RE: snmp question- please I need answer
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Mar 2003 19:42:12 -0600
Hi Hanan,
You will need to publish EACH device, and you'll need an IP address on
the external interface for each publishing rule, because a socket can
only be used once for server publishing.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: hanan [mailto:nouran@xxxxxxxxx]
Sent: Thursday, March 13, 2003 11:48 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: snmp question- please I need answer
http://www.ISAserver.org
Hi tom
Thank you for your reply
Do you mean that I need to publish isa server it self with the
selected protocol udp 161 receive/send
N.B We have several devices behind isa that we need to poll
hanan
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, March 13, 2003 1:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: snmp question- please I need answer
http://www.ISAserver.org
Hi Hanan,
It sounds like you need to create a Protocol Rule to allow
outbound UDP 161 and a Server Publishing Rule to publish UDP 161,
receive/send
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: hanan [mailto:nouran@xxxxxxxxx]
Sent: Wednesday, March 12, 2003 2:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: snmp question- please I need answer
http://www.ISAserver.org
Hello Tom
Thank you for your reply I will try to explain my problem:
I am running an snmp monitor to check devices in a network
behind a firewall ISA. SNMP traps seem to work ok (port 162). When,
however, I try to poll an object (I have a VPN to the network by the way
to access the internal addresses, but the devices must respond to the
external address of the SNMP Monitor) I get response time out. When I
check the network traffic I find that the responding device source is
using UDP port 161 to send but seems to vary the destination UDP port
(I am getting 3459, 1902, 2837, 2874, 1731, 1064, 1561, 1509, and some
more) and I never find the querying device. How do I go about
convincing a firewall to open all these ports for sending?
When I see in the network monitor the port that was used, I
create protocol rule for this port, and after that I can poll the
device, but when I try again its stop responding I check again the
network monitor and I find other port was used, I do the same for this
new port and again I can poll the device and after stop and change the
port again and so on
I send my problem to the company how made this SNMP program and
they answered me as the following:
The destination port will always be UDP port 161 when coming
from the SNMPc. You should configure your firewall to allow packets that
have UDP port 161 in either the source or destination port. As to how to
do this, consulting the company that made the firewall would probably be
your best source of information
Could you please explain to me what is that mean
Is that mean that I need to allow port udp 161 for send and
receive and that what I did also but still doesn't work, or there is
other solution that I didn't understand from this email?
Do you have any solution for this problem?
Best regards
hanan
Other related posts:
