Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-to-Site VPNs to poll SNMP on remote devices

Hi everyone,

Looking for some info and recommendations about using Site-to-Site VPNs for SNMP device polling.

My company is looking in to starting a NOC and being able to remotly monitor customer devices, as well as doing proactive/reactive work on their devices. One problem that will likely come up will be overlapping addressing between customers and us. The way around this seems to be to use NAT to re-assign customer subnets into an addressing scheme that we will decide (essentially virtual subnets).

For example:

HQ - 10.254.1.0/24


Customer 1 - 10.1.1.0/24 (NAT to appear as 10.100.1.0/24)

Customer 1 - 10.1.2.0/24 (NAT to appear as 10.100.2.0/24)

Customer 1 - 10.1.3.0/24 (NAT to appear as 10.100.3.0/24)

Customer 2 - 10.1.1.0/24 (NAT to appear as 10.101.1.0/24)

Customer 2 - 10.1.2.0/24 (NAT to appear as 10.101.2.0/24)

Customer 2 - 10.1.3.0/24 (NAT to appear as 10.101.3.0/24)

From HQ there would be an IPsec VPN using public addressing to each customer site, from which we should then be able to poll any device on any private subnet (assuming there is a corresponding NAT entry the subnet the device resides).

Does this seem the typical approach (or even correct)? Does anyone else out there do something similar and can give some more info on their setup?

Cheers,

Stuart

  • VPN
2 REPLIES
New Member

Site-to-Site VPNs to poll SNMP on remote devices

Stuart,

I have seen this in action at my last company. It looks like you are on the right path. Also, when you configure SNMP community string on the customer's devices, you will need a route in place.

For example on a switch:

HQ Monitor Server - 10.254.1.250

ASA(own by you) at customer's site - 10.1.2.254

Customer2 router- 10.1.2.1

ip route 10.254.1.250 255.255.255.255 10.1.2.254

(on Customer2 switch - 10.1.2.15)

snmp-server community CUSOMTER2 RO

ip route 10.254.1.250 255.255.255.255 10.1.2.1

New Member

Site-to-Site VPNs to poll SNMP on remote devices

Thanks, Rashid. Good to know we are heading along the right line.

Anyone else out there with similar setups that could give some examples or words of wisdom?

180
Views
5
Helpful
2
Replies
This widget could not be displayed.