|
I have a customer that has an IXS running SBS 2003 that provides firewall (and other) services to the internal network. This guy is multi-homed (naturally) with a single external NIC and an internal NIC. ISA 2004 manages proxy and firewalling. They have an i5 520 (power 5+) running V5R4M0.
This works well but having a Windows machine between me and the internal network is problematic since if it goes down (and it does go down) I have no access to the internal network and therefore cannot get to the System i to restart the IXS. So, we added more external IP's by expanding the subnet and now I have 5 IP addresses I can assign to various NIC's so I can externally manage the System i. So far so good.
My idea was to assign one external IP to an unused Ethernet port (T5 on the back of the 520). They currently use T6 as the NIC for internal access to the System i.
So, a couple of questions:
1. How should I best configure *this* Ethernet port so that it is locked down for only Telnet SSL? It will have an external IP so I do want to lock it down. Currently we have secure telnet running internally and externally (through port mapping in ISA2004 using the T6 Ethernet port).
2. Is there an alternate method for accessing the 520 externally that would be more secure? They would need to be ports that I can assign "externally" to bypass the ISA 2004 firewall.
The problem:
Based on what I see in WRKHDWRSC *CMN and looking in SST, it appears that the communications line resource is CMN19 (T6 is CMN20 which seem to confirm that I have the correct resource). When I create an Ethernet line using this resource and vary it on I get:
Message . . . . : Line ETHLINEBAK vary on failed.
Cause . . . . . : The resource is already in use by object type . If the object name and type are blanks, either the resource is in use by the Dedicated Service Tools (DST), another client, or the data is not available.
Recovery . . . : Do one of the following: --Vary off the object using the resource with the Vary Configuration (VRYCFG) command. --Use the active line instead of line ETHLINEBAK, if this is a switched connection or a local area network connection. This can be done by changing
the controller description for the remote system to include the active line
in its SWTLINLST parameter.
As far as I can see, the resource in NOT is use by another line so I can only assume that I am using the wrong resource. WRKHDWRSC shows this for CMN19:
Resource name . . . . . . . : CMN19
Text . . . . . . . . . . . . : Ethernet Port
Type-model . . . . . . . . . : 5706-001
Serial number . . . . . . . : 00-53967EA
Part number . . . . . . . . : 39J4251
Location: U787F.001.DPM09V2-P1-T5
Logical address:
PCI bus:
System bus 4
System board 0
System card 36
Any ideas as to why I get an error on varying on the line ?
Thanks,
Pete Helgren
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
