ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajavpnnorules.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="VPN connections with no policy filters" />
<meta name="abstract" content="If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic policy filter. This topic explains why you might want to consider this and outlines how to do it." />
<meta name="description" content="If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic policy filter. This topic explains why you might want to consider this and outlines how to do it." />
<meta name="DC.Relation" scheme="URI" content="rzajavpnwfilter.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajavpnnorules" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>VPN connections with no policy filters</title>
</head>
<body id="rzajavpnnorules"><a name="rzajavpnnorules"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">VPN connections with no policy filters</h1>
<div><p>If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic
policy filter. This topic explains why you might want to consider this and outlines how to do it.</p>
<p>A policy filter rule defines which addresses, protocols, and ports can use a VPN and directs the appropriate traffic through the connection. In some cases, you may want to configure a connection that
does not require a policy filter rule. For example, you may have non-VPN packet rules loaded on the interface that your VPN connection will use, so rather than deactivating the active rules on that interface,
you decide to configure the VPN so that your system manages all filters dynamically for the connection. The policy filter for this type of connection is referred to as a <span class="uicontrol">dynamic policy filter</span>.
Before you can use a dynamic policy filter for your VPN connection, all of the following must be true:</p>
<ul><li>The connection can only be initiated by the local server.</li>
<li>The data endpoints of the connection must be single systems. That is, they cannot be a subnet or a range of addresses.</li>
<li>No policy filter rule can be loaded for the connection.</li>
</ul>
<p>If your connection meets this criteria, then you can configure the connection so that it does not require a policy filter. When the connection starts, traffic between the data endpoints will flow across
the it regardless of what other packet rules are loaded on your system.</p>
<p>For step-by-step instructions on how to configure a connection so that is does not require a policy filter, use the online help for VPN.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnwfilter.htm" title="IP filtering and VPN are closely related. In fact, most VPN connections require filter rules to work properly. This topic provides you information about what filters VPN requires, as well as other filtering concepts related to VPN.">VPN and IP filtering</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="VPN connections with no policy filters" />`
			`<meta name="abstract" content="If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic policy filter. This topic explains why you might want to consider this and outlines how to do it." />`
			`<meta name="description" content="If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic policy filter. This topic explains why you might want to consider this and outlines how to do it." />`
			`<meta name="DC.Relation" scheme="URI" content="rzajavpnwfilter.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzajavpnnorules" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>VPN connections with no policy filters</title>`
			`</head>`
			`<body id="rzajavpnnorules"><a name="rzajavpnnorules"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">VPN connections with no policy filters</h1>`
			`<div><p>If the connection endpoints of your VPN are single, specific, IP addresses and you want to start the VPN without having to write or activate filter rules on the system, you can configure a dynamic`
			`policy filter. This topic explains why you might want to consider this and outlines how to do it.</p>`
			`<p>A policy filter rule defines which addresses, protocols, and ports can use a VPN and directs the appropriate traffic through the connection. In some cases, you may want to configure a connection that`
			`does not require a policy filter rule. For example, you may have non-VPN packet rules loaded on the interface that your VPN connection will use, so rather than deactivating the active rules on that interface,`
			`you decide to configure the VPN so that your system manages all filters dynamically for the connection. The policy filter for this type of connection is referred to as a <span class="uicontrol">dynamic policy filter</span>.`
			`Before you can use a dynamic policy filter for your VPN connection, all of the following must be true:</p>`
			`<ul><li>The connection can only be initiated by the local server.</li>`
			`<li>The data endpoints of the connection must be single systems. That is, they cannot be a subnet or a range of addresses.</li>`
			`<li>No policy filter rule can be loaded for the connection.</li>`
			`</ul>`
			`<p>If your connection meets this criteria, then you can configure the connection so that it does not require a policy filter. When the connection starts, traffic between the data endpoints will flow across`
			`the it regardless of what other packet rules are loaded on your system.</p>`
			`<p>For step-by-step instructions on how to configure a connection so that is does not require a policy filter, use the online help for VPN.</p>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnwfilter.htm" title="IP filtering and VPN are closely related. In fact, most VPN connections require filter rules to work properly. This topic provides you information about what filters VPN requires, as well as other filtering concepts related to VPN.">VPN and IP filtering</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`