We did setup an ipsec tunnel between our z/os system down to a group of
devices. Our environment may be different in that the tunnel goes to our
firewall, which the devices are in a secure vlan behind the firewall.
a couple of notes:
1) the ipsec tunnel definition is between your base (i.e
e too much of a "deviation"
too, considering that the Linux kernel and OpenBSD now come baked-in
with WG.
I naively assumed that IPsec on z/OS would be transport mode, not tunnel
mode. I say this because I assume that most of the IP traffic to / from
a mainframe is terminal on the m
Ditto, sorry to go "off-topic" again ... I hope IBM is reading this, and hope
they look to adding WireGuard support on Z.
>From what little I know, WireGuard is far more manageable and performant than
>IPSec & IKEv2.
Adding WireGuard support to z/OS shouldn't be too much
On 7/1/20 1:49 PM, Crawford, Robert C. wrote:
We're considering using IPSEC to secure traffic between an internal
router and a CICS application. Can anyone on this list give us any
hints, tips or gotchas they may have from doing something similar
themselves.
I can't help.
But I'd love
We're considering using IPSEC to secure traffic between an internal router and
a CICS application. Can anyone on this list give us any hints, tips or gotchas
they may have from doing something similar themselves.
Thanks in advance.
Robert Crawford
Mainframe Management
United Services
TCP packet size issue comes to mind. IPSEC adds to the total. Causing
packet fragmentation and has been know to uncover other issues that would
not normally be a problem.
Check with the network folks what it should be set to for IPSEC.
Rob
On Mon, Dec 12, 2016, 10:12 PM scott Ford <id
All,
I have a dumb question and apologize in advance for asking it here. We have
a LDAP sitting on Windows being sent data , that's encrypted with AES128
encryption . The STC on z/OS sends a 32k packet via a socket write and the
customer has IPSEC turned on. We saw a hang of the Windows LDAP
ROUTED or LOCAL? I *think* it may have to be ROUTED but I am not finding
any information to conclusively prove that and before I test it out, I
ask. The reason I ask is because I have reason to specify a traffic
descriptor for a restricted set of ports and that would not be in
compliance
Is there such a thing as the above ?
Jim McAlpine
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
On 1/18/2013 at 03:11 AM, Jim McAlpine jim.mcalp...@gmail.com wrote:
Is there such a thing as the above ?
http://lmgtfy.com/?q=cisco+ipsec+client+for+android
Mark Post
--
For IBM-MAIN subscribe / signoff / archive access
All,
I am looking at implementing IPSec between z/os and windows/XP server.
The RedBook sg247342 mentions using IBMs Configuration Assistant, does anyone
know if this is a requirement ?
Scott ford
www.identityforge.com
=
=
=
=
=
= From: Scott Ford scott_j_f...@yahoo.com
= To: IBM-MAIN@LISTSERV.UA.EDU
= Date: 09/21/2012 11:08
= Subject:IPSec
= Sent by:IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU
=
=
=
= All,
=
= I am looking at implementing IPSec between z/os and windows/XP server
more compact and
easier to read/debug.
Bart
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Scott Ford
Sent: Friday, September 21, 2012 11:03 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: IPSec
All,
I am looking at implementing IPSec
You can use either z/OSMF, or the Windows based Config Assistant.
I think I read that after z/OS v1r13 you'll have to use z/OSMF, unfortunately.
Regards
Patrick Loftus
TNT Express ICS Ltd
--
For IBM-MAIN subscribe / signoff /
14 matches
Mail list logo