Re: vpn virtual addresses

["Stephen Hochstetler" <shochste@us.ibm.com>]

Jack,

Does the VPN address get added to the Cisco concentrator as an interface?
I think the ! in the netmon seed file keep you from discovering new nodes
through those interfaces if it found those interfaces from someone elses
arp table, but I don't think it will stop netmon from reading the MIB
interface table of the concentrator and reporting the true configuration.

I see you having multiple choices.
1.  Changing the "configuration polling" period of your concentrator.   My
guess is these interfaces happen whenever someone is logged in  AND NetView
does a configuration poll of the concentrator.   Want to make it once a
month?
2.  When this does happen, why not just "unmanage" the interface you don't
want information about.     Then it won't matter if it is up or down.   The
interface may still get removed at the next config poll if no one has it
active.
3.  Write a small script to be called when an IF down comes in.   It checks
the IP address of the IF and if one of these VPN ones, generates a trap
back to NetView to do an automatic "Acknowledgement" of the IF.


Kind regards,
Stephen Hochstetler              shochste@us.ibm.com
International Technical Support Organization  - Austin
Office - 512-436-8564                      FAX - 512-436-8701

ITSO redbooks at  http://www.redbooks.ibm.com


                                                                                
                 
                    "Kenney, John"                                              
                 
                    <jkenney@jhanc       To:     IBM NetView Discussion 
<nv-l@tkg.com>           
                    ock.com>             cc:     "Lemire, Mark" 
<mlemire@jhancock.com>           
                    Sent by:             Subject:     [NV-L] vpn virtual 
addresses               
                    owner-nv-l@tkg                                              
                 
                    .com                                                        
                 
                                                                                
                 
                                                                                
                 
                    11/20/2001                                                  
                 
                    08:11 AM                                                    
                 
                    Please respond                                              
                 
                    to IBM NetView                                              
                 
                    Discussion                                                  
                 
                                                                                
                 
                                                                                
                 



We have a Cisco VPN3030 concentrator installed on our network.  When
someone
establishes a session he/she is assigned an address in a pool from n.n.n.11
to n.n.n.254.  We have put a negative entry in our seedfile to prevent
discovery of these 'virtual' addresses (i.e. !nnn.nnn.nnn.11-254), however
Netview occasionally discovers one of these addresses (despite the seedfile
entry) and adds it as an interface on the VPN.  When the person logs off, a
IFDOWN alert is generated.  The IF remains red on the map until it is
demandpolled, at which time Netview deletes the entry and issues a NODEUP.

Any ideas?  Why isn't the negative seedfile entry working in this case?

Thanks,
jtk

Jack Kenney, MCP+I, MCSE
Consultant
CTS/Enterprise Management Tools
Phone: (617) 572-1031
Email: jkenney@jhancock.com


_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l