On Tue, 15 May 2001, Al Saenz wrote:
> Hello
Hi!
>
> Thank you for taking the time to read this.
>
> I have a user who wants to check aol mail from my internal lan to the
> internet.
> I get an error:
>
> Attempt 10 [ISP/LAN Connection] The connection to the Host timed out.
>
> I have already verified that the account on the laptop is setup to
> communicate through TCP/IP using Aol's setup ISP/LAN connection.
>
> Thanks again for your assistance.
Last time I allowed this (quite a long, long time ago, and even back then
it was probably a stupid decision, but a business relationship existed...)
AOL would basically encapsulate TCP/IP over TCP port 5190 to a host called
americaonline.aol.com. Adding a transport layer relay (such as plug-gw)
for that port and changing one of the client-side config files to point to
the inside firewall interface instead of the AOL host was all that was
required. Understand that this allows:
(A) That user to bypass the firewall for most functions
(B) Your security policy to also depend on AOL's employees.
If they just need E-mail, then have them visit:
http://www.aol.com/aolmail/
No need for configuring the client, maintaining the client configuration,
and if there isn't any ActiveX going on, extending trust much further than
you probably already are if you allow http/https access.
HTH,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
