I have a local network, let's say 192.168.0.0/24 with an ASG v7.306 at 192.168.0.1 and a public IP of zzz.zzz.zzz.zzz. I've set up ACC at 192.168.0.2. I successfully have the ACC v2.0 monitoring the local ASG at 192.168.0.1. I would like to monitor an ASG v7.306 at a remote location with a local network of 192.168.50.0/24 and a public IP of yyy.yyy.yyy.yyy. I do not have a VPN connection between the two networks.
[SIZE="3"]Here is what I've done:[/SIZE]
On the ACC (192.168.0.2):
- Set The Allowed Networks for Access Control and Device Security to "Any"
On the local ASG (192.168.0.1, public zzz.zzz.zzz.zzz):
- Created a DNAT rule:
- Any -> dstport 4433 -> zzz.zzz.zzz.zzz
- Destination: 192.168.0.2
- Do not auto packet filter
- Any -> dstport 4433 -> zzz.zzz.zzz.zzz
- Created a Packet Filter rule:
- Any -> dstport 4433 -> 192.168.0.2
- Allow, Log
Note: I initially had the DNAT rule auto packet filter enabled, but had the same issues... so I turned off auto packet filtering and created the rule manually.
On the Remote ASG (192.168.50.1, public yyy.yyy.yyy.yyy):
- Under Central Management:
- Set to ACC v1.9 (no option for v2.0)
- Set the ACC host to zzz.zzz.zzz.zzz
- Set to ACC v1.9 (no option for v2.0)
[SIZE="3"]Here is my problem[/SIZE]:
On the Remote ASG the ACC health connection is not connected. My Live Log keeps spitting out:
2009:05:14-13:22:46 (none) device-agent[3098]: ACC connection failure, retrying (ip=zzz.zzz.zzz.zzz, port=4433). SSL-connect: 'IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)'
In the packet filter log on my local ASG (192.168.0.1, zzz.zzz.zzz.zzz) I can see packets being allowed on port 4433 from yyy.yyy.yyy.yyy to 192.168.0.2. Yet the connection is never made. Have I missed something?
Thanks,
Lane
This thread was automatically locked due to age.
