[Top] [All Lists]

Re: [NV-L] Monitoring devices through VPN tunnels

To: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Subject: Re: [NV-L] Monitoring devices through VPN tunnels
From: Stephen Hochstetler <shochste@us.ibm.com>
Date: Wed, 28 Feb 2007 10:10:40 -0600
Delivery-date: Wed, 28 Feb 2007 16:12:10 +0000
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
In-reply-to: <494505.62958.qm@web43137.mail.sp1.yahoo.com>
List-help: <mailto:nv-l-request@lists.ca.ibm.com?subject=help>
List-id: Tivoli NetView Discussions <nv-l.lists.ca.ibm.com>
List-post: <mailto:nv-l@lists.ca.ibm.com>
List-subscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=subscribe>
List-unsubscribe: <http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=unsubscribe>
Reply-to: Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sender: nv-l-bounces@lists.ca.ibm.com


Since the devices behind VPNs are not in ARP or routing tables you will likely need to use the NetView command loadhosts to actually discover them. If the VPN gets you access to real addresses then you can do full management of these devices. If the VPN is also a NAT device, then you will run into issues.

If you are seeing NAT addresses you have 3 choices.
-- manage them for availability with PING only with NetView (and discover them as non-SNMP devices using loadhosts)
-- Use CNAT to manage them via SNMP and PING
-- migrate to Netcool Precision for IP to manage them (I am told by the Precision guys that they can handle this)

Question -- is the NAT a static one-to-one address mapping that will not change? Will it change if the routers are rebooted? For managing them, their NAT addresses have to be static so you can do the mapping and stay mapped.

Unless you use CNAT or Netcool you will have a hard time monitoring them based on MIB variable thresholds. You can do 'some' of it, but it is not a simple task.

Stephen Hochstetler shochste@us.ibm.com
International Technical Support Organization at IBM
Office - 512-838-6198 (t/l 678) FAX - 512-838-6931
Inactive hide details for Mario Behring <mariobehring@yahoo.com>Mario Behring <mariobehring@yahoo.com>

          Mario Behring <mariobehring@yahoo.com>
          Sent by: nv-l-bounces@lists.ca.ibm.com

          02/28/2007 09:55 AM
          Please respond to
          Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>


NetView List <nv-l@lists.ca.ibm.com>



[NV-L] Monitoring devices through VPN tunnels

Hi all,

Any advises on the above subject? I have several devices behind VPN tunnels that I have to monitor for availability as well as configuring events based on MIB variables thresholds......

I am having some difficulties like:

    • some devices (routers mostly) are not being discovered by NV, but they answer ping and snmpwalk commands issued at the command line at the NV server.
    • different clients connected through VPN tunnels have similar IP ranges, so the addresses the NV server actually see are NAT addresses.
How can I work around these isues? Do I have to use CNAT? Is there any special configuration for NV to deal correctly with devices behind VPN tunnels?

Most tunnels are configured through PIX/ASA Cisco devices, and some through routers.

I am running NV 7.1.5 on a Red Hat 4 server.

Thanks in advance.

Best regards,

Mario Behring

Everyone is raving about the all-new Yahoo! Mail beta._______________________________________________
NV-L mailing list
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)

GIF image

NV-L mailing list
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)
<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web