Solved

AS400 remote access over the internet

Posted on 2009-04-13
10
869 Views
Last Modified: 2012-05-06
So I'm trying to set up my AS400 to be able to be accessed over a NS25 juniper firewall the problem is that i ran out of public IPs and im not really sure how to make this work. I currently have a mip configured could i use it to access the AS400 as well? Im kind of new to firewalls i was just wondering if anyone could point me to the right direction.


Thanks
0
Comment
Question by:jimmymcp02
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24144493
If you already have MIP for the same AS400 then you can use the same MIP address in another firewall policy rule to allow access.
If you have 2 AS400 servers and have run out of public IPs, but the port/protocol pair on untrust IP required to access AS400 is not used, then you can configure VIP for internal IP of AS400 and use it.

If possible, you if you can configure AS400 to listen to other port/protocol pair than default then we can use VIP as well.

Please provide details.

Thank you.
0
 
LVL 20

Author Comment

by:jimmymcp02
ID: 24148540
The MIP is corrently used on a policy to access another server (not the AS400)  so i guess that only leaves me with the VIP but i have never configured a VIP before would that still work?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24149035
With VIP the outbound traffic is PATted, so if your application is sensitive to port masquerading then it might pose problems.
Can you give it a try so we know.

Thank you.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 20

Author Comment

by:jimmymcp02
ID: 24206987
I have created the VIP and mapped to the AS400 we will be testing this week.
Thank you
0
 
LVL 20

Author Comment

by:jimmymcp02
ID: 24286138
no luck....
 
Im stilll trying to figure out why this is not working.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24286239
Enable debug on Juniper firewall so we would know if the firewall is masquerading ports and the disposition.

Please advice.

Thank you.
0
 
LVL 20

Author Comment

by:jimmymcp02
ID: 24623985
Sorry for the delay we have hired a consultant to assist on the AS400 side. I will keep you post it with the findings from the firewall
0
 
LVL 20

Author Comment

by:jimmymcp02
ID: 25134641
Ok. so i finally figure out what was wrong.
 
My NS25 had the original firmware and after contacting juniper they agreed with what i encounter the original firmware had issues redirecting a vip with multiple ports. even after using the command set vip multi-port the vips did not behaved correctly if using multiple ports. After we upgraded to version 5.4 from 5.0 we were able to see traffic flowing.
 
Thanks for your assistance
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25139199
Thank you for the update and points! :)
0
 
LVL 20

Author Comment

by:jimmymcp02
ID: 25144138
Anytime :o)
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Firewall - Rule created ports still not opemn 5 79
sftp access 4 57
Videos Blocked on espn.com 7 287
Windows ADHow to restrict port 6881 bit Torrent 3 18
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question