This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNMP through IpSec Tunnel

Hi,

Currently we have many tunnels (VPN) pointed to our customers. We use this tunnels to perform monitor tasks. Because all our customers use ASL, we do like to monitor their firewalls also. Lucky us, ASL supports SNMP. But unfortunately it doesn't work through VPN tunnels.

Example:
[Our Mon LAN] ---StS VPN---->[FW-Customer]-->[CUST LAN]

We are able to monitor all Srv from the customers LAN, but are unable to recieve SNMP traffic from the firewall to our Mon LAN.

Anybody an idea?

D.

This thread was automatically locked due to age.

Parents

0 drees over 19 years ago

It's probably a packet filter problem, as I use SNMP through VPNs all the time.
Cancel
Vote Up 0 Vote Down

Cancel
0 dcorsel over 19 years ago in reply to drees

We're also using SNMP all the time, to monitor their servers. But now I'm talking about monitoring the VPN-endpoint, through the tunnel.

[Mon LAN] - > SiteToSiteVpn -> [Cust FW] -> [Cust LAN]

See which point I would like to monitor? (Cust FW) = Customer Firewall
Cancel
Vote Up 0 Vote Down

Cancel
0 drees over 19 years ago in reply to dcorsel

So does the Cust FW have an IP on the VPN? Is it configured to allow SNMP requests from the Mon LAN?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 drees over 19 years ago in reply to dcorsel

So does the Cust FW have an IP on the VPN? Is it configured to allow SNMP requests from the Mon LAN?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rob.fegley over 19 years ago in reply to drees

Do you have a tunnel from your NOC to the customer's Data Center LAN(s) *AND* a tunnel from your NOC to the customer's Firewall?  If not, then this is what you'll need.  Even though the firewall may be addressed in one of those LANs, you have to create a separate tunnel specifically to the host address of the firewall.

Example:
[Site A Summary Address}--tunnel0--{Site B Summary Address]
[Site A FW Host Address}--tunnel1--{Site B Summary Address]
[Site A Summary Address}--tunnel2--{Site B FW Host Address]
[Site A FW Host Address}--tunnel3--{Site B FW Host Address]

Client-Server traffic will traverse tunnel0
   ex: Outlook user in SiteA connecting to Exchange Server in SiteB
Administration of SiteA's FW from SiteB will traverse tunnel1
   ex: Engr in SiteB admin'g SiteA FW; user in SiteB using Proxy at SiteA FW
Administration of SiteB's FW from SiteA will traverse tunnel2
   ex: Engr in SiteA admin'g SiteB FW; user in SiteA using Proxy at SiteB FW
Traffic from SiteA's FW to SiteB's FW will traverse tunnel3
   ex: SMTP proxy on SiteB FW relaying to SMTP proxy on SiteA FW

HTH!

Rob
Cancel
Vote Up 0 Vote Down

Cancel