Thanks for your reply. I completely agree with you, however, there are some reasons why we need PcAnywhere. I don't know if you are familiar with IBM controllers, but all of our PC's here at the office have an additional 3270 emulater card in them so they can connect to an IBM controller that we have sitting here. I don't have a lot of experience with VPN's but I was under the impression that a VPN wouldn't allow access to that conroller via the attachmate 3270 emulator cards.
Do you mean that I should just set up VPN tunnels, and then have users start a PcAnywhere session? Like I said, I don't have much experience with VPN's so I'm not sure how they work.
We are looking into Host Integration Server to get rid of that controller, but until then, I need this to work somehow. Anymore information would be extremely helpful. Thanks.
My last customer is using 3270 as well, but with HIS for some applications and the IBM's TN3270 implementation for main SNA application. With TN3270, any TN3270 client may communicate over IP to the mainframe. Their users can start a SNA session from outside using their VPN (Cisco box) which is protected by a PIX.
Since PCAnywhere is communicating over IP, i suppose it can also over VPN, but since «The Devil is in the detail», you need to try it before.
About VPN, roughly an IPsec tunnel may encapsulate any IP packet, which give you the ability to secure & restrict the mainframe access.
I guess where I am getting confused is how to configure the PIX for this. I don't have a VPN concentrator (I assume this is what you meant by "Cisco box") so everything would be working through the PIX. So, once an outside user makes a secure connection using a VPN tunnel, how does the PIX know what PC they need to connect to and how will PcAnywhere work once you get a secure vpn tunnel?
With VPN, your external will have a private IP address, one coming from your internal network. Then, the user just have to point PCAnywhere to the the internal IP address of his inside PC. I suppose that each internal PC has fix IP, since you already have configured this on the 2610.
The PIX doesn't need to know exactly what PC they to connect to.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...