Re: AS/400 to IBM connection NOT thru line modems

["Adam Lang" <aalang@xxxxxxxxxxxxxxxxxxxx>]

Yeah, I understand that IPSEC doesn't work over 99% of the firewalls out
there (as a passthru).  In that regards, it is a shame they didn't use a
diferent method (http over SSL would have been fine doign it via
webservice).  Oh well.  But like I said, making a requirement to have a
server outside of a firewall to use a service is just so shortsighted.

----- Original Message ----- 
From: "Walden H. Leverich" <WaldenL@xxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Monday, March 01, 2004 9:45 AM
Subject: RE: AS/400 to IBM connection NOT thru line modems


> >Sort of a horrible requirement not to have it behind a firewall.
>
> Technically not a requirement.
>
> _IF_ you have a firewall/NAT device that is capable of "L2TP Multihop"
> it's possible to setup the VPN connection from within the internal
> network. Technically there is one connection from your iSeries to your
> firewall and another from the firewall (which has a public IP) to IBM.
> Of course, almost no one has one of these firewalls. <G>
>
> IIRC from beta days, this has to do with IBM's decision to use IPSEC and
> L2TP and not PPTP as the VPN protocol. Since the IP address of the
> sender (your iSeries) in embedded in the output packet and the entire
> packet is encrypted there is no way to "fix" the IP address w/o
> corrupting the outbound packet. Personally I find PPTP "secure enough"
> at 128-bit encryption to transfer PTFs and phone-home so I think it was
> a silly decision on Rochester's part. However, I'm not sure they have a
> choice. It wouldn't surprise me to know that IBM network security won't
> allow any VPN connection other than IPSEC/L2TP.
>
> -Walden
>
>
> ------------
> Walden H Leverich III
> President & CEO
> Tech Software
> (516) 627-3800 x11
> (208) 692-3308 eFax
> WaldenL@xxxxxxxxxxxxxxx
> http://www.TechSoftInc.com
>
> Quiquid latine dictum sit altum viditur.
> (Whatever is said in Latin seems profound.)
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang
> Sent: Monday, March 01, 2004 9:03 AM
> To: Midrange Systems Technical Discussion
> Subject: Re: AS/400 to IBM connection NOT thru line modems
>
> Sort of a horrible requirement not to have it behind a firewall.
>
> ----- Original Message ----- 
> From: "Vern Hamberg" <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
> Sent: Sunday, February 29, 2004 7:09 PM
> Subject: Re: AS/400 to IBM connection NOT thru line modems
>
>
> > If your release of OS400 is fairly recent (at least V5R1?) and your
> AS/400
> > is directly attached to the Internet (i.e., not behind a firewall), or
> > there is another 400 that is outside the firewall and is addressable
> from
> > the Internet, there is a Universal Connection setup in Ops Nav that
> can
> use
> > the Internet. A VPN session gets started with some IBM server. Also, I
> > don't know about Espana.
> >
> > HTH
> > Vern
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.