Topic: Drilling the firewall?

[Troy]

Hi, I have trolled through the bulletin board and have not found anything similar to my problem.  I need to open up some holes to allow some pc's on the network to talk to the ATO lodgement servers.

They apparently have Cisco VPN servers and i need to do as they have sent me:=


In order to get ELS working throught your firewall and / or the Network Address Translation (NAT) device, you will need to ensure the following traffic be allowed through  the following ports to the corresponding IP address:

TCP Transport mode:
     Port:    10000 (Outbound)

UDP Transprot mode (With NAT Device):
     Port:    500 & 4500 (Outbound)

UDP Transprot mode (With NO NAT Device):
     Port:    500 & 10000

________________________________________
VPN concentrators (TCP or UDP mode):
     Melb/Ade    (IP) xxx.xxx.xx.xxx
     Syd/Bri     (IP) xx.xx.xxx.xxx
________________________________________
Telnet (Client and server):
     Port:    7586

Telnet to the CEG Servers:
     Melbourne (IP)  xxx.xxx.xx.x
     Adelaide  (IP)  xxx.xxx.xx.x
     Brisbane  (IP)  xxx.xxx.xx.x
     Sydney    (IP)  xxx.xxx.xx.x



WTF does this mean?  Am i to forward this traffic through some sort of VPN?  Do somehow stuff around with the masq bit?

Can someone please explain it to me in a bit of english?

Thanks in advance,

Troy.

[Graeme Fleming]

Hi Troy

I have 4 accountants who use a mix of Solution 6 or MYOB Accountants Office to connect to the ATO for lodgements.  None of these sites has required any changes to their SME (5.6, 5.6, 6.0B3).

Because the connection is established from inside your network to the ATO the connection back is permitted for that session.

The VPN lodgement works really well and is SO much better that the Austpac method.

HTH

[Ray Mitchell]

Troy
Our system uses a sme server configured previously as a server & gateway and now as a private server & gateway with a Telstra dial up connection using Handisoft tax software. I just installed the Cisco VPN software on the workstations, entered the passwords etc and it all worked first go, nothing needed changing on the v5.6 sme box.
Are you using a separate firewall, if so then you may need to open those ports on the firewall.
Regards
Ray

[John Mackenzie]

Troy,

Download and install the port opening rpm from my ftp server, at:
ftp://ftp.westernportmedical.com.au/

(I can't immediately find the site that I downloaded this rpm from)

Your e-smith manager will then have "port opening" in the configuration section of your panel, and you will be able to open/close whatever ports you need to.

Cheers,

John Mac

[Troy]

Thanks heaps for your responses.  It is an SME6b3 server (not private, I might try that instead.)  The handysoft data doesn't reside on the SME server, as the data was corrupting weekly, and were advised by handysoft to NOT use linux and instead use Win2k Server.  So, there is a Win2k dataserver, and the SME firewall.  I left it in server / gateway mode, as eventually they want to have their own website, and e-mails.

Anyway, shall let you know of the outcome.

Troy