Return to home page
Decrease font size by 1 pointChange font to 8 pointChange font to 9 point (default)Change font to 10 pointIncrease font size by 1 point

Log in or log out
Tech Notes

Allowing Mobility Client Connections From Outside Your Firewall

Technical Note 2169

Last Reviewed 13-Jun-2005
Applies To
Mobility client, version 6.00 and higher
Windows XP, Windows 2000
 Printer-friendly version

Summary

Every network from which you plan to connect using Mobility—a WLAN, a WWAN, a hot spot, etc.—must have access to the Mobility server. To make the server accessible, some firewall configuration may be required. This is especially true if you are planning to connect over most wide area networks like GPRS/CDMA, or any other public IP-based network, such as 802.11 hot spots.

Configuration Steps

To allow Mobility connections through a firewall:

  1. Allow UDP port 5008 traffic.

    The Mobility server uses UDP port 5008 by default. To get to the Mobility server from an external network, the public IP address on the firewall must be configured to allow UDP port 5008 traffic, and to forward that traffic to the private IP address of the Mobility server.

    The UDP port that Mobility uses is configurable; it can be changed on the Server Settings page in the Mobility console with the Address and Port Number setting.

    Here’s a sample of the commands used on a PIX firewall to allow Mobility traffic—in this case the private IP of the Mobility server is 10.1.1.200 and the NAT address is 4.41.177.4:

    Static (inside,outside)  4.41.177.4  10.1.1.200
Access-list 101 permit udp any host 4.41.177.4 eq 5008
Access-group 101 in interface outside

  2. Add the firewall address to the list of external IP addresses that Mobility clients might use to connect to this server.

    To configure the server so that clients can connect to it via its NAT address, follow these steps:

    1. Open the Mobility server console and go to the Server Settings page.

    2. Select your server name in the left-hand column.

    3. Select the setting External Server Addresses and enter any NAT addresses that clients will use to reach that server. (In version 6.01 and earlier, this setting is called Alternate Server Addresses.)

      Important: Do not enter any of the server's real IP addresses. Use the Ipconfig utility (in a DOS box) to get a detailed description of the server's IP networking configuration: if an address shows up in the Ipconfig results, the server already knows about it, so it should not be added to this list.

    4. If you have more than one Mobility server in your pool, each one must be accessible through the firewall. Repeat steps 2 and 3 for the other servers in your pool.

Related Information

9979

NetMotion Mobility Technical Notes

Please comment on this technical note.