Re: vpn virtual addresses

2001-11-20 16:26:20
Subject: Re: vpn virtual addresses
From: "Stephen Hochstetler" <shochste AT us.ibm DOT com>
To: nv-l AT lists.tivoli DOT com
Date: Tue, 20 Nov 2001 15:26:20 -0600

Does the VPN address get added to the Cisco concentrator as an interface?
I think the ! in the netmon seed file keep you from discovering new nodes
through those interfaces if it found those interfaces from someone elses
arp table, but I don't think it will stop netmon from reading the MIB
interface table of the concentrator and reporting the true configuration.

I see you having multiple choices.
1.  Changing the "configuration polling" period of your concentrator.   My
guess is these interfaces happen whenever someone is logged in  AND NetView
does a configuration poll of the concentrator.   Want to make it once a
2.  When this does happen, why not just "unmanage" the interface you don't
want information about.     Then it won't matter if it is up or down.   The
interface may still get removed at the next config poll if no one has it
3.  Write a small script to be called when an IF down comes in.   It checks
the IP address of the IF and if one of these VPN ones, generates a trap
back to NetView to do an automatic "Acknowledgement" of the IF.

Kind regards,
Stephen Hochstetler              shochste AT us.ibm DOT com
International Technical Support Organization  - Austin
Office - 512-436-8564                      FAX - 512-436-8701

ITSO redbooks at  http://www.redbooks.ibm.com

                    "Kenney, John"                                              
                    <[email protected]       To:     IBM NetView Discussion <nv-l 
AT tkg DOT com>           
                    ock.com>             cc:     "Lemire, Mark" <mlemire AT 
jhancock DOT com>           
                    Sent by:             Subject:     [NV-L] vpn virtual 
                    [email protected]                                              
                    08:11 AM                                                    
                    Please respond                                              
                    to IBM NetView                                              

We have a Cisco VPN3030 concentrator installed on our network.  When
establishes a session he/she is assigned an address in a pool from n.n.n.11
to n.n.n.254.  We have put a negative entry in our seedfile to prevent
discovery of these 'virtual' addresses (i.e. !nnn.nnn.nnn.11-254), however
Netview occasionally discovers one of these addresses (despite the seedfile
entry) and adds it as an interface on the VPN.  When the person logs off, a
IFDOWN alert is generated.  The IF remains red on the map until it is
demandpolled, at which time Netview deletes the entry and issues a NODEUP.

Any ideas?  Why isn't the negative seedfile entry working in this case?


Jack Kenney, MCP+I, MCSE
CTS/Enterprise Management Tools
Phone: (617) 572-1031
Email: jkenney AT jhancock DOT com

NV-L List information and Archives: http://www.tkg.com/nv-l

<Prev in Thread] Current Thread [Next in Thread>