A dynamic tunnel is a special IBM tunnel implementation which allows a connection based on the client's system name instead of its IP address. It is also capable of exchanging encryption keys automatically (using an SSL connection) in advance of establishing a tunnel.
This implementation was designed to accomodate clients which may not have fixed IP addresses, such as those in a DHCP or dial-up environment.
Dynamic tunnels of this type are not part of the IPSec standards, and may only be used when connecting to an IBM SecureWay Firewall server.
TCP/IP versions 4.1 and above include an optional VPN client program which may be used to establish dynamic tunnels to an AIX firewall.
When establishing a tunnel to any other platform, you must use a manual tunnel configuration.