Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave Monitoring Controllers Behind NAT Firewall

This thread has been viewed 0 times

  • 1.  Airwave Monitoring Controllers Behind NAT Firewall

    Posted Sep 19, 2012 06:09 PM

    Hi,

     

    We are trying to monitor a controller behind a NAT firewall. We have Port Forwarded SNMP and SSH to the controller. On the Group that the device is under in Airwave we have enabled Allow One-To-One NAT. According to the manual this will allow the ability (not completely clear) the functionality we require by communicating with the IP address under Device Communication section of the Manage Tab. The initial walk of the device seems to work as we get the hostname and firmware versions. However polling after the discovery does not work, I was sure we had this working before. There is Marketing documentation that states that this can be done http://www.arubanetworks.com/pdf/solutions/AB_AirWave_MSP.pdf however it is not working. We are running 7.5.5

     

    Any help would be appreciated.

     

    Thanks,

     

    Chris



  • 2.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    EMPLOYEE
    Posted Sep 20, 2012 03:41 PM

    Is the SNMP and SSH port used the same as on the Device Communications page?  Have you tried capturing a tcpdump of communication over the ports that are currently set?



  • 3.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    Posted Sep 21, 2012 04:06 PM

    Yes the ports match. As I mentioned we are able to do the initial walk of the controller which suggest that the ports are correct. It is not until the polling portion after the walk that we run into the issue. I suspect that Airwave is trying to use the "internal" address to Poll rather than the Port forwarded NAT address for polling. No I have not done a tcpdump. 

     

    Thanks,

     

    Chris



  • 4.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    EMPLOYEE
    Posted Sep 21, 2012 04:50 PM

    The only other setting I can think to check if the Group -> select group containing NAT'd devices -> Basic tab -> Basic box -> Allow One-to-One NAT option is set to 'Yes' -> make sure this has propagated through the entire group (probably requires a database query).  If that's not the case, then I'd suggest opening a support case.



  • 5.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    Posted Sep 25, 2012 08:04 AM

    I am currently doing this but I am using the NAT'ed IP as the IP in Airwave.

     

    One thing that does not work is pushing Rogue Containment (Confirmed by TAC)



  • 6.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    Posted Sep 26, 2012 01:31 PM

    Hi Pmonardo

     

    Did you have to do anything special for it to work? I have been on the phone with TAC for an hour and a half. They have no idea. We have port forwarded UDP 161 and SSH to the controller.  We get some information back firmware and controller name but after that we get timeouts.



  • 7.  RE: Airwave Monitoring Controllers Behind NAT Firewall

    Posted Sep 27, 2012 08:31 AM

    Unfortunately I was not the one  who set it up.

     

    SNMP, SSH should be open for it as well as ICMP and UDP 162.

    Airwave will ping the devices if SNMP does not respond.

     

    Do you access the controllers over the NAT'ed IP? Can you snmpwalk the controller via Airwave CLI?

    s2w -c <ip>