Network Management

Reply
New Contributor
Posts: 3
Registered: ‎09-18-2007

Airwave Monitoring Controllers Behind NAT Firewall

[ Edited ]

Hi,

 

We are trying to monitor a controller behind a NAT firewall. We have Port Forwarded SNMP and SSH to the controller. On the Group that the device is under in Airwave we have enabled Allow One-To-One NAT. According to the manual this will allow the ability (not completely clear) the functionality we require by communicating with the IP address under Device Communication section of the Manage Tab. The initial walk of the device seems to work as we get the hostname and firmware versions. However polling after the discovery does not work, I was sure we had this working before. There is Marketing documentation that states that this can be done http://www.arubanetworks.com/pdf/solutions/AB_AirWave_MSP.pdf however it is not working. We are running 7.5.5

 

Any help would be appreciated.

 

Thanks,

 

Chris

Moderator
Posts: 1,252
Registered: ‎10-16-2008

Re: Airwave Monitoring Controllers Behind NAT Firewall

Is the SNMP and SSH port used the same as on the Device Communications page?  Have you tried capturing a tcpdump of communication over the ports that are currently set?


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
New Contributor
Posts: 3
Registered: ‎09-18-2007

Re: Airwave Monitoring Controllers Behind NAT Firewall

Yes the ports match. As I mentioned we are able to do the initial walk of the controller which suggest that the ports are correct. It is not until the polling portion after the walk that we run into the issue. I suspect that Airwave is trying to use the "internal" address to Poll rather than the Port forwarded NAT address for polling. No I have not done a tcpdump. 

 

Thanks,

 

Chris

Moderator
Posts: 1,252
Registered: ‎10-16-2008

Re: Airwave Monitoring Controllers Behind NAT Firewall

[ Edited ]

The only other setting I can think to check if the Group -> select group containing NAT'd devices -> Basic tab -> Basic box -> Allow One-to-One NAT option is set to 'Yes' -> make sure this has propagated through the entire group (probably requires a database query).  If that's not the case, then I'd suggest opening a support case.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
MVP
Posts: 1,422
Registered: ‎10-25-2011

Re: Airwave Monitoring Controllers Behind NAT Firewall

I am currently doing this but I am using the NAT'ed IP as the IP in Airwave.

 

One thing that does not work is pushing Rogue Containment (Confirmed by TAC)

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
New Contributor
Posts: 3
Registered: ‎09-18-2007

Re: Airwave Monitoring Controllers Behind NAT Firewall

[ Edited ]

Hi Pmonardo

 

Did you have to do anything special for it to work? I have been on the phone with TAC for an hour and a half. They have no idea. We have port forwarded UDP 161 and SSH to the controller.  We get some information back firmware and controller name but after that we get timeouts.

MVP
Posts: 1,422
Registered: ‎10-25-2011

Re: Airwave Monitoring Controllers Behind NAT Firewall

Unfortunately I was not the one  who set it up.

 

SNMP, SSH should be open for it as well as ICMP and UDP 162.

Airwave will ping the devices if SNMP does not respond.

 

Do you access the controllers over the NAT'ed IP? Can you snmpwalk the controller via Airwave CLI?

s2w -c <ip>

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: