Re: Publish IBM AS400 telnet server behind ISA server
- From: "Bob Chestnutt" <chestnuttr@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 22 May 2003 16:14:13 -0600
Thanks for the response Peter
We have already set up the keepalive parms for our AS400 inside users and it
works well. I believe you may be correct that the AS400 is seeing the
keepalive packets coming back from the ISA server and thus assumes the
remote client is still "alive" when in fact it is gone.
It could be that this is not an "ISA" problem but a problem of stateful
firewalls in general.
Bob
----- Original Message -----
From: "PETER PAPE" <papexpjboi@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, May 22, 2003 2:46 PM
Subject: [isalist] Re: Publish IBM AS400 telnet server behind ISA server
> http://www.ISAserver.org
>
>
> Hi Bob,
>
> Based on what I've found, it appears that the Telnet Server on the AS/400
> sends a keep alive request to the client. I suspect the AS/400 Telent
> server considers the ISA server as the client, not the end users computer.
> Here is a link to an IBM site where I found this information.
>
>
http://www-1.ibm.com/support/docview.wss?uid=nas14adccb91a24d9ed28625694900513857
>
> This problem may be able to be solved from the AS400 end using some of the
> configurable options mentioned in the article. I don't think ISA server
is
> getting involved. You may want to check the firewall log to see if you
see
> the 'keep alive' traffic. I suspect that the 'keep alive' traffic is
> directed at the internal interface of the ISA server and as such is not
> being processed by the ISA server services.
>
> I hope this makes sense, this is just my hunch as to why that connection
> stays active.
> Peter
>
>
> >From: "Bob Chestnutt" <chestnuttr@xxxxxxxxxxxxxxxxxxx>
> >Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >Subject: [isalist] Re: Publish IBM AS400 telnet server behind ISA server
> >Date: Thu, 22 May 2003 07:17:05 -0600
> >
> >http://www.ISAserver.org
> >
> >
> >Thanks for the reply.
> >I have also noticed that my remote VPN clients don't have this problem.
> >Nor
> >do client that use a RAS dialer to get in--only those remote clients
that
> >don't get a local address assigned to them when they connect have the
> >problem. Problem is I have lots of non VPN capable clients out there.
> >
> >
> >----- Original Message -----
> >From: "PETER PAPE" <papexpjboi@xxxxxxx>
> >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >Sent: Wednesday, May 21, 2003 5:25 PM
> >Subject: [isalist] Re: Publish IBM AS400 telnet server behind ISA server
> >
> >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi Robert,
> > >
> > > I don't have a solution to this particular problem. I think the
AS/400
> > > 'sees' the ISA server connection as active and is un-aware the other
> >side
> >of
> > > the connection has dropped off. I don't know if there is a way to
have
> >ISA
> > > server 'time-out' that connection quicker or at all if the public side
> >goes
> > > down?
> > >
> > > However, as an alternative you may want to implement Virtual Private
> > > Networking(VPN). This is how I provide external users access to our
> > > mainframe Telnet Server. VPN adds another layer of security so you
> >don't
> > > have to publish your AS/400 to the internet.
> > >
> > > Peter
> > >
> > > >From: "Robert Chestnutt" <chestnuttr@xxxxxxxxxxxxxxxxxxx>
> > > >Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > >To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > >Subject: [isalist] Publish IBM AS400 telnet server behind ISA server
> > > >Date: Tue, 20 May 2003 15:28:44 -0600
> > > >
> > > >http://www.ISAserver.org
> > > >
> > > >
> > > >I have an IBM AS400 located behind my ISA server that I have
published
> >to
> > > >the internet so my remote users can telent in to the AS400. The
setup
> > > >works fine except that when a remote user looses internet connection
> >for
> > > >any reason the AS400 does not see that he is gone and his session
must
> >be
> > > >ended manually so he can get in again. We use Network Address
> >Translation
> > > >on the ISA server to redirect a public address outside to a private
one
> > > >inside. When we remove the ISA server and use a CISCO router to do
the
> > > >NAT the AS400 does see the remotes when they drop and and
automatically
> > > >ends their session so they can get right back on. What is it that I
> >need
> > > >to open on the ISA server to let the AS400 see the remotes that have
> > > >dropped?
> > > >
> > > >------------------------------------------------------
> > > >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > >------------------------------------------------------
> > > >Exchange Server Resource Site: http://www.msexchange.org/
> > > >Windows Security Resource Site: http://www.windowsecurity.com/
> > > >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > >------------------------------------------------------
> > > >You are currently subscribed to this ISAserver.org Discussion List
as:
> > > >papexpjboi@xxxxxxx
> > > >To unsubscribe send a blank email to
> >$subst('Email.Unsub')
> > >
> > > _________________________________________________________________
> > > Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> > > http://join.msn.com/?page=features/junkmail
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> >chestnuttr@xxxxxxxxxxxxxxxxxxx
> > > To unsubscribe send a blank email to
$subst('Email.Unsub')
> > >
> >
> >
> >------------------------------------------------------
> >List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> >ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> >ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> >------------------------------------------------------
> >Exchange Server Resource Site: http://www.msexchange.org/
> >Windows Security Resource Site: http://www.windowsecurity.com/
> >Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> >------------------------------------------------------
> >You are currently subscribed to this ISAserver.org Discussion List as:
> >papexpjboi@xxxxxxx
> >To unsubscribe send a blank email to $subst('Email.Unsub')
>
> _________________________________________________________________
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
chestnuttr@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
Other related posts:
