You should be familiar with your network IP address management strategy before configuring a PPP connection profile. This strategy will impact many of the decisions throughout the configuration process including your authentication strategy, security consideration and TCP/IP settings.
Typically, the local and remote IP addresses defined for an originator profile will be defined as Assigned by remote system. This allows the administrators on the remote system to have control over the IP addresses that will be used for the connection. Most all connections to Internet service providers (ISP) will be defined this way, although many ISPs can offer fixed IP addresses for an additional fee.
If you define fixed IP addresses for either the local or remote IP address then you must be sure that the remote system is defined to accept the IP addresses you have defined. One typical application is to define your local IP address as a fixed IP address and the remote to be assigned by the remote system. The system you are connecting can be defined the same way so when you connect, the two systems will exchange IP addresses with each other as a way to learn the IP address of the remote system. This might be useful for one office calling another office for temporary connectivity.
Another consideration is if you want to enable IP Address Masquerading. For example, if the iSeries™ server connects to the Internet through an ISP, then this can allow an attached network behind the iSeries server to also access the Internet. Basically the iSeries server hides the IP addresses of the systems on the network behind the local IP address assigned by the ISP, thus making all IP traffic appear to be from the iSeries server. There are also additional routing considerations for both the systems on the LAN (to ensure their Internet traffic is sent to the iSeries server) as well as the iSeries server where you will need to enable the 'add remote system as the default route' box.
Receiver connection profiles have many more IP address considerations and options than the Originator connection profile does. How you configure the IP addresses depends on the IP address management plan for your network, your specific performance and functional requirements for this connection, and the security plan.
For a single receiver profile you can define a unique IP address or use an existing local IP address on your iSeries server. This will become the IP address that will identify the iSeries server end of the PPP connection. For receiver profiles defined to support multiple connections at the same time, you must use an existing local IP address. If no previously existing local IP addresses are present then you can create a Virtual IP address for this purpose.
There are many options for assigning remote IP addresses to PPP clients. The following options can be specified on the TCP/IP page of the receiver connection profile.
| Option | Description |
|---|---|
| Fixed IP address | You define the single IP address that is to be given to remote users when they dial in. This is a host only IP address (Subnet mask is 255.255.255.255) and is only for single connection receiver profiles. |
| Address Pool | You define the starting IP address and then a range of how many additional IP addresses to define. Each user that connects will then be given a unique IP address within the defined range. This is a host only IP address (Subnet mask is 255.255.255.255) and is only for multiple connection receiver profiles. |
| RADIUS | The remote IP address and it's subnet mask will be determined
by the Radius server. This is only if the following is defined:
|
| DHCP | The remote IP address is determined by the DHCP server directly or indirectly through DHCP relay. This is only if DHCP support has been enabled from the Remote Access Server services configuration. This is a host only IP address (Subnet mask is 255.255.255.255). |
| Based on remote system's user ID | The remote IP address is determined by the user ID defined for the remote system when it is authenticated. This allows the administrator to assign different remote IP addresses (and their associated subnet masks) to the user that dials in. This also allows additional routes to be defined for each of these user IDs so you can tailor the environment to the known remote user. Authentication must be enabled for this function to work properly. |
| Define additional IP addresses based on remote system's user ID | This option allows you to define IP addresses based on the user ID of the remote system. This option is automatically selected (and must be used) if the remote IP address assignment method is defined as Based on remote system's user ID. This option is also allowed for IP address assignment methods of Fixed IP address and Address Pool. When a remote user connects to the iSeries server a search will be made to determine if a remote IP address is defined specifically for this user. If it is then that IP address, mask and set of possible routes will be used for the connection. If the user is not defined then the IP address will default to the defined Fixed IP address or the next Address Pool IP address. |
| Allow remote system to define it's own IP address | This option allows a remote user to define their own IP address if they negotiate to do so. If they do not negotiate to use their own IP address then the remote IP address will be determined by the defined remote IP address assignment method. This option is initially disabled and careful consideration should be used before enabling it. |
| IP address routing | The dial-up client and the iSeries must have IP address routing properly configured if the client needs access to any IP addresses on the LAN to which the iSeries belongs. |