Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

problem with monitoring 1500 appliance LTE

Hello CheckMates,

we had a bunch of 1500 appliances connected to the internet via LTE. Everything is working fine, VPN tunnels are up and traffic flows. But all appliances are shown as disconnected in Smartconsole/SmartviewMonitor. After debug we could see the LTE provider did some NAT for the appliance. The Managementserver does not get the real IP of the appliance, only the NATed IP. I think this is normal behaviour if any NAT is done on the way between remote and central gateway but do we have any chance to get a green state in Smartconsole for the LTE appliances with dynamic IPs?

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee

Review the following articles sk120136 / sk93566 as a start, not all implied rules apply for traffic from DAIP gateways ...

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

@Chris_Atkinson  checked these sarticles, everything looks fine. SmartProvisioning is mentioned in the article but we don't use this feature, alle gateways are defined as normal DAIP gateways. There are no firewall-rules between remote and central gateway.

Can you please explain the needed traffic flow for the "connect" state. Will be there a need for a cpd_amon connection from the management to the remote DAIP gateway or vice versa?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Please explain the NAT used here - sounds like  static NAT, not dynamic IP to me...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
Authority
Authority

@G_W_Albrecht we have no information which kind of NAT is done via the LTE provider, this is something mysterious done by the  German Telekom in the LTE network. We could see the appliance getting IP-adress (10.xx.xx.xx) but on the management we could see the appliance as 80.xx.xx.xx.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Then maybe you can just be glad that VPN is working 😎

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Chris_Atkinson
Employee Employee
Employee

Central gateway has rules in-place of the implied rules for the traffic from DAIP gateway/s or is mgmt traffic via VPN?

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

Yes, rules exists for the management ports like cpd, fw_log, cpd_amon etc.  VPN is working fine, logs are sent to the management. Only the state of the appliance is not shown as connected and the state of the VPN tunnel is shown as down in SmartviewMonitor.

Are there any requirements if the appliance will be installed behind another NAT-device ? 

0 Kudos
Wolfgang
Authority
Authority

@Chris_Atkinson my question again.... we had a DAIP appliance behind a NAT device, only NAT no firewall. Will it be possible to get these appliance to the green state meaning "connected" in Smartconsole view ?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I've sought some feedback on your behalf (in the absence of a corresponding SK etc) and will update you accordingly.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events