>But like I said, making a requirement to have a 
>server outside of a firewall to use a service is 
>just so shortsighted. 

No argument. I agree. I think they'd find a _large_ percentage of the
user base went to internet based contact if they had the ability to do
so.

-Walden


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
(208) 692-3308 eFax
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang
Sent: Monday, March 01, 2004 10:19 AM
To: Midrange Systems Technical Discussion
Subject: Re: AS/400 to IBM connection NOT thru line modems

Yeah, I understand that IPSEC doesn't work over 99% of the firewalls out
there (as a passthru).  In that regards, it is a shame they didn't use a
diferent method (http over SSL would have been fine doign it via
webservice).  Oh well.  But like I said, making a requirement to have a
server outside of a firewall to use a service is just so shortsighted.

----- Original Message ----- 
From: "Walden H. Leverich" <WaldenL@xxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Monday, March 01, 2004 9:45 AM
Subject: RE: AS/400 to IBM connection NOT thru line modems


> >Sort of a horrible requirement not to have it behind a firewall.
>
> Technically not a requirement.
>
> _IF_ you have a firewall/NAT device that is capable of "L2TP Multihop"
> it's possible to setup the VPN connection from within the internal
> network. Technically there is one connection from your iSeries to your
> firewall and another from the firewall (which has a public IP) to IBM.
> Of course, almost no one has one of these firewalls. <G>
>
> IIRC from beta days, this has to do with IBM's decision to use IPSEC
and
> L2TP and not PPTP as the VPN protocol. Since the IP address of the
> sender (your iSeries) in embedded in the output packet and the entire
> packet is encrypted there is no way to "fix" the IP address w/o
> corrupting the outbound packet. Personally I find PPTP "secure enough"
> at 128-bit encryption to transfer PTFs and phone-home so I think it
was
> a silly decision on Rochester's part. However, I'm not sure they have
a
> choice. It wouldn't surprise me to know that IBM network security
won't
> allow any VPN connection other than IPSEC/L2TP.
>
> -Walden
>
>
> ------------
> Walden H Leverich III
> President & CEO
> Tech Software
> (516) 627-3800 x11
> (208) 692-3308 eFax
> WaldenL@xxxxxxxxxxxxxxx
> http://www.TechSoftInc.com
>
> Quiquid latine dictum sit altum viditur.
> (Whatever is said in Latin seems profound.)
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang
> Sent: Monday, March 01, 2004 9:03 AM
> To: Midrange Systems Technical Discussion
> Subject: Re: AS/400 to IBM connection NOT thru line modems
>
> Sort of a horrible requirement not to have it behind a firewall.
>
> ----- Original Message ----- 
> From: "Vern Hamberg" <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> Sent: Sunday, February 29, 2004 7:09 PM
> Subject: Re: AS/400 to IBM connection NOT thru line modems
>
>
> > If your release of OS400 is fairly recent (at least V5R1?) and your
> AS/400
> > is directly attached to the Internet (i.e., not behind a firewall),
or
> > there is another 400 that is outside the firewall and is addressable
> from
> > the Internet, there is a Universal Connection setup in Ops Nav that
> can
> use
> > the Internet. A VPN session gets started with some IBM server. Also,
I
> > don't know about Espana.
> >
> > HTH
> > Vern
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.