friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiy_5.4.0.1/rzaiycfggap.htm

136 lines
9.4 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Configure a group access policy" />
<meta name="abstract" content="The Group Access Policies folder under Receiver Connection Profiles provides options for configuring point-to-point connection parameters that apply to a group of remote users. It applies only to those point-to-point connections that originate from a remote system and are received by the local system." />
<meta name="description" content="The Group Access Policies folder under Receiver Connection Profiles provides options for configuring point-to-point connection parameters that apply to a group of remote users. It applies only to those point-to-point connections that originate from a remote system and are received by the local system." />
<meta name="DC.Relation" scheme="URI" content="rzaiyconfigure.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiygrppol.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiygrppol.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzajb/rzajbrzajb0ippacketsecuritysd.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiycfggap" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure a group access policy</title>
</head>
<body id="rzaiycfggap"><a name="rzaiycfggap"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure a group access policy</h1>
<div><p>The <strong>Group Access Policies</strong> folder under Receiver Connection
Profiles provides options for configuring point-to-point connection parameters
that apply to a group of remote users. It applies only to those point-to-point
connections that originate from a remote system and are received by the local
system.</p>
<p>To configure a new group access policy:</p>
<ol><li>In iSeries™ Navigator,
select your server, and expand <span class="menucascade"><span class="uicontrol">Network</span> &gt; <span class="uicontrol">Remote Access Services</span> &gt; <span class="uicontrol">Receiver Connection
Profiles</span></span>.</li>
<li>Right-click <span class="uicontrol">Group Access Policies</span>, and select <span class="uicontrol">New
Group Access Policy</span>.</li>
<li>On the <span class="uicontrol">General</span> tab, enter a name and description
for the new group access policy.</li>
<li>Click the <span class="uicontrol">Multilink</span> tab, and set up the multilink
configuration. <p>The multilink configuration specifies that you want to have
multiple physical lines join together in a bundle. The maximum number of lines
per bundle can be between 1 and 6. Because you do not know the type of line
setting until a connection is made, the default value is always 1. The group
policy can be used to extend or limit the Multilink protocol's capabilities
for a specific user.</p>
<p><strong>Maximum links per bundle</strong> specifies the maximum
number of links (or lines) that you want to become the one logical line.
The maximum number of lines cannot be greater than the number of free lines
when this group policy is applied to a session for a PPP profile.</p>
<p> Check <strong>Require
bandwidth allocation protocol</strong> if you want to specify that a connection
is established only if the remote system supports the Bandwidth Allocation
Protocol (BACP). If BACP cannot be negotiated, only a single link is allowed.</p>
</li>
<li>Click the <span class="uicontrol">TCP/IP Settings</span> tab to enable any of
the following settings:<p><strong>Allow remote system to access other networks
(IP forwarding).</strong> This option specifies whether you want IP forwarding.
If you select this option, you are essentially enabling the iSeries server
to act as a router for this connection. This allows IP datagrams not destined
for this iSeries server
to pass through this system onto a connected network. If you leave this option
blank, the IP discards those datagrams from the remote system that are not
destined for any addresses local to this iSeries server.</p>
<p>There might be
security reasons why you do not want to allow IP forwarding. In contrast,
an ISP generally provides IP forwarding. Note that this takes effect only
if system-wide IP datagram forwarding is enabled; otherwise, it will be ignored
even if marked. System-wide IP datagram forwarding can be displayed from the <span class="uicontrol">General</span> tab
on the IPv4 Properties page.</p>
<p><strong>Request TCP/IP header compression (VJ).</strong> This
option specifies whether you want IP to compress header information after
it establishes a connection. Compressing typically increases performance,
particularly for interactive traffic or slow serial lines. Header compression
follows the Van Jacobson (VJ) method defined in RFC 1332. For PPP, compression
is negotiated when the connection is established. If the other end of the
connection does not support VJ compression, the iSeries server establishes a connection
that does not use compression.</p>
<p><strong>Use IP packet rules for this connection.</strong> This
option specifies whether you want to apply a filter rule for this group policy.
Filter rules let you control what IP traffic you allow in your network. You
can use this IP packet filtering component to protect your system. The IP
packet filtering component protects your system by filtering packets according
to rules that you specify. The rules are based on packet header information.</p>
</li>
</ol>
<div class="section" id="rzaiycfggap__rzaiymodemdesc"><a name="rzaiycfggap__rzaiymodemdesc"><!-- --></a><h4 class="sectiontitle">Applying a group policy to a remote access
user</h4><p>You can apply a group policy to a remote access user when you
complete the point-to-point properties for a new receiver connection profile. </p>
<p>To
apply a group policy to a remote access user, complete the following steps:</p>
<ol><li>Click <span class="uicontrol">Authentication</span> to open the Authentication
page.</li>
<li>Click <span class="uicontrol">Require this iSeries server to verify the identity of
the remote system</span>.</li>
<li>Select <span class="uicontrol">Authenticate locally using a validation list</span>.</li>
<li>If there is an existing validation list, select it from the list, and
click <span class="uicontrol">Open</span>. If you are creating it for the first time,
enter a name for the new validation list, and click <span class="uicontrol">New</span>.</li>
<li>Click <span class="uicontrol">Add</span> to add a new user to the validation list.</li>
<li>On the Add User window, specify the following information: <ol type="a"><li>Select the authentication protocol for which the user name is defined.</li>
<li>Enter the user name and password.<div class="note"><span class="notetitle">Note:</span> For security purposes, it is suggested
that you do not use the same password for a user defined for Challenge Handshake
Authentication Protocol 22314 (CHAP), Extensible Authentication Protocol (EAP),
and Password Authentication Protocol (PAP).</div>
</li>
<li>Check <span class="uicontrol">Apply a group policy to the user</span>, select
a group policy from the list, and click <span class="uicontrol">Open</span>.</li>
</ol>
You can change the group policy properties or work with the existing
setup.</li>
<li>Click <span class="uicontrol">OK</span> to complete the configuration and return
to the Point-to-Point Properties page.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiyconfigure.htm" title="Before you can use PPP to set up a point-to-point connection, you must first configure your PPP environment.">Configure PPP</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzaiygrppol.htm" title="Group access policies identify distinct user groups for a connection, and allow you to apply common connection attributes and security settings to the entire group. In combination with IP filtering, this allows you to permit and restrict access to specific IP addresses on your network.">Scenario: Manage remote user access to resources using Group Policies and IP filtering</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzajb/rzajbrzajb0ippacketsecuritysd.htm">IP filtering and network address translation (NAT)</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink