friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajaqvpn.htm

122 lines
7.5 KiB
HTML
Raw Permalink Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Troubleshoot VPN with the QVPN journal" />
<meta name="abstract" content="Provides information about IP traffic and connections." />
<meta name="description" content="Provides information about IP traffic and connections." />
<meta name="DC.Relation" scheme="URI" content="rzajatroubleshootvpn.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajaqvpntable.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajaqvpn" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Troubleshoot VPN with the QVPN journal</title>
</head>
<body id="rzajaqvpn"><a name="rzajaqvpn"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Troubleshoot VPN with the QVPN journal</h1>
<div><p>Provides information about IP traffic and connections.</p>
<div class="section">VPN uses a separate journal to log information about the IP traffic
and connections called the QVPN journal. The QVPN is stored in the QUSRSYS
library. The journal code is M and the journal type is TS. You will rarely
use journal entries on a daily basis. Instead, you might find them useful
for troubleshooting and verifying that your system, keys, and connections
are functioning in the manner that you specified. For example, journal entries
help you understand what happens to your data packets. They also keep you
informed of your current VPN status.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzajaqvpntable.htm">QVPN journal fields</a></strong><br />
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajatroubleshootvpn.htm" title="Refer to this topic when you experience problems with your VPN connections.">Troubleshoot VPN</a></div>
</div>
</div><div class="nested1" xml:lang="en-us" id="howenablevpnjrnl"><a name="howenablevpnjrnl"><!-- --></a><h2 class="topictitle2">How to enable the VPN journal</h2>
<div><div class="section"><p>Use the virtual private networking interface in <span class="keyword">iSeries™ Navigator</span> to
activate the VPN journal. There is no function that allows logging for all
VPN connections. Therefore, you must enable the logging function for each
individual dynamic-key group or manual connection.</p>
<p>The following steps
describe how to enable the journal function for a particular dynamic-key group
or manual connection:</p>
</div>
<ol><li class="stepexpand"><span>In <span class="keyword">iSeries Navigator</span>,
expand your <span class="menucascade"><span class="uicontrol">server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">IP Policies</span> &gt; <span class="uicontrol">Virtual Private Networking</span> &gt; <span class="uicontrol"> Secure Connections</span></span>.</span></li>
<li class="stepexpand"><span>For dyanamic-key groups, expand <span class="uicontrol">By Group</span> and
then right-click the dynamic key group for which you want to enable journaling
and select <span class="uicontrol">Properties.</span></span></li>
<li class="stepexpand"><span>For manual connections, expand <span class="uicontrol">All Connections</span> and
then right-click the manual connection for which you want to enable journaling.</span></li>
<li class="stepexpand"><span>On the <span class="uicontrol">General</span> page, select the level of
journaling you require. You have the choice between four options. These are:</span> <dl><dt class="dlterm"><span class="uicontrol">None</span></dt>
<dd> No journaling occurs for this connection group.</dd>
<dt class="dlterm"><span class="uicontrol">All</span></dt>
<dd>Journaling occurs for all connection activities, such as starting or stopping
a connection, or key refreshes, as well as IP traffic information.</dd>
<dt class="dlterm">Connection Activity</dt>
<dd>Journaling occurs for such connection activity as starting or stopping
a connection.</dd>
<dt class="dlterm">IP traffic</dt>
<dd>Journaling occurs for all of the VPN traffic that is associated with this
connection. A log entry is made every time a filter rule is invoked. The system
records IP traffic information in the journal QIPFILTER, which is located
in the QUSRSYS library.</dd>
</dl>
</li>
<li class="stepexpand"><span>Click <span class="uicontrol">OK</span>.</span></li>
<li class="stepexpand"><span>Start the connection to activate journaling.</span></li>
</ol>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Before you can stop journaling, make sure that the connection
is inactive. To change the journaling status of a connection group, make sure
that no active connections are associated with that particular group.</div>
</div>
</div>
</div>
<div class="nested1" xml:lang="en-us" id="howusevpnjrnl"><a name="howusevpnjrnl"><!-- --></a><h2 class="topictitle2">How to use the VPN journal</h2>
<div><p>To view the entry-specific details in the VPN journal, you can
display the entries on the screen or you can use the output file.</p>
<div class="section"><div class="p">By copying the journal entries to the output file, you can easily
view the entries by using query utilities such as Query/400 or SQL. You can
also write your own HLL programs to process the entries in the output files.
The following is an example of the Display Journal (DSPJRN) command:<pre>DSPJRN JRN(QVPN) JRNCDE((M)) ENTTYP((TS)) OUTPUT(*OUTFILE) OUTFILFMT(*TYPE4)
OUTFILE(mylib/myfile) ENTDTALEN(*VARLEN *CALC)</pre>
</div>
<p>Use the
following steps to copy the VPN journal entries to the output file:</p>
</div>
<ol><li class="stepexpand"><span>Create a copy of the system-supplied output file QSYS/QATOVSOF
into a user library. You can do this by using the Create Duplicate Object
(CRTDUPOBJ) command. The following is an example of the CRTDUPOBJ command:</span> <pre>CRTDUPOBJ OBJ(QATOVSOF) FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(mylib)
NEWOBJ(myfile)</pre>
</li>
<li class="stepexpand"><span>Use the Display Journal (DSPJRN) command to copy the entries from
the QUSRSYS/QVPN journal to the output file created in the previous step.
If you attempt to copy the DSPJRN into an output file that does not exist,
the system creates a file for you, but this file does not contain the correct
field descriptions.</span></li>
</ol>
<div class="section"><p>See QVPN journal fields for a table that describes the fields in
the QVPN output file.</p>
</div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink