Configuring a PPP connection profile and virtual line on System-A

 

Now that a VPN connection is configured on System-A you need to create the PPP profile for System-A. The PPP profile has no physical line associated with it; instead, it uses a virtual line. This is because the PPP traffic tunnels through the L2TP tunnel, while VPN protects the L2TP tunnel.

Follow these steps to create a PPP connection profile for System-A:

  1. In iSeries™ Navigator, expand System-A > Network > Remote Access Services.

  2. Right-click Originator Connection Profiles and select New Profile.

  3. On the Setup page, select PPP for the protocol type.

  4. For Mode selections, select L2TP (virtual line).

  5. Select Initiator on-demand (voluntary tunnel) from the Operating mode drop-down list.

  6. Click OK to go to the PPP profiles properties pages.

  7. On the General page, enter a name that identifies the type and the destination of the connection. In this case, enter toCORP. The name you specify must be 10 characters, or less.

  8. Optional: Specify a description for the profile.

  9. Go to the Connection page.

  10. In the Virtual line name field, select tocorp from the drop-down list. Remember that this line has no associated physical interface. The virtual line describes various characteristics of this PPP profile; for example, the maximum frame size, authentication information, the local host name, and so on. The L2TP Line Properties dialog box opens.

  11. On the General page, enter a description for the virtual line.

  12. Go to the Authentication page.

  13. In the Local host name field, enter the host name of the local key server, SystemA.

  14. Click OK to save the new virtual line description and return to the Connection page.

  15. Enter the remote tunnel endpoint address, 205.13.237.6, in the Remote tunnel endpoint address field.

  16. Select Requires IPSec Protection and select the dynamic-key group you created in previous step Configuring VPN on System-A, l2tptocorp from the Connection group name drop-down list.

  17. Go to the TCP/IP Settings page.

  18. In the Local IP address section, select Assigned by remote system.

  19. In the Remote IP address section, select Use fixed IP address. Enter 10.6.11.1, which is the remote system's IP address in its subnet.

  20. In the routing section, select Define additional static routes and click Routes. If there is no routing information provided in the PPP profile, then System-A is only able to reach the remote tunnel endpoint but not any other system on the 10.6.0.0 subnet.

  21. Click Add to add a static route entry.

  22. Enter the subnet, 10.6.0.0, and the subnet mask, 255.255.0.0 to route all 10.6.*.* traffic through the L2TP tunnel.

  23. Click OK to add the static route.

  24. Click OK to close the Routing dialog box.

  25. Go to the Authentication page to set the user name and password for this PPP profile.

  26. In the Local system identification section, select Allow the remote system to verify the identity of this system.

  27. Under Authentication protocol to use select Require encrypted password (CHAP-MD5).In the Local system identification section, select Allow the remote system to verify the identity of this system.

  28. Enter the user name, SystemA, and a password.

  29. Click OK to save the PPP profile.

 

Parent topic:

Scenario: Protecting an L2TP voluntary tunnel with IPSec
Previous topic: Configuring VPN on System-A
Next topic: Applying the l2tptocorp dynamic-key group to the toCorp PPP profile