SNMP, Static NAT and management systems including servers midwear and applications

Hi All:

I have been asked to extend the capabilities of my current monitoring and
management system to another division of the company. All IP space is
rfc1918 with no public routed space in the mix. Needless to say, and
rightfully so, the network folks won't allow me to directly attach my
management network to theirs.

I use SNMP for system level monitoring for all servers via agents on the
servers (WIN and NIX). Static NAT will be put into place but it breaks my
SNMP gets used by the noc to validate CPU, disk util ect.. In a quick test
NAT on my own network was set up and I can receive traps and parse them fine
even with the NAT as the current trap receiver and visualization can handle
incoming traps and NAT. I can see system IP and peer IP fulfilling the two
sides. I know I can create an simple ALG via a Apache server with Perl to
execute the SNMP get on the foreign network. Noc folks can see data and
import it into the ticket (no blind escalations).

My question is how have others handled SNMP and static NATs without a ground
up re-architecture. I don't want to bring in new protocols and change my
systems as they are today due to the heavy integration with provisioning,
work flow and process flows. They have worked well to date besides the huge
sunk $ investment in software and integration.

I have been looking for a complex ALG but there doesn't seem to be much out
there and I would rather not manipulate the payload, but map it correctly.
Any suggestions?


Hi Bobby,

Can your monitoring system use other ports (per host) for SNMP? In that case
you could user port forwarding (and up to 60,000 hosts this should be fine),
with static NAT this would be a good option I guess.

With kind regards,

Mark Scholten