|
>But like I said, making a requirement to have a >server outside of a firewall to use a service is >just so shortsighted. No argument. I agree. I think they'd find a _large_ percentage of the user base went to internet based contact if they had the ability to do so. -Walden ------------ Walden H Leverich III President & CEO Tech Software (516) 627-3800 x11 (208) 692-3308 eFax WaldenL@xxxxxxxxxxxxxxx http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang Sent: Monday, March 01, 2004 10:19 AM To: Midrange Systems Technical Discussion Subject: Re: AS/400 to IBM connection NOT thru line modems Yeah, I understand that IPSEC doesn't work over 99% of the firewalls out there (as a passthru). In that regards, it is a shame they didn't use a diferent method (http over SSL would have been fine doign it via webservice). Oh well. But like I said, making a requirement to have a server outside of a firewall to use a service is just so shortsighted. ----- Original Message ----- From: "Walden H. Leverich" <WaldenL@xxxxxxxxxxxxxxx> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Monday, March 01, 2004 9:45 AM Subject: RE: AS/400 to IBM connection NOT thru line modems > >Sort of a horrible requirement not to have it behind a firewall. > > Technically not a requirement. > > _IF_ you have a firewall/NAT device that is capable of "L2TP Multihop" > it's possible to setup the VPN connection from within the internal > network. Technically there is one connection from your iSeries to your > firewall and another from the firewall (which has a public IP) to IBM. > Of course, almost no one has one of these firewalls. <G> > > IIRC from beta days, this has to do with IBM's decision to use IPSEC and > L2TP and not PPTP as the VPN protocol. Since the IP address of the > sender (your iSeries) in embedded in the output packet and the entire > packet is encrypted there is no way to "fix" the IP address w/o > corrupting the outbound packet. Personally I find PPTP "secure enough" > at 128-bit encryption to transfer PTFs and phone-home so I think it was > a silly decision on Rochester's part. However, I'm not sure they have a > choice. It wouldn't surprise me to know that IBM network security won't > allow any VPN connection other than IPSEC/L2TP. > > -Walden > > > ------------ > Walden H Leverich III > President & CEO > Tech Software > (516) 627-3800 x11 > (208) 692-3308 eFax > WaldenL@xxxxxxxxxxxxxxx > http://www.TechSoftInc.com > > Quiquid latine dictum sit altum viditur. > (Whatever is said in Latin seems profound.) > > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang > Sent: Monday, March 01, 2004 9:03 AM > To: Midrange Systems Technical Discussion > Subject: Re: AS/400 to IBM connection NOT thru line modems > > Sort of a horrible requirement not to have it behind a firewall. > > ----- Original Message ----- > From: "Vern Hamberg" <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx> > To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> > Sent: Sunday, February 29, 2004 7:09 PM > Subject: Re: AS/400 to IBM connection NOT thru line modems > > > > If your release of OS400 is fairly recent (at least V5R1?) and your > AS/400 > > is directly attached to the Internet (i.e., not behind a firewall), or > > there is another 400 that is outside the firewall and is addressable > from > > the Internet, there is a Universal Connection setup in Ops Nav that > can > use > > the Internet. A VPN session gets started with some IBM server. Also, I > > don't know about Espana. > > > > HTH > > Vern > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.