Astaro User Bulletin Board - View Single Post - Managing Remote ASG with ACC Behind Local ASG

Lane · #1 (**permalink**) 05-14-2009, 08:28 PM

Hello all, I'm hoping someone can help me with this.
I have a local network, let's say 192.168.0.0/24 with an ASG v7.306 at 192.168.0.1 and a public IP of zzz.zzz.zzz.zzz. I've set up ACC at 192.168.0.2. I successfully have the ACC v2.0 monitoring the local ASG at 192.168.0.1. I would like to monitor an ASG v7.306 at a remote location with a local network of 192.168.50.0/24 and a public IP of yyy.yyy.yyy.yyy. I do not have a VPN connection between the two networks.

Here is what I've done:

On the ACC (192.168.0.2):

Set The Allowed Networks for Access Control and Device Security to "Any"

On the local ASG (192.168.0.1, public zzz.zzz.zzz.zzz):

Created a DNAT rule:
- Any -> dstport 4433 -> zzz.zzz.zzz.zzz
- Destination: 192.168.0.2
- Do not auto packet filter
Created a Packet Filter rule:
- Any -> dstport 4433 -> 192.168.0.2
- Allow, Log

Note: I initially had the DNAT rule auto packet filter enabled, but had the same issues... so I turned off auto packet filtering and created the rule manually.

On the Remote ASG (192.168.50.1, public yyy.yyy.yyy.yyy):

Under Central Management:
- Set to ACC v1.9 (no option for v2.0)
- Set the ACC host to zzz.zzz.zzz.zzz

Here is my problem:

On the Remote ASG the ACC health connection is not connected. My Live Log keeps spitting out:

2009:05:14-13:22:46 (none) device-agent[3098]: ACC connection failure, retrying (ip=zzz.zzz.zzz.zzz, port=4433). SSL-connect: 'IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)'

In the packet filter log on my local ASG (192.168.0.1, zzz.zzz.zzz.zzz) I can see packets being allowed on port 4433 from yyy.yyy.yyy.yyy to 192.168.0.2. Yet the connection is never made. Have I missed something?

Thanks,
Lane