Cisco Systems 15310-MA Manual

A SERVICE OF

next previous

8-19

Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2

78-19417-01

Chapter 8 Management Network Connectivity

External Firewalls

The following access control list (ACL) examples show a firewall configuration when the proxy server

gateway setting is not enabled. In the example, the CTC workstation address is 192.168.10.10 and the

ONS 15310-MA SDH address is 10.10.10.100. The firewall is attached to the GNE, so the inbound path

is CTC to the GNE and the outbound path is from the GNE to CTC. The CTC CORBA Standard constant

is 683 and the TCC CORBA Default is TCC Fixed (57790).

access-list 100 remark *** Inbound ACL, CTC -> NE ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq www

access-list 100 remark *** allows initial contact with the 15310-MA SDH using http (port

80) ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq 57790

access-list 100 remark *** allows CTC communication with the 15310-MA SDH GNE (port 57790)

***

access-list 100 remark

access-list 101 remark

access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 eq 683

access-list 101 remark *** allows alarms etc., from the 15310-MA SDH (random port) to the

CTC workstation (port 683) ***

access-list 100 remark

access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established

access-list 101 remark *** allows ACKs from the 15310-MA SDH GNE to CTC ***

The following ACL examples show a firewall configuration when the proxy server gateway setting is

enabled. As with the first example, the CTC workstation address is 192.168.10.10 and the

ONS 15310-MA SDH address is 10.10.10.100. The firewall is attached to the GNE, so the inbound path

is CTC to the GNE and the outbound path is from the GNE to CTC. The CTC CORBA Standard constant

is 683 and the TCC CORBA Default is TCC Fixed (57790).

access-list 100 remark *** Inbound ACL, CTC -> NE ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq www

access-list 100 remark *** allows initial contact with the 15310-MA SDH using http (port

80) ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 eq 1080

access-list 100 remark *** allows CTC communication with the 15310-MA SDH GNE proxy server

(port 1080) ***

access-list 100 remark

access-list 100 permit tcp host 192.168.10.10 host 10.10.10.100 established

access-list 100 remark *** allows ACKs from CTC to the 15310-MA SDH GNE ***

access-list 101 remark *** Outbound ACL, NE -> CTC ***

access-list 101 remark

access-list 101 permit tcp host 10.10.10.100 eq 1080 host 192.168.10.10

access-list 101 remark *** allows alarms and other communications from the 15310-MA SDH

(proxy server) to the CTC workstation

(port 683) ***

access-list 100 remark

access-list 101 permit tcp host 10.10.10.100 host 192.168.10.10 established

access-list 101 remark *** allows ACKs from the 15310-MA SDH GNE to CTC ***

10240-12287 Proxy client D

57790 Default TCC listener port OK

1. D = deny, NA = not applicable, OK = do not deny

Table 8-6 Ports Used by the 15310E-CTX-K9 (continued)

Port Function Action

1