|
Hi group,
I have a situation where on our private network, we have a management server (Aprisma Spectrum to be precise) that needs to sit on a public address, monitoring
several hundred remote site routers through our extranet. A firewall such as
PIX will be introduced probably behind this management
server running solaris ; how can I manage all the remote site routers
(1600 series) without the security risks involved with turning on SNMP? The solution
we proposed is implementing a VPN tunnel
but the company does not want to go through using that with IPSec because of the inherent cost of more hardware involved
and the managebility of setting it up........any ideas? Basically, we want to encrypt the SNMP
traffic coming back from
all the remote sites securely ;
furthermore, on the client side, we will be using SSL to guard against the
application traffic.
I guess we can use SNMP v2 with MD5 but all our
traps are using SNMP v1 only. Hope all you security guys can give me some
advice on the design of such a flexible and
scalable solution........
Thanks in advance!
David Luong
CCNP,CCNA,A+,Network+,i-Net+
Telecom Systems Management Analyst III |
