Configure a multi-hop connection

Use the following Universal Connection wizard procedure to create a Universal Connection to any of the following services through a remote multi-hop connection over the Internet.

• Electronic customer support
• Electronic service agent
• Information Center Update

Prerequisites and assumptions

The prerequisites for enabling electronic customer support over a remote multi-hop connection include:

• The iSeries™ server must have IP connectivity to the VPN multi-hop gateway.
• Ensure that the iSeries Access for Windows® and iSeries Navigator exist on your personal computer, as described in the iSeries Access for Windows: Installation and setup topic.
• Ensure that you install all of the latest service packs for iSeries Navigator. The scenarios show using the V5R4 version of the software.
• Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP (STRTCP) command.
• You must have security officer (*SECOFR) authority with *ALLOBJ, *IOSYSCFG, and *SECADM special authorities in your i5/OS™ user profile and *USE authority to WRKCNTINF in order to configure the connection using the Universal Connection wizard.
• You must install the TCP/IP Connectivity Utilities (5722–TC1).
• You must install the Digital Certificate Manager (DCM) (5722-SS1 option 34).
• Ensure that the QRETSVRSEC system value is set to 1. You can check this value with the Display System Value (DSPSYSVAL) command. If this value is not set to 1, enter a Change System Value (CHGSYSVAL) command.
• Ensure your default TCP/IP route, or a host route, directs traffic out the appropriate TCP/IP interface to the Internet to allow the VPN to be established to IBM®. For details, see Determine the IBM VPN Gateway addresses and Determine the IBM Service Destination addresses.

Configure a multi-hop connection over a remote server

Assuming that TCP/IP configuration already exists and works, complete the following steps to set up the Universal Connection if you connect to electronic customer support through another server or partition:

1. Start iSeries Navigator and select the Universal Connection wizard.
2. Select either primary or backup connection configuration. The default is primary.
3. Check the box to view and modify contact information.
4. Enter the service, address, and country (or region) information on the Universal Connection wizard dialogs.
5. Connect from another system or partition using a multi-hop VPN connection to the Internet as a connection type.
6. Check the box if you want to configure a proxy.
7. Enter a VPN Gateway address or host name to make the multi-hop VPN connection to IBM.
8. If you chose to configure a proxy, fill out the proxy information. If not, skip to the next step.
9. Indicate that this system does not provide connectivity for other systems or partitions.
10. Review the Summary window to ensure that the configuration meets your requirements, and click Finish to save your configuration.
11. When prompted, test the connection from your server to electronic customer support.

Configure a multi-hop connection from a server that acts as a connecting point for other servers

Complete the following steps to set up the Universal Connection if you connect to electronic customer support through another server or partition:

1. Start the iSeries Navigator and select the Universal Connection wizard.
2. Select either primary or backup connection configuration. The default is primary.
3. Check the box to view and modify contact information.
4. Enter the service, address, and country (or region) information on the Universal Connection wizard screens.
5. Connect from another system or partition using a multi-hop VPN connection to the Internet as a connection type.
6. Check the box if you want to configure a proxy.
7. Enter a VPN Gateway address or host name to make the multi-hop VPN connection to IBM.
8. If you chose to configure a proxy, fill out the proxy information. If not, skip to the next step.
9. Specify that you want this iSeries server to function as a connecting point through which other servers or partitions connect to IBM customer support.
10. Select an interface or interfaces through which the other servers or partitions will be allowed to connect to electronic customer support.
11. Create or select an L2TP terminator profile. You need this profile to recognize the other systems or servers that connect to IBM customer support through your server.
12. Configure a Service and Support proxy server.
13. Review the Summary window to ensure that the configuration meets your requirements, and click Finish to save your configuration.
14. When prompted, test the connection from your server to IBM customer support.