ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajaudpplanningworksheets.htm

188 lines
11 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Complete the planning worksheets" />
<meta name="DC.Relation" scheme="URI" content="rzajaupdscenario.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajaudpconfigurevpn-b.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajaudpplanningworksheets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Complete the planning worksheets</title>
</head>
<body id="rzajaudpplanningworksheets"><a name="rzajaudpplanningworksheets"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Complete the planning worksheets</h1>
<div><div class="section"><p>The following planning checklists illustrate the type of information
you need before you begin configuring the VPN. All answers on the prerequisite
checklist must be YES before you proceed with VPN setup.</p>
<div class="note"><span class="notetitle">Note:</span> There are
separate worksheets for both Gateway-B and System-E.</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. System
requirements</caption><thead align="left"><tr><th valign="top" width="80%" id="d0e23">Prerequisite checklist</th>
<th valign="top" width="20%" id="d0e25">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="80%" headers="d0e23 ">Is your operating system <span class="keyword">i5/OS™</span>
V5R4 (5722-SS1)?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is the <span class="keyword">Digital Certificate Manager</span> option
(5722-SS1 Option 34) installed?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is <span class="keyword">iSeries™ Access for Windows<sup>®</sup></span> (5722-XE1)
installed?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is <span class="keyword">iSeries Navigator</span> installed?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is the Network subcomponent of <span class="keyword">iSeries Navigator</span> installed?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is TCP/IP Connectivity Utilities (5722-TC1) installed?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Did you set the retain server security data (QRETSVRSEC *SEC) system
value to 1?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is TCP/IP configured on your system (including IP interfaces, routes,
local host name, and local domain name)?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Is normal TCP/IP communication established between the required endpoints?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Have you applied the latest program temporary fixes (PTFs)?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">If the VPN tunnel traverses firewalls or routers that use IP packet
filtering, do the firewall or router filter rules support AH and ESP protocols?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Are the firewalls or routers configured to permit traffic over port
4500 for key negotiations. Typically, VPN partners perform IKE negotiations
over UDP port 500, when IKE detects NAT packets are sent over port 4500. </td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e23 ">Are the firewalls configured to enable IP forwarding?</td>
<td valign="top" width="20%" headers="d0e25 ">Yes</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Gateway-B configuration</caption><thead align="left"><tr><th valign="top" width="80%" id="d0e125">You need this information to configure the VPN for Gateway-B</th>
<th valign="top" width="20%" id="d0e127">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="80%" headers="d0e125 ">What type of connection are you creating?</td>
<td valign="top" width="20%" headers="d0e127 ">gateway-to-another host </td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What will you name the dynamic-key group?</td>
<td valign="top" width="20%" headers="d0e127 ">CHIgw2MINhost</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What type of security and system performance do you require to protect
your keys?</td>
<td valign="top" width="20%" headers="d0e127 ">balanced</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">Are you using certificates to authenticate the connection? If no, what
is the preshared key?</td>
<td valign="top" width="20%" headers="d0e127 ">No : topsecretstuff</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What is the identifier of the local key server?</td>
<td valign="top" width="20%" headers="d0e127 ">IP address: 214.72.189.35</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What is the identifier of the local data endpoint?</td>
<td valign="top" width="20%" headers="d0e127 ">Subnet: 10.8.11.0 Mask: 255.255.255.0</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What is the identifier of the remote key server?</td>
<td valign="top" width="20%" headers="d0e127 ">IP address: 146.210.18.51</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What is the identifier of the remote data endpoint?</td>
<td valign="top" width="20%" headers="d0e127 ">IP address: 146.210.18.51</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What ports and protocols do you want to allow to flow through the connection?</td>
<td valign="top" width="20%" headers="d0e127 ">Any</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">What type of security and system performance do you require to protect
your data?</td>
<td valign="top" width="20%" headers="d0e127 ">balanced</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e125 ">To which interfaces does the connection apply?</td>
<td valign="top" width="20%" headers="d0e127 ">TRLINE</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 3. System-E configuration</caption><thead align="left"><tr><th valign="top" width="80%" id="d0e193">You need this information to configure the VPN for System-E</th>
<th valign="top" width="20%" id="d0e195">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="80%" headers="d0e193 ">What type of connection are you creating?</td>
<td valign="top" width="20%" headers="d0e195 ">host-to-another gateway</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What will you name the dynamic-key group?</td>
<td valign="top" width="20%" headers="d0e195 ">CHIgw2MINhost</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What type of security and system performance do you require to protect
your keys?</td>
<td valign="top" width="20%" headers="d0e195 ">highest</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">Are you using certificates to authenticate the connection? If no, what
is the preshared key?</td>
<td valign="top" width="20%" headers="d0e195 ">No : topsecretstuff</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What is the identifier of the local key server?</td>
<td valign="top" width="20%" headers="d0e195 ">IP address: 56.172.1.1</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What is the identifier of the remote key server? <div class="note"><span class="notetitle">Note:</span> If the Firewall-C
IP address is unknown, you can use *ANYIP as the identifier for
the remote key server.</div>
</td>
<td valign="top" width="20%" headers="d0e195 ">IP address: 129.42.105.17</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What is the identifier of the remote data endpoint?</td>
<td valign="top" width="20%" headers="d0e195 ">Subnet: 10.8.11.0 Mask: 255.255.255.0</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What ports and protocols do you want to allow to flow through the connection?</td>
<td valign="top" width="20%" headers="d0e195 ">Any</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">What type of security and system performance do you require to protect
your data?</td>
<td valign="top" width="20%" headers="d0e195 ">highest</td>
</tr>
<tr><td valign="top" width="80%" headers="d0e193 ">To which interfaces does the connection apply?</td>
<td valign="top" width="20%" headers="d0e195 ">TRLINE</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajaupdscenario.htm" title="In this scenario, a large insurance company wants to establish a VPN between a gateway in Chicago and a host in Minneapolis when both networks are behind a firewall.">Scenario: Firewall Friendly VPN</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzajaudpconfigurevpn-b.htm">Configure VPN on Gateway-B</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>