RE: Moving Netview behind a Cisco PIX Firewall

[chuynh@fr.ibm.com]

There are some guide lines:
- Change the IP address of you NetView referenced in every managed node
(trap)
- Ask your firewall administrator to allow ping and snmp from your NetView
server (any, NetView host).

The firewall administrator will mention the ping of death as a deny attack
and that snmp communities run on clear text on the network.

There is always a price to pay. We dedicated a administrative network for
SNMP, Tivoli, etc. and isolate it from normal flows that do not accept SNMP
nor ping.

Chuyen HUYNH
Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
System Engineer

chuynh@fr.ibm.com

Mobile : (33) 670 014 929.
Office: (33) 149 053 686 / 338636

Tour Descartes, La Defense 5, 92066 La Defense
FRANCE

                                                                   
 (Embedded                                                         
 image moved to "Tesfai, Menghis"                                  
 file:          <Menghis.Tesfai@PictureVision.com>                 
 pic00402.pcx)  22/05/2001 21:04                                   
                                                                   



Please respond to IBM NetView Discussion <nv-l@tkg.com>

To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Moving Netview behind a Cisco PIX Firewall




Let me restate my question.

We are looking to change the IP address on the server that hosts Netview.
If you could guide me to a URL or send me some documentation relating to
this, I would appreciate it.


Thanks,

Menghis

-----Original Message-----
From: chuynh@fr.ibm.com [mailto:chuynh@fr.ibm.com]
Sent: Tuesday, May 22, 2001 5:39 AM
To: IBM NetView Discussion
Subject: Re: [NV-L] Moving Netview behind a Cisco PIX Firewall




Yes. We have a  NV 6.2 on AIX server that manages CheckPoint Firewall-1,
Cisco PIX, Cisco Catalyst and Alteon AD4.
It works fine.
As it is a touchy topic, may you be more precise on your request ?

Chuyen HUYNH
Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
System Engineer

chuynh@fr.ibm.com

Mobile : (33) 670 014 929.
Office: (33) 149 053 686 / 338636

Tour Descartes, La Defense 5, 92066 La Defense
FRANCE


 (Embedded
 image moved to "Tesfai, Menghis"
 file:          <Menghis.Tesfai@PictureVision.com>
 pic27639.pcx)  21/05/2001 18:40




Please respond to IBM NetView Discussion <nv-l@tkg.com>

To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  [NV-L] Moving Netview behind a Cisco PIX Firewall




Hello,

Has anyone gone through the exercise of moving Netview behind a firewall. I
am currently running Netview V5 on a Solaris 2.6 machine.

If you could guide me to a URL or send me some documentation relating to
this, I would appreciate it.

Thanks,

Menghis
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

pic00402.pcx
Description: Binary data