Using IPSec tunnels

Dynamic tunnels are relatively easy to use, by means of the graphical interface provided with TCP/IP V4.1 and above. For this reason, and because dynamic tunnels may only be used to connect with an AIX SecureWay Firewall server, this book does not discuss them further. A detailed example of using dynamic tunnels is provided in chapter 7 of IBM RedBook SG23-5201-00, A Comprehensive Guide to Virtual Private Networks, Volume I: IBM Firewall, Server and Client Solutions

The remainder of this chapter is concerned with the configuration and use of manual tunnels.

Setting up a manual IPSec tunnel involves the following steps:

• Install the device drivers for packet filtering, IPSec and the encryption algorithms you will use.

• Create the tunnel by means of a tunnel context entry.

• Define the tunnel's behaviour by creating a tunnel policy.

• Create filter rules which will direct the appropriate IP traffic through the tunnel.

These steps are described over the next several pages.

The following conventions are used in this section:

• The current system is referred to as the 'local host'.

• The system on the other end of the tunnel is referred to as the 'partner host'.

• The directory indicated by the environment variable ETC is listed as '%ETC%'. On most systems, this defaults to the directory 'x:\MPTN\ETC' (where x is the drive on which MPTS is installed).