Cisco ASA 5505 Configuration Manual page 1652

Licensing Requirements for SNMP
SNMP Groups
An SNMP group is an access control policy to which users can be added. Each SNMP group is
configured with a security model, and is associated with an SNMP view. A user within an SNMP group
must match the security model of the SNMP group. These parameters specify what type of authentication
and privacy a user within an SNMP group uses. Each SNMP group name and security model pair must
be unique.
SNMP Users
SNMP users have a specified username, a group to which the user belongs, authentication password,
encryption password, and authentication and encryption algorithms to use. The authentication algorithm
options are MD5 and SHA. The encryption algorithm options are DES, 3DES, and AES (which is
available in 128, 192, and 256 versions). When you create a user, you must associate it with an SNMP
group. The user then inherits the security model of the group.
SNMP Hosts
An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMP
Version 3 hosts, along with the target IP address, you must configure a username, because traps are only
sent to a configured user. SNMP target IP addresses and target parameter names must be unique on the
adaptive security appliance. Each SNMP host can have only one username associated with it. To receive
SNMP traps, configure the SNMP NMS, and make sure that you configure the user credentials on the
NMS to match those configured on the adaptive security appliance.
Implementation Differences Between Adaptive Security Appliances and the Cisco IOS
The SNMP Version 3 implementation in adaptive security appliances differs from the SNMP Version 3
implementation in the Cisco IOS in the following ways:
•
•
•
•
•
•
Licensing Requirements for SNMP
The following table shows the licensing requirements for this feature:
Model License Requirement
All models Base License.
Cisco ASA 5500 Series Configuration Guide using ASDM
73-4
The local-engine and remote-engine IDs are not configurable. The local engine ID is generated when
the adaptive security appliance starts or when a context is created.
No support exists for view-based access control, which results in unrestricted MIB browsing.
Support is restricted to the following MIBs: USM, VACM, FRAMEWORK, and TARGET.
You must create users and groups with the correct security model.
You must remove users, groups, and hosts in the correct sequence.
Use of the snmp-server host command creates an adaptive security appliance rule to allow
incoming SNMP traffic.
Chapter 73 Configuring SNMP
OL-20339-01