My problem is, is that the branch sites have dynamic IP assignment via ADSL from ISP. IP's are constantly changing. Here is the set up. We have about 130 Branch sites using Cisco 881 VPN routers, their connecting to a 3845 Headend router via EasyVPN. My management network is connected to Head-end via VPN Lan-to-Lan tunnel. So I am not connecting directly to the Branches, I am communicating with Branches through Headend. I was previously having same issues with SNMP traps getting to my management network from Head-end, but then updated my ACL to include outside IP and now it is fine. There is a command to source another interface for SNMP traffic "snmp-server trap source (inside)" but this command does not work, I realize that If I go with DMVPN that this issue would probably be resolved but am not in the position to do this just yet. Do you have another option. I thought this would be ok. Another thing, I do have a syslog server setup and logging reaches me with no problems but than again I am using Logging source-interface Vlan1.. (I have configured "snmp-server trap source Vlan 1" but doesn't work). Your help is very much appreciated..
the easiest way is to get the snmp-server trap source command to work.
when you say it's not working, do you mean the branches still use the external interface as the source? or that it's sourced properly from vlan1 but somehow doesn't get encrypted?
what ios version are you running on the branches? maybe this is a bug and newer versions get it to work?
if you want to through another way than snmp-server trap source, then an ipsec redesign might be needed. As you noticed dmvpn would be the easiest. another solution would be dynamic lan-to-lan from branch to headend with gre tunnels (similar to dmvpn), and then force the route to the management network via GRE, this way the snmp trap source would default to use the tunnel ip address.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...