Group Name
|
Select the SNMP group to which this user belongs. For information on SNMP groups, see Add/Edit SNMP Group Entry Dialog Box.
|
Security Level
|
Shows the security level for the selected group:
-
NoAuth—No Authentication and No Privacy, which means that no security is applied to messages.
-
Auth—Authentication but No Privacy, which means that messages are authenticated.
-
Priv—Authentication and Privacy, which means that messages are authenticated and encrypted.
|
User Name
|
Enter the name of the SNMP user. Usernames must be 32 characters or less and must be unique for the SNMP server group selected.
|
Engine ID
(SNMP version v3 only)
|
The SNMP EngineID identifier used for authentication in v3.
You can enter comma separated multiple Engine IDs. The Engine ID identifier must be valid, and each Engine Id must be within
the range of 1 to 257 characters.
-
If you configure EngineID for an SNMP user with MD5 algorithm, the EngineID must be a valid one. If the EngineID is not valid,
the preview config would fail with an error "failed to generate raw config". For example, the preview config fails if the
EngineID entered is 111.
-
For an SNMP group with a security level of NoAuth, do not provide an EngineID identifier because on deployment, the ASA will
ignore this engine ID and take the default local engine ID.
-
The following dynamic behaviors of the device cannot be handled in Security Manager:
-
If you upgrade a failover ASA device from version 8.x or 9.x to version 9.6(2), the device will automatically create multiple
SNMP User commands for multiple SNMP Engine IDs. You must copy the Engine ID by retrieving it from the device into this Engine
ID text box. For information about retrieving Engine ID from the device see SNMP Page.
-
If you add or remove an ASA device to or from a failover configuration, you must manually enter the Engine ID because the
ASA device automatically removes or creates new SNMP User commands for the existing Engine IDs.
|
Encrypt Password Type
|
Specify the type of password you want to use: Clear Text or Encrypted.
If the password type is Clear Text, Security Manager will encrypt the password when deploying to the device. If the password
type is Encrypted, Security Manager will directly deploy the encrypted password. Security Manager will never directly deploy
the clear text password to device.
|
Auth Algorithm Type
|
Specify the type of authentication you want to use: MD5, SHA, or SHA256.
Note
|
Beginning with version 4.21, Cisco Security Manager supports SHA256 authentication type for ASA 9.14(1) and higher devices.
The MD5 authentication type will be deprecated in the upcoming ASA versions.
|
|
Authentication Password
Confirm
|
Enter the password to use for authentication. If you selected Encrypted as the Encrypt Password Type, the password must be
formatted as xx:xx:xx...
, where xx
are hexadecimal values.
Note
|
The length of the password will depend on the authentication algorithm selected. For all passwords, the length must be 256
characters or less.
|
If you selected Clear Text as the Encrypt Password Type, repeat the password in the Confirm field.
|
Encryption Type
|
Specify the type of encryption you want to use: AES128, AES192, AES256, 3DES, DES.
Note
|
To use AES or 3DES encryption, you must have the appropriate license installed on the device.
|
|
Encryption Password
Confirm
|
Enter the password to use for encryption. If you selected Encrypted as the Encrypt Password Type, the password must be formatted
as xx:xx:xx...
, where xx
are hexadecimal values.
For encrypted passwords, the length of the password depends on the encryption type selected. The password sizes are as follows
(where each xx
is one octal):
-
AES 128 requires 16 octals
-
AES 192 requires 24 octals
-
AES 256 requires 32 octals
-
3DES requires 32 octals
-
DES can be any size
Note
|
For all passwords, the length must be 256 characters or less.
|
If you selected Clear Text as the Encrypt Password Type, repeat the password in the Confirm field.
|