The planning checklists illustrate the type of information you need before you begin configuring the VPN. All answers on the prerequisite checklist must be YES before you proceed with VPN setup.
These worksheets apply to System-A, repeat the process for System-C, reversing IP addresses as necessary.
Prerequisite checklist | Answers |
---|---|
Is your operating system OS/400® V5R2 (5722-SS1) or later? | Yes |
Is the Digital Certificate Manager option (5722-SS1 Option 34) installed? | Yes |
IsiSeries™ Access for Windows® (5722-XE1) installed? | Yes |
Is iSeries Navigator installed? | Yes |
Is the Network subcomponent of iSeries Navigator installed? | Yes |
Is TCP/IP Connectivity Utilities (5722-TC1) installed? | Yes |
Did you set the retain server security data (QRETSVRSEC *SEC) system value to 1? | Yes |
Is TCP/IP configured on your system (including IP interfaces, routes, local host name, and local domain name)? | Yes |
Is normal TCP/IP communication established between the required endpoints? | Yes |
Have you applied the latest program temporary fixes (PTFs)? | Yes |
If the VPN tunnel traverses firewalls or routers that use IP packet filtering, do the firewall or router filter rules support AH and ESP protocols? | Yes |
Are the firewalls or routers configured to permit IKE (UDP port 500), AH, and ESP protocols? | Yes |
Are the firewalls configured to enable IP forwarding? | Yes |
You need this information to configure the VPN | Answers |
---|---|
What type of connection are you creating? | gateway-to-gateway |
What will you name the dynamic-key group? | HRgw2FINgw |
What type of security and system performance do you require to protect your keys? | balanced |
Are you using certificates to authenticate the connection? If no, what is the preshared key? | No topsecretstuff |
What is the identifier of the local key server? | IP address: 204.146.18.227 |
What is the identifier of the local data endpoint? | Subnet: 10.6.0.0 Mask: 255.255.0.0 |
What is the identifier of the remote key server? | IP address: 208.222.150.250 |
What is the identifier of the remote data endpoint? | Subnet: 10.196.8.0 Mask: 255.255.255.0 |
What ports and protocols do you want to allow to flow through the connection? | Any |
What type of security and system performance do you require to protect your data? | balanced |
To which interfaces does the connection apply? | TRLINE |