Check_snmp not working on ASA

[immadmacs]

I have migrated a previous Nagios installation to a new Ubuntu 12.04 server. I have almost every device working.. My Cisco ASA firewall is not responding to snmp_check commands. When I run /check_snmp -H $HOSTADDRESS$ -C public -o sysUpTimeInstance I get the error:
External command error: Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DIFFSERV-MIB)
Undefined OBJECT-GROUP (diffServMIBMultiFieldClfrGroup): At line 2195 in /usr/share/mibs/ietf/IPSEC-SPD-MIB
Undefined OBJECT-GROUP (diffServMultiFieldClfrNextFree): At line 2157 in /usr/share/mibs/ietf/IPSEC-SPD-MIB
Undefined OBJECT-GROUP (diffServMIBMultiFieldClfrGroup): At line 2062 in /usr/share/mibs/ietf/IPSEC-SPD-MIB
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/MPLS-LSR-STD-MIB)
Unlinked OID in IPATM-IPMC-MIB: marsMIB ::= { mib-2 57 }
Undefined identifier: mib-2 near line 18 of /usr/share/mibs/ietf/IPATM-IPMC-MIB
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DOCS-CABLE-DEVICE-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/IP-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DISMAN-EVENT-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/ALARM-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DIFFSERV-CONFIG-MIB)
Bad operator (INTEGER): At line 73 in /usr/share/mibs/ietf/SNMPv2-PDU
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/GMPLS-LSR-STD-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/MPLS-TE-STD-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/GMPLS-TE-STD-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DISMAN-SCHEDULE-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/DISMAN-EXPRESSION-MIB)
Did not find 'zeroDotZero' in module SNMPv2-SMI (/usr/share/mibs/ietf/APPLICATION-MIB)
Expected "::=" (RFC5644): At line 493 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Expected "{" (EOF): At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Bad object identifier: At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Bad parse of OBJECT-IDENTITY: At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Timeout: No Response from 172.xxx.xxx.xxx:161.

I'm not sure where to go from here. I'm so close, I don't want to reload everything to get this one device to report correctly. Direction?

[sreinhardt]

have you copied over your mibs and installed them properly? There certainly shouldn't be any need to reload everything, its just a mib issue or so it appears to be.

[immadmacs]

Well I thought I installed them correctly. It wasn't working and I ran:
$ sudo apt-get install snmp-mibs-downloader
$ sudo download-mibs
$ sudo sed -i 's/^mibs/#mibs/g' /etc/snmp/snmp.conf

I also commented out the last line in the snmp.conf file:
#
# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loaging them by commenting out the following line.
# mibs :

Everything was working but the ASA. I edited the SNMPv2-SMI.my and got rid of the zeroDotZero erros. Now I'm getting:
External command error: Unlinked OID in IPATM-IPMC-MIB: marsMIB ::= { mib-2 57 }
Undefined identifier: mib-2 near line 18 of /usr/share/mibs/ietf/IPATM-IPMC-MIB
Bad operator (INTEGER): At line 73 in /usr/share/mibs/ietf/SNMPv2-PDU
Expected "::=" (RFC5644): At line 493 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Expected "{" (EOF): At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Bad object identifier: At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Bad parse of OBJECT-IDENTITY: At line 651 in /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB
Timeout: No Response from 172.xxx.xxx.xxx:161.

[sreinhardt]

OK, I can't say that removing that part of the mib has actually resolved anything. More than likely the other mibs are dependent or at least prefer to reference the shortnames from snmpv2-smi. Let's test your snmp connection on that device, as it seems that you are unable to actually connect to the remote asa also.

nmap -sU -p 161 [IP of ASA]

If you get a filtered or closed returned, you need to modify settings on the ASA, if you receive an open it should be purely issues with snmp mibs.