nshah400 wrote:<BR>
> Guys, need guidance. We are a small independent business sitting in<BR>
> the midst of a campus network, regularly FTPing files from/to campus'<BR>
> diff systems. We also have our own twinax(!!) network. There are PCs<BR>
> scattered on the campus on network pointing to our AS400. We are at<BR>
> v4r5 (have to use OfficeVision/400). Now, there is a need to do FTP<BR>
> to a couple of private clients outside of the campus. Since this is<BR>
> for-profit business in a not-for-profit campus, they will not allow<BR>
> their channels to do this. They may not even open the required ports<BR>
> that the clients may want.<BR>
> Question is , how do we do this? Can we set up, say a VPN while<BR>
> maintaining our existing network? What would be required? Any<BR>
> hardware/SW on the system?<BR>
<P>
I don't see how VPN would help, you'd still be using the campus <BR>
infrastructure to create the tunnel. It seems as if the only solution <BR>
would be to get your own internet connection. This could be something like <BR>
a DSL connection with only 1 pc connected to it.<BR>
<P>
Bill <BR>
<P>
<P>

Bill, <p>Thanks for reply. I was thinking of communications adapters on As400; may be I could connect something there and create a point-to-point communication! And, be able to open location #1 to transfer reports there, close, open another location. I don't know -- just thoughts coming. PC with DSL is ok except that it still needs to be connected to AS400, and there has to be a way to bring the OfficeVision documents to that PC and FTPed out... and also be able to automate the process. If that can be done, that is an easy route. What do you think? Thanks..

It sounds as if all you need is a LAN connection. <p>As long as you have an internet connection through the LAN you should be able to configure TCP to take advantage of AS/400 FTP capabilities. <p>Dave

David, <p>AS400 is on LAN thru the campus, and has internet and FTP capabilites. We are using FTP WITHIN campus as part of campus-related work - didn't even have to set up SSL or DCM. The need now is to do FTP to outside clients for non-campus related work. And the chances are we may be allowed to use their channels. That's why we need to think of some different scenario.

What about a second network card connected to a DSL modem. Shouldn't it work the same way as if the modem was connected to a PC? <p>If the campus is not going to allow you to use the appropriate ports or FTP outside the Intranet, you are going to have to get a new internet connection of some kind. It could be dail up, I hope DSL, etc. It might depend on your hardware whether you can add a second Network Card. I you are not worried about speed you can alway Dial up to a provider and then FTP.

Glen, <BR>
If I understand, you are suggesting a PC with DSL internet connection, and the same PC having another network card connecting to AS400. Then, somehow automate the transfer of document to PC (CAccess or FTP); then automate to take document on arrival on PC to FTP it out thru DSL. Logically sounds good, but is it ok technically? Each network card is going to create its own IP for the PC. Hopefully, someone might explain this further.

nshah400 wrote:<BR>
> Glen,<BR>
> If I understand, you are suggesting a PC with DSL internet<BR>
> connection, and the same PC having another network card connecting to<BR>
> AS400. Then, somehow automate the transfer of document to PC (CAccess<BR>
> or FTP); then automate to take document on arrival on PC to FTP it<BR>
> out thru DSL. Logically sounds good, but is it ok technically? Each<BR>
> network card is going to create its own IP for the PC. Hopefully,<BR>
> someone might explain this further.<BR>
<P>
Actually, I think Glen meant a second Ethernet card in the 400. This card <BR>
is connected to, for example, a router/firewall connected to the dsl modem. <BR>
Then it'd just be a matter of putting in routing information via the CfgTCP <BR>
menu.<BR>
<P>
bill <BR>
<P>
<P>

Bill & Glen, <BR>
Now, that makes me see some light!! Lets take this a little further pl. <BR>
- Is there a PC involved here? I have DSL on my home PC. Router/modem with firewall was given by phone co.(SBC) with installation SW. It is plugged into the wall phone jack. Can you explain the connectivity with or without the PC pl? Can I use phone co's router/modem? Or buy another one (which?), or use both? <BR>
- IS there a way to check if i have an open slot for another network card in my AS400? Or, do I need to call the CE? <BR>
Thanks...

nshah400 wrote:<BR>
> - Is there a PC involved here?<BR>
<P>
Doesn't have to be.<BR>
<P>
> I have DSL on my home PC. Router/modem<BR>
> with firewall was given by phone co.(SBC) with installation SW. It is<BR>
> plugged into the wall phone jack. Can you explain the connectivity<BR>
> with or without the PC pl? Can I use phone co's router/modem? Or buy<BR>
> another one (which?), or use both?<BR>
<P>
Since I haven't worked with this exact setup, I'll have to wing it (be <BR>
advised I could be wrong). If you have a DSL modem, and if needed, hook a <BR>
firewall/router to it - you don't want your 400 attached nakedly to the <BR>
internet. Connect the 2nd Ethernet card in the 400 to this router. Then <BR>
enter the appropriate routing information as I described earlier so that <BR>
the 400 knows that to reach the specified IP address, it has to go through <BR>
the 2nd card.<BR>
<P>
> - IS there a way to check if i have an open slot for another network<BR>
> card in my AS400? Or, do I need to call the CE?<BR>
<P>
You should hook up with a hardware reseller. If you are in the Southern <BR>
California area, I can hook you up with a name. There are a couple sellers <BR>
that have stores on eBay as well. I believe some of them will work with <BR>
you, they'll probably just need you to print out a rack config and send it <BR>
to them.<BR>
<P>
Bill <BR>
<P>
<P>

Bill, <BR>
Thanks very much... I am in Dallas, TX. I will start on this - looks like a good approach. I will-- <BR>
- contact SBC (ISP in this area)for DSL connection, pricing etc. <BR>
- look at the rack config, ,and find the network card <BR>
Which firewall router is suggested? <BR>
BTW, I met with the IT guy on the campus, and explained him in detail our scenerio. He understands and agrees it would be lot simpler if done over existing set up, and has promised to talk to the powers-who-may be. If they agree, it's fine; but I have to be ready with all the groundwork done if they say nay.

nshah400 wrote:<BR>
> Which firewall router is suggested?<BR>
<P>
I don't know if any specific one is suggested, it's up to you to designate <BR>
how "beefy" you want it. I don't think there are any restrictions as to <BR>
what would work, so just read up and pick whatever makes sense.<BR>
<P>
I hesitate to suggest one that you might use at home, but it'd likely be a <BR>
safe choice. I do think that since we're dealing with a business entity <BR>
picking something more expensive would be in order.<BR>
<P>
bill <BR>
<P>
<P>

By 'home dsl modem', I meant to take what SBC would give me with this new DSL connection (not giving up the home modem). I will also check into others.... Thanks for your guidance.

nshah400 wrote:<BR>
> By 'home dsl modem', I meant to take what SBC would give me with this<BR>
> new DSL connection (not giving up the home modem). I will also check<BR>
> into others.... Thanks for your guidance.<BR>
<P>
But the modem is only one piece; it's required to get the connection <BR>
working, the firewall is an optional yet important part. Most homeowners <BR>
get something like Netlink firewall router for under $100 and that's fine, <BR>
a business may want to get something better.<BR>
<P>
Bill <BR>
<P>
<P>

Got it, Bill. Thanks.

nshah400, <p>Maybe I read the posts too quickly, but I am confused with the whole PC or second Ethernet card on the AS/400. Here is a simple solution that will work without requiring a PC or second Ethernet network card on the AS400. <p>1. Get a DSL connection. <p>2. Get a simple hardware Firewall/router (Linksys, Dlink, NetGear, etc) <p>3. Connect the network side of the router to the same network the AS/400 is on. <p>4. Configure the router to use a different IP network scheme. (In other words if your college uses 10.1.xx.xx then use 172.162.xx.xx or whatever suits your taste.) <p>5. Also configure the router to block all inbound ports (unless you need inbound FTP then create a static route to the AS/400) <p>Now the good part... <p>6. Now configure the AS/400 Ethernet adapter by adding a NEW static IP address (using your new scheme) to the adapter. And YES the AS/400 can bind multiple IP addresses to the same physical adapter. This is not a new feature, the AS/400 and even Windows NT have done it for years. <p>These are the basic steps and there are some tweaks that need to be done. This way you will be able to FTP directly from the AS/400 via the DSL link without the exposure of having your AS/400 "naked" on the Internet. <p>In addtional other PC's could be added to this "second" network using your existing physical network. They would just need to use the new IP address scheme. <p>I hope this helps.

bvIseries, <p>Now, this looks a lot better solution. Pl help me clarify few things.. <BR>
1. With our voice & dictation system on a T-1 circiut, came a simple router(say, RTR#1), already installed (unused and paid-for) that can be connected to a LAN; and gives us a bandwidth of 250K. The documents I am going to FTP are usually 25-30K, about 50/day; so the bandwith should be ok... time it takes is not a problem. <BR>
The step would now be is I can buy a firewall router(RTR#2); connect the ethernet port to campus LAN, and the DSL porrtt to RTR#1. I don't have to pay for monthly DSL then as voice system will send it thru their ISP. <BR>
Does this sound ok? <BR>
2. Now, which router gets the IP address 172.162.xx.xx (or whatever)? I think it would be the RTR#2. <BR>
3. Would configuring this router need a PC connection initially? <BR>
4. >>5. Also configure the router to block all inbound ports (unless you need inbound FTP then create a static route to the AS/400)<< <BR>
Crating static route meaning buying static IP addresses? <BR>
5. >>These are the basic steps and there are some tweaks that need to be done.<< <BR>
Can you pl shed some light on these? <p>Thanks again.....

nshah400, <p>I am not sure where to start, maybe we can chip away at it one by one. Soooo here goes!!! <p>I assume you can work with you DSL provider to get the DSL interface working. <p>Ok now, what you call RTR#2: You will need a PC hooked directly to this unit (see router manual) to configure the router using its web interface. After that no PC is needed for your FTP process. FIRST, disable the DHCP server feature of this router, otherwise is will start delivering out addresses on your existing network (that would be bad ;) ). Next configure the router internal network address scheme to one that is not being used now (again see the manual). By default most of these routers use 192.168.x.1 or 172.16.x.1 or something like that. Assign the router’s address on the low end of the network. (Say like 172.16.1.1). Save your settings. <p>The AS/400 : Assign a new IP address (yes static!) with the same networking address scheme used by the router to your existing Ethernet card (Say like 172.16.1.12). I would leave a few number in-between just in case. Again this will not affect any existing connections. <p>Now a simple test: Connect the router's network side to you network. Now perform a ping on the AS/400 to verify you can see the router (like ping 172.16.1.1). If you get a response you are over half way there. <p>Now you will have to consult the IBM manuals to configure the appropriate routing or use static host entries, so that your FTP transfers utilize your DSL connection. <p>I hope this get you closer…

I hope so too... Thanks.....

Take a look at this VPN software, it should work without having to open up any ports in the campus firewall. There's a linux version that might work directly with your as/400, but I don't know much about the linux side. Failing that, the windows version with a PC in the middle will work fine too. It just adds some extra complication to any automated transfers.

Which VPN software you are mentioning? Plus isn't VPN setup suitable for only our people to connect back to the home? We are trying to setup with outside clients.

I am always amazed at what I see for solutions. <p>Yours is simple - straight forward - common sense approach to solve the problem.

bowdenf, <p>Thanks so much for the complement! <p>I have always tried to find the most direct route. It is unfortunate that with so much technology out there that vendors (and some consultants) try to sell you on solutions that DO work, but are overly complicated and difficult to implement and maintain. <p>Thanks again..