PCM+ Agent with ONE zl Module Installation and Getting Started Guide 2009-11
1-32
Getting Started
Example PCM+ Agent Module Deployment
Configuring a Server-Initiated Connection
By default, both the PCM+ 3.10 Server and the Agent are set for a Server-
initiated connection. For details, refer to “PCM+ 3.10 Server Initiated Connec-
tion” on page 1-20.Access to the Agent Web browser interface is not required
in a Server-initiated connection.
NAT Policies. The External to Self policies NAT traffic the PCM+ 3.10 Server
to the PCM+ Agent Module. The External to Self policies are used for a
destination NAT. The External zone is the zone from which the traffic to be
translated arrives. The destination zone is the Self zone because the traffic to
be translated is originally destined to a public IP address (42.167.195.23) on the
TMS zl Module. The PCM+ 3.10 Server IP address is 42.167.195.21; the PCM+
Agent Module IP address is 172.17.2.2.
Externa
l to Self
Firewall Access Policies. Traffic between the PCM+ 3.10 Server (External)
and the PCM+ Agent Module (Zone1) goes through the TMS zl Module (Self).
These policies allow the traffic through the firewall.
External to Self
Self to Zone1l
Service Source Destination Translate NAT Value
ICMP 42.167.195.21 42.167.195.23 Destination 172.17.2.2
TCP/Port 51111 42.167.195.21 42.167.195.23 Destination 172.17.2.2
SSH 42.167.195.21 42.167.195.23 Destination 172.17.2.2
Action From To Service Source Destination
Permit Traffic External Self ICMP 42.167.195.21 42.167.195.23
Permit Traffic External Self TCP/Port 8080 42.167.195.21 42.167.195.23
Permit Traffic External Self TCP/Port 51111 42.167.195.21 42.167.195.23
Permit Traffic External Self SSH 42.167.195.21 42.167.195.23
Action From To Service Source Destination
Permit Traffic Self Zone1 ICMP Any Address Any Address
Permit Traffic Self Zone1 TCP/Port 51111 Any Address 172.17.2.2
Permit Traffic Self Zone1 SSH Any Address 172.17.2.2