pix501 outside interface and mrtg

[sla07]

hey everyone...im kind of stuck here...for some reason i cannot get mrtg to poll the outside interface on my pix....im guessing there is a NAT issue since the mrtg server is using a private IP trying to poll a public IP...not sure how to fix this or what info you guys would need to see in order for suggestions to be given?...please let mw know and i will post the info requested...thanks in advance!!!

 

[lgarner]

Don't poll the public interface, use the private one and request the OID for the public side.

In other words, you can ask the Pix for information about all of its interfaces, but you can only connect to the local one.

 

[sla07]

hhmmm ok...how would i go about setting that up in mrtg to ask for the info then??....i a bit new to mrtg and im also guessing this is the wrong site to post about it :0) ...

 

[lgarner]

Experiment with smnpwalk is always the best way. My setup for a 535 might help:

IF-MIB::ifDescr.1 = STRING: PIX Firewall 'outside' interface
IF-MIB::ifDescr.2 = STRING: PIX Firewall 'inside' interface
...this tells me that index 1 is the outside interface.

From there I can look up other values:
IF-MIB::ifType.1 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 1500
... etc. And, what you're really looking for:

IF-MIB::ifInOctets.1 = Counter32: 3752327729
IF-MIB::ifOutOctets.1 = Counter32: 1970122949

ifInOctets on mine (should be standard) is .1.3.6.1.2.1.2.2.1.10 and ifOutOctets is .1.3.6.1.2.1.2.2.1.16