Configure VPN on iSeries-A

Use the information from your worksheets to configure VPN on iSeries-A as follows:
  1. In iSeries™ Navigator, expand your server > Network > IP Policies.
  2. Right-click Virtual Private Networking and select New Connection to start the Connection wizard.
  3. Review the Welcome page for information about what objects the wizard creates.
  4. Click Next to go to the Connection Name page.
  5. In the Name field, enter MyCo2TheirCo.
  6. Optional: Specify a description for this connection group.
  7. Click Next to go to the Connection Scenario page.
  8. Select Connect your host to another host.
  9. Click Next to go to the Internet Key Exchange Policy page.
  10. Select Create a new policy and then select Highest security, lowest performance.
  11. Click Next to go to the Certificate for Local Connection Endpoint page.
  12. Select Yes to indicate that you will be using certificates to authenticate the connection. Then, select the certificate that represents iSeries A.
    Note: If you want to use a certificate to authenticate the local connection endpoint, you must first create the certificate in the Digital Certificate Manger (DCM).
  13. Click Next to go to the Local Connection Endpoint Identifier page.
  14. Select Version 4 IP address as the identifier type. The associated IP address must be 10.6.1.1. Again, this information is defined in the certificate that you create in DCM.
  15. Click Next to go to the Remote Key Server page.
  16. Select Version 4 IP address in the Identifier type field.
  17. Enter 10.196.8.6 in the Identifier field.
  18. Click Next to go to the Data Services page.
  19. Accept the default values, and then click Next to go to the Data Policy page.
  20. Select Create a new policy and then select Highest security, lowest performance. Select Use the RC4 encryption algorithm.
  21. Click Next to go to the Applicable Interfaces page.
  22. Select TRLINE.
  23. Click Next to go to the Summary page. Review the objects that the wizard will create to ensure they are correct.
  24. Click Finish to complete the configuration.
  25. When the Activate Policy Filters dialog box appears, select No, packet rules will be activated at a later time and then click OK.

The next step is to specify that only iSeries-A can initiate this connection. Do this by customizing the properties of the dynamic-key group, MyCo2TheirCo, that the wizard created:

  1. Click By Group in the left pane of the VPN interface, the new dynamic-key group, MyCo2TheirCo, displays in the right pane. Right-click it and select Properties.
  2. Go to the Policy page and select the Local system initiates connection option.
  3. Click OK to save your changes.
Parent topic: Scenario: Basic business to business connection
Previous topic: Complete the planning worksheets
Next topic: Configure VPN on iSeries-C