The Simple Network Management Protocol (SNMP) manages and monitors networking devices. Cisco ASA SNMP inspection enables packet traffic monitoring between network devices. The Cisco ASA can be configured to deny traffic based on the SNMP packet version. Early versions of SNMP are less secure. Denying SNMPv1 traffic may be required by your security policy. This is done by configuring an SNMP map with the snmp-map command and then associating it to the inspect snmp command, as shown in Example 8-15.

Example 8-15. SNMP Inspection

snmp-map mysnmpmap

 deny version 1

policy-map asa_global_fw_policy

 class inspection_default

 inspect snmp mysnmpmap

In Example 8-15, the Cisco ASA is setup for an snmp map, called mysnmpmap, which denies any SNMPv1 packets. The following are the deny version subcommand options:

  • 1 = SNMP version 1
  • 2 = SNMP version 2 (party based)
  • 2c = SNMP version 2c (community based)
  • 3 = SNMP version 3

Part I: Product Overview

Introduction to Network Security

Product History

Hardware Overview

Part II: Firewall Solution

Initial Setup and System Maintenance

Network Access Control

IP Routing

Authentication, Authorization, and Accounting (AAA)

Application Inspection

Security Contexts

Transparent Firewalls

Failover and Redundancy

Quality of Service

Part III: Intrusion Prevention System (IPS) Solution

Intrusion Prevention System Integration

Configuring and Troubleshooting Cisco IPS Software via CLI

Part IV: Virtual Private Network (VPN) Solution

Site-to-Site IPSec VPNs

Remote Access VPN

Public Key Infrastructure (PKI)

Part V: Adaptive Security Device Manager

Introduction to ASDM

Firewall Management Using ASDM

IPS Management Using ASDM

VPN Management Using ASDM

Case Studies

Cisco Asa(c) All-in-one Firewall, IPS, And VPN Adaptive Security Appliance
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
ISBN: 1587052091
EAN: 2147483647
Year: 2006
Pages: 231 © 2008-2020.
If you may any questions please contact us: