That sounds right to me too, Dan... Sorry about replying to sender instead of list, I stand corrected:
You probably need the static mappings for the servers... It may work without them, but the problem I've seen with it is if a client makes a http-request to an alias, through a tunnel, and on to the webserver, the reply will come from the default adress, and may never reach the client. So my guess would be that you need the tunnel to make sure the answers from your server leaves from the IP alias that they reply to. Especially if the computers that connect to these servers are behind firewalls themselves, the GnatBox for example does not allow replies from other adresses than the one we connect to. Hope my english doesn't make the answer too cryptic ;-) /Arne -----Oprindelig meddelelse----- Fra: Dan Swartzendruber [mailto:[EMAIL PROTECTED]] Sendt: 24. juli 2002 16:09 Til: Felix Nielsen Cc: David Mulligan; [EMAIL PROTECTED] Emne: RE: SV: [gb-users] Static address On Wed, 24 Jul 2002, Felix Nielsen wrote: > Hi > > If You only have inbound tunnels static maps are not needed. this doesn't sound right. if you are using EXT aliases and tunneling to a PRO system, you need to have a static map to have the return packets come from the correct EXT address, no? > Felix > > > -----Original Message----- > > From: David Mulligan [mailto:[EMAIL PROTECTED]] > > Sent: 24. juli 2002 15:42 > > To: [EMAIL PROTECTED] > > Subject: Re: SV: [gb-users] Static address > > > > > > We currently have 3 webservers 2 PCAnywhere & 1 GroupWise > > webaccess connections, all have inbound tunnels and mapped > > static addresses. > > Given what you and Felix say then the static addresses are > > not needed ?? > > (Thanks for speedy reply......) > > > > >>> Arne Moller-Hansen <[EMAIL PROTECTED]> 24/07/02 12:43:46 >>> > > You use static maps to "direct" outbound connections to > > different aliases on > > the EXT side of the firewall. This is useful in many cases. > > > > One that was recently brought up on this mailing list is that > > two people > > behind the firewall needs to make VPN connection to the same VPN > > concentrator. Since two connections both using UDP port 500 > > as source port > > can't exist on the same alias, you could direct one of the users to go > > through another alias with a static adress mapping. > > > > Another issue where it is commonly used is if a front-end > > mailserver/mimesweeper sends mail back through an inbound tunnel to a > > back-end server on the PRO interface. The backend server may > > expect this > > mail coming from a separate alias on the PRO interface, so > > you define a > > static mapping saying that when a connection is from the > > frontend server, it > > should appear on alias x.y.z.12. > > > > I'm sure there are 100's of examples of situations where this might be > > handy, this was just two examples. > > > > Regards > > > > Arne > > > > RanTek (Denmark) > > > > -----Oprindelig meddelelse----- > > Fra: David Mulligan [mailto:[EMAIL PROTECTED]] > > Sendt: 24. juli 2002 13:34 > > Til: [EMAIL PROTECTED] > > Emne: [gb-users] Static address > > > > > > I'm getting confused, > > > > Under what circumstances would you assign a static address map ?? > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote also confirms that this email message has been swept by > > MIMEsweeper for the presence of computer viruses. > > > > www.mimesweeper.com > > ********************************************************************** > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > To subscribe to the digest version first unsubscribe, then > > e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archive of the last 1000 messages: > > http://www.mail-archive.com/[email protected] > > > > > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote also confirms that this email message has been swept by > > MIMEsweeper for the presence of computer viruses. > > > > www.mimesweeper.com > > ********************************************************************** > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > To subscribe to the digest version first unsubscribe, then > > e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archive of the last 1000 messages: > > http://www.mail-archive.com/[email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
