Thanks
for the response, Dan. The web server makes the connection to the
mainframe, and the client connects to the web server via a browser. The
routes to the mainframe exist at the web server, and even with the default
gateway of the web server pointing back to the firewall (to account for any ISP
issues, which I don't think would be a problem due to SR "initiating" from the
internal firewall interface), the connection fails and a traceroute won't
complete. Any other ideas are appreciated!
Mark
Mark, I'm not sure from your message what the exact function of the web
server is. Is the connection to your 3270 device a TCP session between
the webserver and the 3270, or the end-user and the 3270? If it is from
the client, you might want to verify that the 3270 device has a return path
(i.e. default gateway) to get the packets back out to the SR client. In
other words, your SR client may have some arbitrary address like 63.44.44.44
assigned by its ISP, and the 3270 must be able to route that address back to
the firewall performing the encryption, or no go.
That's my initial thought. Please post with further details if
that isn't the issue. Good luck!
Dan
Hitchcock CCNA, MCSE
Network Engineer Xylo,
Inc. (formerly employeesavings.com) The work/life
solution for corporate thought leaders
We have been successfully using SR for almost 6 months now, but I have
run into a new problem. My remote users are trying to access an internal web
server which acts as a web to host mediator to an offsite mainframe. My web
server is in the 172.16.x.x range of addresses, and it that is included in
my encryption domain. Connecting to it works fine. However, when it tries to
serve the 3270e session from the mainframe (which has an IP in the
170.115.x.x net) it fails to connect, and I can't telnet to the port on that
server, either. It is obviously a routing issue, but I've even added the 170
address as an object to my encryption domain and still no-go. When I try to
traceroute to the 170 address, it locks up the clients if SR is running. I
can see the packets being accepted and decrypted at the firewall. TIA for
any help.
Mark
P.S. Please post to the group or my other account, [email protected]. I
appreciate the consideration. I have suddenly been unable to post from that
account after 2 years without problems.
Thanks.
|