring> GetRequest(83)  .1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.1.2.0 .1.3.6.1.2.1.1.4.0 .1.3.6.1.2.1.1.5.0 .1.3.6.1.2.1.1.6.0

 

Any ideas why the SA is failing to respond?

I thought it might be something to do with monitoring the external interface but we have that working fine elsewhere.

 

Stuart

Juniper Employee
123go
Posts: 52
Registered: ‎11-06-2007
0

Re: SNMP Not responding

You will not be able to query SNMP from the external interface.

 

You should come via internal interface (or management interface on SA6000/SA65000 if its enabled).

 

Assuming that you already enabled "SNMP Queries" and filled the System Name, Location and most important Community under Log/Monitoring > SNMP

Contributor
StuartHare
Posts: 11
Registered: ‎07-09-2009
0

Re: SNMP Not responding

Thanks for the response.

Yup all of the above has been configured.

 

So that confirms my theory then.

Is this a recent change in behaviour, as we are definitely managing these devices for another client to the external interface, but using an earlier version of code?

 

Thanks

Stuart

Juniper Employee
123go
Posts: 52
Registered: ‎11-06-2007
0

Re: SNMP Not responding

How much earlier version of the code ?

 

I tested on a 5.5R1, 6.0R12 and a 6.4R4, only get response to SNMP query on the internal IF, nothing on the external IF.

 

Are you not querying the internal interface (via a Mapped IP maybe) ?

Contributor
StuartHare
Posts: 11
Registered: ‎07-09-2009
0

Re: SNMP Not responding

We are running code version 5.5R1 (build 11711). And its definitely native to the external interface IP.

Hence why i was trying to do the same here.

Stuart

Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: SNMP Not responding

Hi All,

On IVEOS 7.1, is there a way to run SNMP on the external interface?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Trusted Expert
kalagesan
Posts: 376
Registered: ‎08-09-2011

Re: SNMP Not responding

Hi Michael,

 

SNMP can't be enabled through external interface, this is not supported. SNMP traffic can be routeed only through 

internal port or Management port of the SA.

 

Hope this clarifies your query.

 

Regards,

Kannan

Distinguished Expert
muttbarker
Posts: 2,346
Registered: ‎01-29-2008
0

Re: SNMP Not responding

Stuart - you said managing - you can enable management of the device from the external interface. That will allow you to perform web based management. Is that what you were thinking of? I have been working with these guys for four years and to the best of my recollection you could never do SNMP externally.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.