> Absolutely. RRAS is ROUTING the packets, bypassing the proxy server. The
> packets are going out with the source IP address (192.168.x.x) intact; such
> packets cannot be routed back to your network.
>
> If this large WAN has a single transfer point to the Internet, then the
> proxy server should work just fine. It should have two network interfaces
> (one for the internal network and one for the "external" (Internet)
> network. Routing between the interfaces MUST BE DISABLED, and the passing
> of Internet service requests should be handled and controlled by the the
> proxy server.
> In addition, to support inbound connections the internal mail server must
> have the Winsock proxy client software loaded. Inbound connections for
> delivery of mail will not work without it. A means of storing mail
> destined for the target network and a way to "kick" the mail out when the
> proxy server is "up" is also required; look into ETRN for this
> functionality (A newer SMTP function).
> RRAS will enable the dial-up network connectivity, while the proxy server
> will provide address/port translation and access control.
Suggestion to Lucent/Livingston : please have a writeup "HOW-TO"
connect
Customer LANs based on NT + RRAS to PM2/PM3's. The document might want
to
focus sections on "Network Address Translation/IP Masquerading", their
configuration on the PM side, Radius entries with examples etc. And
later
if the document is found useful a standardised description of
permitting
SMTP services for use by client domains. (But SMTP is not really
Livingston's
area...).
Of course, if this document did exist, it would probably reduce
somewhat
the need to have PM's on the client side to dial-in to the PM's at
our POPs.... so while counter-business-intuitive, it simply allows
more flexible usage of PortMasters for more number of downstream LAN
customers.
Methinks that with the de-centralisation of the mainframe, more and
more offices are shifting to the paradigm of having SOHO networks
in branches connected back to their corp. hq's via ... NAS ... and
they all want E-mail, Internal web browsing, POP etc. all through a NT
or Linux box.
Supplementary question, since the PM is on our side, is there anything
special we have to configure except to route the appropriate subnet
block to that assigned port via radius, and then (somehow?) configure
the RRAS on the NT to masquarade/nat the ip block (to/from fake to
real
ip block) upon dial-up?
Any links to URLs on this issue immensely welcome.
-samudra-
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>