It is not unusual for a pix to respond to snmp queries in a very limited
way. I tell customers to ignore that routing
message and configure it log-only if it is that annoying. Basically, I
treat it as 'normal'.
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit
"Davis, Donald"
<donald.davis@firstci To: "'CATALINA
MARTINEZ '" <CATALINA.MARTINEZ@tlc.state.tx.us>, "Davis, Donald"
tizens.com>
<donald.davis@firstcitizens.com>, "'nv-l@lists.tivoli.com '"
<nv-l@lists.tivoli.com>
cc:
04/04/2003 12:35 PM Subject: RE: [nv-l]
Incorrect Routing
This sounds like the pix is not responding properly to the snmpget for the
ipForwarding status. Try it from the Mib Browser or Command Line to see
what you get.
snmpget <pix> .1.3.6.1.2.1.4.1.0
The response should be forwarding or not-forwarding.
If it is not-forwarding, that is your problem.
If it is an error message like "This variable does not exist" or "snmp-no
such name" you have an issue with your firewall security folks. They are
restricting your access to the "IP" branch of the MIB tree.
Good luck,
Don Davis
-----Original Message-----
From: CATALINA MARTINEZ
To: donald.davis@firstcitizens.com; nv-l@lists.tivoli.com
Sent: 4/4/03 9:51 AM
Subject: RE: [nv-l] Incorrect Routing
I researched further and came up with this
trap : Netview6000 specific 58982408 is generating "incorrect routing
to TLCFW1"
The description of this traps reads " this event is generated by IBM
Tivoli Netview when it notices that the host to which IP is forwarded to
is not a router"
the device listed TLCFW1 is a Ciscopix and when I did a display object
info an it has:
IPROUTER=true
isIPRouter=True
So Netview does consider this device a router.. But when I do an demand
poll-- ipForward I get "snmp-no such name"
Let me give some additional information: When this device was originally
discovered Netview gave it a generatic icon. The pix did not have a
"router symbol" but a generic icon.I opened a PMR and was assisted in
converting the generatic icon to a routers. Per Tech I had to modify
oid_to_sym file and add a class and member for the PIX . Then I had to
change the icon to appear in the IP Internet Map by editting
oid_to_type file. So once I did this, It appeared as a router and on IP
Internet submap.
I think the an important fact is that our PIX has only uses static
routes. We use EIGRP (Cisco's proprietary) and not RIP as a routing
protocol. Does Netview understand EIGRP? But then again the other
routers (6500s and 5500s) have IP forwarding turn on. I am going to
compare the configuration files of the Pix router with gateway router
and an insider router.
When I am telneted in to the server with the problem I can ping the
default gateway it has configured-- which is the PIX Interface 1 ip
address. So the server can talk to its getway... but not via snmp?
Any more ideas/suggestions?
Catalina
>>> "Davis, Donald" <donald.davis@firstcitizens.com> 04/04/03 07:57AM
>>>
Just my $0.02 worth here.
My understanding is that this message is generated if NetView detects
that the default gateway you have configured for a node is not really a
gateway.
Can NetView SNMP poll your "pix" and determine that ipforwarding is
enabled?
Don Davis
-----Original Message-----
From: CATALINA MARTINEZ
To: nv-l@lists.tivoli.com
Sent: 4/3/03 11:21 AM
Subject: [nv-l] Incorrect Routing
Hello,
I searched the archive for "Incorrect Routing to XXX" and found several
posting but never a definite solution. I am getting traps from Servers
stating "incorrect routing to PIX" these servers are on the inside
interface of the pix. I've even sniffed the packets but can not find
anything obviously wrong. The servers have as their gateway that same
interface of the pix.
Has anyone successfully fixed this?
Thanks
Catalina
AIX433 Netview 712
------------------------------------------------------------------------
------
This electronic mail and any files transmitted with it are confidential
and are intended solely for the use of individual or entity to whom they
are addressed. If you are not the intended recipient or the person
responsible for delivering the electronic mail to the intended
recipient, be advised that you have received this electronic mail in
error and that any use, dissemination, forwarding, printing, or copying
of this electronic mail is strictly prohibited. If you have received
this electronic mail in error, please immediately notify the sender by
return mail.
========================================================================
======
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|