From: ezrick
Date: Sat Dec 06 2008 - 06:07:59 ARST
Hi Adam
Nat will be done only on the Trap Ip header.
SNMP trap include the source IP (pre-nat) in the snmp pay-load.
your network monitoring system should be configured to use one of these
IP's as the source.
good luck
Ezrick
<adam@therothfamily.net>
OT: NAT and SNMP
Hi:
I am working on a project with a VPN site to site. On one side of the
tunnel there is a PIX and on the inside interface a server collecting traps.
On the other side of the tunnel there is ASA with a layer 3 switch connected
to it. Connected to the Layer 3 switch on the inside there is a PIX or
router on doing static one to one NAT. The NAT translations on both sides
with the one to one NAT are RFC1918 addresses. Connected to the PIX or
router is a device sending traps. Will there be an issue with the network
monitoring platform being able to tell where the SNMP originated? Also, is
this considered double NAT because of the tunnel or is this a single NAT?
Site to site NAT 1 to 1
IPSEC RFC1918
[ Server/traps ]_____( PIX)- - -(ASA)____[L3 switch]______(PIX)---(SNMP)
Thanks
Adam
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST