Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can't access as/400 over VPN

608 views
Skip to first unread message

bhmrmm

unread,
Jan 11, 2009, 11:05:56 PM1/11/09
to
Hello--

I have set up a VPN between my home and office, set up as follows:

Home: Computer with 192.168.0.x address connected to Netgear FVS318v1

Office: Several computers behind FVS318v1, with IP addresses of
10.0.0.x, as/400 with static address of 10.0.0.100

I have successfully made a VPN connection, as I can ping any computer/
printer on the office network, but not the as/400.

I'm am very unfamiliar with the as/400 and its mechanics, so any help
is greatly appreciated!

JTF

unread,
Jan 11, 2009, 11:12:08 PM1/11/09
to
Can you ping the as/400 by name? It is possible that you have the
wrong IP address.

Since you can ping systems behind the firewall, this is a great start.

MikeR

unread,
Jan 11, 2009, 11:13:43 PM1/11/09
to
No luck there, either

> > is greatly appreciated!- Hide quoted text -
>
> - Show quoted text -

JTF

unread,
Jan 11, 2009, 11:18:51 PM1/11/09
to

What time is it at your office location?

MikeR

unread,
Jan 11, 2009, 11:19:48 PM1/11/09
to
> What time is it at your office location?- Hide quoted text -

>
> - Show quoted text -

11:20 PM Eastern time

JTF

unread,
Jan 11, 2009, 11:24:04 PM1/11/09
to
I can think of only one thing...Is it possible that the system is in
restricted state for a system backup? I know that my office system is
down from around midnight to 5am for backup.

MikeR

unread,
Jan 11, 2009, 11:25:44 PM1/11/09
to
> > 11:20 PM Eastern time- Hide quoted text -

>
> - Show quoted text -

No... I've been trying to set this up for days now with no luck at any
time of day

JTF

unread,
Jan 11, 2009, 11:30:27 PM1/11/09
to

I would check with your network guys to find out if, firsr, you have
the correct IP address and if there are any restrictions in place
which will prevent a VPN connection from hitting your iSeries.

If you can hit other systems on the network but not the iSeries,
something is going on.

I don't see any reason why your iSeries would be the only system not
responding.

Eric Masson

unread,
Jan 12, 2009, 3:03:39 AM1/12/09
to
JTF <jfl...@gmail.com> writes:

Hi,

> I don't see any reason why your iSeries would be the only system not
> responding.

No default route set on the iSeries, for example...

--
Je dirais, à voir sortir les noms de nouveaux groupes, que la
hiérarchie fr. est celle qui évolue le moins et le moins vite. Sans
doûte pour favoriser la pénétration d'Internet dans les foyers...
-+- ALG in: <http://www.le-gnu.net> - La stratégie fufer -+-

Julien Mills

unread,
Jan 12, 2009, 9:48:13 AM1/12/09
to
On Mon, 12 Jan 2009 09:03:39 +0100, Eric Masson wrote:

> JTF <jfl...@gmail.com> writes:
>
> Hi,
>
>> I don't see any reason why your iSeries would be the only system not
>> responding.
>
> No default route set on the iSeries, for example...

Yes, I had this exact problem several months ago and finally
fixed it by adding a default route to the firewall.

JTF

unread,
Jan 12, 2009, 9:48:51 AM1/12/09
to
On Jan 12, 3:03 am, Eric Masson <e...@free.fr> wrote:

Wouldn't that cause problems for anyone else connecting?

Marc Rauzier

unread,
Jan 12, 2009, 11:54:21 AM1/12/09
to
JTF écrivait dans
news:691a8666-274b-4084...@s37g2000vbp.googlegroups.co
m ce qui suit:

> On Jan 12, 3:03 am, Eric Masson <e...@free.fr> wrote:
>> JTF <jfla...@gmail.com> writes:
>>
>> Hi,
>>
>> > I don't see any reason why your iSeries would be the only
>> > system not responding.
>>
>> No default route set on the iSeries, for example...
>>
>

> Wouldn't that cause problems for anyone else connecting?
>

Only for those computers which are not in the same subnet as the
iSeries.

--
Cordialement
Marc Rauzier
(pour me répondre, ne pas utiliser le from mais le reply-to)

MikeR

unread,
Jan 12, 2009, 1:19:01 PM1/12/09
to
On Jan 12, 11:54 am, Marc Rauzier <marc.vers.d...@free.fr> wrote:
> JTF écrivait dansnews:691a8666-274b-4084...@s37g2000vbp.googlegroups.co

I've tried setting up static routes on both routers, to no avail-
unsure of what to use for the metric value though. Is there something
I need to set up directly on the as/400?

Eric Masson

unread,
Jan 12, 2009, 1:26:39 PM1/12/09
to
MikeR <mike....@gmail.com> writes:

Hi,

> I've tried setting up static routes on both routers, to no avail-
> unsure of what to use for the metric value though. Is there something
> I need to set up directly on the as/400?

The route should be set on the iSeries, not on the router...

Work with TCP/IP Routes
Système: 12345678
Type options, press Enter.
1=Add 2=Change 4=Remove 5=Display

Route Subnet Next Preferred
Opt Destination Mask Hop Interface

*DFTROUTE *NONE router_ip_addr *NONE

--
c'est qui tous ces gens bizarres ? c'est un cross post involontaire ou
une invasion extraterrestre ? Y a pas qqun qui est censé faire cesse ce
genre de c*nneries, genre un moderator ou un truc dans le genre ....
-+- PM in: <http://www.le-gnu.net> - Bien configurer son moderator -+-

MikeR

unread,
Jan 12, 2009, 1:47:22 PM1/12/09
to
On Jan 12, 1:26 pm, Eric Masson <e...@free.fr> wrote:

Does this have to be done on the green screen or through operations
navigator? I am completely unknowledgable when it comes to
programming the as/400

Thank you for your help!

Eric Masson

unread,
Jan 12, 2009, 2:10:42 PM1/12/09
to
MikeR <mike....@gmail.com> writes:

> Does this have to be done on the green screen or through operations
> navigator ?

Both of them.

I only have access to a french language "iSeries Nav", so I can't tell
you the exact steps, look at "Network/tcpip/ipv4/routes" and add a
"default route" to your default router.

Using a 5250 session, CFGTCP/Option 2, look for *DFTROUTE, if it exists,
check that next hop is the default router for your lan, else create it
via option 1.

--
en plus quand je vois le nombre de message sur ce groupe je me pose la
question pour quoi Floriano veux détruire le ng il est aussi con le
ceux qui ont voter pour la destruction !
-+- L in GNU - Hors-sujet ? C'est pas le sujet ! -+-

Marc Rauzier

unread,
Jan 12, 2009, 3:14:24 PM1/12/09
to
Eric Masson écrivait dans
news:vjes36-...@srvbsdnanssv.oursoides-associes.com ce qui
suit:

> MikeR <mike....@gmail.com> writes:
>
> Hi,
>
>> I've tried setting up static routes on both routers, to no avail-
>> unsure of what to use for the metric value though. Is there
>> something I need to set up directly on the as/400?
>
> The route should be set on the iSeries, not on the router...
>
> Work with TCP/IP Routes
>
>
> Système: 12345678
> Type options, press Enter.
>
> 1=Add 2=Change 4=Remove 5=Display
>
>
>
> Route Subnet Next Preferred
>
> Opt Destination Mask Hop Interface
>
>
>
> *DFTROUTE *NONE router_ip_addr *NONE
>
>
>
>

If you have multiple interfaces, I suggest to specify a preferred
interface for the default route. This morning, one of our servers was
unable to use the right interface for the default route after an IPL.
It looks like, after a SYN received, it sent the next IP protocol
packet (SYN-ACK maybe) to nowhere. IBM support suggested to force the
best suitable interface for default route, but I cannot confirm,
because we solved the problem by ending/restarting IP.

MikeR

unread,
Jan 12, 2009, 5:55:47 PM1/12/09
to
On Jan 12, 2:10 pm, Eric Masson <e...@free.fr> wrote:

I set up a route in a 5250 session pointing to the office router. In
Operations Navigator, I went to Network/TCPIP/Routes, and there is a
route configured for the office router. Still can't ping from home.
Do I need to set up a route pointing to my home router?

JTF

unread,
Jan 12, 2009, 7:28:47 PM1/12/09
to

You shouldn't need to put a route for your router. VPN takes care of
making it look like you are in the office, or at least at the head end
of the network. Either way, setting a route to your router should
take care of this.

Try a terminal connection by telnetting. Open a command (XP = Start,
Run, CMD | Vista = Start, then type CMD in the search.) Once in a dos
box, TELNET <YourAS400-IP>

MikeR

unread,
Jan 12, 2009, 9:20:49 PM1/12/09
to
> box, TELNET <YourAS400-IP>- Hide quoted text -

>
> - Show quoted text -
No luck with Telnet either

Pat Barber

unread,
Jan 13, 2009, 11:14:40 AM1/13/09
to
Are any of the machines that you can ping attached to
the AS/400 and if so, how ?

Change your IP address to something in the range of
the office network.

Is the AS/400 currently talking to any other pc's
on the "office network"...

In other words, is TCP/IP configured and running
correctly on the AS/400 ?

Pat Barber

unread,
Jan 13, 2009, 11:16:38 AM1/13/09
to
You would also want to start looking at some manuals...

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzajy/rzajytroubleshootingethernet.htm

MikeR

unread,
Jan 13, 2009, 6:18:03 PM1/13/09
to
> > is greatly appreciated!- Hide quoted text -

>
> - Show quoted text -

All computers in the office are able to ping the as/400; one PC is
connected to the iSeries via serial cable.

JTF

unread,
Jan 13, 2009, 7:49:01 PM1/13/09
to

Lets try the other way around, when you connect via VPN, you should
have a virtual IP address. Can you ping that address FROM the
iSeries?

Kirk

unread,
Jan 14, 2009, 12:01:08 AM1/14/09
to

I hae seen some home routers where you need to specifically VPN traffic.
The VPN's will connect but not pass traffic. Just a thought...

MikeR

unread,
Jan 14, 2009, 3:35:04 PM1/14/09
to
> iSeries?- Hide quoted text -

>
> - Show quoted text -

Tried ping from 5250 screen, can ping any office computer but nothing
on home system

MikeR

unread,
Jan 14, 2009, 4:30:26 PM1/14/09
to
> on home system- Hide quoted text -

>
> - Show quoted text -

Problem solved!

I opened a 5250 screen, went to CFGTCP, option 2, and set up the
following route:
Route destination: '192.168.0.0' //home network
Subnet mask: 255.255.255.0
Next hop: 10.0.0.50 //office router
MTU: 1492

And now I can connect to the as/400 from home, no problem.

Thank you all for your help!

Jonathan Ball

unread,
Jan 14, 2009, 5:25:42 PM1/14/09
to

Isn't learning /fun/? Of course, you can't help but think there has to
be an easier way to learn sometimes...

JTF

unread,
Jan 14, 2009, 8:38:53 PM1/14/09
to
he can ping other boxes.....just not the iSeries

Pat Barber

unread,
Jan 15, 2009, 1:44:09 PM1/15/09
to
It would be VERY helpful to "FULLY" describe your
setup, so that others who follow can have a point of
reference.

Mention ALL equipment model numbers and how you
resolved the problem.

This will be in the archives and could be of major
help for all the rest of the world.

smri...@gmail.com

unread,
Sep 30, 2018, 1:06:44 PM9/30/18
to
On Sunday, January 11, 2009 at 10:05:56 PM UTC-6, MikeR wrote:
> Hello--
>
> I have set up a VPN between my home and office, set up as follows:
>
> Home: Computer with 192.168.0.x address connected to Netgear FVS318v1
>
> Office: Several computers behind FVS318v1, with IP addresses of
> 10.0.0.x, as/400 with static address of 10.0.0.100
>
> I have successfully made a VPN connection, as I can ping any computer/
> printer on the office network, but not the as/400.
>
> I'm am very unfamiliar with the as/400 and its mechanics, so any help
> is greatly appreciated!

Try www.rikascom.net for AS/400 Access

Dr.UgoGagliardelli

unread,
Oct 1, 2018, 2:03:44 AM10/1/18
to
Il 30.09.2018 19.06, smri...@gmail.com ha scritto:
> On Sunday, January 11, 2009 at 10:05:56 PM UTC-6, MikeR wrote:
>> Hello--
[...]
>
> Try www.rikascom.net for AS/400 Access

Just an advertisement? Or just late?

The OP needed some help almost 10 years ago.

0 new messages