avetour
1 Nickel

Connect to Avamar Console with NAT

I can connect to avamar with Avamar Console.

Our Avamar have a Private IP.

We was open one public IP, for do NAT to Avamar.

When I try connect to publivc Ip, I get this error:

com.avamar.asn.NetworkException: Unable to connect to a login server

The ports is open for my Ip, The traffic in port 7778 is enable and work fine.

Can Avamar work with NAT for Conosole?
Tags (1)
0 Kudos
8 Replies
Goran1
1 Nickel

Re: Connect to Avamar Console with NAT

Is this a single node or a multi-node system that you are trying to connect to?
0 Kudos
avetour
1 Nickel

Re: Connect to Avamar Console with NAT

It's an single node.

I have done something test and I get a conclude.

I think that in protocol 7778 does any kind of validation with IP.

II managed to connect to Avamar Administrator through public IP, but
cheating the system. I explained:

In our system, I connect to private IP, but our firewall does NAT to Public IP of Avamar system.

In this case, I connect to avamar without problem.

In avamar when you configure the IP, you can configure the external IP. I think thats this Ip is for does NAT.

The questions is: Why Avamar don permit connect to public IP?

We are interested in opening the administrator console to our clients through a validation that open the necessary ports.
0 Kudos
Olo1
1 Nickel

Re: Connect to Avamar Console with NAT

I do have the same problem. How to configure Avamar to be accessible by public IP?
0 Kudos
ttavares
1 Copper

Re: Connect to Avamar Console with NAT

I also receive the following error : com.avamar.asn.NetworkException: Unable to connect to a login server when trying to log on to the Avamar Administrator (v5.0) via VPN tunnel. This is a single node v5 system. Has anyone received a resolution to this issue? 
0 Kudos
rob_steele
2 Iron

Re: Connect to Avamar Console with NAT

This problem is usually caused by DNS.

Avamar 5.0 relies heavily on DNS and therefore special care should go into setting up DNS properly.

If you are using windows AD for DNS, then make sure that DNS records are setup in the same domain as the domain that Avamar was setup in. If they are and still having this issue, remove duplicate avamar records from subdomains. This should resolve your issue.

If the DNS server is unix/linux based case sensitivity is usually the culperate. 

0 Kudos
duliang
1 Copper

Re: Connect to Avamar Console with NAT

ttavares wrote: "I also receive the following error : com.avamar.asn.NetworkException:   Unable to connect to a login server when  trying to log  on to the Avamar Administrator (v5.0) via VPN tunnel. This  is a single  node v5 system. Has anyone received a resolution to this  issue? "

-------------------------------------------------------------------

if  your Avamar version is 5.0 SP1 or earlier, and you are trying to launch the Avamar  Administrator for an Avamar server with NAT IP, you may have  encountered a bug.  ( 18726 )

I had that issue, and with a hotfix from Avamar  website, it is solved. the detail

was at   ftp://ftp.avamar.com/software/hotfixes/18726/README.html     3 days ago ( 01/June/2010 ) but when I checked again there are no  longer there. 
Instead Avamar version 5.0 SP2 should  be available now and you won't have this issue
Regards
Liang
0 Kudos
rob_steele
2 Iron

Re: Connect to Avamar Console with NAT

The hotfix works... but I think just disabled some of the DNS features / checks. 

0 Kudos
duliang
1 Copper

Re: Connect to Avamar Console with NAT

yes hotfix works OK for v5sp1, it just no longer available for download from avamar ftp site from today.

just a bit off topic, regarding DNS:

1) indeed DNS can be sometimes an extra layer of problem...  In my previous backup deployment, including Avamar, always try avoid using DNS or other name services, instead just use plain hosts file.

2) plain hosts file are ok for most Server backup environments.

3) and with Avamar now supporting DTLT, it is almost impossible to avoid DNS for DTLT clients, that could be the the risk of a lot trouble because DNS is not normally managed by backup team, it is a potential risk if someone causually change DNS entries

0 Kudos