07-29-2009 01:35 PM
Hello,
I have a switch that is behind a firewall, which is managed by a public IP, which is NAT'ed on the firewall to a private internal IP on the switch.
The outside SNMP trap server is on a public IP, so the switch sends its SNMP traps over the internet.
I understand this may not be the best setup, but it is what I have in this scenario.
The problem is, syslog messages show up on the server (it is also a syslog server) fine, and show as the public IP address that is NAT'ed through the firewall, but SNMP traps come in as the private IP.
Is it possible to make the SNMP traps show the public IP? The switch has to be NAT'ed for the trap to actually get to the remote server, but it seems to preserve the "real ip" of the device, rather then the IP the trap was sent on, which is good in some scenarios, but in mine, it is problematic.
I have the trap-source commands on the switch, so they are being sources from the interface with the IP that is NAT'ed, it is the only gateway so it should not matter.
Thanks for any input.
07-29-2009 03:48 PM
No, this is not possible. There is no NAT ALG for SNMP, so the IP addresses embedded in the PDUs cannot be translated. One of the fields in an SNMP trap is agent-addr which contains the IP address of the agent (i.e. device) which generated the trap. So, while the IP address in the IP header is translated, the agent-addr field within the trap PDU will not be translated. This is what is being displayed by your SNMP manager.
07-29-2009 03:53 PM
jclarke,
Thanks for the reply, I appreciate the information.
This was my suspicion, I just could not find any evidence to back it up.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide