The Net-Brainer

The Net-Brainer (
-   One-Skill-at-a-Time (
-   -   Netbrain discovering ASA firewalls (

ghermida 07-29-2019 11:08 AM

Netbrain discovering ASA firewalls
Having issues trying to get Netbrain to discover Cisco Firewalls.
While I am in the ASDM GUI, I'm using SNMP v3, so no public strings. My configuration order is as follows:
Create a USM Model, create SNMP user, create SNMP group with the user as member, then add the SNMP host access.

It's failing to discover right after the ping process. Is it better it do the configurations in the CLI as opposed to GUI? Is SNMP v3 not a viable option at this point and I should use V2 with public strings? Anyone have Cisco ASA's successfully discovered in their Netbrain infrastructure?

Jia.Xing 07-29-2019 10:01 PM

Re: Netbrain discovering ASA firewalls
Here are the comments, hope they help:

1. GUI vs. CLI configuration:
They should be identical. SNMPv3 configuration is unlike v2, it has three modes: No Authen No Private, Authen No Private, Authen Private. First you need to make sure which method you were using , and then add this SNMPv3 credential into NetBrain's Network Settings.

2. SNMPv3 and SNMPv2 both work for NetBrain to discover ASAs.

3. Forward the Discovery log to so that you can get a support engineer to work with you closely on this issue.

ghermida 09-03-2019 02:36 PM

Re: Netbrain discovering ASA firewalls
I found the issue. I have firewalls that are the same model but differing IOSs'.
It makes a difference when applying ACL rules to either the "inside" or "inside_1" interface. The newer IOS has a VIP management IP address so you have to be more specific when applying the ACLs to interfaces.

All times are GMT -4. The time now is 10:00 AM.

Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright 2009 NetBrain, Inc. All rights reserved.