Professional Documents
Culture Documents
VPN
Network Management System (NMS): Software which runs on administrative computer, also
called Manager, and has the task of monitoring or managing a group of hosts or devices on a
computer network.
Agent: Network-management software module that resides on a managed device. It can be any
type of device, including routers, access servers, switches, bridges, hubs, IP telephones, IP video
cameras, computer hosts and printers.
Cyberoam can be managed through SNMP by an NMS. It even provides the flexibility to be managed
over an IPSec VPN tunnel. This enables centralized management of all network devices of the
Branch Offices from the Head Office.
Scenario
The network diagram below shows how Cyberoam is deployed in the network.
VPN Tunnel
LAN IP: 172.16.1.1
172.16.1.0
172.16.2.0
SNMP Server
Branch Office
Head Office
The Branch Office Cyberoam reports device-specific information to the SNMP Server residing in the
Head Office network. Cyberoam forwards the SNMP traffic through the VPN tunnel established
between the Head Office and Branch Office. The following table shows the IP configuration of the
network depicted above.
Branch Office
Cyberoam WAN IP address: 192.168.20.178
Cyberoam LAN IP address: 172.16.2.1
Head Office
Cyberoam WAN IP address: 192.168.20.111
Cyberoam LAN IP address: 172.16.1.1
SNMP Server: 172.16.1.10
Prerequisite
A Site-to-Site VPN Tunnel needs to be configured between Head office and Branch office. For details
refer article Establish Site-to-Site IPSec Connection using Preshared key.
Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
To configure SNMP over VPN, follow the steps mentioned below.
Step 1: Configure Agent
Go to System > SNMP > Agent Configuration and check Enable SNMP Agent. Specify the
parameters as shown in the following table.
Parameter
Value
Description
Name
BO_Cyberoam
Location
United States
Contact Person
Cyberoam
Agent Port
161(Default)
Manager Port
162
Value
Description
Name
SNMP_Server
172.16.1.10
Protocol Version
v1
v2c
Trap Support
v1
v2c
IP Address
Add an IPSec route to forward Cyberoam-generated SNMP traffic to the pre-configured IPSec
tunnel snmpovervpn by executing the following command:
console> cCyberoam
snmpovervpn
ipsec_route
add
host
172.16.1.10
tunnelname
Where, 172.16.1.10 is the SNMP Server IP and snmpovervpn VPN Tunnel name.