SNMP Binding

04-04-2008, 02:01 PM

Hi ,

Does anyone know of a way to define which IP address the SNMP agent will
bind to. I'm running the SNMP Agent on a Win2K3 server with ISA Server 2004.
The SNMP agent binds to the IP address of the external interface while I
want to bind it to the internal one.

The issue manifests itself when I try to communicate with the SNMP port
using the internal IP. The server then responds using the external IP. This
is then blocked by the ISA.

Thanks

04-04-2008, 03:02 PM

"Garreth" <(E-Mail Removed)> wrote in message
news:B69A5DBB-C636-4F8D-9B14-(E-Mail Removed)...
> Does anyone know of a way to define which IP address the SNMP agent will
> bind to. I'm running the SNMP Agent on a Win2K3 server with ISA Server
> 2004.
> The SNMP agent binds to the IP address of the external interface while I
> want to bind it to the internal one.
>
> The issue manifests itself when I try to communicate with the SNMP port
> using the internal IP. The server then responds using the external IP.
> This
> is then blocked by the ISA.

The Nic it responds from has nothing to do with SNMP binding to a certain
Nic. It responds from the Nic that it determined by the Routing Table to be
the correct Nic to reach the particular destination.

So:

1. The Internal Nic needs to be the first in the Binding Order (properties
of Net'Places,..Advanced from top menu, Advanced Settings from dropdown
menu, look at the upper box).

2. Nics must not be in the same subnet

3. External nic has the Default Gateway, Internal Nic's DFG is blank.
Routing table may need a static route for other LAN segments if multiple LAN
segments exist,...along with that the Internal Network Definition must list
all the IP Ranges of all segments on the LAN.

4. TCP/IP config "machine wide" for all the Nics must be percisely correct
everywhere.

5. Do not create any Access Rules for SNMP that involve any Network other
than "Internal" and "LocalHost". It is then totally irrelevant if SNMP is
also listening in the external interface because it would never be
reachable.

6. Create the following Access Rule:

To: Localhost, Internal
From: Localhost, Internal
Protocol: SNMP
Users: "All Users"

To increase security you could optionally try:

To: Localhost
From: Internal
Protocol: SNMP
Users: "All Users"

OR

To: Localhost, <specific management machine>
From: Localhost, <specific management machine>
Protocol: SNMP
Users: "All Users"

OR

To: Localhost
From: <specific management machine>
Protocol: SNMP
Users: "All Users"

You could also experiment with using specific Users instead of "All Users".
It would be based on the user account *interactively* logged into the
"management machine"

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/p...s/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Changing SNMP binding	Peter Brown	Windows Networking	0	01-28-2009 09:29 PM
SNMP Interface Binding	Skispcs	Windows Networking	6	08-17-2007 06:18 AM
SNMP service is running OK, but get no SNMP relevant data from ser	Marlon Brown	Windows Networking	0	01-18-2006 06:14 PM
dns is not binding !!!!	suk young kim	Windows Networking	1	01-19-2004 12:48 AM
nic & tcp/ip binding	Barb	Windows Networking	3	12-11-2003 07:08 PM