Configure VPN on iSeries A

After completing your planning for VPN connections, you can now configure iSeries™ A to use VPN to secure transmission of data between the two networks.
Tip: If VPN server is already started when you run the VPN New Connection wizard, the wizard will not automatically find the certificate store or any of the certificates you just created. If the VPN server is running, you must restart it on iSeries Navigator before running the VPN New Connection wizard.
Important: IP addresses used in this scenario are meant for example purposes only. They do not reflect an IP addressing scheme and should not be used in any actual configuration. Use your own IP addresses when completing these tasks.
The administrator for MyCo, Inc used the planning work sheet generated from the VPN planning advisor to configure a VPN on iSeries A:
  1. In iSeries Navigator, expand iSeries A > Network > IP Policies.
  2. Right-click Virtual Private Networking and select New Connection to start the Connection wizard. Review the Welcome page for information about what objects the wizard creates.
  3. On the Connection Name page, enter SalestoCorporate in the Name field. (Optional) Specify a description for this connection group. Click Next.
  4. On the Connection Scenario page, select Connect your gateway to another gateway. Click Next.
  5. On the Internet Key Exchange Policy page, select Create a new policy and then select Highest security, lowest performance. Click Next.
  6. On the Certificate for Local Connection Endpoint page, select Yes and select mycocert from the list of certificates. Click Next.
  7. On the Local Connection Endpoint Identifier page, select Version 4 IP address as the identifier type. The associated IP address should be 192.168.1.2. This information is defined in the certificate that you create in DCM. Click Next twice.
  8. On the Remote Key Server page, select Version 4 IP address in the Identifer type field. Enter 172.16.1.3 in the Identifier field. This is the IP address for iSeries B in the network of the corporate office. Click Next.
  9. On the Local Data Endpoint page, select IP version 4 subnet as the identifier type, and enter 10.1.1.0 for the identifier, and 255.255.255.0 as the mask.
  10. On the Remote Data Endpoint page, select IP version 4 subnet as the identifier type, and enter 10.2.1.0 for the identifier, and 255.255.255.0 as the mask.
  11. On the Data Services page, select Any port for the local port, Any port for the remote port, and Any protocol for the protocol. Click Next.
  12. On the Data Policy page, select Create a new policy, and then select Highest security, lowest performance. Click Next.
  13. On the Applicable Interfaces page, select ETHLINE. Click Next.
  14. On the Summary page, review the objects that the wizard will create to ensure they are correct.
  15. Click Finish to complete the configuration. When the Activate Policy Filters dialog box appears, select No, packet rules will be activated at a later time, and then click OK.
Parent topic: Configure VPN connection between the branch sales office and the corporate office
Previous topic: Complete planning work sheets for VPN connection from the branch office to remote sales employees
Next topic: Configure VPN on iSeries B