I suppose it could be setup that way, but ours is not. The only way to connect to a database from a local app through the vpn ( for me anyway ) is to tunnel sqlnet through ssh.
We could set it up to allow a certain range of ports through, just as we do for other apps, but I don't see any point in it, as I'm the only one that would benefit from it. :) Jared On Fri, 2003-10-24 at 14:29, Goulet, Dick wrote: > Jared, > > I'm no network guru, so take this with a ton of salt, but this is how I > believe our network admin has it setup. The VPN tunnel comes in thru the outer > firewall on a specific port to the vpn server in the DMZ. The vpn server then > spreads the ports out as needed to the inner firewall which opens up all ports on > the inside to that one server/ip address. Therefore from the applications point of > view the inside of the firewall looks the same whether your connected directly on > the local lan or coming in via VPN. And if it's that simple, I'm going to be > greatly suprised. But I will point out that if the vpn security stuff is not set up > just right or gets disturbed the whole thing shuts down better than a clam. > > Dick Goulet > Senior Oracle DBA > Oracle Certified 8i DBA > > -----Original Message----- > Sent: Friday, October 24, 2003 5:14 PM > To: Multiple recipients of list ORACLE-L > > > You're going through a firewall that allows port 22 to go > through and connect to your ssh daemon via the VPN. > > Port 15xx is likely being blocked, as well as the range > of ports used to create the sqlnet connections. > > I'm not a security guru, but I doubt that the firewall admins > are opening all the ports just because you're connecting > via VPN. > > I also connect through a VPN, but the only ways I know of > to connect from my local apps to a database behind the firewall > is to open up some ports ( probably won't fly ) or tunnel > the sqlnet in via ssh. > > Jared > > > On Fri, 2003-10-24 at 13:19, Todd Boss wrote: > > No, but (and forgive me for asking) why does that matter? > > > > Is sqlnet tunneling important for security reasons, or important > > for connectivity? I'm able to telnet to the box straight away. > > > > I figured that, once VPN was connected, I'd be able to run whatever > > applications I wanted locally. After not being able to get > > any Oracle client to connect, i wondered if VPN had the capability > > to transmit anything but the "lowest" level of tcp/ip protocols. > > > > boss > > > > > > > > > > > Are you tunneling sqlnet through ssh? > > > > > > http://www.akadia.com/services/ssh_install_and_use.html > > > > > > On Fri, 2003-10-24 at 08:44, Todd Boss wrote: > > > > I can tell you right now, i'm VPN'd to a client overseas and have > > > > NOT been able to get OCI to work over the protocol. I can telnet/ssh > > > > to the machine where the Oracle server runs (its Solaris) and work > > > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows > > > > version of sql*plus connected to the remote server). > > > > > > > > If there's some secret to making OCI work over VPN, we were not able > > > > to find it. > > > > > > > > boss > > > > > > > > > > > > > > We are an Application Service Provider--we maintain a set of servers in > > > > > a colocation facility and our customers use our application via the > > > > > Web. Security is a paramount concern, of course, and only our Web > > > > > server has a public IP address, with the application and database > > > > > servers completely private. > > > > > > > > > > We supply a number of standard reports, but most of our customers want > > > > > some custom reports as well. We would like to give them access to our > > > > > database, possibly over a VPN, but only if security can be maintained. > > > > > I'd like to know if anyone has faced such a situation, and what kind of > > > > > configuration (network/firewall/VPN/Oracle Net) might make such access > > > > > possible. > > > > > > > > > > TIA, > > > > > > > > > > > > > > > > > > > > ===== > > > > > Paul Baumgartel > > > > > Transcentive, Inc. > > > > > www.transcentive.com > > > > > > > > > > __________________________________ > > > > > Do you Yahoo!? > > > > > The New Yahoo! Shopping - with improved product search > > > > > http://shopping.yahoo.com > > > > > -- > > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > > -- > > > > > Author: Paul Baumgartel > > > > > INET: [EMAIL PROTECTED] > > > > > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > > > San Diego, California -- Mailing list and web hosting services > > > > > --------------------------------------------------------------------- > > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > > (or the name of mailing list you want to be removed from). You may > > > > > also send the HELP command for other information (like subscribing). > > > > > > > > > > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > > -- > > > > Author: Todd Boss > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > > San Diego, California -- Mailing list and web hosting services > > > > --------------------------------------------------------------------- > > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You may > > > > also send the HELP command for other information (like subscribing). > > > > > > > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > > -- > > > Author: Jared Still > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > > San Diego, California -- Mailing list and web hosting services > > > --------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You may > > > also send the HELP command for other information (like subscribing). > > > > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: Todd Boss > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Jared Still > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Goulet, Dick > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
