Virtual private network

A virtual private network (VPN) allows your company to extend its private intranet over a public network. It is based on creating virtual secure tunnels between hosts or gateways connected to the public network. To participate in a secure tunnel or VPN connection, the VPN tunnel end point must implement a compatible suite of VPN protocols. VPN provides the following security functions:

• Data origin authentication to verify that each datagram was originated by the claimed sender.
• Data integrity to verify that the contents of a datagram were not changed either deliberately or due to random errors.
• Data encryption to ensure message text confidentiality.
• Replay protection to ensure that an attacker cannot intercept data and play it back at some later date.
• Key management to ensure that your VPN policy can be implemented throughout the extended network with little or no manual configuration.

The Universal Connection builds a VPN connection to IBM®, in some scenarios, to ensure that the information sent and received between your iSeries™ server and IBM is safe (for example, VPN encrypts and authenticates data). The VPN technologies used by the Universal Connection include L2TP, IKE, and IPSec. See the following topics for details, Layer 2 Tunnel Protocol (L2TP), Implicit IKE, and IP Security (IPSec) protocols. For some of the connectivity options, the Universal Connection uses L2TP alone for those portions of the connection that do not require encryption. For example, if you are connecting from one partition to another partition and then out across the Internet to IBM, the Universal Connection strictly uses L2TP between the partitions and then uses L2TP protected by IPSec for the second portion of the connection (that portion requiring encryption).

For more information, see the Virtual private networking topic.