|
Dear Tony, Here is the reason why the CA PC5250 sessions are working correctly in your VPN network. The following information was pulled from a remote printing white paper we wrote about a year ago. <Why the TN5250E Protocol Works Well in VPN Networks> The TN5250E protocol is a reverse telnet protocol. This means that the client is responsible for initiating a connection with a host server. This is the same philosophy that is applied to web browsing. Once the target server is contacted, it opens a TCP/IP socket connection to the client that has contacted it and sends responses to client queries as necessary. This network connection process is fully compatible with firewalls, proxy servers, and VPN tunnels. Connections that are established from a host towards a client are typically unable to penetrate firewalls and proxy servers and are therefore not always appropriate to certain VPN network configurations. <end white paper info> The port numbers (256 through 1024) that IBM gave you are actually internal to your AS/400 or iSeries host TCP/IP stack port numbers. These are the ports that OS/400 will check to find a method to send your data out of the IBM host. It will be attempting to reach port 515 at the IP address specified in your OS/400 OUTQ definition. The usual problem is that the IBM host can only see one or two public IP addresses at the far end of the VPN tunnel which are not the target printer. It is therefore never able to establish the remote printer connection. Client Access, other third party products that offer equivalent TN5250E protocol support, and multi-protocol print servers for individual printers that support the TN5250E protocol should all work very well in the VPN environment you have described in your post. Our company put together an AS/400 based wide area network VPN implementation that supported about 50 demonstration rooms where IBM AS/400 and iSeries printing could be shown to potential customers. The TN5250E protocol was used for all non-IPDS print sessions and display sessions activated in all the demo rooms. The network ran without problems since it was installed over one year ago. Currently we have taken the network down temporarily to retire an AS/400 model 600 and replace it with an iSeries model 270. We'll probably reactivate the whole network in about 5 or 6 weeks from now. HTH Best Regards, /Paul -- Paul Tykodi National Product Manager Intermate US, Inc. p: 603.431.0606 x115 f: 603.436.6432 paul@intermate-us.com www.intermate.com >From: "William A.\(Tony\) Corbett" <corbett@ASRESOURCES.COM> >To: "MIDRANGE-L@midrange. com" <MIDRANGE-L@midrange.com> >Subject: IP printing on a remote printer >Date: Fri, 26 Jul 2002 09:29:48 -0400 >Reply-To: midrange-l@midrange.com > >Hi all, > >I'm trying to configure a printer on a "remote lan" which is connected to >our system via T1 connection. We're using the 192.168... internal ip range, >the remote location is using the 10... ip range. >The remote users (10..) are connecting fine via CA Express, so the CFGTCP >stuff is OK. >I've got a remote printer set up, it'll go to SND mode, but never prints on >the other end. > >Problem is in the routers, I believe. Supportline says: >On both routers...ensure that ports 515 and 256 thru 1024 are OPEN, these >HAVE to be OPEN. > >My remote folks say "I can't, and I won't, open the ports you listed....you >are asking me to open a hole the size of Europe in our router/firewall". >This is an affilate company, so we don't "own" them and can only be so >forceful. > >Do I really need this many ports open or can I slim the required open ports >down to something they can accept. > >Any advice is really appreciated. > >TIA > >AS/Resources, Inc. >William A.(Tony) Corbett >IBM Certified Specialist - AS/400 Developer >http://www.asresources.com >corbett@asresources.com >770-587-4812 (office) >678-935-5006 (mobile) >fax: 404-663-4737
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.