Using Client Access while on VPN
We have just converted from a iSeries 270 V5 R1 to a 520 V5 R3. The system values on both systems are the same. The remote users who attach to the network using a VPN then starting Client Access no longer work. The 270 was not defined in our firewall and we were able to connect. The 520 is a LPAR and also not defined in the firewall. Any suggestions?
Software/Hardware used:
Software/Hardware used:
ASKED:
January 31, 2007 3:46 PM
UPDATED:
December 29, 2009 11:15 AM
Answer Wiki:
In order to access your server through the firewall, there are a number of TCP/IP ports that need to be opened on the firewall depending on what pieces of Client Access are loaded onto the remote client. The list of ports needed can be found here.
http://www-1.ibm.com/support/docview.wss?uid=nas1acc12fda96496e4b8625668f007ab75f&rs=110
To see all answers submitted to the Answer Wiki: View Answer History.
I believe you will need to add a next hop in the router table. IF ping is enabled through your VPN tunnel try pinging the iSeries fro you VPN client and see if you get replies.
Your firewall shouldn’t have any connection to the VPN traffic. Since VPN traffic is encrypted, a firewall can’t do anything with it except pass the traffic through. It would have no knowledge of nor any control over packets going between remote PCs and the 270 or 520. It wouldn’t matter in the slightest if either of those was “in” your firewall. Your firewall won’t need any ports opened for Client Access since it won’t see them anyway.
Unless your firewall is also providing the VPN itself…
But you don’t tell us anything about how the VPN is created, nor what your firewall has to do with it. With no specs to go on, there’s no way to make guesses.
Tom