Re: Linksys router and AS/400-iSeries Client Access

From: Jonathan Ball (jonball_at_whitehouse.not)
Date: 01/22/04 

Date: Thu, 22 Jan 2004 03:01:14 GMT

Chris wrote:

> Interesting thought. I have a LinkSys router, but I use Mochasoft for my
> 5250 sessions, and I have the same situation, even if I configure Mochasoft
> to send keep alive packets. The only thing I've noticed is that if I
> connect to my network using VPN first, then my connections don't drop.
> Maybe this would work with CA as well...

When I brought this issue up (without resolution) last
September in the same two newsgroups, someone else
asked me about the involvement of a VPN. I had posed
the issue at the time in the context of one of my
clients, to whom I connect through a VPN (using
CheckPoint's SecureRemote VPN software). One person
who responded asked why I was using a firewall if I'm
using a VPN. The short answer is, I don't know. The
longer answer is, I have firewall software that
interacts with my Linksys router (the ZoneAlarm
activation key is embedded in the router), and I have
no idea how I would not use the firewall while
connected through the VPN to my client, while
maintaining it for other simultaneous internet use (see
my initial note about being a firewall/router dummy.)

I'm now connecting to a different business client
(still have the other company as a client, too), and
not through a VPN. I'm using the SSL feature of Client
Access. On the other client, I finally got telnet
sessions (but *not* any other Client Access programs,
e.g. the SQL processor window) to stop dropping, by
running CHGTELNA on the host and specifying
TIMMRKTIMO(7200); i.e. a 2 hour host time-out setting
for telnet sessions. However, this subsequent went to
V5R2 and have the same CHGTELNA setting, and my
sessions were dropping anyway.

Since my initial post a couple of hours ago, I monkeyed
around with trying to set up an expert rule in my
ZoneAlarm firewall software, hoping to let a keep-alive
signal from my computer make it through to the host.
Strange to say, it seems to be working, for telnet
sessions, anyway; the SQL statement processor doesn't
work at all, because my client company has that port
closed on their firewall.

The problem with my "expert" rule is, it's more like a
sorcerer's apprentice rule: I took a real scattershot
approach, and after adding the company's IP address to
my "trusted zone", I set up the rule to allow pretty
much every protocol through for anyone in the trusted
zone. Whatever it is, my two sessions have remained
connected even though I've let each of them go as much
as 10 minutes with no activity; previously, they were
dropping after just a couple of minutes of non-use.

>
> "Jonathan Ball" <jonball@whitehouse.not> wrote in message
> news:q%EPb.21434$1e.5883@newsread2.news.pas.earthlink.net...
>
>>A number of people in comp.sys.ibm.as400.misc who
>>connect to an AS/400 or iSeries through a Linksys
>>router, including me, have problems with 5250 terminal
>>sessions in IBM's Client Access software (for iSeries)
>>dropping the connection with the host machine. I
>>imagine others also have dropped-connections problems,
>>but there are too many with a common element of a
>>Linksys router for it to be a coincidence.
>>
>>I'm no expert in routers, VPNs, or firewalls, but my
>>strong suspicion is that some kind of "keep-alive" ping
>>doesn't make it through the router/firewall (I have a
>>ZoneAlarm firewall going, too.) There must be some way
>>to configure the Linksys router, the firewall, and
>>Client Access (cwbcopwr program), either alone or in
>>combination, to allow the keep-alive signals to get
>>through.
>>
>
>
>