Scribd Logo
Upload

Welcome to Scribd!

  • How To Manage Cyberoam Through SNMP Over VPN PDF

    Uploaded by

    Alan Spósito
    61 views4 pages

    Original Title

    How_To_Manage_Cyberoam_Through_SNMP_Over_VPN.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    61 views4 pages

    How To Manage Cyberoam Through SNMP Over VPN PDF

    Uploaded by

    Alan Spósito

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    How To - Manage Cyberoam through SNMP over

    VPN

    How To Manage Cyberoam Through SNMP over VPN

    Applicable Version: 10.00 onwards


    Overview
    Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices
    on IP networks. It is used mostly in network management systems to monitor network-attached
    devices for conditions that require administrative attention.
    SNMP typically consists of two (2) components:
    -

    Network Management System (NMS): Software which runs on administrative computer, also
    called Manager, and has the task of monitoring or managing a group of hosts or devices on a
    computer network.
    Agent: Network-management software module that resides on a managed device. It can be any
    type of device, including routers, access servers, switches, bridges, hubs, IP telephones, IP video
    cameras, computer hosts and printers.

    Cyberoam can be managed through SNMP by an NMS. It even provides the flexibility to be managed
    over an IPSec VPN tunnel. This enables centralized management of all network devices of the
    Branch Offices from the Head Office.

    Scenario
    The network diagram below shows how Cyberoam is deployed in the network.

    WAN IP: 192.168.20.178

    WAN IP: 192.168.20.111

    VPN Tunnel
    LAN IP: 172.16.1.1

    LAN IP: 172.16.2.1

    172.16.1.0
    172.16.2.0

    SNMP Server
    Branch Office

    Head Office

    The Branch Office Cyberoam reports device-specific information to the SNMP Server residing in the
    Head Office network. Cyberoam forwards the SNMP traffic through the VPN tunnel established
    between the Head Office and Branch Office. The following table shows the IP configuration of the
    network depicted above.
    Branch Office
    Cyberoam WAN IP address: 192.168.20.178
    Cyberoam LAN IP address: 172.16.2.1

    Head Office
    Cyberoam WAN IP address: 192.168.20.111
    Cyberoam LAN IP address: 172.16.1.1
    SNMP Server: 172.16.1.10

    How To Manage Cyberoam Through SNMP over VPN

    Prerequisite
    A Site-to-Site VPN Tunnel needs to be configured between Head office and Branch office. For details
    refer article Establish Site-to-Site IPSec Connection using Preshared key.

    Configuration
    You must be logged on to the Web Admin Console as an administrator with Read-Write permission
    for relevant feature(s).
    To configure SNMP over VPN, follow the steps mentioned below.
    Step 1: Configure Agent
    Go to System > SNMP > Agent Configuration and check Enable SNMP Agent. Specify the
    parameters as shown in the following table.
    Parameter

    Value

    Description

    Name

    BO_Cyberoam

    Name to identify the Agent.

    Location

    United States

    Physical location of the appliance.

    Contact Person

    Cyberoam

    Contact information of the person


    responsible for the maintenance of
    above specified appliance.

    Agent Port

    161(Default)

    Appliance will use this port to send


    the SNMP traps.

    Manager Port

    162

    Remote SNMP Management station


    or Manager will use this port to
    connect to the appliance.

    How To Manage Cyberoam Through SNMP over VPN

    Step 2: Add Community


    Go to System > SNMP > Community and click Add to add a community.

    Specify the parameters as shown in the table given below.


    Parameter

    Value

    Description

    Name

    SNMP_Server

    Name to identify the Community.

    172.16.1.10

    IP address of the SNMP Manager


    that will use the settings in the SNMP
    community to monitor the appliance.

    Protocol Version

    v1
    v2c

    Enable the required SNMP protocol


    version support. SNMP v1 and v2c
    compliant SNMP managers have
    read-only access to appliance system
    information and can receive appliance
    traps.

    Trap Support

    v1
    v2c

    Enable the required version for trap


    support.

    IP Address

    Click OK to create the SNMP Community.

    How To Manage Cyberoam Through SNMP over VPN

    Step 3: Create IPSec Static Route

    Login to the CLI Console.

    Select Option 4. Cyberoam Console

    Add an IPSec route to forward Cyberoam-generated SNMP traffic to the pre-configured IPSec
    tunnel snmpovervpn by executing the following command:
    console> cCyberoam
    snmpovervpn

    ipsec_route

    add

    host

    172.16.1.10

    tunnelname

    Where, 172.16.1.10 is the SNMP Server IP and snmpovervpn VPN Tunnel name.

    Step 4: Enable NAT for Cyberoam Traffic


    NAT the Cyberoam traffic to desired public IP with the private LAN IP by executing the following
    command.
    console> set advanced-firewall cr-traffic-nat add destination 172.16.1.10
    snatip 172.16.2.1
    Where, 172.16.1.10 is the SNMP Server IP and 172.16.2.1 is the LAN IP (Branch Office).

    Document Version: 1.1 14 May, 2014

    You might also like