09-24-2013 12:06 PM
Hi everyone,
Looking for some info and recommendations about using Site-to-Site VPNs for SNMP device polling.
My company is looking in to starting a NOC and being able to remotly monitor customer devices, as well as doing proactive/reactive work on their devices. One problem that will likely come up will be overlapping addressing between customers and us. The way around this seems to be to use NAT to re-assign customer subnets into an addressing scheme that we will decide (essentially virtual subnets).
For example:
HQ - 10.254.1.0/24
Customer 1 - 10.1.1.0/24 (NAT to appear as 10.100.1.0/24)
Customer 1 - 10.1.2.0/24 (NAT to appear as 10.100.2.0/24)
Customer 1 - 10.1.3.0/24 (NAT to appear as 10.100.3.0/24)
Customer 2 - 10.1.1.0/24 (NAT to appear as 10.101.1.0/24)
Customer 2 - 10.1.2.0/24 (NAT to appear as 10.101.2.0/24)
Customer 2 - 10.1.3.0/24 (NAT to appear as 10.101.3.0/24)
From HQ there would be an IPsec VPN using public addressing to each customer site, from which we should then be able to poll any device on any private subnet (assuming there is a corresponding NAT entry the subnet the device resides).
Does this seem the typical approach (or even correct)? Does anyone else out there do something similar and can give some more info on their setup?
Cheers,
Stuart
09-27-2013 01:22 PM
Stuart,
I have seen this in action at my last company. It looks like you are on the right path. Also, when you configure SNMP community string on the customer's devices, you will need a route in place.
For example on a switch:
HQ Monitor Server - 10.254.1.250
ASA(own by you) at customer's site - 10.1.2.254
Customer2 router- 10.1.2.1
ip route 10.254.1.250 255.255.255.255 10.1.2.254
(on Customer2 switch - 10.1.2.15)
snmp-server community CUSOMTER2 RO
ip route 10.254.1.250 255.255.255.255 10.1.2.1
09-27-2013 01:53 PM
Thanks, Rashid. Good to know we are heading along the right line.
Anyone else out there with similar setups that could give some examples or words of wisdom?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide