friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamu_5.4.0.1/rzamuconremote.htm

214 lines
13 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Scenario: Enable remote connections" />
<meta name="abstract" content="Your company has a branch sales office that has several remote sales personnel who need to connect to your iSeries server. You also connect to your corporate office located in another state. Because the information that is transmitted between these areas of your company is sensitive, you are concerned about protecting it as it is sent across the Internet. Use this scenario to configure connections to remote clients and servers." />
<meta name="description" content="Your company has a branch sales office that has several remote sales personnel who need to connect to your iSeries server. You also connect to your corporate office located in another state. Because the information that is transmitted between these areas of your company is sensitive, you are concerned about protecting it as it is sent across the Internet. Use this scenario to configure connections to remote clients and servers." />
<meta name="DC.Relation" scheme="URI" content="rzamudynamic2.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamudcmsteps.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamuconfigurevpn.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamumobilesteps.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzajb/rzajbrzajb0ippacketsecuritysd.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzajw/rzajwkickoff.htm" />
<meta name="DC.Relation" scheme="URI" content="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245954.pdf" />
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahudcmscenariosoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzaja/rzajascenarios.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzaiy/rzaiyscenarios.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzamuconremote" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scenario: Enable remote connections</title>
</head>
<body>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<div class="nested0" id="rzamuconremote"><a name="rzamuconremote"><!-- --></a><h1 class="topictitle1">Scenario: Enable remote connections</h1>
<div><p>Your company has a branch sales office that has several remote
sales personnel who need to connect to your iSeries™ server. You also connect to your
corporate office located in another state. Because the information that is
transmitted between these areas of your company is sensitive, you are concerned
about protecting it as it is sent across the Internet. Use this scenario to
configure connections to remote clients and servers.</p>
<div class="section"><h4 class="sectiontitle">Situation</h4><p>You are the network administrator for
a branch sales office that manages several mobile sales employees. You also
work with the corporate office located in another state. Both the remote sales
personnel and the corporate office need access to your internal network; however,
you are concerned about protecting information as it is transmitted over the
Internet.</p>
<p>The corporate office often needs access to
sensitive information like customer accounts and billing statements. Your
mobile sales employees transmit information to your branch sales office by
dialing an Internet service provider (ISP) through the Point-to-Point Protocol
(PPP). Because they also transmit sensitive information, you need to ensure
data integrity and privacy in these communications. You do not want sensitive
credit card numbers or customer contact information exposed to the Internet.
After researching your options for both groups of users, you have decided
to use a virtual private network (VPN) to protect your connections to the
corporate office and to use Layer Two Tunnel Protocol (L2TP) protected with
a VPN for your remote employees.</p>
</div>
<div class="section"><h4 class="sectiontitle">Objectives </h4><p>The administrators for
MyCo, Inc have the following objectives:</p>
<ul><li>To provide access to remote sales people and the corporate office</li>
<li>To use existing iSeries servers to support these goals</li>
<li>To allow remote sales people and the corporate office to access the branch
office network</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Details</h4><p>The following network topology shows the
connections between a branch sales office and a corporate headquarters and
remote sales personnel. Connections to the branch sales office are protected
through a VPN. The following descriptions of each part of this network provide
details on their configuration.</p>
<br /><img src="rzamu503.gif" alt="Enable remote connections" /><br /></div>
<div class="section"><h4 class="sectiontitle">Branch sale office</h4><ul><li>iSeries A runs on OS/400<sup>®</sup> Version 5 Release 2 (V5R2) and
contains all pertinent business applications.</li>
<li>iSeries A
acts as the gateway for the VPN connection with the branch sales office.</li>
<li>iSeries A has IP address 192.168.1.2,
which is globally routable. <div class="important"><span class="importanttitle">Important:</span> IP addresses
used in this scenario are meant for example purposes only. They do not reflect
an IP address scheme and should not be used in any actual configuration. Use
your own IP addresses when completing these tasks.</div>
</li>
<li>Subnet mask is 255.255.255.0. </li>
<li>iSeries A
connects to its subnet with the IP address 10.1.1.1. </li>
<li>Within the internal network of the branch sales office, all PCs have been
configured with a default route that points to iSeries A.</li>
<li>The fully qualified host name of iSeries A is iseriesa.myco.min.com.</li>
<li>Both iSeries A
and B can initiate connections.</li>
<li>Remote employees use a pool of IP addresses that range from of 10.1.1.100
to 10.1.1.150.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Corporate office</h4><ul><li>iSeries B
runs on OS/400 Version
5 Release 2 (V5R2) and contains all pertinent business applications.</li>
<li>iSeries B
acts as the gateway for the VPN connection for corporate office.</li>
<li>iSeries B
has the IP address of 172.16.1.3 that is globally routable. <div class="important"><span class="importanttitle">Important:</span> IP
addresses used in this scenario are meant for example purposes only. They
do not reflect an IP addressing scheme and should not be used in any actual
configuration. You should use your own IP addresses when completing these
tasks.</div>
</li>
<li>Subnet mask is 255.255.255.0. </li>
<li>iSeries B
connects to its subnet with the IP address 10.2.1.1. </li>
<li>Within the internal network of the corporate office, all PCs have been
configured with a default route that points to iSeries B.</li>
<li>The fully qualified host name of iSeries B is iseriesb.myco.wis.com.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Remote sales personnel</h4><ul><li>Laptop with a Microsoft<sup>®</sup> Windows<sup>®</sup> XP operating system</li>
<li>Remote employees use a pool of IP addresses that range from 10.1.1.100
to 10.1.1.150.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Prerequisites and assumptions</h4><p>This scenario provides
an example VPN configuration between a branch sales office and a corporate
office. It also provides instructions on how to configure remote access for
travelling sales people connecting to the branch office. This scenario assumes
that several prerequisite steps have been completed and tested, and are operational
before beginning these configuration steps. These prerequisites are assumed
to have been completed for this scenario:</p>
<ol><li>Ensure that the following licensed programs have been installed: <ul><li>OS/400 Version
5 Release 2 (5722-SS1)</li>
<li>Digital Certificate Manager (5722-SS1 Option 34) <div class="note"><span class="notetitle">Note:</span> This scenario assumes
that DCM has been installed on both systems, but it has not been configured
on either system.</div>
</li>
<li>TCP/IP Connectivity Utilities for i5/OS™ (5722-TC1) </li>
<li>IBM<sup>®</sup> HTTP
Server for iSeries (5722-DG1)</li>
<li>IBM eServer™ iSeries Access
for Windows (5722-XE1)
and iSeries Navigator</li>
<li>IBM Developer
Kit for Java™ (5722-JV1)</li>
<li>Ensure that you have the latest PTFs have been installed on your system.</li>
</ul>
</li>
<li>Ensure that the following server setup has been completed: <ul><li>TCP/IP must be configured, including IP interfaces, routes, local host
name, and local domain name.</li>
<li>Basic system security has been configured and tested.</li>
<li>The Network component of iSeries Navigator has been installed.</li>
<li>The retain server security data (QRETSVRSEC *SEC) system value has been
set to 1.</li>
<li>The shared memory (QSHRMEMCTL) system value has been set to 1.</li>
<li>Normal TCP/IP communications has been established between required endpoints.</li>
</ul>
</li>
<li>Ensure that the following requirements are on the PC that is used for
remote employees: <ul><li>Windows XP
client with a Windows 32-bit operating system is properly connected
to your iSeries server
and configured for TCP/IP.</li>
<li>A 233 Mhz processing unit.</li>
<li>Windows XP
clients must have 64 MB RAM.</li>
<li>iSeries Access
for Windows and iSeries Navigator
have been installed on the client PC.</li>
<li>Software must support IP Security (IPSec) protocol.</li>
<li>Software must support Layer 2 Tunneling Protocol (L2TP).</li>
<li>Connection to an ISP has been established.</li>
</ul>
</li>
</ol>
<p>In addition to these prerequisites, it is assumed that both networks
have set up and activated filter rules on their networks, configured routing,
and established an IP addressing scheme. If you have not completed these tasks,
see the following topics: IP filtering and network address translation (NAT)
and TCP/IP routing and workload balancing. </p>
<div class="tip"><span class="tiptitle">Tip:</span> This
scenario shows the iSeries security gateways attached directly to the
Internet. The absence of a firewall is intended to simplify the scenario.
It does not imply that the use of a firewall is not necessary. In fact, you
should consider the security risks involved anytime you connect to the Internet.
Review <a href="http://www.redbooks.ibm.com/abstracts/sg245954.html" target="_blank">AS/400<sup>®</sup> Internet Security Scenarios: A Practical Approach</a><img src="rbpdf.gif" alt="Link to PDF" />, for a
detailed description of various methods for reducing security risks.</div>
</div>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzamudcmsteps.htm">Set up Certificate Authority with Digital Certificate Manager</a><br />
</li>
<li class="olchildlink"><a href="rzamuconfigurevpn.htm">Configure VPN connection between the branch sales office and the corporate office</a><br />
</li>
<li class="olchildlink"><a href="rzamumobilesteps.htm">Configure VPN connection to remote users</a><br />
</li>
</ol>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamudynamic2.htm">Network scenarios</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="../rzajb/rzajbrzajb0ippacketsecuritysd.htm">IP filtering and network address translation (NAT)</a></div>
<div><a href="../rzajw/rzajwkickoff.htm">TCP/IP routing and workload balancing</a></div>
<div><a href="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245954.pdf" target="_blank">AS/400 Internet Security Scenarios: A Practical Approach, SG24-5954-00</a></div>
<div><a href="../rzahu/rzahudcmscenariosoverview.htm">DCM scenarios</a></div>
<div><a href="../rzaja/rzajascenarios.htm">VPN scenarios</a></div>
<div><a href="../rzaiy/rzaiyscenarios.htm">PPP scenarios</a></div>
</div>
</div></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink