SSL through the PIX to the web page would just be a static mapping, plain
old NAT/PAT... the benefit there would be that no client is required and
anyone with a password can use it, unless you are also deploying client
certificates. You're just passing security on to the web server.
That, by itself, and the client through the PIX, don't require 7.1 so I'm
curious... what's driving the 7.1 upgrade? (Not that it's a bad thing...)
Burns, Bryan wrote:
I'm also looking at doing an SSL connection through the PIX to a webpage that
a user signs on to. From there, they'll just use an emulator like Mochasoft.
That's what our consultant recommended. We'll have to upgrade the PIX to 7.1
though.
Any thoughts on this one?
Thanks,
Bryan
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[
mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of R Bruce Hoffman
Sent: Tuesday, April 10, 2007 11:07 AM
To: Midrange Systems Technical Discussion
Subject: Re: Remote access between firewalls
With Cisco, the PIX can be set for Nat Traversal, and then the client
can be installed and run from behind almost any firewall and connect
through your PIX, into your 400 for that one client. We have done this
without any changes in the 'other' firewalls and IIRC you only have to
let port 4100 go outbound from the remotes... and that's not usually
blocked.
Burns, Bryan wrote:
I'd like to have about 15 users at different organizations use a Cisco VPN and
a Mochasoft emulator to connect to our iSeries, which is behind a PIX firewall.
I don't know what type of firewall the organizations have and I've been told
that some complex configuration on each firewall may be necessary to make a
connection work. Any advice on this?
Bryan Burns
--
"Suppose you were an idiot...
And suppose you were a member of Congress...
But I repeat myself."
- Mark Twain
===========================================================
R Bruce Hoffman
midrange.com
