Discussion:
SNMP over WAN
Jon Dison
2013-06-10 02:19:18 UTC
Permalink
Jon Dison [http://community.zenoss.org/people/dison4linux] created the discussion

"SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73545#73545

--------------------------------------------------------------
I have a newly deployed Zenoss install using the automagic script on CentOS 6.  I'm having an issue where SNMP seems to only work on the local LAN network.  I can troubleshoot by running snmpwalk from the command line.  To local LAN hosts, it returns as expected.  To remote WAN hosts, it returns...
Timeout: No Response from host.domain.com

Are there changes necessary to snmpd.conf or something along those lines?
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73545#73545]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Andrew Kirch
2013-06-10 04:10:43 UTC
Permalink
Andrew Kirch [http://community.zenoss.org/people/akirch] created the discussion

"Re: SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73558#73558

--------------------------------------------------------------
not really, make sure your community settings match what you're using for snmpwalk.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73558#73558]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Jon Dison
2013-06-10 14:31:15 UTC
Permalink
Jon Dison [http://community.zenoss.org/people/dison4linux] created the discussion

"Re: SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73554#73554

--------------------------------------------------------------
Yes, the community settings are identical everywhere.  I had previously used Cacti to monitor the very same equipment local and remote with no issues.  I just setup Zenoss in a VM and all of the local devices show up both in the web interface and by running snmpwalk from the command line.  When I try to add one of the devices that I connect to over the WAN, only the ICMP tests work, SNMP does not from the web interface or snmpwalk on the command line.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73554#73554]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
dpetzel
2013-06-10 15:25:30 UTC
Permalink
dpetzel [http://community.zenoss.org/people/dpetzel] created the discussion

"Re: SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73555#73555

--------------------------------------------------------------
Any chance there is a firewall device between your zenoss server and the remote node? Does tcpdump show a valid TCP connection being made on the SNMP query attempt?
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73555#73555]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Jon Dison
2013-06-10 16:00:49 UTC
Permalink
Jon Dison [http://community.zenoss.org/people/dison4linux] created the discussion

"Re: SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73572#73572

--------------------------------------------------------------
Yes there are firewalls between the Zenoss server and the remote node, but their configuration to allow Cacti to monitor them via SNMP has not changed.  Filtering tcpdump for source or destination IP = remote IP only shows:


| 280 | 24.970382 | 10.0.75.61 | 69.XXX.XXX.193 | SNMP | 82 | get-next-request 1.3.6.1.2.1 |
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73572#73572]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
dpetzel
2013-06-10 16:26:43 UTC
Permalink
dpetzel [http://community.zenoss.org/people/dpetzel] created the discussion

"Re: SNMP over WAN"

To view the discussion, visit: http://community.zenoss.org/message/73573#73573

--------------------------------------------------------------
Is that when running it on the zenoss box, or the remote snmp agent node? Your original note indicates that you ran snmpwalk from the command line on the zenoss box and it failed? this take the Zenoss application itself out of the equation, and you are left with tcp connectivity. I can't speak to your network, but its pretty common for monitoring servers to get "special" firewall rules, so just because your cacti box had ACLS, it may not mean your Zenoss box has the right ACLS (unless of course they are the same actual box)

If you run tcpdump on both the snmp agent as well as the zenoss box, and don't see the packages on the snmp agent, I would turn to the firewall logs. Your symptoms so far describe network connectivity issues.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/73573#73573]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...