Cisco or any 3rd-party VPN client to BM38 VPN Server
In-house we use the Novell VPN client, but some vendor support wants to use the Cisco VPN client. Can it be made to authenticate to our BM3.8 VPN Server? Are any other clients tested compatible? I thought this new generation IKE VPN provided more interoperability. Thanks
I believe it can be made to function, with a lot of effort. However,
it is easier to just have both Novell and Cisco VPN client installed at
the same time.
If you want to use Cisco VPN client, realize that it will take a lot of
work for purely political reasons, and you will have zero return on
investment for...Removing Legacy VPN Server Configuration: Does this harm current VPN setup of BM3.8.5?
on 2 BM Slave S2S + C2S servers I have the problem, that routing information gets messed up
each time VPN gets initialized (startvpn, startbrd), a reinitialize system doesn't harm.
one of them has "respawning" obsolete network routes, those I overlayed with same network,
The other one is just the opposite: newly added network routes dissappear.
Both of them were also used for SKIP C2S dialin, that's not used any more. Craig mentioned, that
there might be the possiblity, that bogus info in the legacy VPN part might be the...MS VPN Client to BM38 VPN Server?
On win2k and on XPHome I create a network connection which is a VPN connection, then try to do certificate authentication to the BM 38 VPN server. I have the Novell VPN client on the same machine which can authenticate with the same certificate. The MS client returns an Error 800: unable to establish connection, maybe the network is unreachable, maybe your security settings are wrong.
With the Novell Client I pick exactly the certificate I want to use to authenticate. I can't find that option in the MS client, I can select a Trusted Root (so I had to export the Trusted Root and add it ...mesh vpn with 3rd party vpn solution
At this moment I have a mesh vpn network where 1 master is connected to 3
slave sites. All sites are using bordermanager 3.8
Now we need a dedicated vpn connection from the master to another site,
who are using another ipsec compatible vpn solution.
Is it possible to setup this connection from the master to this other
firewall, without having the slaves to also contact this site?
Or is is better to install a separate server to setup this connection?
Thanks in advance,
In article <hACyh.1783$QP1.email@example.com>, wrote:
> Is it possible...Problem with VPN on a slave server in 3 server Full mesh.
we keep getting this error in the IKE.LOG file on one of the Slave
servers who is in a 3 VPN server setup in Full Mesh, the other slave in
this setup got its IP changed last week.
22-1-2007 19.05.18 Retransmit timer expired :Peer lost our reply
retransmit the old packet to xxx.211.255.xxx
have looked in the Knowledge base but not much to find there in regards
From the Master there is connection fine, but between the 2 slaves i
cant e.g. ping the private IP viseversa.
any idea...Removing Server-to-Server VPN
I currently have two BorderManager 3.7 (Netware 6) servers providing a
Server to Server VPN between my two offices. I am investigating a
private line between the offices.
Each server also provides proxy/firewall services for their respective
offices. The Master VPN server provides Client to Site VPN services.
Each office has its own subnet. The slave office is partitioned and
the slave BMgr is master of that partition.
If I go with the private line, I will have a couple of Cisco routers
connecting the private line to each office.
Could each office retain its subnet and addres...Optimize server to server VPN
I have a server to server VPN. Both ends are 3MB DSL with 800 KB
Are there parameters that should be altered to maximize performance.
I have already altered the MTU to 1492 in order to fix GroupWise MTA
In article <4183945A.6AC3E563@hillhouse.ca>, Steve Babcock wrote:
> Are there parameters that should be altered to maximize performance.
Yes, in general. Look at tip #23 at the URL below.
For the VPN, you may have to reduce MTU even further for some apps.
Note that with 800k DSL, you probably will only get about 650K...Unable to create 3rd party VPN Server
I'm trying to create a slave VPN server in iManager 2.6 but everytime I
configure the server, click apply and then okay I get the following
The Site To Site service was modified partially.
The Site To Site service was not modified due to following reasons: - Failed
to create Site to Site member:ToledoVPNS2SFW_SERV2.Antibus_FW.Antibus
It creates the default rule, rule I created, but the server is not created.
This is a netware 6.5 sp6 with all patches, ie nwlib, winsock, edir, etc., +
a beta patch from Novell NTLS.NLM to correct an abend problem with
apache/nlda...3rd party vpn client & server
I am trying to use Checkpoint vpn client to access third party vpn.
We have bordermanager 3.6 running on netware 5.0 and are using nat.
We cannot connect unless I unload all filters.
Their isp told me that i have to set up these filters:
TCP/264 (Topology Download)
IPSEC and IKE (UDP and TCP on port 500)
UDP 2746 (UDP encapsulation)
FW1_scv_keep_alive (UDP port 18233)---- used for SCV kep-alive packets
FW1_pslogon_NG (TCP port 18231)---- used for SecureClient's logon to
Policy Server protocol
FW1_sds_logon (TCP port 18232)----used for SecureClient's Software
...Craig's Tip #77 (3.8 Site-Site VPN slave server that won't start VPN services)
I have a couple of questions:
Does this problem happen in IKE mode, Legacy mode, or both ?
If there's a replica of root on another server on the slave's segment, I
assume this is enough of a 'fix' to allow the services to start properly?
"Update: Aug 24, 2004: I am hearing that there is a design bug with
BorderManager 3.8 Site-to-Site VPN that requires the slave server to contact
a replica of the Root partition in order to launch. This means (for now)
that you need to put a replica of Root on the VPN slave server. This makes
se...S2S VPN breaks non-VPN communications between sites
Have existing sites running NW6.5sp4,BM3.8sp4.
Remote site accesses central office via Novell Portal and Citrix servers
and GW WebAccess.
Setting up S2S VPN between the 2 sites. Central office is master.
Would like remote to still be able to use Citrix and GWWA outside of the
VPN while other traffic is routed thru the VPN.
Central public IP is x.x.x.18/255.255.255.240
Remote public is x.x.x.30 (yes this is on the same subnet - uses same ISP)
The following are static NAT'd to servers inside BM at Central office
portal public is x.x.x.19
citrix01 is x.x.x.23
citrix02 is x.x.x....vpn server configuration
I'm setting up a NBM 3.8 VPN server on a Netware 6.5 server.
The VPN server is installed in the production tree in its own container.
To configure the VPN server, the instructions call for a Trusted root
container, a Key material object and a trusted root object.
Are these objects to be created in the the "vpn" container or somewhere
Thanks in advance for you help.
In article <SbuKe.2563$RK5.firstname.lastname@example.org>, wrote:
> Are these objects to be created in the the "vpn" container or somewhere
> else?...NBM 3.8 VPN Client to a Cisco VPN server
Where might I find detailed instruction on setting this up ?
There is some info here:
But I'm not sure it is complete. There was a thread on this here in
the past couple of days, so you should search back a bit.
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***
...Expired server cert on S2S VPN slave with no access to the CA
I have client with a BorderManager 3.8 S2S VPN that was set up two years ago
Monday. Single eDirectory tree - originally the slave server was built at
the main site and the server certificate for the slave side of the tunnel
was created without issue. Client called on Monday and you guessed it -
certificates had expired and the tunnel went down. I was able to create a
replacement certificate for the master server and the main site tunnel side
appears to be up once again, but because the server cert at the slave site
has expired at the same time, we can not get...