A tunnel context entry defines the properties of an IPSec tunnel (and its Security Associations).
Tunnel context entries are configured by entering the tunnel parameters into the configuration file
%ETC%\SECURITY\FWMCTX.MAN
Note: It is possible to use a different file name; however, doing so will cause an error in CFGFILT when the filter rules are activated.
A context entry within the configuration file has the following fields, one per line:
Line 1
Multiple tunnel context entries can be defined in this file by specifying them one after another.
Connecting two MPTS IPSec hosts
If you are creating a tunnel between two hosts running MPTS V5.3 or above, you (and/or the administrator on the partner host) can use the tunnel context definition on one host as the basis for the corresponding definition on the other host.
To do this, create the tunnel context definition on the first host; then, copy the file FWMCTX.MAN over to the other host. Edit the copy of FWMCTX.MAN on the other host, and swap the following values:
Line 1 and Line 2 Line 4 and Line 6
Line 5 and Line 7
Line 8 and Line 11
Line 9 and Line 12 (These should both be 8, so there is no need to
swap)
Line 10 and Line 13
Line 14 and Line 17 (These should both be KEYED_MD5, so there is
no need to swap)
Line 15 and Line 18 (These should both be 16, so there is no need
to swap)
Line 16 and Line 19
Activating the tunnel
To activate a tunnel, the HAND_K command is used to load the context entries into the IPSec driver:
hand_k fwmctx.man
from within the directory where FWMCTX.MAN is located.
If this command is successful, it will return with no output. Any output produced by the HAND_K command indicates an error. Typical causes of errors include syntax errors in FWMCTX.MAN, or one of the required device drivers not being loaded.
The tunnel must also be activated on the partner host, according to whatever method is appropriate for the partner's VPN software.