| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: VPN to database?
Jared,
I'm no network guru, so take this with a ton of salt, but this is how I believe our network admin has it setup. The VPN tunnel comes in thru the outer firewall on a specific port to the vpn server in the DMZ. The vpn server then spreads the ports out as needed to the inner firewall which opens up all ports on the inside to that one server/ip address. Therefore from the applications point of view the inside of the firewall looks the same whether your connected directly on the local lan or coming in via VPN. And if it's that simple, I'm going to be greatly suprised. But I will point out that if the vpn security stuff is not set up just right or gets disturbed the whole thing shuts down better than a clam.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-----Original Message-----
Sent: Friday, October 24, 2003 5:14 PM
To: Multiple recipients of list ORACLE-L
You're going through a firewall that allows port 22 to go through and connect to your ssh daemon via the VPN.
Port 15xx is likely being blocked, as well as the range of ports used to create the sqlnet connections.
I'm not a security guru, but I doubt that the firewall admins are opening all the ports just because you're connecting via VPN.
I also connect through a VPN, but the only ways I know of to connect from my local apps to a database behind the firewall is to open up some ports ( probably won't fly ) or tunnel the sqlnet in via ssh.
Jared
On Fri, 2003-10-24 at 13:19, Todd Boss wrote:
> No, but (and forgive me for asking) why does that matter?
>
> Is sqlnet tunneling important for security reasons, or important
> for connectivity? I'm able to telnet to the box straight away.
>
> I figured that, once VPN was connected, I'd be able to run whatever
> applications I wanted locally. After not being able to get
> any Oracle client to connect, i wondered if VPN had the capability
> to transmit anything but the "lowest" level of tcp/ip protocols.
>
> boss
>
> >
> >
> > Are you tunneling sqlnet through ssh?
> >
> > http://www.akadia.com/services/ssh_install_and_use.html
> >
> > On Fri, 2003-10-24 at 08:44, Todd Boss wrote:
> > > I can tell you right now, i'm VPN'd to a client overseas and have
> > > NOT been able to get OCI to work over the protocol. I can telnet/ssh
> > > to the machine where the Oracle server runs (its Solaris) and work
> > > via a sql*plus window, but nothing runs locally (i.e., Toad or windows
> > > version of sql*plus connected to the remote server).
> > >
> > > If there's some secret to making OCI work over VPN, we were not able
> > > to find it.
> > >
> > > boss
> > >
> > > >
> > > > We are an Application Service Provider--we maintain a set of servers in
> > > > a colocation facility and our customers use our application via the
> > > > Web. Security is a paramount concern, of course, and only our Web
> > > > server has a public IP address, with the application and database
> > > > servers completely private.
> > > >
> > > > We supply a number of standard reports, but most of our customers want
> > > > some custom reports as well. We would like to give them access to our
> > > > database, possibly over a VPN, but only if security can be maintained.
> > > > I'd like to know if anyone has faced such a situation, and what kind of
> > > > configuration (network/firewall/VPN/Oracle Net) might make such access
> > > > possible.
> > > >
> > > > TIA,
> > > >
> > > >
> > > >
> > > > =====
> > > > Paul Baumgartel
> > > > Transcentive, Inc.
> > > > www.transcentive.com
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > The New Yahoo! Shopping - with improved product search
> > > > http://shopping.yahoo.com
> > > > --
> > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > > --
> > > > Author: Paul Baumgartel
> > > > INET: treegarden_at_yahoo.com
> > > >
> > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > > San Diego, California -- Mailing list and web hosting services
> > > > ---------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be removed from). You may
> > > > also send the HELP command for other information (like subscribing).
> > > >
> > >
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: Todd Boss
> > > INET: boss_at_i-sphere.com
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> >
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Jared Still
> > INET: jkstill_at_cybcon.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> >
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Todd Boss
> INET: boss_at_i-sphere.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: jkstill_at_cybcon.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Goulet, Dick INET: DGoulet_at_vicr.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Oct 24 2003 - 16:29:33 CDT
 |
 |