Configuring VPN on System A

 

After completing your planning for virtual private network (VPN) connections, you can configure System A to use VPN to secure transmission of data between the two networks.

Tip: If VPN server is already started when you run the VPN New Connection wizard, the wizard will not automatically find the certificate store or any of the certificates you just created. If the VPN server is running, restart it on iSeries™ Navigator before running the VPN New Connection wizard.

IP addresses used in this scenario are meant for example purposes only. They do not reflect an IP addressing scheme and should not be used in any actual configuration. Use your own IP addresses when completing these tasks. The administrator for MyCo, Inc uses the planning worksheet generated from the VPN planning advisor to configure a VPN on System A.

  1. In iSeries Navigator, expand System A > Network > IP Policies.

  2. Right-click Virtual Private Networking and select New Connection to start the Connection wizard. Review the Welcome page for information about what objects the wizard creates.

  3. On the Connection Name page, enter SalestoCorporate in the Name field. (Optional) Specify a description for this connection group. Click Next.

  4. On the Connection Scenario page, select Connect your gateway to another gateway. Click Next.

  5. On the Internet Key Exchange Policy page, select Create a new policy and then select Highest security, lowest performance. Click Next.

  6. On the Certificate for Local Connection Endpoint page, select Yes and select mycocert from the list of certificates. Click Next.

  7. On the Local Connection Endpoint Identifier page, select Version 4 IP address as the identifier type. The associated IP address should be 192.168.1.2. This information is defined in the certificate that you create in Digital Certificate Manager (DCM). Click Next twice.

  8. On the Remote Key Server page, select Version 4 IP address in the Identifier type field. Enter 172.16.1.3 in the Identifier field. This is the IP address for System B in the network of the corporate office. Click Next.

  9. On the Local Data Endpoint page, select IP version 4 subnet as the identifier type, and enter 10.1.1.0 for the identifier, and 255.255.255.0 as the mask.

  10. On the Remote Data Endpoint page, select IP version 4 subnet as the identifier type, and enter 10.2.1.0 for the identifier, and 255.255.255.0 as the mask.

  11. On the Data Services page, select Any port for the local port, Any port for the remote port, and Any protocol for the protocol. Click Next.

  12. On the Data Policy page, select Create a new policy, and then select Highest security, lowest performance. Click Next.

  13. On the Applicable Interfaces page, select ETHLINE. Click Next.

  14. On the Summary page, review the objects that the wizard will create to ensure they are correct.

  15. Click Finish to complete the configuration. When the Activate Policy Filters dialog opens, select No, packet rules will be activated at a later time, and then click OK.

 

Parent topic:

Configuring VPN connection between the branch sales office and the corporate office
Previous topic: Completing planning worksheets for VPN connection from the branch office to remote sales employees
Next topic: Configuring VPN on System B