Novell Cool Solutions: Feature
By Scott Jones
Digg This -
Posted: 5 Apr 2002
Version: BorderManager 3.6
If you have pure IP VPN clients, remember that they must be statically configured with DA information to be able to see private hosts. A DA should be on the VPN server when possible. If it is behind the VPN server (on a private host), you will need to load an extra module, PIM.NLM, after the VPMASTER or VPSLAVE load line, to allow the UA and DA to communicate.
Q&A about this article
Question: Why should the DA be on the VPN server? Only to avoid loading PIM? Or something else?
Scott says: Having a DA on the VPN server is the simplest possible configuration and the least likely to result in SLP problems for VPN clients. In larger environments this may not be appropriate or even possible, but on small networks it's a good trick to avoid some headaches.
PIM is only required when dynamic discovery is used, so having all the DA's inside the private network doesn't mean that you must have PIM loaded. Statically configuring the NetWare client with SLP info is also a way to avoid using multicast and PIM. It's more reliable than dynamic discovery, too, but managing remote client configurations is not something most customers want to take on. That's why in our new VPN architecture later this year we will provide the ability to push SLP info to the VPN client at the time of login. So no static config of the NetWare client will be required and yet the VPN clients will still be able to avoid using multicast. The best of both worlds. We want our BorderManager users to have their cake and eat it too! :)
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com