Does anyone out there know if its possible to manage devices in a private
network using SNMP through a firewall configured to do address translation
(NAT)? The scenario is this...
The Network Management Stations (NMS) are in a centralized NOC. They
running HP Openview, Concord and Ciscoworks 2K on Sun/Solaris 2.6 It manages
devices in multiple locations that have their own routed networks.. much like
an ISP would. One of these locations has a private (10.x.x.x) network
addressing scheme and uses NAT in their firewall (Border Manager) to
translate private addresses to public ones.
The problem is that when the NMS does an SNMP get on the public (NAT'd)
address (i.e. belonging to a router), the SNMP reply contains the Mib object
(ifAddress) of the physical interface which is a 10.x.x.x address. When a
ping/subsequent poll of the device occurs it pings the address of the
physical interface, rather than the public address. Of course there will be
no reply from the private (10 network) address-- the firewall will discard
ICMP requests to private addresses.
My question is-- does anyone know of a way to get the firewall, or even a
router, translate the private IP address in the SNMP reply (ifAddress) to the
NAT'd address? Or of another work around that wont be a maintenance
nightmare?
Thanks,
C. Mayfield
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
