Updating VPN policies for remote connections from Windows XP and Windows 2000 clients

Because the wizard creates a standard connection that can be used for most virtual private network (VPN) configurations, you will need to update the policies that are generated by the wizard to ensure interoperability with Windows^® XP and Windows 2000 clients.

To update these VPN policies, complete the following tasks:

1. From iSeries™ Navigator, expand System A > Network > IP Policies > Virtual Private Networking > IP Security Policies.

2. Double-click Internet Key Exchange Policies and right-click Any IP address and select Properties.

3. On the Transform page, click Add.

4. On the Add Internet Key Exchange Transform page, select the following options:

   • Authentication method: Pre-shared key

   • Hash algorithm: MD5

   • Encryption algorithm: DES-CBC

   • Diffie-Hellman group: Group 1

5. Click OK.

6. From iSeries Navigator, expand System A > Network > IP Policies > Virtual Private Networking > IP Security Policies.

7. Double-click Data Policies and right-click SalestoRemote and select Properties.

8. On the General page, clear Use Diffie-Hellman perfect forward secrecy.

9. Select the ESP Proposal, click Edit.

10. On the Data Policy Proposal page, modify the options as follows:

    • Encapsulation mode: Transport

    • Key expiration: 15 minutes

    • Expire at size limit: 100000

11. On the Transform page, click Add.

12. On the Add Data Policy Transform page, select the following options:

    • Protocol: Encapsulating security payload (ESP)

    • Authentication algorithm: MD5

    • Encryption algorithm: DES-CBC

13. Click OK twice.

Parent topic: