[THIN] Re: Citrix and Cisco Pix configuration
- From: "Roger Riggins" <roger.riggins@xxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 6 Feb 2007 10:02:06 -0600
I wouldn't do this without a DMZ and CSG. You can get a firewall with a
DMZ for pretty cheap and you can throw CSG on the same box as WI.
I can't remember the exact altaddr stuff since I never use it, but that
sounds right.
On your Pix config, don't set an outbound access list unless you
actually care about what goes out. It'll save you some config. Just
leave it something like:
access-list INSIDE_ACCESS_OUTBOUND line 1 permit ip any any
I would recommend leaving 1494 open in case you run in to some older
clients, but if you're going to skip the DMZ then I'd close as many as
possible.
Roger Riggins
Network Administrator
Lutheran Services in Iowa
w: 319.859.3543
c: 319.290.5687
http://www.lsiowa.org
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Mike Semon
Sent: Tuesday, February 06, 2007 6:49 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Citrix and Cisco Pix configuration
Trying to remember the correct Pix configuration. Have a client with a
small
Citrix installation (2 Citrix PS 4.0 boxes
And 1 Web Interface Server) No DMZ. I have my public IP address with NAT
setup to the private address of my Web Interface Server. Can I just
setup
NAT for two more Public IP addresses for my Citrix boxes and add these
IP
addresses with
Altaddr so that each corresponds to a different Public IP address? I am
opening 80 and 1494 inbound and the upper
Ports 1023 and above outbound. If I am using session reliability can I
just
replace 1494 with 2598?
Mike
SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
<b>Lutheran Services in Iowa Confidentiality Notice:</b><br>
<red>The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and
may be legally privileged. If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited. If you have received this
communication in error, please return it to the sender immediately
and delete the original message and any copy of it from your computer
system. If you have any questions concerning this message, please
contact the sender.</red>
SBC SITES ONLY GOOGLE SEARCH: http://www.F1U.com
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************
Other related posts:
