• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 877
  • Last Modified:

AS400 remote access over the internet

So I'm trying to set up my AS400 to be able to be accessed over a NS25 juniper firewall the problem is that i ran out of public IPs and im not really sure how to make this work. I currently have a mip configured could i use it to access the AS400 as well? Im kind of new to firewalls i was just wondering if anyone could point me to the right direction.


Thanks
0
jimmymcp02
Asked:
jimmymcp02
  • 6
  • 4
1 Solution
 
dpk_walCommented:
If you already have MIP for the same AS400 then you can use the same MIP address in another firewall policy rule to allow access.
If you have 2 AS400 servers and have run out of public IPs, but the port/protocol pair on untrust IP required to access AS400 is not used, then you can configure VIP for internal IP of AS400 and use it.

If possible, you if you can configure AS400 to listen to other port/protocol pair than default then we can use VIP as well.

Please provide details.

Thank you.
0
 
jimmymcp02Author Commented:
The MIP is corrently used on a policy to access another server (not the AS400)  so i guess that only leaves me with the VIP but i have never configured a VIP before would that still work?
0
 
dpk_walCommented:
With VIP the outbound traffic is PATted, so if your application is sensitive to port masquerading then it might pose problems.
Can you give it a try so we know.

Thank you.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
jimmymcp02Author Commented:
I have created the VIP and mapped to the AS400 we will be testing this week.
Thank you
0
 
jimmymcp02Author Commented:
no luck....
 
Im stilll trying to figure out why this is not working.
0
 
dpk_walCommented:
Enable debug on Juniper firewall so we would know if the firewall is masquerading ports and the disposition.

Please advice.

Thank you.
0
 
jimmymcp02Author Commented:
Sorry for the delay we have hired a consultant to assist on the AS400 side. I will keep you post it with the findings from the firewall
0
 
jimmymcp02Author Commented:
Ok. so i finally figure out what was wrong.
 
My NS25 had the original firmware and after contacting juniper they agreed with what i encounter the original firmware had issues redirecting a vip with multiple ports. even after using the command set vip multi-port the vips did not behaved correctly if using multiple ports. After we upgraded to version 5.4 from 5.0 we were able to see traffic flowing.
 
Thanks for your assistance
0
 
dpk_walCommented:
Thank you for the update and points! :)
0
 
jimmymcp02Author Commented:
Anytime :o)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now