EasyManua.ls Logo

Cisco ONS 15454 DWDM - Page 605

Cisco ONS 15454 DWDM
830 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-43
Cisco ONS 15454 DWDM Reference Manual, R8.5
78-18343-02
Chapter 15 Management Network Connectivity
15.7 Open GNE
By default, the proxy server only allows connections to discovered ONS peers and the firewall blocks
all IP traffic between the GCC network and LAN. You can, however, provision proxy tunnels to allow
up to 12 additional destinations for SOCKS version 5 connections to non-ONS nodes. You can also
provision firewall tunnels to allow up to 12 additional destinations for direct IP connectivity between the
GCC network and LAN. Proxy and firewall tunnels include both a source and destination subnet. The
connection must originate within the source subnet and terminate within the destination subnet before
either the SOCKS connection or IP packet flow is allowed. A proxy connection is allowed if the CTC
client is in a source subnet and the requested destination is in the destination subnet. Firewall tunnels
allow IP traffic to route between the node Ethernet and pdcc interfaces. An inbound Ethernet packet is
allowed through the firewall if its source address matches a tunnel source and its destination matches a
tunnel destination. An inbound pdcc packet is allowed through the firewall if its source address matches
a tunnel destination and its destination address matches a tunnel source. Tunnels only affect TCP and
UDP packets.
The availability of proxy and/or firewall tunnels depends on the network access settings of the node:
If the node is configured with the proxy server enabled in GNE or ENE mode, you must set up a
proxy tunnel and/or a firewall tunnel.
If the node is configured with the proxy server enabled in proxy-only mode, you can set up proxy
tunnels. Firewall tunnels are not allowed.
If the node is configured with the proxy server disabled, neither proxy tunnels nor firewall tunnels
are allowed.
Figure 15-25 shows an example of a foreign node connected to the GCC network. Proxy and firewall
tunnels are useful in this example because the GNE would otherwise block IP access between the PC
and the foreign node.

Table of Contents

Other manuals for Cisco ONS 15454 DWDM

Preview: Installation And Operation Guide
Installation And Operation Guide1218 pages
Preview: Manual
Manual106 pages

Related product manuals