Solved

Solarwinds Orion

Posted on 2009-05-14
4
824 Views
Last Modified: 2012-06-27
All, I am considering using Solarwinds Orion to set up a small business monitoring service. In trying to come up with a workable model I know I have several things to consider. I am attempting to model this using the Internet as my transport, probably via a VPN tunnel. The most pressing issue I have is that if some of these remote sites are using the same subnet IP's there will be a conflict in the monitoring per customer. So my question(s): Obviously looking for a least cost solution what is best VPN method and how do I resolve the same IP subnet dilemma?
Thanks much Robb
0
Comment
Question by:Robbt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 24389998
Mapping VPN endpoints that have overlapping subnets is perfectly do-able with the right setup.  

Alot of the detail work will depend on the exact VPN endpoint hardware you are using.  

It basically involves Nating the traffic at each endpoint before it is sent to the VPN tunnel.  

Have a look at this example:
http://kb.juniper.net/kb/documents/public/ApplicationNotes/Technical/ScreenOS%204.0.0/IP-overlaps-NAT-PAT.htm

That should give you a basic idea of what to expect.  

Now to get this implemented, you woul dneed to know what hardware you are going to be running.  
0
 

Author Comment

by:Robbt
ID: 24391802
Thanks for the information Mike.

I am not an expert on this but am surely learning. Per the link you supplied it appears that this solution would require Policy Based NAT. I must assume that since this will be a service for remote customers (unknown) there will be many flavors of devices I can expect to run in to that may be on differing platforms and may or may not support Policy Based NAT. And that in itself can be a challenge let alone resolving my original question.

While my "ultimate" goal is to creat a $0 dollar setup at remote customer sites ( and no hardware installation) that may not be feasible for the above reasons. I am wondering if i might need to consider a hardware device like a VPN-1 Edge appliancefrom Check Point at customer sites.

Might you have any other suggestions?

Thanks,

Robb

0
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 24396145
I can tell you what I've seen in my experience dealing with remote monitoring companies.    There was a minimum requirement  on the customer side with regards to a VPN endpoint.    "The customer must have one of these supported routers...." otherwise the monitoring company would have been happy to sell me the device and service time to set it up.   This would be understandable since it would be unfeasible to believe that a single startup host could support every possible combination of devices.      Instead, my advice would be to concentrate on the manufacturer with the largest market share in the demographic you are targeting.  Cisco and checkpoint are probably safe bets, but dont overlook sonicwall or juniper.      It would be easy enough to contact pre-sales tech support for whatever equipment you are looking at to verify what it can and can't work with in regards to this setup.  

Cisco ASA certainly establish site 2 site vpns with pretty much any other endpoint.   Plus, you should be able to do a Nat on your side even if the client doesn't have the capability.    

You could always request a single host at the client site running a collector for Solarwinds that connects via client, or ask for a single ip statically mapped to the host...  instead of a site to site vpn setup....    

The point is be flexible when you are starting up.  

Hope that helps.  
0
 

Author Closing Comment

by:Robbt
ID: 31581706
Mike

My apologies for not communicating sooner. I did take some time to discuss (as advised) various options with a few vendors and took in to consideration that I may have to "request" an interested customer to provide NAT'ng on their end as part of any technical arrangement. Accepting that there just may be some clients that cannot provide the right methodologies for a feasable solution to the problem. I do think that using a "Major" vendor product like CISCO and their ASA devices provides the best possibility of accomplishing what I am looking for. Thank you for your insight as this extended beyond the scope of a "Technical" solution and into the world of a business requirement.

Robb
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question