What we have done to allow the access thru the firewall is to set up NATTED IP's. All of our servers are behind a firewall with IP's in the 167.124.xxx.xxx range. =20 As all of the 'support' people are typically outside of the firewall, we had out network engineer setup IP's on the corporate network ( we are the outsourced IT provider for this company) and NATted them thru the firewall to allow direct telnet and SQLNET access. The NATted IPs are in the 165.136.xxx.xxx range. When I connect to the DB thru SQLNET, my tnsnames.ora file looks something like this.... RMMTST.WORLD =3D (DESCRIPTION =3D (SOURCE_ROUTE =3D OFF) (ADDRESS_LIST =3D (ADDRESS =3D=20 (PROTOCOL =3D TCP) (HOST =3D 165.136.xxx.xxx) <<=3D=3D=3D=3D=3DThe NATTED IP (PORT =3D 1541)) =20 ) (CONNECT_DATA =3D (SID =3D CDRTST) (SERVER =3D DEDICATED) ) ) (Yes the SID and alias are different...we consolidated the RMM database into the CDR database and left alias the same but pointing to the correct SID...that way all of the apps front ends would not need to be recoded for the change) LIS_TST =3D (ADDRESS_LIST =3D (ADDRESS =3D (PROTOCOL =3D TCP) (Host =3D 165.136.xxx.xxx) (Port =3D 1541) ) ) SID_LIST_LIS_TST =3D (SID_LIST =3D (SID_DESC =3D (SID_NAME =3DCDRTST) (ORACLE_HOME =3D /opt/oracle/8.1.7) ) Many others removed for brevity..... We do not try to tunnel thru the firewall directly using sqlnet proxy or opening up ports. -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Shrek Sent: Thursday, December 16, 2004 9:53 AM To: Carol.Bristow@xxxxxxxx Cc: mzito@xxxxxxxxxxx; Oracle-L (E-mail) Subject: Re: [Q] sqlplus through VPN not work, but tnsping work On Thu, 16 Dec 2004 09:27:13 -0600, Carol Bristow <Carol.Bristow@xxxxxxxx> wrote: > As mentioned in an earlier message (I forget by who at the moment), only > the initial SQL*Plus connection goes through port 1521 (or whichever > port your listener is listening on). Once the initial connection is > made, a different port number is dynamically assigned to the session. > There is a way to force all traffic to go through a single port, but I > had problems when I tried to set it up in version 8. Check the > Netowking documentation. most firewalls have modules that will direct SQL*Net traffic through one port. you need to get the firewll admin to look into getting and configuring the SQL*Net proxy for whatever firewall you have. that way they only have to open one port for all the traffic. --=20 -- Bill "Shrek" Thater ORACLE DBA =20 shrekdba@xxxxxxxxx=20 ------------------------------------------------------------------------ I am my beloved's, and my beloved is mine (Song of Solomon 6:3) -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l