ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajadefseccon.htm

105 lines
7.5 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Configure the VPN secure connection" />
<meta name="abstract" content="After you have configured the security policies for your connection, you must then configure the secure connection." />
<meta name="description" content="After you have configured the security policies for your connection, you must then configure the secure connection." />
<meta name="DC.Relation" scheme="URI" content="rzajacreatevpncon.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajavpnpolicy.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajaactvpnrules.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajapolicyfilter.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajadefseccon" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure the VPN secure connection</title>
</head>
<body id="rzajadefseccon"><a name="rzajadefseccon"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure the VPN secure connection</h1>
<div><p>After you have configured the security policies for your connection,
you must then configure the secure connection.</p>
<div class="section"><p>For dynamic connections, the secure connection object includes
a dynamic-key group and a dynamic-key connection.</p>
<p>The <strong>dynamic-key
group</strong> defines the common characteristics of one or more VPN connections.
Configuring a dynamic-key group allows you to use the same policies, but different
data endpoints for each connection within the group. Dynamic-key groups also
allow you to successfully negotiate with remote initiators when the data endpoints
proposed by the remote system are not specifically known ahead of time. It
does this by associating the policy information in the dynamic-key group with
a policy filter rule with an IPSEC action type. If the specific data endpoints
offered by the remote initiator fall within the range specified in the IPSEC
filter rule, they can be subjected to the policy defined in the dynamic-key
group.</p>
<p>The <strong>dynamic-key connection</strong> defines the characteristics
of individual data connections between pairs of endpoints. The dynamic-key
connection exists within the dynamic-key group. After you configure a dynamic-key
group to describe what policies connections in the group use, you need to
create individual dynamic-key connections for connections that you initiate
locally.</p>
<p>To configure the secure connection object, complete both the
Part 1 and Part 2 tasks:</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajacreatevpncon.htm" title="After planning for your VPN, you can begin configuring it. This topic provides you with an overview of what you can do with VPN and how to do it.">Configure VPN</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajavpnpolicy.htm" title="After you determine how you will use your VPN you must define your VPN security policies.">Configure VPN security policies</a></div>
<div><a href="rzajapolicyfilter.htm" title="If you are creating a connection for the first time, allow VPN to automatically generate the VPN packet rules for you. You can do this by either using the New Connection wizard or the VPN properties pages to configure your connection.">Configure VPN packet rules</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzajaactvpnrules.htm" title="You must activate the VPN packet rules before you can start your VPN connections.">Activate the VPN packet rules</a></div>
</div>
</div><div class="nested1" xml:lang="en-us" id="configreadynamic-keygroup"><a name="configreadynamic-keygroup"><!-- --></a><h2 class="topictitle2">Part 1: Configure a dynamic-key group</h2>
<div><ol><li><span>In <span class="keyword">iSeries™ Navigator</span>, expand
your <span class="menucascade"><span class="uicontrol">server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">IP Policies</span> &gt; <span class="uicontrol">Virtual Private Networking</span> &gt; <span class="uicontrol">Secure Connections</span></span>.</span></li>
<li><span>Right-click <span class="uicontrol">By Group</span> and select <span class="uicontrol">New
Dynamic-Key Group</span>.</span></li>
<li><span>Click <span class="uicontrol">Help</span> if you have questions about how
complete a page or any of its fields.</span></li>
<li><span>Click <span class="uicontrol">OK</span> to save your changes.</span></li>
</ol>
</div>
</div>
<div class="nested1" xml:lang="en-us" id="configadynamic-keyconnection"><a name="configadynamic-keyconnection"><!-- --></a><h2 class="topictitle2">Part 2: Configure a dynamic-key connection</h2>
<div><ol><li><span>In <span class="keyword">iSeries Navigator</span>, expand
your <span class="menucascade"><span class="uicontrol">server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">IP Policies</span> &gt; <span class="uicontrol">Virtual Private Networking</span> &gt; <span class="uicontrol">Secure Connections</span> &gt; <span class="uicontrol">By Group</span></span>.</span></li>
<li><span>In the left-pane of the <span class="keyword">iSeries Navigator</span> window,
right-click the dynamic-key group you created in part one and select <span class="uicontrol">New
Dynamic-Key Connection</span>.</span></li>
<li><span>Click <span class="uicontrol">Help</span> if you have questions about how
complete a page or any of its fields.</span></li>
<li><span>Click <span class="uicontrol">OK</span> to save your changes.</span></li>
</ol>
<div class="section"><p>After you complete these steps, you need to activate the packet
rules that the connection requires to work properly.</p>
<div class="note"><span class="notetitle">Note:</span> In most cases,
allow the VPN interface to generate your VPN packet rules automatically by
selecting the <span class="uicontrol">Generate the following policy filter for this group</span> option
on the <span class="uicontrol">Dynamic-Key Group - Connections</span> page. However,
if you select the <span class="uicontrol">The policy filter rule will be defined in Packet
Rules</span> option, you must then configure VPN packet rules by using
the Packet Rules editor and then activate them.</div>
</div>
</div>
</div>
</body>
</html>