We currently maintain remote locations that communicate with the AS/400 via 56k (point-to-point or frame-relay) lines that connect to Perle 394 or 494 controllers. Management would like to know what it would take to eliminate those 56k lines and communicate with 5250 emulation over the Internet. Is anybody using 5250 emulation over the Internet? I am concerned with performance. Nlynx has a product called InterLynx/S that is a remote access gateway. I believe the Perle controllers can be configured as gateways also. Has anybody tried the Nlynx product? Any information is appreciated.

We use Cisco Pix boxes to create VPN connections between remote sites. We do not allow telnet to enter our network from the general Internet. The general Internet can email us and vist or web site. We allow telnet to enter in some VPN connections. It works very well. Because our Internet lines tend to be higher speed than leased or frame relay lines, the performance is usually better. You have 56kb lines between your sites now. On the Internet you will probable install a much higher speed line. Sure a lot more users will be sharing the line, but in general the data will transfer at a much higher rate than 56kb. Before 1998, each manufacturer had a different way of implementing VPN. In 1998, standards were adopted for this technology and you are suppose to be able to create VPN connections between routers and firewalls from different manufacturers. We have always used Cisco equipment to insure compatability. We have created VPN connections with trading partners, but always between Cisco equipment. We will be upgrading the software in our Cisco boxes so we can use standard VPN connections and I assume we will eventually have a trading partner that has non Cisco equipment. We will get a chance to see how compatabile the different manufactuers really are.

One of my clients is using a substitute for (WSG - 5250 Workstation Gateway), called <u>Webulator</u>. While providing internet access to 5250 screens for my clients distribution customers, it is not a perfect product. To say the least, it is a bit ergonomically challenged. Currently, this shop is at V4R3 on their production AS/400, and V3R7 on their Web Server box. Connection to the V4R3 box is done via STRPASTHR. V4R4 provides SSL for TELNET. This is IMO, a better alternative. You must set the TELNET ports to 992. While any TELNET can access the AS/400 through the internet in this manner, you are far better off with a TN5250 product. Dave

As I understand your question, you are concerned about performance. In my view, you must understand where the potential bottle necks are, and possibly where they could be. The 5250 session in iself, is not a bottle neck, rather the use or intended use of your remote users. For example, A remote user may fall into different classifications at different times: A home worker who picks up e-mail in the evenings or weekends, A mobile worker who travels, or A worker who telecommutes for a number of days, perhaps while on sick leave. Branch Offices. A final category comprises small branch offices that require access to a central site or to each other. Now, if you are not sure how the reomote users will use the system, then you cannot possibly monitor the performance or lack thereof. I believe you must drill down to what the major Internet bottle necks are and the bottle necks, inside the network - down to the client's station. The components limiting performance in a 5250 (Internet) include the last mile technology used at the client site (e.g. 28.8 Kbps, 33.6 Kbps, 56 Kbps, 64K ISDN, or cable modem), Internet latency, and encryption overhead. From a performance point of view, one of the advantages of Internet / 5250 is that it allows corporations to take advantage of faster access technologies such as cable modems increasing the speed available to users. Internet latency can be reduced by architecting your accessto minimize hops and to minimize traffic that must pass through the major Internet exchange points. Basically, you want your traffic taking the shortest route possible. If you have more than one ISP invloved, this may not be possible. Last, depending on what is coming down the pipe: Graphics, Video, Audio., to include the conversion from 5250 data streams to HTML back to 5250 data streams must be considered as well. In addition to future growth. I hope this helps.

We have an IBM AS400 firewall and want to bring a customer in on a telnet session. I opened port 23 on the firewall but the firewall log complains about denying a packet out. The rules/filters is not the problem...something else is missing. Please assist

If you are on V4R4 you can use port 992 for SSL Telnet. This will add an extra layer of security for Telnet clients. Dave

We use a product called RaptorMobile from Axent. It sets up a VPN through our Raptor firewall. When you enable this "tunnel", your PC is attached to your TCP/IP internal network just as if you were there. Then you can run whatever client you want for your terminal sessions.