The Internet MIM (IMIM) system provides access to LIM's historical database server farm at LIM's Austin, Texas data center over a VPN broadband internet connection.
This system enables the user to utilize LIM's broad range of applications without the need to purchase and maintain UNIX servers at the clients location or purchase private high speed network connections.
The network is setup utilizing a split tunnel, 3DES-168 IPSec VPN connection between the client's PC and LIM's data center. The client PC will be assigned an address per RFC-1918 on a class C network 172.19.19.0. The UNIX server will be accessed using the IP network of 172.19.19.0/24. This network is only accessible via the VPN and is not routable to other networks. All requests made to the 172.19.19.0 network will utilize the VPN connection, while all other requests will utilize the normal connection.
The client PC will need to have CISCO's 3000 VPN Client (LIM provided) installed and setup to communicate with LIM's CISCO 3000 VPN Concentrator (12.43.226.25). LIM applications can be installed that will run native to the PC utilizing the RPC protocol over the VPN to communicate to the server. The local host table on the PC will need to be modified with the IP address and name of the UNIX server to run these native applications. If a firewall is in place, entries will need to be added to allow the VPN service through. The two services:
- ISAKMP/IPSEC Key Management
- IPSEC Tunnel Encapsulation using ESP or via UDP
must be allowed to pass through to the VPN Server and the client PC. Rules will need to be added for both directions.
| Service | Protocol Number/Name | Source Port | Destination Port |
| ISAKMP/IPSEC Key Management | 17/UDP | 500 | 500 |
| IPSEC Tunnel Encapsulation via UDP | 17/UDP | 10000 | 10000 |
| IPSEC Tunnel Encapsulation (if desired - notify LIM) | 50/ESP | N/A | N/A |
Since most firewalls will not allow the ESP(50) protocol, IPSEC can be sent using the UDP or TCP protocol. A port number may be selected from the range of 4001 - 49151for UDP and that port number assigned to your account. The default port number is 10000 and this is the initial setup. Using the UDP protocol can cause the connection to run slower due to the nature of the UDP protocol. Alternatively to UDP, TCP can be used. The following port numbers are valid for TCP - 21, 37, 53, 80, 443, 7070, 10000, 14237, 22434, 22951
The UDP port 500 must be allowed access in order to establish key credentials, regardless of the method (UDP, TCP or ESP) for IPSEC communications.
Client Requirements:
Minimum Hardware Requirements:
- 100mb of free disk space
- Broadband internet connection - 756kbs
Minimum Software Requirements:
- Windows XP, Solaris 9, RHEL 4, MAC OS
- Cisco VPN 3000 Client 4.x (LIM Supplied)
- TCP/IP networking
Notes:
At this time, printing from the remote UNIX server is not allowed. Printing must be done from the local PC by cutting/pasting or screen shots. Native Windows applications will print to local printers.