Re: Monitoring/managing devices behind NAT

Jeff Law · ‎11-07-2006

We are currently using LMS 2.6 to manage over 600 devices. We now need to add more devices, but these devices are behind a NAT device. All these devices have a one to one NAT mapping.

LMS will know the device as one IP address, but the configs will not reflect that IP address.

Is there any traffic that contains the real IP address of the devices that could have an impact? eg SNMP traps.

What happens to the Campus Manager views of the network?

Has any one else using LMS to manage devices behind NAT? Successfully?

Regards

Jeff

Joe Clarke · ‎11-07-2006

Managing NAT'd objects can be tricky. For starters, there is no NAT ALG for SNMP yet. Therefore, any SNMP PDUs that contain embedded IP addresses will not be translated. This can lead to problems with applications such as Campus Manager that rely on those embedded IPs to do auto-discovery.

SNMP traps and syslog messages are the same way. While the source address will be translated, any embedded IP address varbinds or strings will not be translated. This may not be such a big problem, though (off the top of my head, this means authenticationFailure traps will not have much meaning).

As for RME, as long as the devices can talk to the RME server by the IP address configured on the server, you shouldn't have much of a problem. Yes, the configs will be untranslated, and you will need a TFTP ALG if you plan on transferring configs over TFTP, but everything should work.

If the devices will know the RME server via a NAT'd IP address, then you will need to follow the steps in the online help to enable NAT support.