SNMP Traps to external server, showing as private IP

Jasonch518_2 · ‎07-29-2009

Hello,

I have a switch that is behind a firewall, which is managed by a public IP, which is NAT'ed on the firewall to a private internal IP on the switch.

The outside SNMP trap server is on a public IP, so the switch sends its SNMP traps over the internet.

I understand this may not be the best setup, but it is what I have in this scenario.

The problem is, syslog messages show up on the server (it is also a syslog server) fine, and show as the public IP address that is NAT'ed through the firewall, but SNMP traps come in as the private IP.

Is it possible to make the SNMP traps show the public IP? The switch has to be NAT'ed for the trap to actually get to the remote server, but it seems to preserve the "real ip" of the device, rather then the IP the trap was sent on, which is good in some scenarios, but in mine, it is problematic.

I have the trap-source commands on the switch, so they are being sources from the interface with the IP that is NAT'ed, it is the only gateway so it should not matter.

Thanks for any input.

Joe Clarke · ‎07-29-2009

No, this is not possible. There is no NAT ALG for SNMP, so the IP addresses embedded in the PDUs cannot be translated. One of the fields in an SNMP trap is agent-addr which contains the IP address of the agent (i.e. device) which generated the trap. So, while the IP address in the IP header is translated, the agent-addr field within the trap PDU will not be translated. This is what is being displayed by your SNMP manager.

Jasonch518_2 · ‎07-29-2009

jclarke,

Thanks for the reply, I appreciate the information.

This was my suspicion, I just could not find any evidence to back it up.

Thanks again.