Scenario: Configure a multi-hop connection through a remote server

Situation

Suppose you are responsible for maintaining an iSeries™ server for MyCompany, a medium-sized manufacturing company in Boone, Iowa. As part of providing this support, you need to establish a connection between electronic customer support and MyCompany's iSeries server. MyCompany has an iSeries server on a private network that accesses the Internet through a VPN multi-hop gateway. The multi-hop gateway could be either an iSeries or a router that supports L2TP multi-hop (chained tunnels). In this case, you create a connection from your iSeries server through a multi-hop connection. Because you do not need to provide connections for other systems, you do not need to consider providing connections for other servers or partitions.

Note:
The HMC cannot currently provide this multi-hop gateway support.

Solution

Create a Universal Connection to IBM® through the multi-hop connection. In this case, you establish a connection between two virtual private network tunnels from a remote server to electronic customer support.

Advantages

This scenario provides the following advantages:

Objectives

In this scenario, the customer wants to ensure that IBM can support the MyCompany system over the network though a multi-hop connection over the Internet. The objectives of this scenario are as follows:

Details

The following diagram illustrates connecting the MyCompany iSeries server to electronic customer support through a VPN multi-hop gateway.

Diagram that depicts a multi-hop connection through a remote server

Configuring Universal Connection

Using Universal Connection

When a Service Application wants to use the Universal Connection to communicate with IBM the following will occur:

Prerequisites and assumptions

The prerequisites for enabling electronic customer support over a remote multi-hop connection include:

Current® System or Partition configuration steps

Assuming that TCP/IP configuration already exists and works, complete the following steps to set up the Universal Connection if you connect to electronic customer support through a VPN multi-hop gateway:

  1. Complete the planning work sheet.
  2. Start iSeries Navigator and select the Universal Connection wizard.
  3. Enter the service, address, and country information on the Universal Connection wizard dialogs.
  4. Under Connect through another system or partion, select the A multi-hop VPN connection to the Internet option.
  5. Enter a VPN Gateway address or host name to make the multi-hop VPN connection to IBM.
  6. For proxy option, configure a proxy destination.
  7. Indicate that this server does not provide connectivity for other servers or partitions.
  8. Review the Summary window to ensure that the configuration meets your requirements, and click Finish to save your configuration.
  9. When prompted, Test the connection from your server to electronic customer support.
  10. Configure a backup configuration.

Scenario details: Configure a multi-hop connection through a remote server

After you complete the prerequisites, you are ready to begin configuring the Universal Connection through the wizard.

Step 1: Complete the planning work sheet.

The following planning work sheet illustrates the type of information you need before configuring the remote multi-hop connection to electronic customer support. You use this information when running the Universal Connection wizard.

Planning work sheet Answers
Service information
  • Company
  • Contact name
  • Telephone number
  • Help desk or pager number
  • Fax number
  • Alternate fax number
  
  • MyCompany
  • Tom Smith
  • 515–870–9990
  • 515–870–9942
  • 515–870–5586
  • 515–870–5587
Company address
  • Street address
  • City or locality
  • State or province
  • Country (or region)
  • Postal code
  • National language version
  • Electronic mail address
  • Alternate electronic mail address
  • Media for PTFs (fixes)
  
  • 94 West Proctor St.
  • Boone
  • Iowa
  • United States
  • 55902
  • English (2924)
  • myname@company.com
  • myname@othercompany.com
  • Automatic selection
Location
  • Country (or region)
  • State
  
  • United States
  • Iowa
Connection method Through a remote server
Connection type A multi-hop connection to the Internet
VPN Gateway address or host name 192.168.1.1 (As an alternative, supply the host name [charlie@mycompany.com]

If you prefer using CL Commands to create the configuration, use the Change Contact Information (CHGCNTINF) and the Create Service Configuration (CRTSRVCFG) commands.

Step 2: Start iSeries Navigator and select the Universal Connection wizard.

To start the Universal Connection wizard and begin establishing your connection:

  1. Open iSeries Navigator software.
  2. Select the server under the My Connections folder that you want to configure for electronic customer support.
  3. Expand Network.
  4. Expand Remote Access Services.
  5. Right-click Originator Connection Profiles.
  6. Select Configure IBM Universal Connection to start the Universal Connection wizard. The Welcome dialog appears.
Note:
A progress bar indicates that iSeries Navigator is loading the Universal Connection wizard. If you encounter problems while running the wizard, see Troubleshoot the Universal Connection wizard for a solution. Run the wizard again after solving the problem.

Step 3: Enter the service, address, and country information on the Universal Connection wizard dialogs.

To enter information about your company and connections:

  1. On the Select Configuration dialog, select either Primary connection configuration or Backup connection configuration. The default is primary. Check the View and modify contact information box and click Next
  2. On the Service Information dialog, enter the following information about MyCompany and click Next:
    • Company – MyCompany
    • Contact name – Tom Smith
    • Telephone number – 515–870–9990
    • Help desk or pager number— 515–870–9999
    • Fax number — 515–870–5586
    • Alternate fax number — 515–870–9942

    If this information exists on your server, the company data already appears in the fields. For example, if MyCompany previously created a configuration, the wizard retrieves the data from the existing configuration.

  3. On the Company Address dialog, enter MyCompany's address and click Next.
    • Street address – 94 West Proctor St.
    • City or locality – Boone
    • State or province – Iowa
    • Country or region – United States
    • Postal code – 55902
    • National language version – English (2924)
    • Electronic mail address – myname@company.com
    • Alternate electronic mail address – myname@othercompany.com
    • Media for PTFs – Automatic selection
  4. On the Location dialog, select the country (or region) and the state or province where your iSeries server resides and Click Next.
    • Country (or region) – United States
    • State – Iowa

Step 4: Under Connect through another system or partion, select the A multi-hop VPN connection to the Internet option.

Note:
There is a checkbox to Additionally configure a proxy connection. If your enterprise has an HTTP proxy or you've configured a service and support proxy on another system or partition, and you wish to use that for Universal Connection applications which support going through a proxy, check this box. If this box is checked, Step 6 will appear.

Step 5: Enter a VPN Gateway address or host name to make the multi-hop VPN connection to IBM.

Enter either the VPN multi-hop gateway address or enter the host (server) name that connects to IBM electronic customer support.

Step 6: For proxy option, configure a proxy destination.

Note:
This screen only appears if the proxy option was selected in Step 4.

To configure a proxy destination

  1. Attempt proxy connection first
    1. Choose this option if you want the proxy to take precedence over the configuration for this scenario.
    2. If necessary, check the Proxy destination requires HTTP basic authentication box and fill in the User name and Password fields.
    3. Click Next and proceed to the next Step.
  2. Attempt proxy connection if previously defined configuration fails
    1. Choose this option if the proxy is to be used only in the event that the configuration for this scenario fails.
    2. Fill in the Proxy IP address or host name field.
    3. Fill in the Proxy port field.
    4. If necessary, check the Proxy destination requires HTTP basic authentication box and fill in the User name and Password fields.
    5. Click Next and proceed to the next Step.

Step 7: Indicate that this server does not provide connectivity for other servers or partitions.

Click No to indicate that this server has a direct connection to electronic customer support without providing connectivity for other server or partitions.

Step 8: Review the Summary window to ensure that the configuration meets your requirements, and click Finish to save your configuration.

To complete and save your server configuration:

  1. Review the configuration summary. Click Back if you need to change a value on any of the wizard dialogs.
  2. When the configuration is correct, click Finish to save the configuration. A progress bar indicates that the wizard is in the process of saving the configuration.

Step 9: Test the connection from your server to electronic customer support.

To test the configuration:

  1. Click Yes when the wizard prompts you to test the configuration. The Verify Universal Connection dialog appears.
  2. Make note of any problems as the wizard displays verification progress.
  3. Click OK when the wizard indicates that verification is complete.
  4. If the wizard finds errors, restart the Universal Connection wizard, make necessary corrections, save, and retest the corrected configuration.

Step 10: Configure a backup configuration (optional).

If an additional connection method is available to you, it is suggested that you rerun the wizard to configure a backup. This backup will be used automatically in the event that the primary connection fails.