|
Bill(Tony), We have a similar, although not overly used, situation. We setup the VPN on the NT server and controlled who can call in through NT user maintenance (Dial-in button, allow user to dial in). This controls who can actually connect to the server from remote locations and once they make that connection, they can access the AS/400 through normal means (CA, NetSoft, etc) provided they have an valid AS/400 username and password. We had an outside service setup the VPN and to my knowledge, nothing needed to be setup on the AS/400. So, to answer your question, it's a VPN through the LAN and the regular stuff on the AS/400. I feel secure with the setup because you would need the username and password of someone that has been setup with dial in rights on the NT side and a valid username and password on the AS/400 side before you could get to the AS/400. You would also need the IP address of the "always on" internet connection to the server and the IP address of the AS/400. I'm sure that there are people that wouldn't have a very hard time finding that information out there but we feel that realistically, they are not a threat to us. I know this sounds like an "it can never happen to me" mentality, but we feel that this is enough of a precaution at this time. HTH. Ed Chabot The Marlin Firearms Company 100 Kenna Drive North Haven, CT 06473 (203)985-3254 -----Original Message----- From: owner-midrange-l@midrange.com [mailto:owner-midrange-l@midrange.com]On Behalf Of William Corbett Sent: Monday, April 23, 2001 10:59 AM To: MIDRANGE-L@midrange. com Subject: VPN thru NT to the AS/400 I have been asked to investigate the setup of VPN to access a company AS/400. We've been using RAS thru an NT server to access the corporate Lan, then CA to work with the AS/400. This gives pretty good security, since the dial-up is a one-to-one connection. Due to increasing usage and more and more programmers and employees with high-speed internet access, management would like to set up a VPN for programmers and users to access the AS/400. I have a fairly good idea of how to set this up, if the NT box were not in between the internet and the AS/400, but the NT server adds an element of "the unknown" into the mix. (at least unknown to me) Is this an entirely NT solution we're talking about, or has something got to be done on the AS/400 side? In other words, is it VPN to the Lan, the normal stuff to get from there to the AS/400? Does this give a secure access method to the AS/400, at least as as far as telnet normally transferring userids and passwords "in the clear"? Should we set up SSL on the 400? Any VPN configuration to do on the AS/400? Any other special considerations on the 400 side? AS/Resources, Inc. William A.(Tony) Corbett IBM Certified Specialist - AS/400 Developer http://www.asresources.com corbett@asresources.com +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.