|
When you say that the iseries can log in thru the vpn client, what do you mean? I was picturing the remote client making a vpn connection to the DLS router, is there some kind of vpn service that you are using? -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz Sent: Thursday, April 28, 2005 11:45 AM To: Midrange Systems Technical Discussion Subject: Re: dsl dilemna >If you post the routing table of the AS/400 and the client that might help. I just sent this to Bellsouth, (There is only 1 lan switch - everything plugs into it) Bellsouth T1 router/firewall 10.10.10.12 ethernet --> lan switch Bellsouth NetVPN router 10.10.10.11 ethernet --> lan switch IBM iSeries server 10.10.10.10 ethernet ---> lan switch HP Printer 10.10.10.5 ethernet ----> lan switch HP Printer 10.10.10.1 ethernet --> lan switch other fixed ip devices must be in range 10.10.10.1 thru 10.10.10.99 many pc's 10.10.10.100 - 10.10.10.150 ethernet --> lan switch The Bellsouth T1 router is providing NAT & DHCP for local pc's to surf internet The DHCP pool for local pc's is 10.10.10.100 thru 10.10.10.150 The iSeries is both file/application server & web server The iSeries default gateway is 10.10.10.11 and 2nd gateway is 10.10.10.12 The iSeries can ping both gateway addresses Log in thru vpn client, can ping it's own inside address 10.10.10.11, but nothing else on 10.x.x.x lan Firewall is only blocking ports for inbound originated traffic. iSeries interfaces Internet Subnet Interface Address Mask Status 10.10.10.10 255.0.0.0 Active 70.151.59.xxx 255.0.0.0 Active 127.0.0.1 255.0.0.0 Active Routes: Route Subnet Next Destination Mask Hop *DFTROUTE *NONE 10.10.10.11 *DFTROUTE *NONE 10.10.10.12 tia jim ----- Original Message ----- From: "Chris Payne" <CPayne@xxxxxxxxxxxxxxx> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Thursday, April 28, 2005 11:08 AM Subject: RE: dsl dilemna > Jim, > It is absolutely possible for a host on a 10.x.x.x network to > talk to a host on a 172.16.x.x network. The 2 things that might be a > problem are routing and security. If there is a firewall between your > AS/400 and your client, it might be happily throwing away every packet > you send (note that an access list on your dsl router might be doing > that). The other problem is routing, if host A can talk to router B, and > host C can talk to router B, but A cannot talk to C then B is not > routing the packets correctly. > > > What I would do is try a ping and tracert from AS/400 to router, > and from client to router. Then call bellsouth and have them log into > the DSL router and ping your AS/400 and your client. If all of those > test work then I would strongly suspect that it is something the DLS > router is failing to do (either blocking with an access list or failing > to route properly). If you post the routing table of the AS/400 and the > client that might help. > > chris > > -----Original Message----- > From: midrange-l-bounces@xxxxxxxxxxxx > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz > Sent: Thursday, April 28, 2005 10:21 AM > To: Midrange Systems Technical Discussion > Subject: Re: dsl dilemna > > >What does the routing table look like on your dsl router? > > dsl router belongs to Bellsouth & I have no access to it. > > Is is possible for a 400 to be accessed by a user w/ a 172.16.x.x > address thru a router with a 10.x.x.x address. My route on 400 cfgtcp > to the 10. address. I did try adding a 172.16 address to the iSeries, > and > a route, but that did not solve it (and have now removed it). > jim > ----- Original Message ----- > From: "Chris Payne" <CPayne@xxxxxxxxxxxxxxx> > To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> > Sent: Thursday, April 28, 2005 10:07 AM > Subject: RE: dsl dilemna > > > > 2 things, the first might just be nitpick, but 172.x.x.x is not all > > valid private address it needs to be 172.16.0.0 through > 172.31.255.255. > > from your description of what is going on is sounds like a routing > > problem on your dsl router. Packets make it as far as the router, but > > then disappear. What does the routing table look like on your dsl > > router? > > > > -----Original Message----- > > From: midrange-l-bounces@xxxxxxxxxxxx > > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz > > Sent: Thursday, April 28, 2005 9:53 AM > > To: MIDRANGE-L@xxxxxxxxxxxx > > Subject: dsl dilemna > > > > Customer has added a vpn access to local lan to get to iSeries. > > Remote pc can log into vpn (Cisco client), and even ping the dsl > > router's inside address 10.10.10.11 > > Cannot ping iSeries 10.10.10.10 or any other 10.x.x.x device. > > iSeries has a *dftroute route to the 10.10.10.11 dsl router and can > > ping it. I'm no network expert, but had someone else attempt > > vpn and he says dsl router is natting user a 172.x.x.x address. > > Is this the problem? We had asked the nat pool to be to 10.10.10.70 > thru > > 90, > > but Bellsouth tech gets quiet when i say "nat pool". > > btw-There is a separate router/firewall for T1 into same lan switch. > > jim > > -- > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > > list > > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > > To subscribe, unsubscribe, or change list options, > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > > or email: MIDRANGE-L-request@xxxxxxxxxxxx > > Before posting, please take a moment to review the archives > > at http://archive.midrange.com/midrange-l. > > > > > > -- > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > > To subscribe, unsubscribe, or change list options, > > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > > or email: MIDRANGE-L-request@xxxxxxxxxxxx > > Before posting, please take a moment to review the archives > > at http://archive.midrange.com/midrange-l. > > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > > -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
