Extreme Networks

I Matthew, thanks for your instructions. Regarding the first test, I use a Windows 2012 R2 server that act as NAT-Router device, so I need to check if is possoble to do as you suggest for this test (two gre tunnels). For the suggestion to move the management of the SSA switch to my demo networks, my company policy don't permit me to do that becasue in this manner I've got a switch device that bypass our internal firewalls. Yesy, ipforwarding is disabled between the VLANs, but the security administrators don't permit me to create a such schema. I'll try to extend the GRE tunnel as first demo. Thanks, Antonio

In your first test, this is expected. the GRE tunnel extends to the NAT device but then does not know what to do or where to go. If your NAT device supports GRE tunnels, then you need to create 2 tunnels, one between the SSA and the NAT device and then another one between the NAT device and Purview. you then need to ensure that traffic is forwarded across the GRE tunnels appropriately. If this is a linux device then you need to bridge the TUN interfaces. as for your second test, I have no idea on what you are trying to accomplish. you do not need to add a second NIC to Netsight. You have one of two choices: either add an additional interface on the purview engine and have that in your demo network (192.168.1.x) OR (and this is the better way) move the management of the SSA onto your 172.29 network and not worry about NAT at all. Simply add an additional VLAN to the SSA, put an interface on it (with management enabled) and use "no ipforwarding" now that interface will be a completely out-of-band interface and should be able to talk directly without having to deal with NAT.

Hi Matthew, I attach the diagram of what I want to do (a Purview on my demo network 192.168.10/24 natted 1-1 by a Windows 2012 R2 NAT Router device to ip 172.16.151.102 that is the end of the gre tunned with the Purview sensor (in my lab a SSA switch).
In this demo lab, I see that GRE packets on the external interface of the NAT-Router device, but nothing reach the internal Purview engine.
In my second test, I've add a Purview engine on network 172.29/16 and then I've added a second NIC to the NetSight VM with one NIC on my internal demo lab 192.168.10/24 and the second one attached to network 172.29/16.
I prefer the first schema with only one Purview engine natted 1-1 ....is this schema possible or I nee to put the external Purview engine?
In this second case, when I add the pureview sensor to NetSight (that in this case has a second NIC connected directly to the same network 172.29/16 of the sensor), the OneView interface says that the sensor is not completly reachable....but are on the saem subnet and there is no a firewall between them..

Can you please post a diagram of what you have currently and what you are trying to accomplish? Thanks.