Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Monitoring/managing devices behind NAT

We are currently using LMS 2.6 to manage over 600 devices. We now need to add more devices, but these devices are behind a NAT device. All these devices have a one to one NAT mapping.

LMS will know the device as one IP address, but the configs will not reflect that IP address.

Is there any traffic that contains the real IP address of the devices that could have an impact? eg SNMP traps.

What happens to the Campus Manager views of the network?

Has any one else using LMS to manage devices behind NAT? Successfully?



Cisco Employee

Re: Monitoring/managing devices behind NAT

Managing NAT'd objects can be tricky. For starters, there is no NAT ALG for SNMP yet. Therefore, any SNMP PDUs that contain embedded IP addresses will not be translated. This can lead to problems with applications such as Campus Manager that rely on those embedded IPs to do auto-discovery.

SNMP traps and syslog messages are the same way. While the source address will be translated, any embedded IP address varbinds or strings will not be translated. This may not be such a big problem, though (off the top of my head, this means authenticationFailure traps will not have much meaning).

As for RME, as long as the devices can talk to the RME server by the IP address configured on the server, you shouldn't have much of a problem. Yes, the configs will be untranslated, and you will need a TFTP ALG if you plan on transferring configs over TFTP, but everything should work.

If the devices will know the RME server via a NAT'd IP address, then you will need to follow the steps in the online help to enable NAT support.