11-18-2003 02:41 AM - edited 03-02-2019 11:47 AM
We need to send SNA traffic via the Cisco PIX Firewall. Is this possible?
Also we would like to use the same interface as we are using for SNA traffic to be configured for IP so that users can connect to it for ip purposes and also to send SNA traffic over the same interface. Is this also possible?.
And if the above are, is there a site that can tell me how to go about doing this.
Thanks
11-18-2003 09:30 AM
1. Are you using DLSW as transport for SNA, if so, then allowing ports 2065 and 2067 should work.
2. Pixes only really understand IP, so of your not using an IP transport, SNA will be problematic.
3. No problem.
11-19-2003 12:06 AM
Thanks
Yes we are going to use DLSw.
So we cannot configure the firewall to allow DLSw through. We have a remote site that wants to send SNA traffic down to the main site but we have a firewall between both sides.
So the firewall wil not allow DLSw/SNA through. How best do you think this can be configured?
Thanks
11-19-2003 11:32 PM
I would do it in this way:
Router at remote site should use DLSw to encapsulate SNA. At main site, dlsw peer router should be placed behind the firewall. So, the firewall would see IP traffic with remote router source address destinated to main site router (usually loopback addresses) using TCP ports 2065 and 2067. You sholud permit this IP traffic in your firewall.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: