Assuming I understood your problem correctly, we had a similiar
problem and I solved it using Policy Based Routing on the Cisco router.
>>>>> "Truman" == Truman Boyes <[EMAIL PROTECTED]> writes:
Truman> On Mon, 19 Nov 2001, Matt Gorham wrote:
>> I have two remote offices and our main office. Netscreen 5xp is
>> located at the main office, remote offices are connected via
>> 56k and 128k line to the untrusted port on the firewall. How
>> would i make all internet and email traffic pass through the
>> firewall before going out to the internet.
>>
>>
>> remote remote cisco 1005 cisco 1005
>> | |
>> | 128k 56k |
>> | |
>> | |
>> Main office cisco 1005<---------------------------->Internet
>> |
>> |
>> |
>> netscreen 5xp
>>
>>
>>
>>
>> Matthew Gorham MCSE, CCA, CNA, MCP+I, A+ Systems Administrator
Truman> You might want to put a basic acl on the main office 1005,
Truman> and create a policy that prevents the subnets of the
Truman> remote office from connecting directly to the internet,
Truman> but instead only allows them to talk to a application
Truman> proxy on the same subnet as the netscreen firewall. You
Truman> would then allow internet traffic to communicate with a
Truman> proxy. The application proxy could also have an SMTP
Truman> relay.
Truman> --truman
Truman> _______________________________________________ Firewalls
Truman> mailing list [EMAIL PROTECTED]
Truman> http://lists.gnac.net/mailman/listinfo/firewalls
--
The day is short, and the work is great, | Aharon Schkolnik
and the laborers are lazy, and the reward | Israel Health Ministry
is great, and the Master of the house is | [EMAIL PROTECTED]
impatient. - Ethics Of The Fathers Ch. 2 | +972 2 670 6954/5
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
