Proxy Over Firewalls - Cisco ONS 15454 DWDM Reference Manual
Hide thumbs
Also See for ONS 15454 DWDM:
- Installation and operation manual (1218 pages) ,
- Installation and operation manual (954 pages) ,
- Manual (107 pages)
Table of Contents
Advertisement
Chapter 18
SNMP
18.10 Proxy Over Firewalls
RFC1213-MIB::ifDescr.81 = STRING: "pdcc75"
RFC1213-MIB::ifDescr.82 = STRING: "pdcc76"
RFC1213-MIB::ifDescr.83 = STRING: "pdcc77"
RFC1213-MIB::ifDescr.84 = STRING: "pdcc78"
RFC1213-MIB::ifDescr.85 = STRING: "pdcc79"
RFC1213-MIB::ifDescr.86 = STRING: "pdcc80"
RFC1213-MIB::ifDescr.257 = STRING: "fog_1_36"
RFC1213-MIB::ifDescr.8194 = STRING: "TenGigabitEthernet2/1"
RFC1213-MIB::ifDescr.8195 = STRING: "TenGigabitEthernet2/2"
RFC1213-MIB::ifDescr.8196 = STRING: "TenGigabitEthernet2/3"
RFC1213-MIB::ifDescr.8197 = STRING: "TenGigabitEthernet2/4"
RFC1213-MIB::ifDescr.12290 = STRING: "dwdm-cli_2/3/1"
RFC1213-MIB::ifDescr.12291 = STRING: "dwdm-cli_2/3/2"
RFC1213-MIB::ifDescr.12292 = STRING: "dwdm-trk_2/3/3"
RFC1213-MIB::ifDescr.12293 = STRING: "dwdm-trk_2/3/4"
RFC1213-MIB::ifDescr.12294 = STRING: "TenGigabitEthernet3/1"
RFC1213-MIB::ifDescr.12295 = STRING: "TenGigabitEthernet3/2"
RFC1213-MIB::ifDescr.12296 = STRING: "TenGigabitEthernet3/3"
RFC1213-MIB::ifDescr.12297 = STRING: "TenGigabitEthernet3/4"
RFC1213-MIB::ifDescr.147458 = STRING: "GigabitEthernet36/1"
RFC1213-MIB::ifDescr.147459 = STRING: "GigabitEthernet36/2"
RFC1213-MIB::ifDescr.147502 = STRING: "TenGigabitEthernet36/45"
RFC1213-MIB::ifDescr.147503 = STRING: "TenGigabitEthernet36/46"
RFC1213-MIB::ifDescr.147504 = STRING: "TenGigabitEthernet36/47"
RFC1213-MIB::ifDescr.147505 = STRING: "TenGigabitEthernet36/48"
RFC1213-MIB::ifDescr.147554 = STRING: "ds1_36/1"
RFC1213-MIB::ifDescr.147555 = STRING: "ds1_36/2"
LAN-connected network elements (LNEs) can be set up as gateway network elements (GNEs) or as
SOCKS proxies, depending upon network security requirements. If the GNE/ENE firewall feature is
required, the LNE must be set up as a GNE. If the design does not require the firewall feature but does
require all-IP networking, the LNE must be set up as a SOCKS proxy.
In a GNE/ENE firewall configuration, nonconnected network elements must be set up as end network
elements (ENEs). With a SOCKS configuration, subtended nodes communicate with the proxy server by
IP. For procedures to provision a node or shelf as a GNE, ENE or SOCKS proxy, refer to the
Cisco ONS 15454 DWDM Procedure Guide.
18.10 Proxy Over Firewalls
SNMP and NMS applications have traditionally been unable to cross firewalls used for isolating security
risks inside or from outside networks. CTC enables network operations centers (NOCs) to access
performance monitoring data such as RMON statistics or autonomous messages across firewalls by
using an SMP proxy element installed on a firewall.
The application-level proxy transports SNMP protocol data units (PDU) between the NMS and NEs,
allowing requests and responses between the NMS and NEs and forwarding NE autonomous messages
to the NMS. The proxy agent requires little provisioning at the NOC and no additional provisioning at
the NEs.
The firewall proxy is intended for use in a gateway network element-end network element (GNE-ENE)
topology with many NEs through a single NE gateway. Up to 64 SNMP requests (such as get, getnext,
or getbulk) are supported at any time behind single or multiple firewalls. The proxy interoperates with
common NMS such as HP OpenView.
For security reasons, the SNMP proxy feature must be enabled at all receiving and transmitting NEs to
function. For instructions to do this, refer to the Cisco ONS 15454 DWDM Procedure Guide.
Cisco ONS 15454 DWDM Reference Manual, R8.5
18-19
78-18343-02
Advertisement
Chapters
Table of Contents
