Configure the VPN secure connection

After you have configured the security policies for your connection, you must then configure the secure connection.

For dynamic connections, the secure connection object includes a dynamic-key group and a dynamic-key connection.

The dynamic-key group defines the common characteristics of one or more VPN connections. Configuring a dynamic-key group allows you to use the same policies, but different data endpoints for each connection within the group. Dynamic-key groups also allow you to successfully negotiate with remote initiators when the data endpoints proposed by the remote system are not specifically known ahead of time. It does this by associating the policy information in the dynamic-key group with a policy filter rule with an IPSEC action type. If the specific data endpoints offered by the remote initiator fall within the range specified in the IPSEC filter rule, they can be subjected to the policy defined in the dynamic-key group.

The dynamic-key connection defines the characteristics of individual data connections between pairs of endpoints. The dynamic-key connection exists within the dynamic-key group. After you configure a dynamic-key group to describe what policies connections in the group use, you need to create individual dynamic-key connections for connections that you initiate locally.

To configure the secure connection object, complete both the Part 1 and Part 2 tasks:

Parent topic: Configure VPN
Related concepts
Configure VPN security policies
Configure VPN packet rules
Related tasks
Activate the VPN packet rules

Part 1: Configure a dynamic-key group

  1. In iSeries™ Navigator, expand your server > Network > IP Policies > Virtual Private Networking > Secure Connections.
  2. Right-click By Group and select New Dynamic-Key Group.
  3. Click Help if you have questions about how complete a page or any of its fields.
  4. Click OK to save your changes.

Part 2: Configure a dynamic-key connection

  1. In iSeries Navigator, expand your server > Network > IP Policies > Virtual Private Networking > Secure Connections > By Group.
  2. In the left-pane of the iSeries Navigator window, right-click the dynamic-key group you created in part one and select New Dynamic-Key Connection.
  3. Click Help if you have questions about how complete a page or any of its fields.
  4. Click OK to save your changes.

After you complete these steps, you need to activate the packet rules that the connection requires to work properly.

Note: In most cases, allow the VPN interface to generate your VPN packet rules automatically by selecting the Generate the following policy filter for this group option on the Dynamic-Key Group - Connections page. However, if you select the The policy filter rule will be defined in Packet Rules option, you must then configure VPN packet rules by using the Packet Rules editor and then activate them.