Mark,
I'm not sure from your message what the exact function of the web server
is. Is the connection to your 3270 device a TCP session between the
webserver and the 3270, or the end-user and the 3270? If it is from the
client, you might want to verify that the 3270 device has a return path (i.e.
default gateway) to get the packets back out to the SR client. In other
words, your SR client may have some arbitrary address like 63.44.44.44 assigned
by its ISP, and the 3270 must be able to route that address back to the firewall
performing the encryption, or no go.
That's
my initial thought. Please post with further details if that isn't the
issue. Good luck!
Dan
Hitchcock CCNA, MCSE
Network Engineer Xylo,
Inc. (formerly employeesavings.com) The work/life solution
for corporate thought leaders
We have been successfully using SR for almost 6 months now, but I have run
into a new problem. My remote users are trying to access an internal web
server which acts as a web to host mediator to an offsite mainframe. My web
server is in the 172.16.x.x range of addresses, and it that is included in my
encryption domain. Connecting to it works fine. However, when it tries to
serve the 3270e session from the mainframe (which has an IP in the 170.115.x.x
net) it fails to connect, and I can't telnet to the port on that server,
either. It is obviously a routing issue, but I've even added the 170 address
as an object to my encryption domain and still no-go. When I try to traceroute
to the 170 address, it locks up the clients if SR is running. I can see the
packets being accepted and decrypted at the firewall. TIA for any help.
Mark
P.S. Please post to the group or my other account, [email protected]. I
appreciate the consideration. I have suddenly been unable to post from that
account after 2 years without problems.
Thanks.
|