SNMP trap not reaching SNMP trap Destination

e.craig · ‎11-03-2010

My problem is, is that the branch sites have dynamic IP assignment via ADSL from ISP. IP's are constantly changing. Here is the set up. We have about 130 Branch sites using Cisco 881 VPN routers, their connecting to a 3845 Headend router via EasyVPN. My management network is connected to Head-end via VPN Lan-to-Lan tunnel. So I am not connecting directly to the Branches, I am communicating with Branches through Headend. I was previously having same issues with SNMP traps getting to my management network from Head-end, but then updated my ACL to include outside IP and now it is fine. There is a command to source another interface for SNMP traffic "snmp-server trap source (inside)" but this command does not work, I realize that If I go with DMVPN that this issue would probably be resolved but am not in the position to do this just yet. Do you have another option. I thought this would be ok. Another thing, I do have a syslog server setup and logging reaches me with no problems but than again I am using Logging source-interface Vlan1.. (I have configured "snmp-server trap source Vlan 1" but doesn't work). Your help is very much appreciated..

fadlouni · ‎11-11-2010

Hi.

the easiest way is to get the snmp-server trap source command to work.

when you say it's not working, do you mean the branches still use the external interface as the source? or that it's sourced properly from vlan1 but somehow doesn't get encrypted?

what ios version are you running on the branches? maybe this is a bug and newer versions get it to work?

if you want to through another way than snmp-server trap source, then an ipsec redesign might be needed. As you noticed dmvpn would be the easiest. another solution would be dynamic lan-to-lan from branch to headend with gre tunnels (similar to dmvpn), and then force the route to the management network via GRE, this way the snmp trap source would default to use the tunnel ip address.

Regards,

Fadi.