Open Gne - Cisco ONS 15454 DWDM Installation And Operation Manual

Chapter 22 Management Connectivity Reference
either the SOCKS connection or IP packet flow is allowed. A proxy connection is allowed if the CTC
client is in a source subnet and the requested destination is in the destination subnet. Firewall tunnels
allow IP traffic to route between the node Ethernet and pdcc interfaces. An inbound Ethernet packet is
allowed through the firewall if its source address matches a tunnel source and its destination matches a
tunnel destination. An inbound pdcc packet is allowed through the firewall if its source address matches
a tunnel destination and its destination address matches a tunnel source. Tunnels only affect TCP and
UDP packets.
The availability of proxy and/or firewall tunnels depends on the network access settings of the node:
• If the node is configured with the proxy server enabled in GNE or ENE mode, you must set up a
proxy tunnel and/or a firewall tunnel.
If the node is configured with the proxy server enabled in proxy-only mode, you can set up proxy
•
tunnels. Firewall tunnels are not allowed.
If the node is configured with the proxy server disabled, neither proxy tunnels or firewall tunnels
•
are allowed.
Figure 22-17
tunnels are useful in this example because the GNE would otherwise block IP access between the PC
and the foreign node.
August 2005
shows an example of a foreign node connected to the GCC network. Proxy and firewall
Cisco ONS 15454 DWDM Installation and Operations Guide, R6.0

22.6 Open GNE

22-27