friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaja_5.4.0.1/rzajavpnnat.htm

101 lines
7.1 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Network address translation for VPN" />
<meta name="abstract" content="VPN provides a means for performing network address translation, called VPN NAT. VPN NAT differs from traditional NAT in that it translates addresses before applying the IKE and IPSec protocols. Refer to this topic to learn more." />
<meta name="description" content="VPN provides a means for performing network address translation, called VPN NAT. VPN NAT differs from traditional NAT in that it translates addresses before applying the IKE and IPSec protocols. Refer to this topic to learn more." />
<meta name="DC.Relation" scheme="URI" content="rzajavpnprotocols.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajavpnnatex.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajamanwrksht.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzajavpnnat" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network address translation for VPN</title>
</head>
<body id="rzajavpnnat"><a name="rzajavpnnat"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network address translation for VPN</h1>
<div><p>VPN provides a means for performing network address translation,
called VPN NAT. VPN NAT differs from traditional NAT in that it translates
addresses before applying the IKE and IPSec protocols. Refer to this topic
to learn more.</p>
<p>Network address translation (NAT) takes your private IP addresses and translates
them into public IP addresses. This helps conserve valuable public addresses
while at the same time allows hosts in your network to access services and
remote hosts across the Internet (or other public network).</p>
<p>In addition, if you use private IP addresses, they can collide with similar,
incoming IP addresses. For example, you may want to communicate with another
network but both networks use 10.*.*.* addresses, causing the addresses to
collide and all packets to be dropped. Applying NAT to your outbound addresses
might appear to be the answer to this problem. However, if the data traffic
is protected by a VPN, conventional NAT will not work because it changes the
IP addresses in the security associations (SAs) that VPN requires to function.
To avoid this problem, VPN provides its own version of network address translation
called VPN NAT. VPN NAT performs address translation before the
SA validation by assigning an address to the connection when the connection
starts. The address remains associated with the connection until you delete
the connection.</p>
<div class="note"><span class="notetitle">Note:</span> FTP does not support VPN NAT at this time.</div>
<dl><dt class="dlterm">How should I use VPN NAT?</dt>
<dd>There are two different types of VPN NAT that you need to consider before
you begin. They are:<dl><dt class="dlterm">VPN NAT for preventing IP address conflicts</dt>
<dd>This type of VPN NAT allows you to avoid possible IP address conflicts
when you configure a VPN connection between networks or systems with similar
addressing schemes. A typical scenario is one where both companies want to
create VPN connections by using one of the designated private IP address ranges.
For example, 10.*.*.*. How you configure this type of VPN NAT depends on whether
your server is the initiator or the responder for the VPN connection. When
your server is the connection initiator, you can translate your local addresses
into ones that are compatible with your VPN connection partner's address.
When your server is the connection responder, you can translate your VPN partner's
remote addresses into ones that are compatible with your local addressing
scheme. Configure this type of address translation only for your dynamic connections.</dd>
<dt class="dlterm">VPN NAT for hiding local addresses</dt>
<dd>This type of VPN NAT is used primarily to hide the real IP address of
your local system by translating its address to another address that you make
publicly available. When you configure VPN NAT, you can specify that each
publicly known IP address be translated to one of a pool of hidden addresses.
This also allows you to balance the traffic load for an individual address
across multiple addresses. VPN NAT for local addresses requires that your
server act as the responder for its connections. <p>Use VPN NAT for hiding
local addresses if you answer yes to these questions:</p>
<ol><li>Do you have one or more servers that you want people to access by using
a VPN?</li>
<li>Do you need to be flexible about the actual IP addresses of your systems?</li>
<li>Do you have one or more globally routable IP addresses?</li>
</ol>
<p>The scenario, Use network address translation for VPN provides you
with an example of how to configure VPN NAT to hide local addresses on your iSeries™.</p>
</dd>
</dl>
</dd>
</dl>
<p>For step-by-step instructions on how to set up VPN NAT on your system,
use the online help available from the VPN interface in <span class="keyword">iSeries Navigator</span>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajavpnprotocols.htm" title="It is important that you have at least a basic knowledge of standard VPN technologies. This topic provides you with conceptual information about the protocols VPN uses in its implementation.">VPN concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajavpnnatex.htm" title="In this scenario, your company wants to exchange sensitive data with one of it's business partners by using VPN. To further protect the privacy of your company's network structure, your company will also use VPN NAT to hide the private IP address of the system it uses to host the applications to which your business partner has access.">Scenario: Use network address translation for VPN</a></div>
<div><a href="rzajamanwrksht.htm" title="Complete this worksheet before you configure a manual connection.">Planning worksheet for manual connections</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink