On 27/10/2007, cluther <[EMAIL PROTECTED]> wrote: > > Ideally you want to get these IPSec tunnel interfaces modeled within > Zenoss so this happens automatically. With that disclaimer out of the way, > here's how you would manually construct the relationship.
You said ideally. Is this because this is something zenoss should be doing, but doesn't yet, or because zenoss can do it but is failing. For this demonstration we will be using the example tunnel network of > 10.0.254.0/30 with firewallA being 10.0.254.1 and firewallB being > 10.0.254.2. > > 1. Go to the OS tab of firewallA and add an IpInterface called ipsec1 > a. Set the IP address to 10.0.254.1/30 > b. Set the interface to admin up, oper up. > c. Set the type to manualTunnel > d. Set the monitored to False > e. Lock this interface from deletion and updates > > 2. Repeat step one replacing the IP address with firewallB's IP. Is this on firewall B? Because these two firewalls are in two separate locations and share the > 10.0.254.0/30 subnet, the links will be drawn. The interfaces must be > locked to prevent the modeler from deleting them on the next cycle. > > > I have a slightly different situation where the LANs either side of the firewalls are on different subnets (although part of the same supernet), e.g . LAN A 10.0.0.0/20 -- Firewall A 10.0.0.10/20 -- IPSEC -- Internet -- IPSEC -- Firewall B 10.0.128.10/20 -- LAN B 10.0.128.0/20 Both LAN subnets belong to the 10.0.0.0/16 supernet. Via snmp discovery, I already have interfaces on the firewalls such as ipsec0 & 1, gathered from the snmp discovery. They don't have an ip address associated with them though. I also have the LAN interfaces on the firewall e.g. eth0 with the correct IP address. When I try your suggestion (using a name such as tunnel1), on entering the IP address as 10.0.0.10/16 it is immediately changed to the existing LAN IP (i.e. /20), and that IP is removed from the eth0 interface. -- Regards, Graham Bloice
_______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
