Setting Up VPN Client-to-Site in BM 3.8sp2 on NSBS 6.0.5

I've been lurking the last few days trying to figure out how to set up VPN
services for our BM3.8sp2/NW6.0.5 system to allow wireless users (within our
building) to access our network directly.

Right now, I have a Linksys WRV54G wireless VPN router sitting outside our
firewall (BM server) which is also used to connect to our cable modem for
regular internet access. My "public" IP network is 192.168.10.0 and our
private network is 192.168.1.0 (NAT'ed by BM.)

From what I've read, NIASCFG can't be used to setup the VPN services in
BM3.8, and this matches my experience ("Cannot start configuration program
for Virtual Private Network" from NIASCFG.NLM). Currently, I'm running
iManager 1.2.2, which I understand has to be upgraded to version 2.0.2 to
configure BM3.8. Now it seems I also need to update eDirectory from my
current version 8.6.2 to 8.7.1 or later (according to the "installing
iManager on Netware 6" pre-requisites in the documentation). It's all
getting pretty complicated!

I've got Craig's "Beginner's Guide to BorderManager 3.x" 2nd edition, and
plan to purchase his latest offering, as it covers BM3.8. Does this edition
detail the necessary iManager, eDir, and any other "pre-requisite" upgrades
as well?

Any help, ideas, caveats, would be appreciated!

TIA,
RFNelson
***

0
Robert
8/16/2004 5:54:45 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

8 Replies
321 Views

Similar Articles

[PageSpeed] 44
Get it on Google Play
Get it on Apple App Store

In article <BD465F14.2748F%rnelson@no_spam.camplex.com>, Robert Nelson wrote:
> I've got Craig's "Beginner's Guide to BorderManager 3.x" 2nd edition, and
> plan to purchase his latest offering, as it covers BM3.8. Does this edition
> detail the necessary iManager, eDir, and any other "pre-requisite" upgrades
> as well?
>
Yes, it does, and it took over 400 pages to describe it...

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/17/2004 6:58:33 AM
Craig:

I bought the book yesterday, and, like the 2nd edition, it's quite
comprehensive.

I upgraded our main server to eDir 8.7.1 this morning, and am now working on
getting the BM server updated. Unfortunately, I'm having some problems with
the NWCONFIG installation.

However, once I get that solved (posted a message in the eDir forum), I'm
hoping to get my wireless VPN system up and running.

Thanks for the reply!

Robert
***

On 8/17/04 1:58 AM, in article VA.00004108.0398f7b3@ix.netcom.com, "Craig
Johnson" <craigsj@ix.netcom.com> wrote:

> In article <BD465F14.2748F%rnelson@no_spam.camplex.com>, Robert Nelson wrote:
>> I've got Craig's "Beginner's Guide to BorderManager 3.x" 2nd edition, and
>> plan to purchase his latest offering, as it covers BM3.8. Does this edition
>> detail the necessary iManager, eDir, and any other "pre-requisite" upgrades
>> as well?
>> 
> Yes, it does, and it took over 400 pages to describe it...
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> 

0
Robert
8/17/2004 2:27:52 PM
In article <BD478017.278C7%rnelson@no_spam.camplex.com>, Robert Nelson 
wrote:
> hoping to get my wireless VPN system up and running.
>
Let us know how it goes!

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/19/2004 7:15:21 AM
Craig:

Have you ever had "one of those weeks?" The good news: my VPN is running...
The bad news: I'm actually using BM3.7, not BM3.8 as indicated in the
subject line above. (I reviewed my scenario when I purchased your "Beginners
Guide... Third Edition," and realized I'd updated late last year to BM 3.7
(from the original BM 3.6 included with NSBS 6.0), not BM3.8!)

As such, while I have successfully used VPN to protect the wireless
computers in-house, it looks like I'm going to have to upgrade to BM3.8 to
support VPN over NAT through our router's connection to our cable ISP. I've
asked CDW for a quote for both NSBS 6.5 and BM3.8 (stand-alone), 25 users.

One problem I am still fighting though...  wireless VPN users cannot surf
the web.  I've used static IP's on my test wireless (VPN) workstations using
WinXP's TCPIP "alternate" configuration, and turned off the wireless
router's DHCP server, just so I can set the appropriate DNS services for VPN
access. The test workstation can ping my internal hosts using their dns
names just fine, and it can browse to our internal web server, but it cannot
ping any host outside our internal network.

Strangely enough, a test of all our IP address shows I can't ping any of our
printers IP addresses either, either by name or IP address, but all other
workstations and servers reply just fine.

Any thoughts? (I am not running IPX over VPN.)

TIA,
RFN
***

 
On 8/19/04 2:15 AM, in article VA.00004118.0196502c@ix.netcom.com, "Craig
Johnson" <craigsj@ix.netcom.com> wrote:

> In article <BD478017.278C7%rnelson@no_spam.camplex.com>, Robert Nelson
> wrote:
>> hoping to get my wireless VPN system up and running.
>> 
> Let us know how it goes!
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> 

0
Robert
8/20/2004 7:09:20 PM
In article <BD4BB68F.282F9%rnelson@no_spam.camplex.com>, Robert Nelson wrote:
> As such, while I have successfully used VPN to protect the wireless
> computers in-house, it looks like I'm going to have to upgrade to BM3.8 to
> support VPN over NAT through our router's connection to our cable ISP. 

That is correct.
> 
> One problem I am still fighting though...  wireless VPN users cannot surf
> the web.  I've used static IP's on my test wireless (VPN) workstations using
> WinXP's TCPIP "alternate" configuration, and turned off the wireless
> router's DHCP server, just so I can set the appropriate DNS services for VPN
> access. The test workstation can ping my internal hosts using their dns
> names just fine, and it can browse to our internal web server, but it cannot
> ping any host outside our internal network.

Check your VPN config (protect only networks listed below...).
> 
> Strangely enough, a test of all our IP address shows I can't ping any of our
> printers IP addresses either, either by name or IP address, but all other
> workstations and servers reply just fine.

They may not have default gateways configured.



Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/23/2004 9:22:28 PM
Craig:

Thanks for the response...

I also have thought about the "Protected Networks" setting in NWADM32
Bordermanager Setup VPN Client to Site, and have tried a variety of
settings. Right now, I've got the public NIC address (192.168.10.1,
255:255:255:255, which is the actual IP address of the NIC - not a secondary
ipaddress), and our private subnet (192.168.1.0, 255:255:255:0) listed.

Any additional thoughts? Am I missing an entry, or do I need to further
"tighten" the private side of my "protected" networks by protecting only the
private NIC address?

BTW, you were right about two of the three print servers... They had our old
gateway address instead of the BorderManager 3.7 private NIC.

Thanks in advance...
Robert
***

On 8/23/04 4:22 PM, in article VA.00004131.0d66a8b7@ix.netcom.com, "Craig
Johnson" <craigsj@ix.netcom.com> wrote:

> In article <BD4BB68F.282F9%rnelson@no_spam.camplex.com>, Robert Nelson wrote:
>> As such, while I have successfully used VPN to protect the wireless
>> computers in-house, it looks like I'm going to have to upgrade to BM3.8 to
>> support VPN over NAT through our router's connection to our cable ISP.
> 
> That is correct.
>> 
>> One problem I am still fighting though...  wireless VPN users cannot surf
>> the web.  I've used static IP's on my test wireless (VPN) workstations using
>> WinXP's TCPIP "alternate" configuration, and turned off the wireless
>> router's DHCP server, just so I can set the appropriate DNS services for VPN
>> access. The test workstation can ping my internal hosts using their dns
>> names just fine, and it can browse to our internal web server, but it cannot
>> ping any host outside our internal network.
> 
> Check your VPN config (protect only networks listed below...).
>> 
>> Strangely enough, a test of all our IP address shows I can't ping any of our
>> printers IP addresses either, either by name or IP address, but all other
>> workstations and servers reply just fine.
> 
> They may not have default gateways configured.
> 
> 
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> 

0
Robert
8/23/2004 10:22:05 PM
Try the old 'static-nat-the-private-IP-address-to-itself' trick.  (Do 
this on the public binding).

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***

0
Craig
8/26/2004 6:45:24 AM
Craig:

Thanks for the response, I'll give it a try.

Robert
***

On 8/26/04 1:45 AM, in article VA.00004146.035806e2@ix.netcom.com, "Craig
Johnson" <craigsj@ix.netcom.com> wrote:

> Try the old 'static-nat-the-private-IP-address-to-itself' trick.  (Do
> this on the public binding).
> 
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to http://www.craigjconsulting.com ***
> 

0
Robert
8/26/2004 9:34:56 PM
Reply:

Similar Artilces:

3rd Party VPN client to site thru BM 3.6
We do not use VPN and have a BM 3.6 Server at our internet connection point. There is a vendor coming for a presentation that requires the salesperson to establish a VPN to their server through our BM 3.6 server. Their specs call for UDP traffic to pass over ports UDP:500, UDP:1000, and protocol 50 & 51 (IPSEC). I can set up the UDP packet exceptions but am stymied by the Protocol 50 & 51 requirements. Can this be done for them with our current configuration? If so, any pointers would be appreciated. JohnW hi, no, it can't be done. The NAT portion of the se...

upgrade from bm 3.6 nw 6.0 to bm 3.8 nw 6.5
Hi, We've been asked to upgrade the 4 BM 3.6 servers that are used as our customer's proxy service, they are only used for proxy services, no firewall or vpn services. The servers are currently running NW 6.0, I see that 3.8 is only officially supported on NW 6.5. therefore, is there a recommended path from 3.6 NW 6.0 to 3.8 NW 6.5? Thanks Hi Mark, That's not correct. You can install BM3.8 on NW6.5, NW6.0 or NW5.1. Just upgrade to BM3.8, trying to follow as much as possible the recommended installation sequence in this web site: http://www.craigjconsultin...

BM VPN site - to
Hi, Can i use BM 3.7 or 3.8 to create a site-to-site VPN with a BM server on one site an a hardware VPN device (Cisco, Nortel) on the other site ? Or does site-to-site VPN always need to be 2 BM servers ? Regards, Jan Wiersma the Netherlands. Jan Wiersma wrote: > Hi, > > Can i use BM 3.7 or 3.8 to create a site-to-site VPN with a BM server on one site an a hardware VPN device (Cisco, Nortel) on the other site ? > Or does site-to-site VPN always need to be 2 BM servers ? 3.7 is BMgr only. 3.8 should work with any IPSEC VPN. -andy ...

Problems with latest VPN client (to site) on XP/SP1 and BM 3.6
VPN client won't make the connection to the BM server. Info: Client : Windows XP, SP 1 VPN client: 3.7.0, downloaded and installed a week or two ago. Server : SPACK 5.1.4 v4.0 Support Pack for NetWare 5.1 BM : BM36SP 3.6.1A BorderManager 3.6 Support Pack 1A BRDRMGR 3.5.0 Novell BorderManager 3.6.0 Connection: Cable modem Other: The workstation is a Panasonic Toughbook laptop and seems to require IPCONFIG /RELEASE, IPCONFIG /RENEW when we connect it to the cable modem. No router/hub at the remote location. After these, ...

Problem with site-to-site VPN via BM 3.8sp2
Hi All This is really putting up a tease. I've changed the LAN IP segment. It was previously 192.168.1.0. It is now changed to a 172.1.0.0 segment. The remote site has a 192.168.2.0 segment. I can't ping a server on the remote site after changing this. I don't have access to the remote site. I've added an extra IP address to my local site. So it now has: 172.1.1.1 AND 192.168.1.1 bound. But I still can't get any pings back. If I start NWadmin, go to the BM server, selects Bordermanager Setup, VPN, and click on Master Site to Site and details, and the...

VPN Client
I have a Border Manager 3.7 server with a Site to Site and Client to Site VPN enabled. The VPN client can access all information of the WAN except for the site that is accross the Site to Site VPN. The client to site is configured to encrypt this network. From the internal network the remote site accross the VPN site to site works fine. Any help would be appreciated Rob C Rob, This is really working as designed. If you want a vpn client to access the other site, you'll need to enable client-site on the other BM server. -- Lance Reynolds, CNE &l...

Firefox update 3.6.4 not working while running Cisco systems VPN client Version 5.0.01.0600
Name: Zachary Pleiner Email: zpleineratgmaildotcom Product: Firefox Summary: Firefox update 3.6.4 not working while running Cisco systems VPN client Version 5.0.01.0600 Comments: I upgraded Firefox today to version 3.6.4 automatically while connected with my VPN server using Cisco systems VPN client Version 5.0.01.0600. When it started back up after updating it just sat with a white blank screen trying to find my homepage. Multiple restarts had no effect. So then I tried to re-install the 3.6.4 manually after removing it from the "control panel". It would still ...

BM 3.6 + VPN Client 3.7 + NAT + private ipaddress
Hallo, i've a new vodaphone D2 PCMCIA Data Connect Card ( Germany ) to dial into Internet over VPN-Client to my BM server. It work, but i cannot ping hosts in my private network. Over the provider i became also private ipaddresses ( 10.x.x.x ), so this addresses could not route over the BM !!! Had anyone an idea, if it is possible to route private ip addresses in VPN-Client to private ip addresses to bm ? Or, is it possible to give the vpn-client a second ipaddress from my private network ? How is the way to configure my bm + vpn client to get it to work ??? Or is t...

VPN thru BM 3.6 t oW2K VPN
--____NKHXHHECQEOVYUGORWTG____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Is it possible to create a VPN from a W2k-machine to a W2K-Server in the = Internet from a NAT-Network across Bordermanager ? Greetings Uwe --____NKHXHHECQEOVYUGORWTG____ Content-Type: multipart/related; boundary="____HOHDEQRUFCFDMNBJPEJB____" --____HOHDEQRUFCFDMNBJPEJB____ Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN&qu...

BM 3.5 to BM 3.8 w/VPN
Bordermanager 3.5 server on Netware 5.1 providing firewall and proxy services for users on internal network. This box is also acting as the Master VPN server with multiple site-to-site VPN links to BM 3.5 slave servers. Primary Goal Replace the existing Bordermanager 3.5 master VPN server hardware with a new server running Bordermanager 3.8 on Netware 6.0. It is possible to have both servers online during migration. Must minimize disruption to firewall, proxy & VPN services. Secondary Goal: No changes (or minimial changes only) to the slave servers running BM 3.5. (T...

Client to site VPN BM 3.8
Hi, Im having a few problems using the client to site VPN (3.8) I amable to log into the VPN and get thru fine and Im then able to ping everyone on the private network, but im unable to browse the tree or log into NDS, any ideas? Im using win 2k on the client and the servers are running netware 6.5. Thanks for any help. Paul. slp ? paul.davis@saxbysdotcodotuk wrote: > Hi, > > Im having a few problems using the client to site VPN (3.8) I amable to log > into the VPN and get thru fine and Im then able to ping everyone on the > private network, but im u...

BM 3.8 VPN Client to Site
--____LPHMXLZMXOMRLFKSEJCW____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I have issues with connecting to the VPN, if I use a NAT'd address. I = could successfully connect if I have a public IP. If some had a similar = problem and resolutions please let me know. Here is the IKE Log 12-02-2003 11:25:43 AM 00000000 80a44be1 12-02-2003 11:25:43 AM Start IKE-SA 008a7060 - Initiator,src=3D192.168.0.17= 1,dst=3D128.164.75.225,TotSA=3D1 12-02-2003 11:25:43 AM ***Send Main Mode message to 128.164.75.225 12-02-2003 11:25:4...

BM 3.8 Client to Site VPN
During C2S VPN configuration I receive an "Unknown Error" setting "Address Pool" in the Default Service using iManager 2.0.2 from a Windows 2000 PC. For this reason I'm unable to configure my VPN Server : NW65 SP1 TCP : BM38 Companion CD Thanks in advance to anyone can help me Davide Davide Loi Microline Networks s.r.l. - Italy I assume you have tried this several times, rebooting the PC, etc? Have you tried from another PC? Is this the only place in the config (so far) that gives you an error? Craig Johnson Novell Support Conn...

Can I import VPN setting from BM 3.7 into BM 3.8
Hi all, we have a Netware 6.5 server with Bordermanager 3.7. (after migration from NW 5.1) This worked fine for a year, but now the server abends several times a day. Bordermanager is only used for Proxy and VPN. I want to replace the server with a new installed NW6.5 with BM 3.8. Can I quickly and easy import my current VPN settings from BM 3.7? Greetz, Erwin hi Erwin, You can't really "import" the VPN from a server to another one, unless you image it (but at the end you would have an identical server, i.e. 3.7). The safest way is to reconfigure the VPN in t...

Web resources about - Setting Up VPN Client-to-Site in BM 3.8sp2 on NSBS 6.0.5 - novell.bordermanager.vpn

Resources last updated: 12/19/2015 3:48:36 AM