Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

pools and nat

0 views
Skip to first unread message

erik

unread,
Jul 28, 2004, 2:19:11 PM7/28/04
to
SNA 4.0 SP4 on a separate subnet.

I need users to have access to two separate pools. One pool is for basic
access and a second pool is for users with admin access. Because of the
multiple domains (most I don't control) all users have access to the server
via TN3270(e) with Attachmate or Zephyrcorp clients. For the first user
pool I have single nat'd address that all users from a location share to
access the pool.

Is there a way to give access to the second pool when using the same NAT'd
address or subnet setting LU or pool properties on the server?

By default all users are given a LU from the user pool even when I specify a
different pool name or LU from the master pool. Without using domains(most
of them I do not control) is IP security the only method of security
available to 3270 clients?

I see "generic" and "specific" controls in the server 3270 properties. Can
those be leveraged to give users with essentially the same IP address access
to different pools?

Why doesn't naming a different Pool or LU in the client side 3270 properties
allow a user to connect to a different pool?

Any other ideas?

Regards,

erik


Neil Pike

unread,
Jul 29, 2004, 12:14:35 PM7/29/04
to
Erik,

If you're using NAT anyway, then why not extend your use of that? If you're
using a Cisco router to NAT then route-maps will help achieve what you want.
Most firewalls should also be able to do what you want as well.

What you need to do is NAT the source and destination addresses.

At the moment you NAT client addresses to Source Address A when they connect
to Server B (the SNA Server)

What you need to do is point these clients at Server address C (C won't really
exist - or you could make it a secondary IP on server B).

In your NAT device you say if clients are connecting to Server B, their source
address is NAT'd to A. This is what you have now.

Then add another NAT rule that says if a client connects to Server C, the
source address gets NAT'd to D and the destination address to B.

That way when the clients get to the SNA Server their source address will be
different based on which pool they want to connect to.

Neil Pike MVP/MCSE. Protech Computing Ltd
(Please post ALL replies to the newsgroup only unless indicated otherwise)


0 new messages