Newbie here. Familar with NATing and such, just not familar with scripting on MT. Here’s the layout.
Have Solarwinds runnng in office. Have 6 devices at remote site we need to access via SNMP with an MT device in the middle.
x.x.247.40 (WAN at office) —> x.x.10.222 (wan of remote MT)—> x.x.2.1 (gw of remote MT) —> (multiple devices with SNMP enabled)
So, in short, we need to access multiple SNMP devices from a remote office, with an MT RB750 in the middle. No queues, no special routing, just simple NAT in the MT.
I’ve other MT units I’m monitoring with SWinds just fine but don’t know how to monitor through to devices on back side of a MT since SWinds/SNMP won’t allow access via port forwarding.
Help appreciated…Thanks, Robert
Simplest routing is static routing, and this in my opinion is simpler than NaTting.
If you you do want to persist with NAT, then I suggest at the remote end you use multiple Alias / Secondary IP addresses on the WAN interface. Then set up 1:1 Static NAT, and then do your port forwards to the relevant devices.
For e.g. if you want to use SNMP to monitor a device at a remote location using Ping, and you have NAT then the SNMP Agent will only be able to measure Ping to the NAT IP address and not to the device itself. Other SNMP measurable things will obviously be OK as long as you port forward the correct ports.
Is this over a Private WAN or is it over the internet or VPN?
Thanks…
I use NAT so I can manage devices from anyplace I’m setting; another client, Cancun, etc.
SNMP however will only be coming from our own server at a single location.
The Wan is over internet. All devices are already on NAT and accessible through standard HTTP access (x.x.11.22:1234) method. What I’m after is not having to set up multiple ports to let SNMP through.
Illuminate me on using static routing for this if you would…Only option I can come up with is setting up VPN tunnel to each remote Site, then somehow jump the WAN wall to get to remote Devices.
I have about 5 of these remote sites, each with multiple devices behind an MT router. The devices are all APs(tranzeo, MT, etc). If I can leave the NAT in place for direct device access that would be great, along with static NAT you suggest.
Let’s see what you can suggest. I’m not familar with static routes, but I do have extra MT units I can test with.
Robert
If its over the internet, then youre thinking of using VPN tunnels is bang on. To be honest its the best way to do it any way.
We do exactly what you are wanting to do all the time and it works well.
In short:
1: Create an Ethernet over IP Tunnel or an IP IP Tunnel between you and your remote site.
2: Then encrypt that tunnel with IPSec in Tunnel Mode
3: Give your EoIP tunnel some point to point /30 IP Addressing
4: Set up static routes on the routers at each end of the tunnel to point the traffic to wherever it has to go. We even use OSPF over such links.
5: Then you can ping / trace / any other traffic to anywhere on the remote networks, this is interconnecting two remote LANS over the internet, or site to site vpn.
6: use firewall filter rules to restrict traffic as necessary to make sure things that you dont want on the VPN dont go there.
I learned all this from a guru called Greg Sowell. He has some great training videos for free on his site. http://gregsowell.com/?page_id=951