50-17
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 50 Configuring Inspection for Management Application Protocols
SNMP Inspection
SNMP Inspection Overview
SNMP application inspection lets you restrict SNMP traffic to a specific version of SNMP. Earlier
versions of SNMP are less secure; therefore, denying certain SNMP versions may be required by your
security policy. The ASA can deny SNMP versions 1, 2, 2c, or 3. You control the versions permitted by
creating an SNMP map.
You then apply the SNMP map when you enable SNMP inspection according to the “Configuring
Application Layer Protocol Inspection” section on page 46-6.
Select SNMP Map
Add/Edit Service Policy Rule Wizard > Rule Actions > Protocol Inspection Tab >
Select SNMP Map
The Select SNMP Map dialog box lets you select or create a new SNMP map. An SNMP map lets you
change the configuration values used for SNMP application inspection. The Select SNMP Map table
provides a list of previously configured maps that you can select for application inspection.
Fields
• Use the default SNMP inspection map—Specifies to use the default SNMP map.
• Select an SNMP map for fine control over inspection—Lets you select a defined application
inspection map or add a new one.
• Add—Opens the Add Policy Map dialog box for the inspection.
Modes
The following table shows the modes in which this feature is available:
SNMP Inspect Map
Configuration > Global Objects > Inspect Maps > SNMP
The SNMP pane lets you view previously configured SNMP application inspection maps. An SNMP
map lets you change the default configuration values used for SNMP application inspection.
Fields
• Map Name—Lists previously configured application inspection maps. Select a map and click Edit
to view or change an existing map.
• Add—Configures a new SNMP inspect map.
• Edit—Edits the selected SNMP entry in the SNMP Inspect Maps table.
• Delete—Deletes the inspect map selected in the SNMP Inspect Maps table.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
••••—