Vern,
As I read the Knowledge Base document (and I am using a Sonicwall) all I
have to do is set the three UDP ports as allowed traffic in and out. No
port mapping was mentioned in the section about "Direct Connection". It
might be a security plus to keep it restricted to the IBM address in the
document and the internal address.
I will probably try this next week after the latest cume and the
specific PTF are applied by the weekend IPL.
I learned a long time ago that if it doesn't work to delete the
connection with iSeries Nav before running the wizard again. When I got
burned it actually showed two identical sets of connections and
everything died when trying to work with them. Had to try again to
delete one and wait for an IPL to flush out the duplication.
The Sonicwall has VPN support as well as firewall. The number of
simultaneous connections is a function of the size of the Sonicwall
license, as is the number of internal IP address allowed external
access. The easiest setup is between two (or more in hub and spoke)
Sonicwalls. I've done a handful of these with the only (obvious) trick
being that at least one, or the hub, has to have a static public IP.
With this setup the Sonicwalls handle all the VPN and everything else
doesn't know the difference. Otherwise you have to use their VPN client
software. They say the firewall is IpSec compatible but I haven't had
any luck getting XP to work without the client. Also, the client, when
it opens the tunnel blocks all other internet paths. So if you want to
browse an external web page while the tunnel is open you need to
configure the Sonicwall on the other end to relay the external traffic
back out from there. That is, your request goes to the other end of the
tunnel and then back out the WAN side it just came in on but outside the
tunnel. Double the traffic on the WAN connection of the Sonicwall.
Roger
On 4/21/2004 9:27 AM, Vern Hamberg wrote:
This is all well and good if you have a cisco or equivalent. The
original post asked about non-cisco, IIRC. We are in that position,
also, since we use the LinkSys VPN router. It can allow port
forwarding to a single internal address. Obviously, it's cheaper than
a cisco and I don't expect it to have the power of a cisco. But is
there a way to set up a LinkSys or NetGear or other consumer-level
router to allow the V5R2 box not to have a public address?
Thanks
Vern
--
*** Vicker Programming and Service *** Have bits will byte *** www.vicker.com
***
No battle plan has ever survived contact with the enemy.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
