Could you load both IPX and IP stacks on the CUBIX processors? If so,
look into running your remote control software (PC Anywhere supports IP
connectivity) via a PPP dial-up connection into a terminal server on a
bastion segment; use the terminal server to authenticate users. You could
implement TACACS+ or RADIUS on the TS. Once you're through the TS and
into the CUBIX (you can deny access to other devices at the TS and router
sevicing the bastion segment), log into PCAnywhere, take control of the
CUBIX processor, and access your Novell assets via IPX.
-r.w.
On 4 Sep 1996 HARRELLJ @
emh7 .
monroe .
army .
mil wrote:
> We am currently integrating an application based (proxy) firewall into
> our Novell/IPX and SUN/IP lan. Our current dialin capability is through
> a cubix dialin server (reachout software) acting as a workstation on the
> LAN, and it only passes screen, keyboard, and cursor movement to our
> remote PC. We then attach to our one of our Novell servers (by IPX---our
> IP id statically given to the workstation by lanworkgroups). The
> management would like to put our current dialin hardware outside of the
> firewall and use Fortezza cards {yes, DMS :-( } for authentication.
> Problems I see: 1)Firewall can't see remote authentication token without
> seeing the remote computer that is dialing in with the current hardware
> 2)Cubix computers now talk IPX (not IP). So what is a standard
> architecture/configuration for dialin outside of Firewalls using
> authentication? It has to be simple---what am I missing? All ISPs do it
> don't they? Would it be better to put a SUN outside of the Firewall for
> dialin, and then just FTP in to get files and/or forward email from the
> inside server? All opinions are helpful.
>
>
>
> Dialin Server
>
> |
>
> Here's what I'm thinking: router-------------Firewall----Internal
> LAN
>
> |
>
> WEB Server
>
>
>
> Thanks..
>
>
>
>
>
> V/R,
>
>
>
> Jonathan Harrell
>
>
>
>
References:
-
Dialin
From: HARRELLJ @
emh7 .
monroe .
army .
mil (Harrell, Mr Jonathan)
|
|
