Completing the planning worksheets

 

The planning checklists illustrate the type of information you need before you begin configuring the VPN. All answers on the prerequisite checklist must be YES before you proceed with VPN setup.

These worksheets apply to System-A, repeat the process for System-C, reversing IP addresses as necessary.

Table 1. System requirements
Prerequisite checklist Answers
Is your operating system OS/400® V5R2 (5722-SS1) or later? Yes
Is the Digital Certificate Manager option (5722-SS1 Option 34) installed? Yes
IsiSeries™ Access for Windows® (5722-XE1) installed? Yes
Is iSeries Navigator installed? Yes
Is the Network subcomponent of iSeries Navigator installed? Yes
Is TCP/IP Connectivity Utilities (5722-TC1) installed? Yes
Did you set the retain server security data (QRETSVRSEC *SEC) system value to 1? Yes
Is TCP/IP configured on your system (including IP interfaces, routes, local host name, and local domain name)? Yes
Is normal TCP/IP communication established between the required endpoints? Yes
Have you applied the latest program temporary fixes (PTFs)? Yes
If the VPN tunnel traverses firewalls or routers that use IP packet filtering, do the firewall or router filter rules support AH and ESP protocols? Yes
Are the firewalls or routers configured to permit IKE (UDP port 500), AH, and ESP protocols? Yes
Are the firewalls configured to enable IP forwarding? Yes

Table 2. VPN configuration
You need this information to configure the VPN Answers
What type of connection are you creating? gateway-to-gateway
What will you name the dynamic-key group? HRgw2FINgw
What type of security and system performance do you require to protect your keys? balanced
Are you using certificates to authenticate the connection? If no, what is the preshared key? No topsecretstuff
What is the identifier of the local key server? IP address: 204.146.18.227
What is the identifier of the local data endpoint? Subnet: 10.6.0.0 Mask: 255.255.0.0
What is the identifier of the remote key server? IP address: 208.222.150.250
What is the identifier of the remote data endpoint? Subnet: 10.196.8.0 Mask: 255.255.255.0
What ports and protocols do you want to allow to flow through the connection? Any
What type of security and system performance do you require to protect your data? balanced
To which interfaces does the connection apply? TRLINE

 

Parent topic:

Scenario: Basic business to business connection