|
Hi Anvaj,
One technique you might use to ID the culprit is do a debug
on the firewall.
Your syntax would be something like this (assuming your
SNMP config is setup for the "inside" interface)
debug packet inside dst NV_insideIP_ADDR proto udp
dport 161 both
Here are all the options
[no] debug packet <if_name> [src <s_ip>
[netmask
<m>]]
[dst <d_ip> [netmask
<m>]]
[[proto icmp]|[proto tcp [sport <s_p>] [dport
<d_p>]]
|[proto udp [sport <s_p>] [dport d_p]]
[rx|tx|both]
With
this debug, you should be able to see the source IP address and the community
string it's trying to use that's triggering the auth fail
trap.
Good
luck,
Glen Warn
PEMCO Corporation Computer Services
(PCCS)
206-628-5770
I am using Netview
7.1.4 FP03 on Win2K Server. I am getting quite lot of authorization
failure from one of my Cisco PIX 515E firewall. But from the message I am
not able to find out the IP address of the device which is trying to access. I
have checked the snmp configuration on NetView for this device and found
everything correct, and Polling the device with correct
string.
Below is the message.
How will I identify the source IP?
authenticationFailure
trap received from enterprise cisco with 0 arguments: authAddr=FMT ERROR:
accessing element #1, only 0 available
Best
regards,
Anvaj
Aliyarukutty
Global Network Operations Center (GNOC)
US
Technology
Nila,
Technopark
Phone : +91 471 233
5777 ext 8651
Mobile: +91 944 772
8103
|