Figure 9-18 Proxy And Firewall Tunnels For Foreign Terminations - Cisco ONS 15600 Reference Manual

9.5 Open GNE
provision firewall tunnels to allow up to 12 additional destinations for direct IP connectivity between the
DCC network and LAN. Proxy and firewall tunnels include both a source and destination subnet. The
connection must originate within the source subnet and terminate within the destination subnet before
either the SOCKS connection or IP packet flow is allowed.
To set up proxy and firewall subnets in CTC, use the Provisioning > Network > Proxy tab and the
Provisioning > Networki > Firewalls tab. The availability of proxy and/or firewall tunnels depends on
the network access settings of the node:
If the node is configured with the proxy server enabled in GNE or ENE mode, you must set up a
•
proxy tunnel and/or a firewall tunnel.
If the node is configured with the proxy server enabled in proxy-only mode, you can set up proxy
•
tunnels. Firewall tunnels are not allowed.
• If the node is configured with the proxy server disabled, neither proxy tunnels or firewall tunnels
are allowed.
Figure 9-18
tunnels are useful in this example because the GNE would otherwise block IP access between the PC
and the foreign node.
Figure 9-18
ONS 15600 SDH
10.10.10.100/24
ONS 15600 SDH
10.10.10.250/24
Non-ONS node
130.94.122.199/28
Cisco ONS 15600 SDH Reference Manual, Release 9.0
9-24
shows an example of a foreign node connected to the DCC network. Proxy and firewall
Proxy and Firewall Tunnels for Foreign Terminations
Remote CTC
10.10.20.10
Interface 0/0
10.10.20.1
Interface 0/1
10.10.10.1
GNE
ENE
Foreign NE
10.10.20.0/24
Router A
10.10.10.0/24
ONS 15600 SDH
ENE
10.10.10.150/24
ONS 15600 SDH
ENE
10.10.10.200/24
Local/Craft CTC
192.168.20.20
Chapter 9 Management Network Connectivity
Ethernet
SDH
78-18400-01