Scenario: Connecting remote dial-in clients to your system

 

Remote users, such as telecommuters or mobile clients, often require access to a company's network. These dial-in clients can gain access to a system with Point-to-Point Protocol (PPP).

 

Situation

As an administrator of your company's network, maintain both your system and network clients. Instead of coming into work to troubleshoot and fix problems, you need the capability to work from a remote location, such as your home. Because your company does not have an Internet-bound network connection, you can dial into your system using a PPP connection. Additionally, the only modem you currently have is your 7852-400 electronic customer support modem and you need to use this modem for your connection.

Figure 1. Connecting remote clients to your system

 

Solution

You can use PPP to connect your home PC to your system using your modem. Because you are using your electronic customer support modem for this type of PPP connection, ensure that your modem is configured for both synchronous and asynchronous modes. The figure shows a system with PPP services that is connected to a LAN with two PCs. The remote worker then dials into the system. The system authenticates itself and becomes part of the work network (192.168.1.0). In this case, it is easiest to assign a static IP address to the dial-in client.

The remote worker uses Challenge Handshake Authentication Protocol (CHAP-MD5) to authenticate with the system. The system cannot use MS_CHAP, so make sure that your PPP client uses CHAP-MD5.

If you want your remote workers to have access to the company network as implied above, IP forwarding needs to be set on in the TCP/IP stack as well as your PPP receiver profile, and IP routing must be configured correctly. If you want to limit or secure what actions your remote client can take in your network, you can use filtering rules to handle their IP packets.

The preceding figure only has one remote dial-in client, because the electronic customer support modem can only handle one connection at a time.

 

Sample configuration

To set up a sample PPP configuration from iSeries™ Navigator, follow these steps:

  1. Configure Dial-up Networking and create a dial-up connection on the remote PC.

  2. Configure a receiver connection profile on your system.

    Ensure that you enter the following information:

    • Protocol type: PPP

    • Connection type: Switched-line

    • Operating mode: Answer

    • Link configuration: This might be single line, or a line pool, depending on your environment.

  3. On the General page of the New Point-to-Point Profile Properties, enter a name and description for the receiver profile.

  4. Click Connection to open the Connection page. Choose the appropriate Line name, or create a new one by typing a new name, and clicking New.

    1. On the General page, highlight an existing hardware resource where your 7852–400 adapter is attached and set the Framing to Asynchronous.

    2. Click Modem to open the Modem page. From the Name select list, choose the IBM 7852–400 modem.

    3. Click OK to return to New Point-to-Point Profile Properties page.

  5. Click Authentication to open the Authentication page.

    1. Select Require this iSeries server to verify the identity of the remote system.

    2. Select Authenticate locally using a validation list and add a new remote user to the validation list.

    3. Select Allow encrypted password (CHAP-MD5).

  6. Click TCP/IP Settings to open the TCP/IP page.

    1. Select the local IP address of 192.168.1.1.

    2. For the remote IP address, select Fixed IP address with a starting IP address of 192.168.1.11.

    3. Select Allow remote system to access other networks.

  7. Click OK to complete the profile.

 

Parent topic:

Scenarios: Remote access using PPP connections

Related concepts
Planning PPP

Related tasks
Creating a connection profile
Related reference
Challenge Handshake Authentication Protocol with MD5 Link configuration Line pool