Deleting 3rd Party S2S VPN Server Breaks Slave VPN Configuration For All Servers, eventually.

I thought I posted this weeks ago but after searching the forum I did 
not find it.  So here is the issue and the Official Novell Fix.

Setting up a 3rd Party VPN with BM 3.8.2 and NW 6.5.1.  It worked great 
after it was setup.  But if you went to delete a 3rd Party slave VPN 
server it may break another 3rd party slave. The only fix was to 
completely remove all servers from the Site to Site vpn configuration. 
Delete the Master site to site server. Create all new objects. 
Basically, recreate it all from scratch.

Opened an incident with Novell and completed several tests and looked at 
several csaudits.  Here was the final result from Novell.

Novell:
Engineering has found one of the problems. The configuration module is 
failing.
There is a problem with the auto-deletion of traffic rules when you 
remove a server.
It fills a wrong value for the next traffic rule. But if you  manually 
remove the traffic rules before removing the server,
things work fine. So if you need to remove a slave server, remove first 
the traffic rule belonging to this server and after that remove the server.
0
JF
1/3/2005 6:29:24 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

1 Replies
715 Views

Similar Articles

[PageSpeed] 34
Get it on Google Play
Get it on Apple App Store

Thank you for the information!!! Very useful, indeed.
-- 
Caterina
Novell Support Connection Volunteer Sysop
0
Caterina
1/4/2005 7:48:45 PM
Reply:

Similar Artilces:

Cisco or any 3rd-party VPN client to BM38 VPN Server
In-house we use the Novell VPN client, but some vendor support wants to use the Cisco VPN client. Can it be made to authenticate to our BM3.8 VPN Server? Are any other clients tested compatible? I thought this new generation IKE VPN provided more interoperability. Thanks I believe it can be made to function, with a lot of effort. However, it is easier to just have both Novell and Cisco VPN client installed at the same time. If you want to use Cisco VPN client, realize that it will take a lot of work for purely political reasons, and you will have zero return on investment for...

Removing Legacy VPN Server Configuration: Does this harm current VPN setup of BM3.8.5?
Hello, on 2 BM Slave S2S + C2S servers I have the problem, that routing information gets messed up each time VPN gets initialized (startvpn, startbrd), a reinitialize system doesn't harm. one of them has "respawning" obsolete network routes, those I overlayed with same network, gy=<ip-of-default-gy> The other one is just the opposite: newly added network routes dissappear. Both of them were also used for SKIP C2S dialin, that's not used any more. Craig mentioned, that there might be the possiblity, that bogus info in the legacy VPN part might be the...

MS VPN Client to BM38 VPN Server?
On win2k and on XPHome I create a network connection which is a VPN connection, then try to do certificate authentication to the BM 38 VPN server. I have the Novell VPN client on the same machine which can authenticate with the same certificate. The MS client returns an Error 800: unable to establish connection, maybe the network is unreachable, maybe your security settings are wrong. With the Novell Client I pick exactly the certificate I want to use to authenticate. I can't find that option in the MS client, I can select a Trusted Root (so I had to export the Trusted Root and add it ...

mesh vpn with 3rd party vpn solution
Hi, At this moment I have a mesh vpn network where 1 master is connected to 3 slave sites. All sites are using bordermanager 3.8 Now we need a dedicated vpn connection from the master to another site, who are using another ipsec compatible vpn solution. Is it possible to setup this connection from the master to this other firewall, without having the slaves to also contact this site? Or is is better to install a separate server to setup this connection? Thanks in advance, Michael In article <hACyh.1783$QP1.447@prv-forum2.provo.novell.com>, wrote: > Is it possible...

Problem with VPN on a slave server in 3 server Full mesh.
Hi forum we keep getting this error in the IKE.LOG file on one of the Slave servers who is in a 3 VPN server setup in Full Mesh, the other slave in this setup got its IP changed last week. ------------------------------- IKE.LOG 22-1-2007 19.05.18 Retransmit timer expired :Peer lost our reply retransmit the old packet to xxx.211.255.xxx ------------------------------- have looked in the Knowledge base but not much to find there in regards to above. From the Master there is connection fine, but between the 2 slaves i cant e.g. ping the private IP viseversa. any idea...

Removing Server-to-Server VPN
I currently have two BorderManager 3.7 (Netware 6) servers providing a Server to Server VPN between my two offices. I am investigating a private line between the offices. Each server also provides proxy/firewall services for their respective offices. The Master VPN server provides Client to Site VPN services. Each office has its own subnet. The slave office is partitioned and the slave BMgr is master of that partition. If I go with the private line, I will have a couple of Cisco routers connecting the private line to each office. Could each office retain its subnet and addres...

Optimize server to server VPN
I have a server to server VPN. Both ends are 3MB DSL with 800 KB upstream. Are there parameters that should be altered to maximize performance. I have already altered the MTU to 1492 in order to fix GroupWise MTA communication problems. Steve In article <4183945A.6AC3E563@hillhouse.ca>, Steve Babcock wrote: > Are there parameters that should be altered to maximize performance. > Yes, in general. Look at tip #23 at the URL below. For the VPN, you may have to reduce MTU even further for some apps. Note that with 800k DSL, you probably will only get about 650K...

Unable to create 3rd party VPN Server
I'm trying to create a slave VPN server in iManager 2.6 but everytime I configure the server, click apply and then okay I get the following message: The Site To Site service was modified partially. The Site To Site service was not modified due to following reasons: - Failed to create Site to Site member:ToledoVPNS2SFW_SERV2.Antibus_FW.Antibus It creates the default rule, rule I created, but the server is not created. This is a netware 6.5 sp6 with all patches, ie nwlib, winsock, edir, etc., + a beta patch from Novell NTLS.NLM to correct an abend problem with apache/nlda...

3rd party vpn client & server
I am trying to use Checkpoint vpn client to access third party vpn. We have bordermanager 3.6 running on netware 5.0 and are using nat. We cannot connect unless I unload all filters. Their isp told me that i have to set up these filters: TCP/264 (Topology Download) IPSEC and IKE (UDP and TCP on port 500) UDP 2746 (UDP encapsulation) FW1_scv_keep_alive (UDP port 18233)---- used for SCV kep-alive packets FW1_pslogon_NG (TCP port 18231)---- used for SecureClient's logon to Policy Server protocol FW1_sds_logon (TCP port 18232)----used for SecureClient's Software ...

Craig's Tip #77 (3.8 Site-Site VPN slave server that won't start VPN services)
I have a couple of questions: Does this problem happen in IKE mode, Legacy mode, or both ? If there's a replica of root on another server on the slave's segment, I assume this is enough of a 'fix' to allow the services to start properly? Thanks Adrian James Quote: "Update: Aug 24, 2004: I am hearing that there is a design bug with BorderManager 3.8 Site-to-Site VPN that requires the slave server to contact a replica of the Root partition in order to launch. This means (for now) that you need to put a replica of Root on the VPN slave server. This makes se...

S2S VPN breaks non-VPN communications between sites
Have existing sites running NW6.5sp4,BM3.8sp4. Remote site accesses central office via Novell Portal and Citrix servers and GW WebAccess. Setting up S2S VPN between the 2 sites. Central office is master. Would like remote to still be able to use Citrix and GWWA outside of the VPN while other traffic is routed thru the VPN. Central public IP is x.x.x.18/255.255.255.240 Remote public is x.x.x.30 (yes this is on the same subnet - uses same ISP) The following are static NAT'd to servers inside BM at Central office portal public is x.x.x.19 citrix01 is x.x.x.23 citrix02 is x.x.x....

vpn server configuration
Hello, I'm setting up a NBM 3.8 VPN server on a Netware 6.5 server. The VPN server is installed in the production tree in its own container. To configure the VPN server, the instructions call for a Trusted root container, a Key material object and a trusted root object. Are these objects to be created in the the "vpn" container or somewhere else? Thanks in advance for you help. Erik Vink In article <SbuKe.2563$RK5.603@prv-forum2.provo.novell.com>, wrote: > Are these objects to be created in the the "vpn" container or somewhere > else?...

NBM 3.8 VPN Client to a Cisco VPN server
Where might I find detailed instruction on setting this up ? thanks ed There is some info here: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090479.htm But I'm not sure it is complete. There was a thread on this here in the past couple of days, so you should search back a bit. Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** ...

Expired server cert on S2S VPN slave with no access to the CA
Hi, everyone. I have client with a BorderManager 3.8 S2S VPN that was set up two years ago Monday. Single eDirectory tree - originally the slave server was built at the main site and the server certificate for the slave side of the tunnel was created without issue. Client called on Monday and you guessed it - certificates had expired and the tunnel went down. I was able to create a replacement certificate for the master server and the main site tunnel side appears to be up once again, but because the server cert at the slave site has expired at the same time, we can not get...

Web resources about - Deleting 3rd Party S2S VPN Server Breaks Slave VPN Configuration For All Servers, eventually. - novell.bordermanager.vpn

Configuration management - Wikipedia, the free encyclopedia
The CM process is widely used by military engineering organizations to manage complex systems , such as weapon systems, vehicles, and information ...

Facebook Taps Opscode Private Chef For Configuration, Management Of Servers
How does Facebook manage its ever-growing plethora of servers , configurations, administrative access policies, and the other tasks that go along ...

Safe Gadget - Secure Your Computer and Smartphones with Easy to Follow Security Configuration Tips on ...
Get Safe Gadget - Secure Your Computer and Smartphones with Easy to Follow Security Configuration Tips on the App Store. See screenshots and ...

The Promise of System Configuration - YouTube
Google Tech Talks November 5, 2008 ABSTRACT In 1993 cfengine was one of the first open source configuration management systems for Unix, and ...

IBM: The PC is the new mainframe - Apple, Configuration / maintenance, Data Center, hardware systems ...
"The PC is dead!" We've heard that message a lot since the birth of Apple's iPad, but when one of the creators of IBM's first PC added his voice ...

Cloud BI vendor Birst bags $38 million in venture funding - SaaS, Configuration / maintenance, Birst ...
Birst, a San Francisco company that offers cloud-based business intelligence services, has scored a US$38 million venture investment led by existing ...

EMC teams with Avaya (not Cisco) on communication pods - unified communications, Configuration / maintenance ...
Two stalwarts in the enterprise IT market joined forces today to release a unified communications stack that integrates hardware from EMC, virtualization ...

Top tech companies plug into renewable power - Configuration / maintenance, Google, Microsoft, Networking ...
Leading tech companies like Microsoft, Google and Apple are making huge inroads in the use of renewable energy for corporate facilities and data ...

New 15-inch 2.5 GHz MacBook Pro unboxed and compared to other 2015 configurations
Apple’s new 15-inch MacBook Pro with Retina Display is here and available in a few different configurations. We’re take a closer look at the ...

Qualcomm Announces Snapdragon 820 Modem Configuration
... program. While we have some information about various bits and pieces of Snapdragon 820, the real points of interest like the exact CPU configuration, ...

Resources last updated: 12/27/2015 10:53:28 AM