[SNMP4J] using aes192/aes256 privacy protocols against Cisco devices
Elad Sarver
elad.xx at gmail.com
Tue Sep 18 22:07:42 CEST 2007
Hi Frank,
You are right, and that's why I'm guessing the problem is at the device
side. I'm trying to find the scope of the problem: is it a general problem
with all Cisco devices or just with specific ones.
Did you (or anyone) succeed in using snmp4j with aes192/aes256 against Cisco
devices?
Elad
On 9/18/07, Frank Fock <fock at agentpp.com> wrote:
>
> Hi Elad,
>
> The Cisco device should return a report message in any case
> or at least increment the snmpSilentDrops counter.
>
> Best regards,
> Frank
>
> Elad Sarver wrote:
> > Hi,
> >
> > There was a draft describing the AES192 and 256. I don't think it was
> ever
> > approved (maybe even dropped - does anyone know?)
> > Anyway, both snmp4j and Cisco IOS implement it, so it should work...
> >
> > Elad
> >
> >
> > On 9/18/07, Matthieu Casanova <chocolat.mou at gmail.com> wrote:
> >> Hi, someone stops me if I'm wrong but I think that the RFC3826 (AES
> >> for USM) speaks only of AES 128, so I suppose that AES192 and 256 are
> >> bonus we have in snmp4j.
> >>
> >> Matthieu
> >>
> >> 2007/9/18, Elad Sarver <elad.xx at gmail.com>:
> >>> Hi,
> >>>
> >>> When I use the snmp4j.exe tool (latest version) to query a Cisco 7200
> >> series
> >>> device using AES128 encryption, it works.
> >>> When I try to use the same for AES192 or AES256, the device doesn't
> >> respond.
> >>> not even with a Report PDU, which is always sent in other cases.
> >>> Using Ethereal, I see that an encrypted AES192 PDU was sent to the
> >>> device and nothing came back.
> >>>
> >>> I have the security policy files installed. Before they were
> installed,
> >> a
> >>> different error had occured. So it probably isn't the reason.
> >>> The device is configured correctly, and traps/informs are being sent
> >> from it
> >>> correctly with AES192.
> >>>
> >>> 1. What could be the problem?
> >>> 2. Was the Snmp4J tool tested against Cisco devices using these
> privacy
> >>> protocols?
> >>>
> >>> thanks,
> >>> Elad.
> >>> _______________________________________________
> >>> SNMP4J mailing list
> >>> SNMP4J at agentpp.org
> >>> http://lists.agentpp.org/mailman/listinfo/snmp4j
> >>>
> > _______________________________________________
> > SNMP4J mailing list
> > SNMP4J at agentpp.org
> > http://lists.agentpp.org/mailman/listinfo/snmp4j
>
> --
> AGENT++
> http://www.agentpp.com
> http://www.mibexplorer.com
> http://www.mibdesigner.com
>
>
More information about the SNMP4J
mailing list