ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajamanwrksht.htm

190 lines
9.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Planning worksheet for manual connections" />
<meta name="abstract" content="Complete this worksheet before you configure a manual connection." />
<meta name="description" content="Complete this worksheet before you configure a manual connection." />
<meta name="DC.Relation" scheme="URI" content="rzajavpnwiz.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajavpnnat.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajamanwrksht" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Planning worksheet for manual connections</title>
</head>
<body id="rzajamanwrksht"><a name="rzajamanwrksht"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Planning worksheet for manual connections</h1>
<div><p>Complete this worksheet before you configure a manual connection.</p>
<p>Complete this worksheet to assist you in creating your virtual private
network (VPN) connections that do not use IKE for key management. Answer each
of these questions before you proceed with your VPN setup:</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. System Requirements</caption><tbody><tr><td valign="top" width="80%"><strong>Prerequisite checklist</strong></td>
<td valign="top" width="20%"><strong>Answers</strong></td>
</tr>
<tr><td valign="top" width="80%">Is your operating system <span class="keyword">OS/400<sup>®</sup></span> V5R2(5722-SS1)
or later?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is the <span class="keyword">Digital Certificate Manager</span> option
(5722-SS1 Option 34) installed?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is <span class="keyword">iSeries™ Access for Windows<sup>®</sup></span> (5722-XE1)
installed?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is <span class="keyword">iSeries Navigator</span> installed?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is the Network subcomponent of <span class="keyword">iSeries Navigator</span> installed?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is TCP/IP Connectivity Utilities (5722-TC1) installed?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Did you set the retain server security data (QRETSVRSEC *SEC) system
value to 1?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is TCP/IP configured on your system (including IP interfaces, routes,
local host name, and local domain name)?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Is normal TCP/IP communication established between the required endpoints?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Have you applied the latest program temporary fixes (PTFs)?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">If the VPN tunnel traverses firewalls or routers that use IP packet
filtering, do the firewall or router filter rules support AH and ESP protocols?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Are the firewalls or routers configured to permit the AH and ESP protocols?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Are the firewalls configured to enable IP forwarding?</td>
<td valign="top" width="20%"> </td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. VPN configuration</caption><tbody><tr><td valign="top" width="80%"><strong>You need this information to configure a manual VPN</strong></td>
<td valign="top" width="20%"><strong>Answers</strong></td>
</tr>
<tr><td valign="top" width="80%">What type of connection are you creating? <ul><li>Host-to-host</li>
<li>Host-to-gateway</li>
<li>Gateway-to-host</li>
<li>Gateway-to-gateway</li>
</ul>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What will you name the connection?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the identifier of the local connection endpoint?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the identifier of the remote connection endpoint?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the identifier of the local data endpoint?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the identifier of the remote data endpoint?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What type of traffic will you allow for this connection (local port,
remote port, and protocol)?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Do you require address translation for this connection? See Network
address translation for VPN for more information.</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Will you use tunnel mode or transport mode?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Which IPSec protocol will the connection use (AH, ESP, or AH with ESP)?
See IP Security (IPSec) for more information.</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Which authentication algorithm will the connection use (HMAC-MD5 or
HMAC-SHA)?</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">Which encryption algorithm will the connection use (DES-CBC or 3DES-CBC)? <div class="note"><span class="notetitle">Note:</span> You
specify an ecryption algorithm only if you selected ESP as your IPSec protocol.</div>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the AH inbound key? If you use MD5, the key is a 16-byte hexadecimal
string. If you use SHA, the key is a 20-byte hexadecimal string. <p>Your inbound
key must match the outbound key of the remote server exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the AH outbound key? If you will use MD5, the key is a 16-byte
hexadecimal string. If you will use SHA, the key is a 20-byte hexadecimal
string. <p>Your outbound key must match the inbound key of the remote server
exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the ESP inbound key? If you use DES, the key is an 8-byte hexadecimal
string. If you will use 3DES, the key is a 24-byte hexadecimal string. <p>Your
inbound key must match the outbound key of the remote server exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the ESP outbound key? If you use DES, the key is an 8-byte
hexadecimal string. If you will use 3DES, the key is a 24-byte hexadecimal
string. <p>Your outbound key must match the inbound key of the remote server
exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the inbound Security Policy Index (SPI)? The inbound SPI is
a 4-byte hexadecimal string, where the first byte is set to 00. <p>Your inbound
SPI must match the outbound SPI of the remote server exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
<tr><td valign="top" width="80%">What is the outbound SPI? The outbound SPI is a 4-byte hexadecimal
string. <p>Your outbound SPI must match the inbound SPI of the remote server
exactly.</p>
</td>
<td valign="top" width="20%"> </td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnwiz.htm" title="Use the VPN planning worksheets to gather detailed information about your VPN usage plans. You need this information to adequately plan your VPN strategy. You can also use this information to configure your VPN.">Complete the VPN planning worksheets</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajavpnnat.htm" title="VPN provides a means for performing network address translation, called VPN NAT. VPN NAT differs from traditional NAT in that it translates addresses before applying the IKE and IPSec protocols. Refer to this topic to learn more.">Network address translation for VPN</a></div>
</div>
</div>
</body>
</html>