ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiy_5.4.0.1/rzaiyipmgmtstrategy.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="IP address management strategy" />
<meta name="abstract" content="You should be familiar with your network IP address management strategy before configuring a PPP connection profile. This strategy will impact many of the decisions throughout the configuration process including your authentication strategy, security consideration and TCP/IP settings." />
<meta name="description" content="You should be familiar with your network IP address management strategy before configuring a PPP connection profile. This strategy will impact many of the decisions throughout the configuration process including your authentication strategy, security consideration and TCP/IP settings." />
<meta name="DC.Relation" scheme="URI" content="rzaiyipcons.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiyipmgmtstrategy" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>IP address management strategy</title>
</head>
<body id="rzaiyipmgmtstrategy"><a name="rzaiyipmgmtstrategy"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">IP address management strategy</h1>
<div><p>You should be familiar with your network IP address management
strategy before configuring a PPP connection profile. This strategy will impact
many of the decisions throughout the configuration process including your
authentication strategy, security consideration and TCP/IP settings.</p>
<div class="section"><h4 class="sectiontitle">Originator connection profiles:</h4><p>Typically, the local
and remote IP addresses defined for an originator profile will be defined
as <dfn class="term">Assigned by remote system</dfn>. This allows the administrators
on the remote system to have control over the IP addresses that will be used
for the connection. Most all connections to Internet service providers (ISP)
will be defined this way, although many ISPs can offer fixed IP addresses
for an additional fee.</p>
</div>
<div class="section"><p>If you define fixed IP addresses for either the local or remote
IP address then you must be sure that the remote system is defined to accept
the IP addresses you have defined. One typical application is to define your
local IP address as a fixed IP address and the remote to be assigned by the
remote system. The system you are connecting can be defined the same way so
when you connect, the two systems will exchange IP addresses with each other
as a way to learn the IP address of the remote system. This might be useful
for one office calling another office for temporary connectivity.</p>
</div>
<div class="section"><p>Another consideration is if you want to enable IP Address Masquerading.
For example, if the iSeries™ server connects to the Internet through an
ISP, then this can allow an attached network behind the iSeries server
to also access the Internet.  Basically the iSeries server hides the IP addresses
of the systems on the network behind the local  IP address assigned by the
ISP, thus making all IP traffic appear to be from the iSeries server. There are also additional
routing considerations for both the systems on the LAN (to ensure their Internet
traffic is sent to the iSeries server) as well as the iSeries server
where you will need to enable the 'add remote system as the default route'
box.</p>
</div>
<div class="section"><h4 class="sectiontitle">Receiver connection profiles:</h4><p>Receiver connection
profiles have many more IP address considerations and options than the Originator
connection profile does.  How you configure the IP addresses depends on the
IP address management plan for your network, your specific performance and
functional requirements for this connection, and the security plan. </p>
</div>
<div class="section"><h4 class="sectiontitle">Local IP addresses</h4><p>For a single receiver profile
you can define a unique IP address or use an existing local IP address on
your iSeries server.
This will become the IP address that will identify the iSeries server end of the PPP connection.
For receiver profiles defined to support multiple connections at the same
time, you must use an existing local IP address. If no previously existing
local IP addresses are present then you can create a Virtual IP address for
this purpose.</p>
</div>
<div class="section"><h4 class="sectiontitle">Remote IP addresses</h4><p>There are many options for assigning
remote IP addresses to PPP clients. The following options can be specified
on the TCP/IP page of the receiver connection profile. </p>
</div>
<div class="section"><div class="note"><span class="notetitle">Note:</span> If you want the remote system to be considered part of the
LAN, you should configure IP address routing, specify an IP address within
the IP address range for LAN attached systems, and verify that IP forwarding
has been enabled for both this connection profile and the iSeries system.</div>
</div>
<div class="section">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. IP address assignment options for receiver profile
connections</caption><thead align="left"><tr><th valign="top" width="25.757575757575758%" id="d0e80">Option</th>
<th valign="top" width="74.24242424242425%" id="d0e82">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Fixed IP address</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">You define the single IP address that is to be given
to remote users when they dial in.  This is a host only IP address (Subnet
mask is 255.255.255.255) and is only  for single connection receiver profiles.</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Address Pool</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">You define the starting IP address and then a range
of how many additional IP addresses to define. Each user that connects will
then be given a unique IP address within the defined range.  This is a host
only IP address (Subnet mask is 255.255.255.255) and is only  for multiple
connection receiver profiles.</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">RADIUS</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address and it's subnet mask will be determined
by the Radius server.  This is only  if the following is defined: <ul><li>Radius support for authentication and IP addressing has been enabled from
the Remote Access Server services configuration.</li>
<li>Authentication is enabled for the receiver connection profile and is defined
to be authenticated remotely by Radius.</li>
</ul>
</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">DHCP</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address is determined by the DHCP server
directly or indirectly through DHCP relay.  This is only  if DHCP support
has been enabled from the Remote Access Server services configuration.   This
is a host only IP address (Subnet mask is 255.255.255.255).</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Based on remote system's user ID</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address is determined by the user ID defined
for the remote system when it is authenticated.  This allows the administrator
to assign different remote IP addresses (and their associated subnet masks)
to the user that dials in. This also allows additional routes to be defined
for each of these user IDs so you can tailor the environment to the known
remote user.  Authentication must be enabled for this function to work properly.</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Define additional IP addresses based on remote system's
user ID</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">This option allows you to define IP addresses based
on the user ID of the remote system. This option is automatically selected
(and must be used)  if the remote IP address assignment method is defined
as <strong>Based on remote system's user ID</strong>. This option is also allowed for
IP address assignment methods of Fixed IP address and Address Pool. When a
remote user connects to the iSeries server a search will be made to determine
if a remote IP address is defined specifically for this user. If it is then
that IP address, mask and set of possible routes will be used for the connection.
If the user is not defined then the IP address will default to the defined
Fixed IP address or the next  Address Pool IP address.</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Allow remote system to define it's own IP address</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">This option allows a remote user to define their own
IP address if they negotiate to do so. If they do not negotiate to use their
own IP address then the remote IP address will be determined by the defined
remote IP address assignment method. This option is initially disabled and
careful consideration should be used before enabling it.</td>
</tr>
<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">IP address routing</td>
<td valign="top" width="74.24242424242425%" headers="d0e82 ">The dial-up client and the iSeries must have IP address routing
properly configured if the client needs access to any IP addresses on the
LAN to which the iSeries belongs.</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiyipcons.htm" title="PPP connections allow several different sets of options for managing IP addresses depending on the type of connection profile.">IP address handling</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="reference" />`
			`<meta name="DC.Title" content="IP address management strategy" />`
			`<meta name="abstract" content="You should be familiar with your network IP address management strategy before configuring a PPP connection profile. This strategy will impact many of the decisions throughout the configuration process including your authentication strategy, security consideration and TCP/IP settings." />`
			`<meta name="description" content="You should be familiar with your network IP address management strategy before configuring a PPP connection profile. This strategy will impact many of the decisions throughout the configuration process including your authentication strategy, security consideration and TCP/IP settings." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiyipcons.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaiyipmgmtstrategy" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>IP address management strategy</title>`
			`</head>`
			`<body id="rzaiyipmgmtstrategy"><a name="rzaiyipmgmtstrategy"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">IP address management strategy</h1>`
			`<div><p>You should be familiar with your network IP address management`
			`strategy before configuring a PPP connection profile. This strategy will impact`
			`many of the decisions throughout the configuration process including your`
			`authentication strategy, security consideration and TCP/IP settings.</p>`
			`<div class="section"><h4 class="sectiontitle">Originator connection profiles:</h4><p>Typically, the local`
			`and remote IP addresses defined for an originator profile will be defined`
			`as <dfn class="term">Assigned by remote system</dfn>. This allows the administrators`
			`on the remote system to have control over the IP addresses that will be used`
			`for the connection. Most all connections to Internet service providers (ISP)`
			`will be defined this way, although many ISPs can offer fixed IP addresses`
			`for an additional fee.</p>`
			`</div>`
			`<div class="section"><p>If you define fixed IP addresses for either the local or remote`
			`IP address then you must be sure that the remote system is defined to accept`
			`the IP addresses you have defined. One typical application is to define your`
			`local IP address as a fixed IP address and the remote to be assigned by the`
			`remote system. The system you are connecting can be defined the same way so`
			`when you connect, the two systems will exchange IP addresses with each other`
			`as a way to learn the IP address of the remote system. This might be useful`
			`for one office calling another office for temporary connectivity.</p>`
			`</div>`
			`<div class="section"><p>Another consideration is if you want to enable IP Address Masquerading.`
			`For example, if the iSeries™ server connects to the Internet through an`
			`ISP, then this can allow an attached network behind the iSeries server`
			`to also access the Internet. Basically the iSeries server hides the IP addresses`
			`of the systems on the network behind the local IP address assigned by the`
			`ISP, thus making all IP traffic appear to be from the iSeries server. There are also additional`
			`routing considerations for both the systems on the LAN (to ensure their Internet`
			`traffic is sent to the iSeries server) as well as the iSeries server`
			`where you will need to enable the 'add remote system as the default route'`
			`box.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Receiver connection profiles:</h4><p>Receiver connection`
			`profiles have many more IP address considerations and options than the Originator`
			`connection profile does. How you configure the IP addresses depends on the`
			`IP address management plan for your network, your specific performance and`
			`functional requirements for this connection, and the security plan. </p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Local IP addresses</h4><p>For a single receiver profile`
			`you can define a unique IP address or use an existing local IP address on`
			`your iSeries server.`
			`This will become the IP address that will identify the iSeries server end of the PPP connection.`
			`For receiver profiles defined to support multiple connections at the same`
			`time, you must use an existing local IP address. If no previously existing`
			`local IP addresses are present then you can create a Virtual IP address for`
			`this purpose.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Remote IP addresses</h4><p>There are many options for assigning`
			`remote IP addresses to PPP clients. The following options can be specified`
			`on the TCP/IP page of the receiver connection profile. </p>`
			`</div>`
			`<div class="section"><div class="note"><span class="notetitle">Note:</span> If you want the remote system to be considered part of the`
			`LAN, you should configure IP address routing, specify an IP address within`
			`the IP address range for LAN attached systems, and verify that IP forwarding`
			`has been enabled for both this connection profile and the iSeries system.</div>`
			`</div>`
			`<div class="section">`
			`<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. IP address assignment options for receiver profile`
			`connections</caption><thead align="left"><tr><th valign="top" width="25.757575757575758%" id="d0e80">Option</th>`
			`<th valign="top" width="74.24242424242425%" id="d0e82">Description</th>`
			`</tr>`
			`</thead>`
			`<tbody><tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Fixed IP address</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">You define the single IP address that is to be given`
			`to remote users when they dial in. This is a host only IP address (Subnet`
			`mask is 255.255.255.255) and is only for single connection receiver profiles.</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Address Pool</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">You define the starting IP address and then a range`
			`of how many additional IP addresses to define. Each user that connects will`
			`then be given a unique IP address within the defined range. This is a host`
			`only IP address (Subnet mask is 255.255.255.255) and is only for multiple`
			`connection receiver profiles.</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">RADIUS</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address and it's subnet mask will be determined`
			`by the Radius server. This is only if the following is defined: <ul><li>Radius support for authentication and IP addressing has been enabled from`
			`the Remote Access Server services configuration.</li>`
			`<li>Authentication is enabled for the receiver connection profile and is defined`
			`to be authenticated remotely by Radius.</li>`
			`</ul>`
			`</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">DHCP</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address is determined by the DHCP server`
			`directly or indirectly through DHCP relay. This is only if DHCP support`
			`has been enabled from the Remote Access Server services configuration. This`
			`is a host only IP address (Subnet mask is 255.255.255.255).</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Based on remote system's user ID</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">The remote IP address is determined by the user ID defined`
			`for the remote system when it is authenticated. This allows the administrator`
			`to assign different remote IP addresses (and their associated subnet masks)`
			`to the user that dials in. This also allows additional routes to be defined`
			`for each of these user IDs so you can tailor the environment to the known`
			`remote user. Authentication must be enabled for this function to work properly.</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Define additional IP addresses based on remote system's`
			`user ID</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">This option allows you to define IP addresses based`
			`on the user ID of the remote system. This option is automatically selected`
			`(and must be used) if the remote IP address assignment method is defined`
			`as <strong>Based on remote system's user ID</strong>. This option is also allowed for`
			`IP address assignment methods of Fixed IP address and Address Pool. When a`
			`remote user connects to the iSeries server a search will be made to determine`
			`if a remote IP address is defined specifically for this user. If it is then`
			`that IP address, mask and set of possible routes will be used for the connection.`
			`If the user is not defined then the IP address will default to the defined`
			`Fixed IP address or the next Address Pool IP address.</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">Allow remote system to define it's own IP address</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">This option allows a remote user to define their own`
			`IP address if they negotiate to do so. If they do not negotiate to use their`
			`own IP address then the remote IP address will be determined by the defined`
			`remote IP address assignment method. This option is initially disabled and`
			`careful consideration should be used before enabling it.</td>`
			`</tr>`
			`<tr><td valign="top" width="25.757575757575758%" headers="d0e80 ">IP address routing</td>`
			`<td valign="top" width="74.24242424242425%" headers="d0e82 ">The dial-up client and the iSeries must have IP address routing`
			`properly configured if the client needs access to any IP addresses on the`
			`LAN to which the iSeries belongs.</td>`
			`</tr>`
			`</tbody>`
			`</table>`
			`</div>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiyipcons.htm" title="PPP connections allow several different sets of options for managing IP addresses depending on the type of connection profile.">IP address handling</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`