MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » December 2013

RE: VPN & Client Access



fixed

Forgot to mention, years back we needed to secure an app using VPN between the iSeries and a Windows Server.
We were never successful in getting the VPN configured properly on the iSeries side.
Don't remember the exact details, Phase 2 negotiations and handshaking, mismatch.
Have not used any iSeries VPN since.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary Thompson
Sent: Saturday, December 14, 2013 1:09 PM
To: Midrange Systems Technical Discussion
Subject: RE: VPN & Client Access

Paul,
are you using >Windows Server Remote Desktop< ?

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Saturday, December 14, 2013 11:03 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: VPN & Client Access

We've used VPN from remote/home PC to corporate network for years. One of the issues is that a home PC may not always resolve DNS properly, so always opted to use IP instead of name.
Recently, after connecting to the corporate network via VPN, we now use remote desktop to access work PC from home.
Big advantage here is that nothing has to be installed/configured on home PC except for VPN client.
Another advantage is that if the connection drops, only have to reconnect to work PC, everything will still be running.
Due to security issues, we've gone from Windows VPN, Cisco VPN, currently on Sonic Wall NetExtender.

Paul

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jon Paris
Sent: Saturday, December 14, 2013 12:28 PM
To: Midrange Systems Technical Discussion
Subject: Re: VPN & Client Access

Heaven forbid that I should disagree with David and Dr. F but ... actually "disagree" is not the right word - "explain to a fellow know-little like myself" would be more appropriate.

I seem to recall that the primary difference when configuring a VPN connection is that I need to use the system name, IP, whatever that I would use _inside_ the local network. Not necessarily the same as the one I would normally use to connect from outside. In my case to connect from outside I use systemideveleloper.com - within the confines of the VPN I simply use ideveloper as if I were on the local LAN. That almost certainly an over simplification but it is the way that I remember it.


On 2013-12-14, at 11:08 AM, DrFranken <midrange@xxxxxxxxxxxx> wrote:

Agree with David. The VPN is at Level three in the network stack while
IBM i Access is an application and works in the higher layers. First
assure the VPN is working then IBM i Access should work just fine.

Absolutely check name resolution as that's critical. Use NSLOOKUP
server.domain.tld to verify resolution. This also tells you the name
server IP address that responded. This can also be important because
many VPN connections change your DNS server(s). This is so you get
private IP addresses for the services across the VPN while still
getting public IPs for the google et. al.

That said be aware that many VPNs block ICMP traffic (PING et. al.) so
don't panic if PING doesn't work. Instead use CWBPING
server.domain.tld to veryify the connection. This program attempts to
connect to each of the required servers including telnet and reports
success or failure on each port.

- Larry "DrFranken" Bolhuis

www.frankeni.com
www.iDevCloud.com
www.iInTheCloud.com

On 12/14/2013 10:55 AM, David Gibbs wrote:

On 12/13/2013 10:23 PM, Booth Martin wrote:
Is there a tutorial or instructions on how to connect with VPN?

I have Client Access, iSeries Navigator, and RDi. I have used VPN
with Client access but that setup was in 2009 and I have no idea how
I did it back then,

The VPN I am trying to use to connect is: SHREW SOFT VPN CLIENT That
installed, and it shows as connected when I start it. But I can't
figure out what to do next.

There's nothing special (that I know of) about using CA with a VPN.
The key is getting the VPN to work correctly.

If you can connect to the host on port 23 using a standard telnet
client, you should be able to use CA.

Can you ping the host? Does it's hostname resolve to an IP?

david


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact