Re: VPN thru NT to the AS/400 -- MIDRANGE-L

Tony,

        While Doug is 100% correct here, you may not want these users on the
local Lan, but rather only on the iSeries system.  This can be done by using
the built in L2TP support of the iSeries along with a client product such as
SoftPK from IRE. (www.ire.com) You would map a port to the iSeries in the
FireWall and then use the L2TP server to control connections.

Jeffrey M. Silberberg
Independent Consultant
CompuDesigns, Inc.
(770) 399-9464

AS SOON AS I KNOW THE ANSWERS
THEY CHANGE THE QUESTIONS

*** I have no business arrangement with IRE....

----- Original Message -----
From: Ritsema, Doug B <Doug.Ritsema@wafers.com>
To: <MIDRANGE-L@midrange.com>
Sent: Monday, April 23, 2001 11:22 AM
Subject: RE: VPN thru NT to the AS/400


> Once you have VPN'ed to the NT box you are on your network.  You can
access
> any network resource that you have authority to including the AS/400.
We've
> been using it for years with no problems.
>
> Doug Ritsema
> Holland American Wafer Co
> 3300 Roger B Chaffee
> Grand Rapids, MI  49548
> doug.ritsema@wafers.com
>
>
> -----Original Message-----
> From: William Corbett [mailto:corbett@asresources.com]
> Sent: Monday, April 23, 2001 10:59 AM
> To: MIDRANGE-L@midrange. com
> Subject: VPN thru NT to the AS/400
>
>
> I have been asked to investigate the setup of VPN to access a company
> AS/400.
>
> We've been using RAS thru an NT server to access the corporate Lan, then
CA
> to work with the AS/400.  This gives pretty good security, since the
dial-up
> is a one-to-one connection.  Due to increasing usage and more and more
> programmers and employees with high-speed internet access, management
would
> like to set up a VPN for programmers and users to access the AS/400.
>
> I have a fairly good idea of how to set this up, if the NT box were not in
> between the internet and the AS/400, but the NT server adds an element of
> "the unknown" into the mix. (at least unknown to me)
>
> Is this an entirely NT solution we're talking about, or has something got
to
> be done on the AS/400 side?  In other words, is it VPN to the Lan, the
> normal stuff to get from there to the AS/400?
> Does this give a secure access method to the AS/400, at least as as far as
> telnet normally transferring userids and passwords "in the clear"?
> Should we set up SSL on the 400?
> Any VPN configuration to do on the AS/400?
> Any other special considerations on the 400 side?
>
> AS/Resources, Inc.
> William A.(Tony) Corbett
> IBM Certified Specialist - AS/400 Developer
> http://www.asresources.com
> corbett@asresources.com
>
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
> david@midrange.com
> +---
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
david@midrange.com
> +---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---