Wow, 3 responses in about 3 minutes. EXCELLENT. Thanks to all!!!
I am familiar with the Protected vs Public Services Network concepts. The problem I am experiencing is rather strange. I need my remote VPN users (again the VPN is on a separate Nortel BOX) to be able to use telnet, ftp, www and the sort from remote to PSN. Unless I place several gaping holes to allow them in over tunnels, it does not work. Drives me crazy! I can do anything from within the protected, the VPN is effectively an extension of the protected. It should work! One piece is the remote(s) are on say 11.0.0.0 the master (protected) is 11.1.1.0 and the PSN is 192.0.0.0 (reasonable examples) Could the fact that the Pro is a subnet of the remote be the problem? I thought "yes", CEO not convinced. -----Original Message----- From: Steve Leach [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 10:32 AM To: Cox, Danny H. Subject: RE: [gb-users] access issues Danny, That's dead right. A protected network is just that - protected from all other interfaces. A PSN is a sort of hybrid - it can be as open, or closed as you want - thereby creating the ability to have secured services on Protected and web servers on the PSN (or DMZ if you like). This allows both internal (Protected) and external (EXT) to access the PSN in any configuration you desire! Hope that helps! Cheerz, Steve. -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED]] Sent: 22 February 2002 18:17 To: [EMAIL PROTECTED] Cc: Cox, Danny H. Subject: [gb-users] access issues I cannot seem to complete telnet or ping between PSN and Protected. Protected can ping everything PSN can ping Inet PSN cannot ping Protected Remove VPN (Via separate VPN BOX) can ping protected but not PSN (or vise-versa) Log entry is below. I am starting to get the impression that the default is to deny anything inside the PSN to access the Protected? Feb 22 09:59:09 PASS: WARNING: Attempt by PSN to access a protected network. ICMP [192.xxx.xxx.xxx/14902]<-[11.xxx.xxx.xxx/14902] Feb 22 09:59:09 FILTER: OBF (2) accept - notice ICMP [192.xxx.xxx.xxx/8]->[11.xxx.xxx.xxx/8] fxp0 l=60 f=0x0 Feb 22 09:59:09 FILTER: 9 matches for 2: Accept notice "PSN" ALL log from "PSN Network" to "ANY_IP" Thanks for the help! Danny H. Cox --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
