Anytime that you're creating a filter that allows everyone on the External network to access a tunnel then it's much easer to check the box (much less chance of making a typo). The other nice thing is that it keeps your filter list small (Address Objects are also great for keeping the filter list small).
In any case where you want to allow everyone to access your tunnel I would suggest using the "automatic accept all" (except if you're setting up a filter just to learn how to do it right, of course!) Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Tibor Borzak [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 29, 2002 10:53 AM > To: Mike Burden > Subject: RE: [gb-users] IP tunnel - a simple question > > > Ok, thanx. What I was confused, because when I set-up a > tunnel, I always > check the "Automatic accept all filter" checkbox (the FW creates an > "invisible" rule for it)... > I will create this access rules by myself. :) > > Thanx a lot. > > Tibor > > -----Original Message----- > From: Mike Burden [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 29, 2002 4:04 PM > To: [EMAIL PROTECTED] > Subject: RE: [gb-users] IP tunnel - a simple question > > > Remote access filter. > > Source = IP Address(es) of the host(s) on the Internet (or whatever > your "External" network is) that are allowed to use the > tunnel. > > Destination = External IP (or Alias) > > Mike Burden > Lynk Systems > http://www.lynk.com > (616)532-4985 > [EMAIL PROTECTED] > > > > -----Original Message----- > > From: Tibor Borzak [mailto:[EMAIL PROTECTED]] > > Sent: Monday, July 29, 2002 10:01 AM > > To: [EMAIL PROTECTED] > > Subject: [gb-users] IP tunnel - a simple question > > > > > > Hi, > > > > If I have setted-up a simple tunnel (external IP : port -> > > Internal IP : > > port);using which filter (Remote Access, IP pass through ?) can be > > controlled the access to this tunnel from outside (external > network - > > for ex. limiting the interent IP addresses who can access > the external > > IP : port). > > > > Thanx for the hint. :) > > > > Regards, > > > > Tibor B. > > a "simple" sysadmin :) > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
