Nagios and VPN clients

Subhendu Ghosh sghosh at sghosh.org
Tue Nov 12 08:03:03 CET 2002

Previous message: Nagios and VPN clients
Next message: Nagios and VPN clients
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<Genreal MPLS networks>
With multiple MPLS networks (or VPNS of any kind) there needs to exist a
mapping of some IPaddr/port from the monitoring network to the target
(monitored/client) segments.

There is a high likelyhood that multiple customers will be using the same 
RFC1918 space.

You do need some entity on the monitoring network to be a member of each 
of the client networks.  

Active checks from a central site will not work due to IP collision.
</General MPLS networks>

<All clients connected to one network>
This assumes a common IP space and routing table shared between the 
clients - so MPLS is a network artifact and should not impact 
reachability.

</All clients connected to one network>

-sg


On Tue, 12 Nov 2002, Andrew Kemp wrote:

> Hi Bosse,
> 
> Thanks for your reply. I am aware of the ability to deploy
> Linux firewalls and hence use ssh, smtp check whatever, or
> IPSEC and Freeswan as we use it internally.
> 
> However the clients I was asking about will be connecting
> to us via an MPLS enabled network. How do I go about monitoring
> these customers ?
> 
> Thanks.
> 
> Andrew
> 
> > -----Original Message-----
> > From: bosse at klykken.com [mailto:bosse at klykken.com] 
> > Sent: Monday, 11 November 2002 10:06 AM
> > To: andrew_kemp at pacific.net.au
> > Cc: nagios-users at lists.sourceforge.net
> > Subject: Re: [Nagios-users] Nagios and VPN clients
> > 
> > 
> > Um, here's a workaround: Deploy SSH servers (cheap outdated 
> > PC with plain
> > Debian and SSH is perfect) on client sites, restrict SSH 
> > access to these
> > machines on the client firewalls to allow only your HQ's 
> > network IP's, and
> > add some extra security measures if you're paranoid. Then you 
> > can use the
> > Nagios libexec command for doing checks via SSH.
> > 
> > If that's not possible, then you should look into putting up a network
> > gateway to these VPN's, if they are standard IPSEC. Look at the
> > documentation for your current firewall, or make your own with Linux
> > (www.freeswan.org)
> > 
> > .../Bosse
> > 
> > > Gidday,
> > >
> > > We have an upcoming need to expand our Nagios monitoring to
> > > cover clients with VPN's. Has anyone worked out a means of
> > > deploying Nagios to monitor such clients ?
> > >
> > > As you know, you have to be a participant in the VPN to be able
> > > to monitor.
> > >
> > > Thanks.
> > >
> > > Andrew
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This sf.net email is sponsored by:ThinkGeek
> > > Welcome to geek heaven.
> > > http://thinkgeek.com/sf
> > > _______________________________________________
> > > Nagios-users mailing list
> > > Nagios-users at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > 
> > 
> > 
> > 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> 

-- 





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Previous message: Nagios and VPN clients
Next message: Nagios and VPN clients
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list