I haven't seen this public list used in ages! :)
What you are suggesting would work, however it may not be the best
way. To accomplish what you want though you will need to create the
inbound tunnels without checking the automatic accept all filter box,
then create Remote Access Filters which limit the source address of
the rules.
If it were me I would probably put the switch management on its own
VLAN and put a DMZ interface of the firewall on that VLAN. This would
allow you to set up a VPN connection for them to come in and manage
the switches. With a GB-1000 running such an old version of GB-OS
though you only have 3 physical interfaces and no VLANs, therefore if
you're already using the third interface this is not an option.
Chris Green
Solerant, LLC
On Aug 11, 2009, at 2:06 AM, Robert Jackson wrote:
Current hardware: Gnatbox GB-1000 running v3.2.7s.
We have just upgraded our internal infrastructure and have now
replaced
our
old 3Com switches with Cisco Catalyst 2960/2960-G's. We want to give
our
supplier remote access to the switches for maintenance purposes but
nothing
else on our internal LAN.
I was thinking we could use one of our public addresses (we have a
block
of 16)
and assign a unique TCP port against each of the switches. I could
then
have
an Inbound Tunnel for each switch (in our case this would mean an
additional
8 tunnels). Is this the best way of doing this and if it is, how can I
limit them
to the suppliers public address?
Regards,
Rab.
===========================================================
Robert Jackson Phone: +44 (0) 141 332
7999
Software Engineer Fax: +44 (0) 141
331
2820
Walker Martyn Ltd
1 Park Circus Place Email:
[email protected]
Glasgow G3 6AH, Scotland Web:
http://www.walkermartyn.co.uk
===========================================================
************************************************************************
The information in this internet E-mail is confidential and is
intended
solely for the addressee. Access, copying or re-use of information
in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact [email protected]
Walker Martyn Ltd, company number SC197533. Company is
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.
****************************************************************
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
