Bordermanager 3.8 Site-Site VPN

Hi all!

I am testing VPN SITE to SITE on BM 3.8 at the moment, I have
client-site
working already but I can't get the site-site to work.

Which Certificates should be on the servers?? and where do I have to
put
them??

Any ideas??






0
Stefan
11/27/2003 3:39:13 PM
novell.bordermanager.install 3442 articles. 0 followers. Follow

4 Replies
725 Views

Similar Articles

[PageSpeed] 1
Get it on Google Play
Get it on Apple App Store

In article <BUoxb.11513$I04.4852@prv-forum2.provo.novell.com>, Stefan
ten 
Hoeve wrote:
> Which Certificates should be on the servers?? and where do I have to
put
> them??
>
The BMgr 3.8 iManager should have created special VPN certs, and put
then 
where they are needed.   Did you allow iManager to create certs for
you?

Do you have both servers in the same tree?

Have you tried dropping the filters on each server for a while?  Do a 

STOPVPN on the master, then drop filters on both master and slave,
then 
STARTVPN on the master.  See if that gets you going.  I have seen
problems 
with stateful filter exceptions for port 213 not working properly when
I 
set up my last 5 3.8 servers.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***




0
Craig
11/30/2003 2:52:14 AM
The servers are not in the same tree...

I think I have got the certificates working at this moment... The IP
Connection in Netware Remote Manager Member Connectivity screen shows
a
green dot, but after a while it changes to yellow The connection is
made but
I cannot ping through the tunnel or to the tunnel ip on the other
side.

And next to that the slave server stays on "being configured"

Any ideas?

Thx
Stefan


"Craig Johnson" <craigsj@ix.netcom.com> wrote in message
news:VA.0000341cbd5b09@ix.netcom.com...
> In article <BUoxb.11513$I04.4852@prv-forum2.provo.novell.com>,
Stefan ten
> Hoeve wrote:
> > Which Certificates should be on the servers?? and where do I have
to put
> > them??
> >
> The BMgr 3.8 iManager should have created special VPN certs, and put
then
> where they are needed.   Did you allow iManager to create certs for
you?
>
> Do you have both servers in the same tree?
>
> Have you tried dropping the filters on each server for a while?  Do
a
> STOPVPN on the master, then drop filters on both master and slave,
then
> STARTVPN on the master.  See if that gets you going.  I have seen
problems
> with stateful filter exceptions for port 213 not working properly
when I
> set up my last 5 3.8 servers.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
>





0
Stefan
12/1/2003 1:53:40 PM
The slave also says it is connected but with keymanagement type:
UNKNOWN
TYPE 0
and connection type: Third Party



"Stefan ten Hoeve" <stefan@netflex.nl> wrote in message
news:EJHyb.12879$I04.425@prv-forum2.provo.novell.com...
> The servers are not in the same tree...
>
> I think I have got the certificates working at this moment... The IP

> Connection in Netware Remote Manager Member Connectivity screen
shows a
> green dot, but after a while it changes to yellow The connection is
made
but
> I cannot ping through the tunnel or to the tunnel ip on the other
side.
>
> And next to that the slave server stays on "being configured"
>
> Any ideas?
>
> Thx
> Stefan
>
>
> "Craig Johnson" <craigsj@ix.netcom.com> wrote in message
> news:VA.0000341cbd5b09@ix.netcom.com...
> > In article <BUoxb.11513$I04.4852@prv-forum2.provo.novell.com>,
Stefan
ten
> > Hoeve wrote:
> > > Which Certificates should be on the servers?? and where do I
have to
put
> > > them??
> > >
> > The BMgr 3.8 iManager should have created special VPN certs, and
put
then
> > where they are needed.   Did you allow iManager to create certs
for you?
> >
> > Do you have both servers in the same tree?
> >
> > Have you tried dropping the filters on each server for a while? 
Do a
> > STOPVPN on the master, then drop filters on both master and slave,
then
> > STARTVPN on the master.  See if that gets you going.  I have seen
problems
> > with stateful filter exceptions for port 213 not working properly
when I
> > set up my last 5 3.8 servers.
> >
> > Craig Johnson
> > Novell Support Connection SysOp
> > *** For a current patch list, tips, handy files and books on
> > BorderManager, go to http://www.craigjconsulting.com ***
> >
>
>





0
Stefan
12/1/2003 2:20:36 PM
In article <EJHyb.12879$I04.425@prv-forum2.provo.novell.com>, Stefan 
ten Hoeve wrote:
> And next to that the slave server stays on "being configured"
> 
> Any ideas?
>
Unload filters for a while, and see if the slave suddenly gets 
configured.  The master will retry every 15 minutes until it succeeds.


You may have filtering issues on both master and slave.

Once the slave gets configured, I have not seen the filters causing a 

problem anymore.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***




0
Craig
12/1/2003 3:13:18 PM
Reply:

Similar Artilces:

BorderManager 3.8 VPN site to site
A costumer has two BorderManager 3.8 servers running on Netware 6.5 sp1. A VPN site to site connection is configured. After the installation of the IP Domestic stack on both servers, the stack seems to be corrupt. ( At console : perl nwccdbm38:\tcpip\instal.pl -f ) MONITOR.NLM , NWCONFIG cannot be started. And at the server boot proces, the time synchronization is timing out due to the lack of an IP connection. When the server is running the time synchronization has been established after a while. Tried to manually copy the TCPIP, TCP and BSDSOCK nlm. ( DOMESTIC ) from te servi...

BorderManager 3.8 Site to Site
There are more problems with BM 3.8 Site to Site than BM 3.6 & 3.7 combined and multiplied by 100. First, you darn well have better have support pack 4 on it to start with for Site to Site services to work.3.8.4 is in beta so be careful. Second, be sure to have your server's addressed added and at the site before you set up the VPN. If change the address of the server, then you darn better well repair the network addresses. The VPN server will forget that it is a VPN server and look elsewhere for a partition. Third, you had better put your VPN box on a UPS with remote access...

requirements for vpn site-to-site on bordermanager 3.7
I need to setup a small office at home in order to allow an ip phone to connect to corporate. I've been told to do this through the vpn but do I need a vpn router at home in order to do this? Are there vpn routers that can been configured to connect to my bordermanager 3.7; thereby just allowing me to plugin my ip phone at home and having it connect to corporate? If there are, can you recommend one? Thanks Scott Scott, > I need to setup a small office at home in order to allow an ip phone to > connect to corporate. I've been told to do this through the vp...

Site-to-Site VPN
Is this possible? anyone done it? Both devices have a Public IP addresses on the Internet, so no NAT is involved. The Key information on the PIX has to be entered manually as PIX runs a script. Matt Isaac wrote: > Is this possible? Not yet. -- Lance Reynolds, CNE Using XanaNews 1.13.2.10 ...

VPN upgrade site 2 site 3.7 -> 3.8
Major issue,, We had a VPN site with 3 nodes in 3.7, initialy an upgrade to 3.8 with the legacy option was working fine. But,, when we started to create a "non-legacy" VPN to move these servers to,, it wiped the 3.7/legacy VPN from the master completly when abending during the iManager creation of the new VPN. After that,, we off course didn't have any VPN, so,, we'll do it the hard way instead,, or at least, that's what we thought. All servers were in the same TREE, even though it was partitioned. Right now,, without any VPN up'n'running, crea...

Site to Site VPN on NBM 3.8
Hello, We are preparing to setup our first Site to Site VPN with BorderManager 3.8 Each site currently is in it own tree with in one partition, and we are wondering if they need to be in the same tree, and if so how to proceed to bring the two trees into one. If they do not have to be in the same tree what will be be the conditions we will live with. Will we be confined to logging into one tree at a time to access resources, and then logging into the other tree to access the resources in that tree? Thanks for your help! Brent H. The Newton Group, Inc. Brenth, It...

Slow load of VPN site to site 3.8
I am having 2 issues, I think one should be posted in the proxy forum, but it might be related to the VPN. I have 1 tree and it is partitioned into 2 replicas. I have the master of both replicas at the main office. My existing setup was a NW6.5 SP1 w/BM 3.8 patched Master VPN. I have a NW 6 SP3 w/BM 3.7 slave VPN connecting to the server. I installed a new server at the remote site (NW6.5 SP1 w/BM 3.8 patched Slave VPN) and I had a problem getting it connected. I kept messing around trying to get the VPN to connect and I couldn't. I would setup everything per the BM guide...

Craig's Tip #77 (3.8 Site-Site VPN slave server that won't start VPN services)
I have a couple of questions: Does this problem happen in IKE mode, Legacy mode, or both ? If there's a replica of root on another server on the slave's segment, I assume this is enough of a 'fix' to allow the services to start properly? Thanks Adrian James Quote: "Update: Aug 24, 2004: I am hearing that there is a design bug with BorderManager 3.8 Site-to-Site VPN that requires the slave server to contact a replica of the Root partition in order to launch. This means (for now) that you need to put a replica of Root on the VPN slave server. This makes se...

BM3.7/3.8 site-to-site VPN and Voice over IP (voIP)...
My main question is this : Will Voice over IP work across a BM3.7/3.8 site-to-site VPN? If so, I ideally want to link two voIP PABXs together and route multiple calls. Next question : How well does it work and is it a real viable solution, or should I invest in some other hardware / software solution? Lastly, if any one has any general tips regarding this type of set-up, this would be very useful.. Thanks, Richard. In article <umOBb.1201$Rl1.855@prv-forum2.provo.novell.com>, wrote: > Will Voice over IP work across a BM3.7/3.8 site-to-site VPN?...

3.7 site to site vpn
This past week we added a BM3.7 server to one of your remote offices and tried to configure it as a slave to our BM3.6 server. Problem is, it never created the vpn tunnel. Is there a step I'm missing? We have one of our other remote offices up and running fine with BM3.6, is there a compatability issue with 3.6 and 3.7? hi, yes, the systems are compatible. Check that the master server isn't running an old patch level. It should be patched at the latest available patches for BM3.6 (see tip #1 at http://nscsysop.hypermart.net). COuld you please provide a b...

VPN Site to Site & Client to site/site's ?
Hi there, We managed to get our 5.0/5.1 & 6.0 tree over av WAN moved to a BM3.7 VPN based solution. Everything's working really good, finally,,, Though, just one issue or maybe,, question,, with a site-to-site VPN for 1 tree with 1 master & 2 slaves, are a client -to - site VPN connection ment to be able to connect to all the servers...?? That is; central network = 192.168.0.0 with the master works ok from client, branch network1 = 192.168.1.0 1st slave does not work from client, branch network1 = 192.168.2.0 2nd slave does not work from client, In nwa...

Browse through Site to Site VPN to web site
I am having a couple of problems, we'll start with how I found out I'm having the problem. I have a Site to Site VPN connection running BM 3.7 sp2 with tcp607j, bm37fp3b. It is running on NW6 SP3. Both servers are configured this way. Someone from my remote office called and told me they could not send PDF files from their copier to anyone. Our Canon copier has a "send to email" PDF function that did work prior to patching the server in Columbus. I thought it was a copier problem and proceded in that direction, it is not a copier problem. I also have a ...

BM3.8 Site to Site VPN probs
Hi I'm trying to setup a site to site VPN using BM3.8, I've got all the settings looking correct as far as I can tell, but when the VPNTUNNEL driver loads on the slave server I get the following error message :- Could not make WAN connection to VPTUNNEL@213-x-x-x due to CSL failure (1) This same message comes up if I try and manually make a connection using CALLMGR. Both servers are running Netware 6.5. I originally tried to install SP1 for NW6.5 on the slave server but it bombed out about 30% way through so I've uninstalled it. The NLM versions on both servers appea...

site to site vpn
hi, i want to set up site to site vpn between two suse servers and access lan behind it, please help me with the configuration if this is possible -- janasec ------------------------------------------------------------------------ On Tue, 10 Jan 2012 11:16:03 +0000, janasec wrote: > hi, > i want to set up site to site vpn between two suse servers and access > lan behind it, > please help me with the configuration if this is possible It's possible, but there are lots of tutorials on the Internet about how to do this already - you might use Google to...

Web resources about - Bordermanager 3.8 Site-Site VPN - novell.bordermanager.install

NetIQ eDirectory - Wikipedia, the free encyclopedia
This article includes a list of references , related reading or external links , but its sources remain unclear because it lacks inline citations ...

Novell - Blackboard
Novell helped invent the corporate network in the early 1980s and continues to drive technology for business today. Network software began with ...

Information
The site is using a web proxy cache , such as Novell BorderManager FastCache , Apache Traffic Server or a server running the open source Squid ...

Novell BorderManager 3.9
Novell BorderManager offers robust Internet access controls, content filtering capabilities, secure VPN services and firewall services supported ...

Patch Finder
... of your choice. Standard Select Select a Product Access Governance Access Manager Account Management (NAM) Apache AppArmor Audit BorderManager ...

Press Releases - SuperLumin
June 11, 2013 SuperLumin Event Proxy Provides 5,000 Attendees with High-Speed Web Browsing Experience at Adobe MAX Conference May 7, 2013 ...

Support - SUSE
SUSE's world class support organization offers customers the best support experience in the industry.

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is an American multinational software and services company headquartered in Provo, Utah . It has been instrumental ...

Novell - Wikipedia, the free encyclopedia
Novell, Inc. / n oʊ ˈ v ɛ l / is a software and services company. It is a wholly owned subsidiary of The Attachmate Group . It specializes in ...

IPX/SPX - Wikipedia, the free encyclopedia
IPX and SPX are derived from Xerox Network Systems ' IDP and SPP protocols, respectively. IPX is a network layer protocol (layer 3 of the OSI ...

Resources last updated: 1/14/2016 5:08:47 AM