ANM behind a NAT

omarmontes · ‎05-05-2011

Hi guys!

Is there an implication of having an ANM server behind a NAT? When configuring an ACE module from the ANM server, it configures its IP address as the SNMP server (the local address). I guess for this you have to get directly into the ACE module and change this to the NAT address. But is there something am I missing? should it work?

thanks in advance

Daniel Arrondo Ostiz · ‎05-06-2011

Hi Omar,

Whenever possible, I would recommend keeping direct connectivity between the ACE and the ANM server, preferably on a management-only vlan, because otherwise, even though most of the ANM functionality would still work (assuming that traffic is able to flow bi-directionally through the NAT) some features may not work properly.

Just to give you an example, when parsing syslog messages, ANM will use the IP address sent inside the syslog message to identify the ACE that generated the message. If this address is being natted, ANM won't be able to determined to which ACE the messages belongs and will assume that the corresponding device was not imported, resulting in the syslog message being ignored.

As you also mentioned, there are some configurations pushed by the ANM (syslog, SNMP...) that would have to be modified manually after being pushed by ANM, which is more error-prone.

Regards

Daniel

omarmontes · ‎05-06-2011

Thank you Daniel..

Do you know of other features that might not work?

Daniel Arrondo Ostiz · ‎05-09-2011

Hi Omar,

Apart from what I already explained, I don't think there would be other issues, but I cannot confirm it

Regards

Daniel