(ASCEND) Firewall for TA->Router

To: ascend-users@bungi.com
Subject: (ASCEND) Firewall for TA->Router
From: "Danny Williams" <danny@ctrust.com>
Date: Wed, 20 May 1998 17:47:29 -0500
Organization: Caldwell Trust Company
Priority: normal
Sender: owner-ascend-users@max.bungi.com

I have a Pipe75 running 5.0Ap3 and SAM. It has all worked well so
far, properly allowing and denying traffic from other networks
(different subnets) at other offices. Now we have added a couple of
telecommuters with TAs (Pipeline 15). They are addressed statically
from the same subnet as the Pipe75. Pings go as far as the router,
but no futher. Pings from the network to the TA don't make it there.
Using the router to ping, I can reach both sides.

The confusing part to me is how to designate the "host" and "remote"
in the firewall when they are both on the same network. If
x.x.x.64/27 were the local subnet, should x.x.x.64/27 on both 
the local and remote sides? Should a single address x.x.x.88 be the 
remote? I thought perhaps the "Cracker Prevention - Anti Spoofing" 
and "Reject src routing" might be blocking the TA's, but even without 
the cracker settings, they still couldn't get past the router. Yes, 
we dropped and reestablished the connection.

Danny Williams
Caldwell Trust Company
Venice, Florida   USA
mailto:danny@ctrust.com
http://www.ctrust.com
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) Disconnect 185 on V.90 code?
Next by Date: Re: (ASCEND) RE: c=185's [Fwd: Ticket # 200300]
Prev by thread: (ASCEND) Secure Access Firewall File
Next by thread: (ASCEND) Disconnect 185 on V.90 code?
Index(es):
- Main
- Thread