Nope, last I knew IPSEC passthrough and multi-hop were not the same
thing. IIRC, it's certain models of Nortel equipment and maybe some
high-end Cisco's that supported it. IBM wasn't really clear on the
issue.

-Walden 


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
(208) 692-3308 eFax
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Vern Hamberg
Sent: Monday, March 01, 2004 11:38 AM
To: Midrange Systems Technical Discussion
Subject: RE: AS/400 to IBM connection NOT thru line modems

We use the LinkSys VPN router. It has settings to enable IPSEC
passthrough 
and PPTP passthrough. So do you think that I can set the multihop
external 
address to that of the router and this should work? The setting is for 
going through another system or LPAR - that sounds like an iSeries that
is 
live on the Internet. It talks about using a box of some kind on which 
you've set up a connection to IBM.

Would I use the public address of the LinkSys, or the internal one?

Hoping for some fun.

Vern

At 09:45 AM 3/1/2004 -0500, you wrote:
> >Sort of a horrible requirement not to have it behind a firewall.
>
>Technically not a requirement.
>
>_IF_ you have a firewall/NAT device that is capable of "L2TP Multihop"
>it's possible to setup the VPN connection from within the internal
>network. Technically there is one connection from your iSeries to your
>firewall and another from the firewall (which has a public IP) to IBM.
>Of course, almost no one has one of these firewalls. <G>
>
>IIRC from beta days, this has to do with IBM's decision to use IPSEC
and
>L2TP and not PPTP as the VPN protocol. Since the IP address of the
>sender (your iSeries) in embedded in the output packet and the entire
>packet is encrypted there is no way to "fix" the IP address w/o
>corrupting the outbound packet. Personally I find PPTP "secure enough"
>at 128-bit encryption to transfer PTFs and phone-home so I think it was
>a silly decision on Rochester's part. However, I'm not sure they have a
>choice. It wouldn't surprise me to know that IBM network security won't
>allow any VPN connection other than IPSEC/L2TP.
>
>-Walden
>
>
>------------
>Walden H Leverich III
>President & CEO
>Tech Software
>(516) 627-3800 x11
>(208) 692-3308 eFax
>WaldenL@xxxxxxxxxxxxxxx
>http://www.TechSoftInc.com
>
>Quiquid latine dictum sit altum viditur.
>(Whatever is said in Latin seems profound.)
>
>-----Original Message-----
>From: midrange-l-bounces@xxxxxxxxxxxx
>[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Adam Lang
>Sent: Monday, March 01, 2004 9:03 AM
>To: Midrange Systems Technical Discussion
>Subject: Re: AS/400 to IBM connection NOT thru line modems
>
>Sort of a horrible requirement not to have it behind a firewall.
>
>----- Original Message -----
>From: "Vern Hamberg" <vhamberg@xxxxxxxxxxxxxxxxxxxxxxxxx>
>To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
>Sent: Sunday, February 29, 2004 7:09 PM
>Subject: Re: AS/400 to IBM connection NOT thru line modems
>
>
> > If your release of OS400 is fairly recent (at least V5R1?) and your
>AS/400
> > is directly attached to the Internet (i.e., not behind a firewall),
or
> > there is another 400 that is outside the firewall and is addressable
>from
> > the Internet, there is a Universal Connection setup in Ops Nav that
>can
>use
> > the Internet. A VPN session gets started with some IBM server. Also,
I
> > don't know about Espana.
> >
> > HTH
> > Vern
>
>_______________________________________________
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>list
>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.
>
>
>_______________________________________________
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
>To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>or email: MIDRANGE-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.