Deploy 800xA beyond Cisco firewall.
Hi,
In lab setup I am exploring and trying to deploy 800xA beyond CISCO firewall. Pls refer attached network architecture and screen shots for more detail.
800xA Network (Domain) - 172.20.40.0 - 255.255.252.0
DMZ network - 192.168.40.0 - 255.255.255.0 - In DMZ network one node with IP 192.168.40.15 taken in 800xA domain and run NPT successfully. But in RNRP I can not see 800xA nodes and vice versa.
I tried with RNRP explicit setting but don't know where I am lagging.
Can anyone help me to see 800xA nodes in RNRP of 192.168.40.15 node and to see 192.168.40.15 node in RNRP or 800xA nodes?
Thank you...
In lab setup I am exploring and trying to deploy 800xA beyond CISCO firewall. Pls refer attached network architecture and screen shots for more detail.
800xA Network (Domain) - 172.20.40.0 - 255.255.252.0
DMZ network - 192.168.40.0 - 255.255.255.0 - In DMZ network one node with IP 192.168.40.15 taken in 800xA domain and run NPT successfully. But in RNRP I can not see 800xA nodes and vice versa.
I tried with RNRP explicit setting but don't know where I am lagging.
Can anyone help me to see 800xA nodes in RNRP of 192.168.40.15 node and to see 192.168.40.15 node in RNRP or 800xA nodes?
Thank you...
Asked 6 months ago
Answers
0
Hi,
run a log view of all the traffic trying to run through the firewall and see what is being denied.
You also need to ensure that the Gateway setting in IP4 settings is set to the IP of the firewall on both sides - i suspect you already have that.
Remember that with a firewall a rule works in one direction, thats the nature of a firewall. If a rule allows something to go out, it doesn't mean that something on the
outside can use the same rule to get back in by initiating a connection; the connection can only be opened from one side.
Hope this helps a bit.
dave
run a log view of all the traffic trying to run through the firewall and see what is being denied.
You also need to ensure that the Gateway setting in IP4 settings is set to the IP of the firewall on both sides - i suspect you already have that.
Remember that with a firewall a rule works in one direction, thats the nature of a firewall. If a rule allows something to go out, it doesn't mean that something on the
outside can use the same rule to get back in by initiating a connection; the connection can only be opened from one side.
Hope this helps a bit.
dave
Answered 6 months ago
1
All 800xA server and client nodes must be joined by RNRP networks (called areas) and routers capable of RNRP.
Thin clients are exempted (since they use RDP protocol to login to some terminal server or virtual client located in the 800xA server park).
A PC running RNRP can be configured to act as an RNRP Router. Just wired it to two (or more) areas and enable IP Forwarding and reboot. The traditional AC 800M Connectivity Server is an excellent example of an RNRP Router.
Additionally, the ABB NE870 and ABB NE871 hardware RNRP Routers can be used to join two or more RNRP areas. The NE87x runs on 24Volt and have a very pleasant MTBF compared to using Microsoft Windows as a router (new patches and anti virus definitions to install, every month, perpetually...).
Additionally, RNRP can also be tunneled over any Layer 3 router; for this you need (at least) two RNRP Tunnel Area Border nodes, at least one on each side of the WAN you need to route RNRP over. Tunnels can be set with redundant paths. You can also have redundant tunnels (=4 TABNs). Again, a regular PC with RNRP can act as TABN, but we promote the ABB NE87x hardware routers for this relentless work.
Thin clients are exempted (since they use RDP protocol to login to some terminal server or virtual client located in the 800xA server park).
A PC running RNRP can be configured to act as an RNRP Router. Just wired it to two (or more) areas and enable IP Forwarding and reboot. The traditional AC 800M Connectivity Server is an excellent example of an RNRP Router.
Additionally, the ABB NE870 and ABB NE871 hardware RNRP Routers can be used to join two or more RNRP areas. The NE87x runs on 24Volt and have a very pleasant MTBF compared to using Microsoft Windows as a router (new patches and anti virus definitions to install, every month, perpetually...).
Additionally, RNRP can also be tunneled over any Layer 3 router; for this you need (at least) two RNRP Tunnel Area Border nodes, at least one on each side of the WAN you need to route RNRP over. Tunnels can be set with redundant paths. You can also have redundant tunnels (=4 TABNs). Again, a regular PC with RNRP can act as TABN, but we promote the ABB NE87x hardware routers for this relentless work.
0
Hi
I would recommend to study the System 800xA Network Configuration Manual (3BSE034463-600).
BR
I would recommend to study the System 800xA Network Configuration Manual (3BSE034463-600).
BR
Answered 6 months ago
Add new comment