|
Mario,
Since the devices behind VPNs are not in ARP or routing tables you will likely need to use the NetView command loadhosts to actually discover them. If the VPN gets you access to real addresses then you can do full management of these devices. If the VPN is also a NAT device, then you will run into issues.
If you are seeing NAT addresses you have 3 choices.
-- manage them for availability with PING only with NetView (and discover them as non-SNMP devices using loadhosts)
-- Use CNAT to manage them via SNMP and PING
-- migrate to Netcool Precision for IP to manage them (I am told by the Precision guys that they can handle this)
Question -- is the NAT a static one-to-one address mapping that will not change? Will it change if the routers are rebooted? For managing them, their NAT addresses have to be static so you can do the mapping and stay mapped.
Unless you use CNAT or Netcool you will have a hard time monitoring them based on MIB variable thresholds. You can do 'some' of it, but it is not a simple task.
Stephen Hochstetler shochste AT us.ibm DOT com
International Technical Support Organization at IBM
Office - 512-838-6198 (t/l 678) FAX - 512-838-6931
http://www.redbooks.ibm.com
![Inactive hide details for Mario Behring <mariobehring AT yahoo DOT com>]() Mario Behring <mariobehring AT yahoo DOT com>
Mario Behring <mariobehring AT yahoo DOT com>
Sent by: nv-l-bounces AT lists.ca.ibm DOT com
02/28/2007 09:55 AM
Please respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com> |
|
|
Hi all,
Any advises on the above subject? I have several devices behind VPN tunnels that I have to monitor for availability as well as configuring events based on MIB variables thresholds......
I am having some difficulties like:
- some devices (routers mostly) are not being discovered by NV, but they answer ping and snmpwalk commands issued at the command line at the NV server.
- different clients connected through VPN tunnels have similar IP ranges, so the addresses the NV server actually see are NAT addresses.
How can I work around these isues? Do I have to use CNAT? Is there any special configuration for NV to deal correctly with devices behind VPN tunnels?
Most tunnels are configured through PIX/ASA Cisco devices, and some through routers.
I am running NV 7.1.5 on a Red Hat 4 server.
Thanks in advance.
Best regards,
Mario Behring
Everyone is raving about the all-new Yahoo! Mail beta._______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to
internal IBM'ers only)
|
