yeah this is a piece of cake and just solved this for raptor and cyberguard.
All you need to do is create a local tunnel through the firewall between the
external router and the TACACS server your running.
by doing this you are only allowing the traffic from a single source in the
rule and then passing it to a single host. it's a limiting but it makes sure
that you can filter on the require port. for TACACS it's port 49.
if you need to know more email me and I can explain it in greater detail.
Antony Brownsea.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, September 29, 1999 9:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: TACACS Through Firewalls
Hi,
Does anyone know if it is possible to pass TACACS traffic through a firewall
?
Bizarrely I am thinking of where the routers are on the secure side, and the
server is on the insecure side!!
The routers need to open the request to the server when someone is trying to
log
on to the router.
I don't think I am going to be able to use Socks because you can't get a
client
for Cisco routers, so I am guessing I need to open the port for TACACS in
the
firewall. That then also means that I need routing between the two networks
as
well, at least pointing to the server through the firewall, and to the
routers
through the firewall from the other side.
Is Network Address Translation feasible ? That would allow me to avoid the
routing, but I would still have the hole for TACACS.
Any thoughts ?
Thanks,
Joe
Telecomms Specialist C2E, North
Harbour
AT&T Global Network Services Tel: +44 (0)23 9256 8685
or
258685
Firewalls, IP & Opennet Services Pager: +44 (0)941 118727
Security Analysis - Network Design Team [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
