Start of change

Configure VPN on Gateway-B

Use the information from your worksheets to configure VPN on Gateway-B as follows:
  1. In iSeries™ Navigator, expand your server > Network > IP Policies.
  2. Right-click Virtual Private Networking and select New Connection to start the Connection wizard.
  3. Review the Welcome page for information about what objects the wizard creates.
  4. Click Next to go to the Connection Name page.
  5. In the Name field, enter CHIgw2MINhost.
  6. Optional: Specify a description for this connection group.
  7. Click Next to go to the Connection Scenario page.
  8. Select Connect your gateway to another host .
  9. Click Next to go to the Internet Key Exchange Policy page.
  10. Select Create a new policy and then select Balance security and performance .
    Note: If you get an error message stating "The certificate request could not be processed" you can ignore it because you are not using certificates for the key exchange.
  11. Optional: If you have certificates installed you will see the Certificate for Local Connection Endpoint page. Select No to indicate that you will be using certificates to authenticate the connection.
  12. Click Next to go to the Local Key Server page.
  13. Select IP version 4 as the Identifier type field.
  14. Select 214.72.189.35 from the IP address field.
  15. Click Next to go to the Remote Key Server page.
  16. Select IP version 4 address in the Identifier type field.
  17. Enter 146.210.18.51 in the Identifier field.
    Note: Gateway B is initiating a connection to a Static NAT you must specify main mode key exchange in order to enter a single IP for the remote key. Main mode key exchange is selected by default when you create a connection with the VPN Connection Wizard. If aggressive mode is used in this situation, a non IPV4 type of remote identifier must be entered fro remote key.
  18. Enter topsecretstuff in the Pre-shared key field
  19. Click Next to go to the Local Data Endpoint page.
  20. Select IP version 4 subnet from the Identifier type field.
  21. Enter 10.8.0.0 in the Identifier field.
  22. Enter 255.255.255.0 in the Subnet mask field.
  23. Click Next to go to the Data Services page.
  24. Accept the default values, and then click Next to go to the Data Policy page.
  25. Select Create a new policy and then select Balance security and performance.
  26. Click Next to go to the Applicable Interfaces page.
  27. Select TRLINE from the Line table.
  28. Click Next to go to the Summary page.
  29. Review the objects that the wizard will create to ensure they are correct.
  30. Click Finish to complete the configuration.
  31. When the Activate Policy Filters dialog box appears, select Yes, activate the generated policy filters then select Permit all other traffic.
  32. Click OK to complete the configuration.
Parent topic: Scenario: Firewall Friendly VPN
Previous topic: Complete the planning worksheets
Next topic: Configure VPN on System-E
End of change