BM S2S VPN Connection not initiating

Hi,

I'm trying to setup a 3rd party S2S VPN to a checkpoint appliance.
I have a BM 3.8 server patched to SP5 on a 6.5 SP7 server. I have been
followed the steps outlined in Craig's latest book although he uses a
Linksys device in his example.

On the surface (as best I can tell) my configuration is correct. But
when the server initiates a connection as echoed on the console eg,

"Call connection established for protocol IP destination
VPTUNNEL@IPADDRESS"

No traffic destined for the checkpoint device ever leaves the server.
If I do a stopvpn, start an TCP IP debug, then do a startvpn. The conlog
never shows any traffic to specified checkpoint IP. The IKE console is
also static.

I'm testing this with filters disabled. 

If I change the checkpoint slaves authentication method from Non BM PSK
to say BM 3.8 certificate based authentication. The server will actually
attempt to connect to the checkpoint slave. A trace shows packets being
sent and received plus plenty of IKE activity is seen.

But when I switch back to PSK on the checkpoint
slave.......................nothing. This is what I see in using
CSAUDIT:

- A VPN site licence has been acquired
- Started VPNIBF.NLM
- Started VPNMaster.nlm
- The trusted root container of this VPN server is
TRC-VPNSERVER.context
- Server is hosting Site-To_Site Services
- Configured server certificate is ServerCert - VPNServer.context
- VPN GetRootCert: Read trusted root certs from TRC -
VPNServer.context
- VPN S2S service trusted root container is TRC - VPNServer.context
- VPNGettRootCert: Read trusted root certs from TRC -
VPNServer.context
- Server VPNServer added to IPSEC
- Policy:Tunnel.3rdpartyVPNRules.VPNS2SVPNServer.context has been
added / modified
-Policy:Tunnel_DEFAULT_RULE.3rdPartyVPNRules.VPNS2SVPNServer.context
has been added/modified
- S2S Call initiation direction is both sides
- S2S topology is mesh
- Policy: Default_Traffic_Rule.VPNRules.VPNS2SVPNServer.context has
been added/modified
- VPN Member Tunnel is configured for outbound call
- Configured RIP file to indicate that the VPN tunnel is active
- VPN tunnel routed to 172.16.0.0/255.255.0.0
- VPN tunnel routed to 172.18.0.0/255.255.0.0
- Enable IP Routes
- SPX/IPX is bound to the VPN tunnel
- TCP/IP is bound to the VPN tunnel
- Server VPNServer removed from IPSEC
- Server Tunnel added to IPSEC
- VPN control is reinitializing system
- Waiting for reinitialize system to start
- Reinitialize system started to process commands
- The VPTunnel is initializing
- Configuring VPN member VPNServer
- The VPTunnel has been initialized
- Configured VPN member VPNServer
- Configured vendor member Tunnel
- Initiated an IP call to Tunnel@IPADDRESS
- The trusted root container of this VPN server is TRC -
VPNServer.context
- The configured server certificate is ServerCert - VPNServer.context
- VPNGetRootCert: Read trusted root cert from TRC - VPNServer.context
- Send update cfg to 1 for type of mask = 7, typeofcfg=1
- Send update cfg to 2 for type of mask = 31, typeofcfg=1


__________________End of Log_____________________________

The last two lines of the csaudit log are always the same. I thought it
may
have been an Imanager issue not setting the correct values or
something.
I was using version 2.7. As this is not currently a production server I
rebuilt it from scratch but this time installed the standalone version
of Imanager 2.6SP4

I seeing exactly the same issue as I was before. If any body could
possibly tell me where I'm going wrong it would be greatly appreciated.

Thanks


-- 
David_Parker
------------------------------------------------------------------------



0
David
6/29/2010 4:46:02 AM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

14 Replies
518 Views

Similar Articles

[PageSpeed] 45
Get it on Google Play
Get it on Apple App Store

Hi,

David Parker wrote:
> 
> On the surface (as best I can tell) my configuration is correct. But
> when the server initiates a connection as echoed on the console eg,
> 
> "Call connection established for protocol IP destination
> VPTUNNEL@IPADDRESS"
> 
> No traffic destined for the checkpoint device ever leaves the server.

Ignore. The callmgr messages happens as soon as the server is ready to
make the connection. It unfortuately has absolutely nothing to do with
the server actually *actively making* the connection in reality, let
alone it haveing been successful.

> If I do a stopvpn, start an TCP IP debug, then do a startvpn. The conlog
> never shows any traffic to specified checkpoint IP. 

Right. Traffic to the destination along with connection setup only
happens when there actually *is* traffic that according to the routing
table has to be routed to the destination behind the VPN. Like e.g a
PING to one of the remote protected networks. Simply starting the VPN
does *NOT* establish the connection.

> The IKE console is
> also static.

And that's the most important information you need to look at if the
connection ever attempts to establish. It is also echoed into ike.log
under sys:\etc\ike.

> I'm testing this with filters disabled.
> 
> If I change the checkpoint slaves authentication method from Non BM PSK
> to say BM 3.8 certificate based authentication. The server will actually
> attempt to connect to the checkpoint slave. A trace shows packets being
> sent and received plus plenty of IKE activity is seen.

Well, this all really sounds pretty clear. You do not have any third
party traffic rule that defines what traffic needs to be encrypted to
yuor destination, *or* yuo never produce any traffic that matches that
rule, so that the VPN connection would even attempt to establish.

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
6/29/2010 6:48:32 AM
Thanks for the quick reply. Just to clarify a couple of the points you
raised.
I have tried sending traffic to the other side just by using ping but
they are not replied to. 

My colleague on the slave end tells they never logged any negotiation
attempts. I'm wondering if my 3rd party rule is set correctly. Its
currently defined as:

- 3rd Party Server Configuration
172.16.0.0


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
6/29/2010 7:46:01 AM
Sorry hit send before finishing


Thanks for the quick reply. Just to clarify a couple of the points you
raised.
I have tried sending traffic to the other side just by using ping but
they are not replied to. 

My colleague on the slave end tells they never logged any negotiation
attempts. I'm wondering if my 3rd party rule is set correctly. Its
currently defined as:

- 3rd Party Server Configuration
3rd party gateway address XX.XX.XX.113
172.16.0.0  255.255.0.0
172.18.0.0 255.255.0.0

- NBM Protected Network
192.168.196.0


-Define Action

Encrypt
Key life time 120
Encryption 3DES
Auth HMAC-SHA1


This is the only rule I have. After this comes the default rule deny
rule on the same source IPAddress as the 3rd party check point device.


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
6/29/2010 7:56:02 AM
Hi,

David Parker wrote:
> 
> Thanks for the quick reply. Just to clarify a couple of the points you
> raised.
> I have tried sending traffic to the other side just by using ping but
> they are not replied to.
> 
> My colleague on the slave end tells they never logged any negotiation
> attempts. I'm wondering if my 3rd party rule is set correctly. 

Very obviously it isn't.

> Its
> currently defined as:

The server configuration isn't the key. As I said in my previous
message, the important piece is the third party traffic rule. It sounds
like this is either missing entirely or not setup properly.

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
6/29/2010 8:42:42 AM
Thanks for the reply. I think my third party traffic rules look ok. I
realised after your first reply that connection wouldn't be initiated
unless you try to push some traffic to the other side. (I'm learning).
So now I'm seeing ike logging when attempting to send data.

The response I now have in CSAUDIT is No_Proposal_Chosen. The early IKE
phase appears to fail.

IKE Logs the following:


30-6-2010 11:29:11 am Start IPSEC SA 99A96120 - Initiator****totSA=1
30-6-2010 11:29:11 am src from IPsec
30-6-2010 11:29:11 am 10020000 D2D791AA
30-6-2010 11:29:11 am dst from IPsec
30-6-2010 11:29:11 am 10020000 48A69771
30-6-2010 11:29:11 am Start IKE-SA 9CD1B100 -
Initiator,src=IPADDRESS,dst=IPADDRESS,TotSA=1
30-6-2010 11:29:11 am AUTH ALG IS 3
30-6-2010 11:29:11 am ***Send Main Mode message to IPADDRESS
30-6-2010 11:29:11 am
I-COOKIE=D8A2CE97EB7A0CBF,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1636983284
30-6-2010 11:29:12 am ***Receive Unacknowledge Informational message
from IPADDRESS
30-6-2010 11:29:12 am
I-COOKIE=D8A2CE97EB7A0CBF,R-COOKIE=0000000000000000,MsgID=3ED92E52,1stPL=NOTIFY-PAYLOAD,state=-1636983120
30-6-2010 11:29:12 am Recieved notify message type 14 from IPADDRESS 
30-6-2010 11:29:12 am Notify Recvd :Packet could have corrupted on the
way ,retransmit to IPADDRESS
30-6-2010 11:29:12 am ***Send Main Mode message to IPADDRESS
30-6-2010 11:29:12 am
I-COOKIE=D8A2CE97EB7A0CBF,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-1636983284

------------------This is my 3rd party rule---------------------

- 3rd Party Server Configuration
3rd party gateway address XXX.XXX.XXX.XXX
172.16.0.0 255.255.0.0
172.18.0.0 255.255.0.0

- NBM Protected Network
192.168.196.0

-Define Action

Encrypt
Key life time 60
Encryption 3DES
Auth HMAC-SHA1

-------------This is the checkpoint configuration--------------------

IP compress: disabled
IKE (phase 1) encryption:  3DES
IKE (phase 1) data integrity: SHA1
IKE (phase 1): DH Group 2 (1024 bit), renegotiate every 1440 minutes
IKE (phase 1): aggressive mode disabled
IPsec (phase 2) encryption: 3DES
IPsec (phase 2) data integrity: SHA1
IPsec (phase 2):  PFS enabled. 
IPsec (phase 2): renegotiate SA every 3600 seconds.
One VPN tunnel per subnet pair (IPsec standard)

Any suggestions would be greatly appreciated.


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
6/30/2010 1:56:02 AM
Hi,

David Parker wrote:
> The response I now have in CSAUDIT is No_Proposal_Chosen. The early IKE
> phase appears to fail.
> 
> IKE Logs the following:

Is that log everything it produces, or just a snippet?

At any rate, at this point the usual ipsec "fun" begins. That is making
perfectly sure the configuration on both eneds is identical, otherwise
it will not establish. The most crucial pieces are:

1. PSK (of course, but I can't count how often it actually *was* a typo
in the PSK).

2. encryptions parameters  (yours seem ok).

3. Key lifetimes (renegotiation).

4. IP Addresses, especially encrypted (routed) networks.

Oh, yuo may want to look at the checkpoint logs too. It may provide some
additional insight what it thinks is wrong (as that's the one denying
the connection).

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
6/30/2010 7:15:31 AM
In article <David_Parker.4dcjrd@no-mx.forums.novell.com>, David Parker 
wrote:
> 30-6-2010 11:29:12 am ***Receive Unacknowledge Informational message
>
This is the key - it means the other side is rejecting your traffic and 
telling the sender.  Something is not matching on the other side.  The 
traffic rules need to match.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***


0
Craig
7/22/2010 4:48:22 PM
Hello there,
I am actually still working on this issue off and on with a Colleague
at the Checkpoint end of the implementation.
We still have issues getting our S2S connection working using Pre
Shared Key.
After examining negotiation logs on the checkpoint end it would appear
that the BM server is preposing
"RSA Signature� as the authentication method instead of shared secret.

I have reviewed my configuration many times and made the following
observation.

- VPN Master
Pre shared Secret option is ticked and secret defined.
Perfect Forward Secrecy ticked
Server Certificate field is populated with the ServCert - Servername
certificate
Trusted Root Container certificated defined
All network setttings are correct

-Site To Site member list

-Master Server-
Member Version 3.9
Pre-shared key selected
Certificate 'Issuer' field populated 

-Slave-
Member version 'Non-BM'
Preferred Authentication Method 'Pre-Shared Key'
PSS Key entered and confirmed
Certificate 'Issuer' field populated 

Because the Checkpoint believes BM is to use certificate based
negotiation I removed all certificates in the VPN master and slave
certificate fields. I can successfully save this configuration in
iManager. However when I attempt stop/startvpn at the console
with this configuration in place bcallsrv never establishes a
connection attempt when you attempt to send some traffic over.

If I put these certificates back in does but once again the checkpoint
slave believes I using certs instead of PSK. Does anyone
have any suggestions as to why PSK wouldn't be forced over certificates
? Should I still be able to establish a connection
using PSK if certificates are removed out of the configuration ?

Many thanks for any suggestions.


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
11/12/2010 2:06:01 AM
Hi,

David Parker wrote:
 
> -Slave-
> Member version 'Non-BM'
> Preferred Authentication Method 'Pre-Shared Key'
> PSS Key entered and confirmed
> Certificate 'Issuer' field populated

The last is incorrect. The Certificate field should be empty in the
slave config when you use PSK.

 
> Because the Checkpoint believes BM is to use certificate based
> negotiation I removed all certificates in the VPN master and slave
> certificate fields. 

You can't and don't need to remove the cert config from your Master. 

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
11/14/2010 9:30:31 AM
Hi Massimo,

I'm at a complete loss. On paper it looks ok. When I  made the change
you suggested callmgr deletes the connection and CSAudit suggests the
slave configuration is wrong as per TID10091045. 

This is my configuration:

When you click on Site To Site Configuration in iManager it lists:

- VPNServerName (master)
- 3rd Party Client (Slave)

Select VPNServerName -----> Defined Fields:
Member version = 3.9
Prefered Authentication Method = Pre-shared Key
Certificate:
Issuer = MasterTRO.TRC-VPNServername.context
Subject Name = O=TREE.CN=vpnserver.domainname
No other fields defined except correct IPaddress config

Select 3rd PartySlave -----> Defined Fields:
Member Version = Non-BM
Prefered Authentication Method = Pre-shared Key
PSS Key = same as main VPN server config page
No other fields like certificates etc populated just correct IPaddress
config

3rd Party Traffic Rules:

Listed on this page our two rules.
source               
destination            action              status
1. My 3rd Party Rule                    3rd party public ip            
specified list          Encrypt            Active
2. My 3rd Party_Default_Rule         3rd party public ip               
any host              Deny                Active

Contents of My 3rd Party Rule:

- 3rd party server configuration
3rd party server gateway address = XX:XXX:XXX:XXX
Rule Applies to = Only Use IP List
3rd Party server protected network list
172.18.0.0.
172.16.0.0

-NBN Server Protected Network List
Rule Applies to = Only Use IP List
192.168.196.0

-Define Action

Encrypt = Active
Key Life Time 60mins (checkpoint slave value)
Encryption: 3DES
Authentication: HMAC-SHA1

With the above values in the member list above. VPN services start ok
but no call destination gets defined hence
when trying to put some traffic accross the VPN IKE monitor does
nothing.
CSAudit as per the above listed TID would leave you to believe the
slave is configured incorrectly with the wrong
certificate name when in fact it is configured for PSS. The check point
firewall also believes negotiation attempts
are cert based instead of PSS.

The server is a fully patched 6.5 / 3.8. I have tried everything I can
think and I'm just going round in circles with it 
now. I'm starting wonder if scenario really needs 3.9 to work?

Thanks,

David


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
11/15/2010 5:36:01 AM
I'm wondering now if this could be an issue with Imanager not setting
values correctly . I'm using 2.6.0 but
I need to check the version of BM npm's. Could this be a possibility ?

Thanks


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
11/15/2010 9:06:01 AM
Hi,

David Parker wrote:
> 
> I'm wondering now if this could be an issue with Imanager not setting
> values correctly . I'm using 2.6.0 but
> I need to check the version of BM npm's. Could this be a possibility ?

That's entirely possible, especially when your BM snapins are as
outdated as your core iManager.

Other than that, your descriptions confuse the hell out of me. You seem
to be mixing up the VPN Server configuration and the VPN S2S Config.
That's two entirely different things, and you only ever need to touch
the latter when setting up a �rd party server. But you may have
inadverently broken your BM Server config now, and may have to redo it.

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
11/15/2010 1:27:42 PM
I took your advice and started again from scratch. This is a lab setup.
In fact I found a nice app note that with similarities to what I am
trying to achieve.

First I deleted my VPN config, upgraded the from SP7 to SP8 which gave
me iManager 2.7.2. 
Added the latest the BM VPN plugin. Then I decided to followed this
appnote just to see
what IKE would do. Obviously I used my public and private addresses in
place of those in the appnote.

I then did a stop/startvpn.

No entry was added to callmgr so I did nothing
The IKE Logging screen just showed its default "Read Trusted Root Cert
etc" and never showed any activity

I would have thought it would have at least attempted a connection to
the fictitious public ip address
in the appnote. So I would appear that this configuration behaves
exactly the same as mine
even after following exactly.

The bottom line of my problem is when I use PSS on my 3rd party slave
two things occur:

1. Callmgr does not get an entry to represent the connection to slaves
IP
2. IKE does nothing when you try ping a host on the other side

But............

If I leave the 3rd party slave as Non-Bm and change the auth method to
certificate and issue the cert etc. When I restart the VPN services a
connection attempt is made to the fictitious IP in appnote which
obviously. So why is when certs are used callmgr and IKE 
start functioning but under pss they don't? 

Here's the appnote...............thanks

'Setting Up an IPSec VPN Tunnel between Nortel and an NBM 3.8.4 Server
| Novell User Communities'
(http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=http--wwwnovellcom-communities-node-3212-setting-ipsec-vpn-tunnel-between-nortel-and-nbm-384-server&sliceId=&docTypeID=DT_ARTICLES_TIPS_1_1&dialogID=183768104&stateId=0)
0 183766694


-- 
David_Parker
------------------------------------------------------------------------
David_Parker's Profile: http://forums.novell.com/member.php?userid=14423
View this thread: http://forums.novell.com/showthread.php?t=414400

0
David
11/16/2010 7:06:01 AM
Hi,

David Parker wrote:
> 
> I then did a stop/startvpn.
> 
> No entry was added to callmgr 

That's a problem. It should definitely add one.

> so I did nothing
> The IKE Logging screen just showed its default "Read Trusted Root Cert
> etc" and never showed any activity
>
> I would have thought it would have at least attempted a connection to
> the fictitious public ip address

Only when it detects traffic designated to the remote encrypted
networks. But as long as there's no entry in callmgr for the remote
side, nothing will happen, that's totally necessary.

Quite frankly, at this point I'm a bit stumped why it wouldn't create
the 3rd party tunnel properly. 

CU,
-- 
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
0
Massimo
11/16/2010 9:04:39 AM
Reply:

Similar Artilces:

Small VPN appliance to connect to BM VPN
--____VQHYVYNDJJYFRGAXQVCU____ Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; modification-date="Sat, 30 Mar 2007 18:09:36 -0400" Can anybody recommend a small (inexpensive) router that could easily = create a VPN from it to a BM 3.8 server? We have a remote location = (warehouse) that will have 2 computers. I was going to set up the = workstations to connect to a Terminal server in the main office to run the = applications they require. The problem I am attempting to deal with is = that the use...

Connect VPN client thru BM to another VPN
i, I have a problem connecting a client inside my network (10.x.x.x) using a CISCO VPN CLIENT. My firewall is a Bordermanager 3.6 SP2a server using NAT and I want to connect to other VPN server. How I have to configure the BM serfver to connect internal client to access others VPN server ????? Thanks in advance Jose hi Jose, let me understand. Are you trying to connect with a Cisco VPN client to a CIsco VPN server or to a BM VPN server? -- Cat Novell Support Connection Volunteer Sysop ...

BM VPN site - to
Hi, Can i use BM 3.7 or 3.8 to create a site-to-site VPN with a BM server on one site an a hardware VPN device (Cisco, Nortel) on the other site ? Or does site-to-site VPN always need to be 2 BM servers ? Regards, Jan Wiersma the Netherlands. Jan Wiersma wrote: > Hi, > > Can i use BM 3.7 or 3.8 to create a site-to-site VPN with a BM server on one site an a hardware VPN device (Cisco, Nortel) on the other site ? > Or does site-to-site VPN always need to be 2 BM servers ? 3.7 is BMgr only. 3.8 should work with any IPSEC VPN. -andy ...

vpn to vpn connection question
Hello: I've been asked to look into a vpn to vpn connection with a third party vpn server connection to our bm38sp2 vpn. Last week I had asked if this was possible and the answer was yes (but). Currently I have our vpn up and running to allow me secure access from home for remote management. The vpn is setup as the master vpn server. Now, if I try to connect to a third party vpn, will our server be a client in this case (I assume so)? If so, how does this impact our current setup as a master server? Thanks in advance, Chris. PS. Others have suggested (strongly) to si...

Did anybody try to get Nokia Mobile VPN Client to connect to a BM VPN server?
If you do not know the software (for symbian mobile phones) see: http://businesssoftware.nokia.com/mobile_vpn_downloads.php This client seems to be very wide adaptable to different Ipsec VPN authentication and encryption methods. But I do not know which methods are implemented on the BM side, so I cannot judge from the documentation, if this can work or is clearly impossible. If it could be made working, that would be a really nice thing. -- W. Prindl W_, It appears that in the past few days you have not received a response to your posting. That concerns us, and has trigg...

S2S connection BM 3.8 and third part VPN server
Hello!, Running BM 3.8 on Netware 5.1 SP7 We need to configure a VPN tunnel from a Border Manager 3.8 to a third party VPN Server. The parameters are provided from the third party Server and they are: we support following options for Phase 1 encryption: DES or 3DES MD5 or SHA1 Diffiew-Hellman group2 NO aggressive mode options for Phase 2: DES or 3DES MD5 or SHA1 NO perfect forward secrecy Is it possible to setup this parameters in the Border Manager Server? because I don�t know how to .... I heard and read about third party Server, is this option to setup this ...

Bordermanager 3.8 VPN connection but no connection
Hi all, I am testing BM 3.8 VPN and am connecting via NMAS, connecting goes without problems and when I am connected I can ping the inside server ip, the vpn tunnel address and the ip-address that has been supplied by BM. But I cannot connect to any of the services running on my server or login.... <<But I cannot connect to any of the services running on my server or <<login.... What do you mean by that? any example and error message? 1. Which ip address pool is using the vpn client? 2. Which is your internal ip address of the host you are try...

BM 3.8 S2S VPN Connection is working not able to ping through the tunnel
Servers have a ESP-Sa connection (IKE Screen) But the Member activity screen stays on Connection state=pending Cannot ping through the tunnel The servers are not in the same tree. Can you unload the filters on master and slave for about 20 minutes? Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** I unloaded the filters for about an hour or so (theyre still unloaded) but this did not help. The strange thing is that the slave can ping the ma...

Connecting to SSL VPN through a PPTP VPN
Hi This may seem a weird question... I'm on a Mac (OS X 10.4.8), and when at Uni, I connect to their wireless network using a VPN (PPTP). When connected, the network only allows network access through a proxy on port 8080. Hence, I cannot check email or connect to IM services and so on. I have a SSL VPN account setup with HotSpotVPN2 [1], so I figured I could connect to the Uni VPN, then connect to the HotSpotVPN. But, when I tried HotSpotVPN would never connect. [1] <http://www.hotspotvpn.com> Is it possible for me to do this? What am I doing wrong? ...

Error connecting to VPN through VPN Client
Hi, I am running NW6.5 with BM3.8 and everytime I type in my server ip and the other options to login to the server through vpn with NMAS i get the error, "failed to connect to the authentication gateway either 19*.***.***.*** is an invalid server address or the authentication gateway is not loaded on the server" What is the usual cause of this? > Hi, > > I am running NW6.5 with BM3.8 and everytime I type in my server ip and the > other options to login to the server through vpn with NMAS i get the error, > > "failed to connect to the a...

Cisco VPN or BM VPN open question..
Hi People, I have a customer, they have a small Netware deployment (100 Users), and like the Novell Technologies. They are now looking to provide their own internet access (currently hosted) Therefore they are going to need a Proxy server and a VPN server. Cisco salesman has been in and told them the best option is to use a Cisco VPN (I guess this only does VPN and not Proxy but I am not sure of the Details.) Was just wondering if anyone had any views, whether to use CISCO vpn or BM. So far I can think of... 1) I think that BM will be cheaper? 2) They have a Netwar...

How to setup my VPN to allow printing while connected to the VPN
Hello there, I am new to Border Manager and have a Bordermanager VPN at my office. I have remote sites that need to be able to print while connected to the VPN, however they cannot. Could anyone offer advice on what I need to do to get this working? Phil In article <tOutc.181$uj7.83@prv-forum2.provo.novell.com>, wrote: > Hello there, I am new to Border Manager and have a Bordermanager VPN at > my office. I have remote sites that need to be able to print while > connected to the VPN, however they cannot. Could anyone offer advice on > what I need to do to ge...

Unable to complete a vpn connection with Juniper VPN
Name: Gary Levin Email: levingatinsightbbdotcom Product: Firefox Release Candidate Summary: Unable to complete a vpn connection with Juniper VPN Comments: Using Juniper VPN software, the production Firefox works just fine. The 3.5 preview does not. It appears to load, java starts and it allows the login information to be entered. The session is not able to complete. It appears to start but hangs somewhere and never returns the Session page. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b99) Gecko/20090605 Firefox/3.5b99 From URL: http://hendri...

S2S VPN breaks non-VPN communications between sites
Have existing sites running NW6.5sp4,BM3.8sp4. Remote site accesses central office via Novell Portal and Citrix servers and GW WebAccess. Setting up S2S VPN between the 2 sites. Central office is master. Would like remote to still be able to use Citrix and GWWA outside of the VPN while other traffic is routed thru the VPN. Central public IP is x.x.x.18/255.255.255.240 Remote public is x.x.x.30 (yes this is on the same subnet - uses same ISP) The following are static NAT'd to servers inside BM at Central office portal public is x.x.x.19 citrix01 is x.x.x.23 citrix02 is x.x.x....

Web resources about - BM S2S VPN Connection not initiating - novell.bordermanager.vpn

Connection - Wikipedia, the free encyclopedia
Text is available under the Creative Commons Attribution-ShareAlike License ;additional terms may apply. By using this site, you agree to the ...

iMedia Connection: Interactive Marketing News, Features, Podcasts and Video - iMediaConnection.com
High-quality data, if not used properly, can still lead marketers to make bad decisions. Consider these common ways that numbers are used to ...

HTTP persistent connection - Wikipedia, the free encyclopedia
... tacked on to an existing protocol. If the browser supports keep-alive, it adds an additional header to the request: Following this, the connection ...

CareerSonar Turns Facebook Friends Into Job Connections
Looking for a job ? Among your Facebook friends lies the potential for employment. CareerSonar , a new service, brings together a person’s connections ...

Police tear open roof to arrest man in connection with stabbing murder
Police have torn open the roof of a Gold Coast home to arrest a man in connection with the stabbing death of 16-year-old Michael Brack.

Paris attacks: Belgium connection probed as terrorist past of Brussels district of Molenbeek under spotlight ...
Prosecutors reveal a growing Belgian connection to the deadly Paris attacks, focusing on a poor Brussels district.

Half of data connections by top 500 Android apps are 'covert' with no effect on user experience
Researchers at the Massachusetts Institute of Technology have discovered that half of the communications connections established by the top free ...

Cross-cultural Connections and Exchange: international study is more important than ever
... And, as a minority of ill-intentioned individuals and groups do their best to create divides, we need citizens equipped to create connections ...

Brussels Connection Under Spotlight After Paris Killings
(EurActiv) — Prosecutors on Sunday disclosed a growing Belgian connection to the Paris attacks as Premier Charles Michel conceded that a Brussels ...

Be Goofy, Smile At Your Baby: Protection Begins with Connection, Pediatrician Says
VideoPart 3 of a series Andrew Garner wears silly ties and finds it easy to make a goofy face. These are valuable tools for charming the babies ...

Resources last updated: 11/24/2015 6:02:00 PM