The following planning checklists illustrate the type of information you need before you begin configuring the VPN. All answers on the prerequisite checklist must be YES before you proceed with VPN setup.
| Prerequisite checklist | Answers |
|---|---|
| Is your operating system i5/OS™ V5R4 (5722-SS1)? | Yes |
| Is the Digital Certificate Manager option (5722-SS1 Option 34) installed? | Yes |
| Is iSeries™ Access for Windows® (5722-XE1) installed? | Yes |
| Is iSeries Navigator installed? | Yes |
| Is the Network subcomponent of iSeries Navigator installed? | Yes |
| Is TCP/IP Connectivity Utilities (5722-TC1) installed? | Yes |
| Did you set the retain server security data (QRETSVRSEC *SEC) system value to 1? | Yes |
| Is TCP/IP configured on your system (including IP interfaces, routes, local host name, and local domain name)? | Yes |
| Is normal TCP/IP communication established between the required endpoints? | Yes |
| Have you applied the latest program temporary fixes (PTFs)? | Yes |
| If the VPN tunnel traverses firewalls or routers that use IP packet filtering, do the firewall or router filter rules support AH and ESP protocols? | Yes |
| Are the firewalls or routers configured to permit traffic over port 4500 for key negotiations. Typically, VPN partners perform IKE negotiations over UDP port 500, when IKE detects NAT packets are sent over port 4500. | Yes |
| Are the firewalls configured to enable IP forwarding? | Yes |
| You need this information to configure the VPN for Gateway-B | Answers |
|---|---|
| What type of connection are you creating? | gateway-to-another host |
| What will you name the dynamic-key group? | CHIgw2MINhost |
| What type of security and system performance do you require to protect your keys? | balanced |
| Are you using certificates to authenticate the connection? If no, what is the preshared key? | No : topsecretstuff |
| What is the identifier of the local key server? | IP address: 214.72.189.35 |
| What is the identifier of the local data endpoint? | Subnet: 10.8.11.0 Mask: 255.255.255.0 |
| What is the identifier of the remote key server? | IP address: 146.210.18.51 |
| What is the identifier of the remote data endpoint? | IP address: 146.210.18.51 |
| What ports and protocols do you want to allow to flow through the connection? | Any |
| What type of security and system performance do you require to protect your data? | balanced |
| To which interfaces does the connection apply? | TRLINE |
| You need this information to configure the VPN for System-E | Answers |
|---|---|
| What type of connection are you creating? | host-to-another gateway |
| What will you name the dynamic-key group? | CHIgw2MINhost |
| What type of security and system performance do you require to protect your keys? | highest |
| Are you using certificates to authenticate the connection? If no, what is the preshared key? | No : topsecretstuff |
| What is the identifier of the local key server? | IP address: 56.172.1.1 |
| What is the identifier of the remote key server? Note: If the Firewall-C
IP address is unknown, you can use *ANYIP as the identifier for
the remote key server.
|
IP address: 129.42.105.17 |
| What is the identifier of the remote data endpoint? | Subnet: 10.8.11.0 Mask: 255.255.255.0 |
| What ports and protocols do you want to allow to flow through the connection? | Any |
| What type of security and system performance do you require to protect your data? | highest |
| To which interfaces does the connection apply? | TRLINE |
