AS/400e. Networking PPP connections

Transcription

1 AS/400e Networking PPP connections

2

3 AS/400e Networking PPP connections

4 Copyright International Business Machines Corporation 1998, All rights resered. US Goernment Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

5 Contents Part 1. PPP connections Chapter 1. What s new for V4R Chapter 2. Print this topic Chapter 3. Planning your PPP connections PPP software and hardware requirements Choosing a mode for your PPP connection profile.. 8 Switched line Leased line Virtual line (L2TP) Choosing the type of line serice for your PPP connection Line pool Multiple-connection profile support CHAP and PAP authentication for PPP Chapter 4. Configuring your PPP connections Configuring a PPP connection profile Setting properties for PPP connection profiles.. 15 Example: Configuring a switched line-dial connection profile Testing your PPP connection profile IBM Global Network Dial Connection wizard Configuring irtual line (L2TP) connection profiles 22 Configuring irtual line (L2TP) terminator profiles Configuring irtual line (L2TP) initiator profiles 23 Configuring PPP connection profiles to use an ISDN integrated adapter Configuring ISDN line properties Configuring an ISDN network connection Configuring new ISDN network connection properties Configuring remote PC to AS/400 with PPP Example: Configuring the PPP connection profile on AS/ Example: Creating Windows dial-up connection to AS/ Example: Configuring TCP/IP for Windows to dial up AS/ Chapter 5. Configuring your modem for PPP Modem command strings Example: Configuring a modem Chapter 6. Configuring your ISDN terminal adapter ISDN terminal adapter recommendations ISDN terminal adapter restrictions ISDN properties for Courier I terminal adapter.. 36 Example: Configuring an ISDN terminal adapter.. 37 Chapter 7. Managing your PPP connections Chapter 8. Other information about PPP Copyright IBM Corp. 1998, 2000 iii

6 i AS/400e: Networking PPP connections

7 Part 1. PPP connections When two systems are physically connected, through a telephone line, it is typically referred to as a point-to-point connection or link. Support for TCP/IP Point-to-Point Protocol (PPP) is included on your AS/400 as part of the wide area network (WAN) connectiity. Exchanging data between locations is the primary reason for connecting a remote host to your AS/400 with a PPP link. Remote systems can dial into your AS/400 to access resources or other machines that are on the same network. In addition, the Point-to-Point Protocol is commonly used to connect a computer to the Internet. PPP is an Internet standard and is the most widely used connection protocol among Internet Serice Proiders (ISPs). If your company plans to connect to the Internet, there are seeral factors that you need to consider such as how to choose an ISP. To familiarize yourself with the PPP connections topic, read What s new for V4R5 to find out what information has been added since the last release. Also, you can print the entire PPP connections topic as a PDF file and read the entire topic off-line. These pages proide information to set up and manage your PPP connections: Planning your PPP connections Configuring your PPP connections Configuring your modem Configuring your ISDN terminal adapter Managing your PPP connections See other information about PPP for reference material to learn more about PPP on AS/400. Copyright IBM Corp. 1998,

8 2 AS/400e: Networking PPP connections

9 Chapter 1. What s new for V4R5 New software features: For switched line mode, a new dial on-demand option called remote peer enabled allows peer systems to connect without a dedicated resource. The IBM Global Network Dial Connection wizard creates a PPP connection profile to dial into the IBM Global Network (IGN). The resulting PPP connection profile proides a standard dialing interface to one of three applications: IBM electronic serices application serer: Proides monitoring of your unique AS/400 system enironment to supply you with recommendations of personalized fixes for your system and situation. Mail Exchange: Allows you to periodically retriee mail from a single IGN account and send it to your AS/400 for distribution to your Lotus Mail users or your Simple Mail Transfer Protocol (SMTP) users. Dial-up Networking: Use other dial-up networking applications with IGN, such as standard Internet access. Each application has its own IGN dial connection profile. Latest PPP and L2TP information: For the latest program temporary fixes (PTFs) and the latest configuration information for PPP and L2TP, you should see the PPP link on the AS/400 TCP/IP home page. The link shows data that adds to and oerrides the information that is contained in the PPP connections topic. Information you asked for: Tips on how to manage your PPP connections by using Operations Naigator. Copyright IBM Corp. 1998,

10 4 AS/400e: Networking PPP connections

11 Chapter 2. Print this topic You can iew or download a PDF ersion of this document for iewing or printing. You must hae Adobe Acrobat Reader installed to iew PDF files. You can download a copy from Adobe. To iew or download the PDF ersion, select PPP connections (222 KB or about 50 pages). To sae a PDF on your workstation for iewing and printing: 1. Open the PDF in your browser (click the link aboe). 2. In the menu of your browser, click File. 3. Click Sae As. 4. Naigate to the directory in which you would like to sae the PDF. 5. Click Sae. Copyright IBM Corp. 1998,

12 6 AS/400e: Networking PPP connections

13 Chapter 3. Planning your PPP connections You need to proide your AS/400 with information so it can establish a PPP connection with another system. To do this, you configure a PPP connection profile that describes the necessary configuration information. As you plan your PPP connection profile, begin by answering these questions: Do you want your AS/400 to be able to contact another computer by dialing the telephone? Or, should your AS/400 wait to receie a call from the other system? Which type of line serice or communications line will your connection use? You need to complete these tasks before configuring your PPP connections: 1. Check PPP software and hardware requirements. 2. Choose a mode for your PPP connection profile. 3. Choose a type of line serice for your PPP connections. 4. Determine the type of authentication to use for your PPP connections. PPP software and hardware requirements Getting started with PPP requires that you hae two or more computers that support the PPP protocol. Here is a summary of the AS/400 requirements to run PPP: You must use OS/400 Version 4 Release 2 (V4R2) or later. For L2TP connections, you must use OS/400 V4R4 or later. You need to ensure that Operations Naigator and all of its component plug-ins were installed during the installation of Client Access Express. To erify this, do these steps: 1. Open your Client Access folder and double-click Selectie Setup. 2. Click Next three times. 3. Verify that all the components hae a check mark. If so, all the components hae been installed, and therefore, you can skip the rest of these steps. 4. Click each component that does not hae a check mark to install it. 5. Click Next twice to install the components. Then follow the wizards instructions to complete the installation. You must hae one the adapters below installed in your AS/400 to use PPP line descriptions. 2699: Two-line WAN IOA 2720: PCI WAN/Twinaxial IOA 2721: PCI Two-line WAN IOA 2745: PCI Two-line WAN IOA (replaces IOA 2721) 2750: PCI ISDN Basic Rate Interface U IOA (2-wire interface) 2751: PCI ISDN Basic Rate Interface S/T IOA (4-wire interface) 2761: Eight-port analog modem IOA For L2TP connections, you do not need a physical link layer adapter. You need an external or internal modem, integrated serices digital network (ISDN) terminal adapter, or channel serice unit (CSU)/data serice unit (DSU) to send and receie digital data oer the connection. Copyright IBM Corp. 1998,

14 You need to make arrangements for a dial-up account with an Internet Serice Proider (ISP) if you plan to connect to the Internet. Choosing a mode for your PPP connection profile In AS/400 terms, an operating mode consists of the line connection type and the mode type for your profile. The mode allows you to specify how you will use your PPP connection. To choose the line connection type and the mode type for your enironment, follow these steps: 1. Read the descriptions of the line connection types that are described below. Select the one that best matches your enironment. 2. For the line connection type you selected, follow the link for mode type descriptions. Then, decide which mode type is appropriate for the connection that you will configure. 3. Record the line connection type and the mode type so you will hae this information aailable when you start to configure your PPP connections. The line connection types that you may choose from are: Switched line: Select this type if you are using an internal or external modem, an internal ISDN Basic Rate Interface adapter, or an external ISDN terminal adapter to connect oer a telephone line. Leased line: Select this type if you hae a dedicated line between the local AS/400 and the remote system. With a leased line, a modem or ISDN terminal adapter is not required to connect the two systems. Virtual line (L2TP): Select this type to proide a connection between systems that use Layer Two Tunneling Protocol (L2TP). Once an L2TP tunnel is established, a irtual PPP connection is made between your AS/400 and the remote system. By using L2TP tunneling in conjunction with IP security (IP-SEC), you can send, route, and receie secure data oer the Internet. Switched line A switched line connection between two systems turns on or off, depending on whether a telephone connection has been established. With a switched line mode you can make calls wheneer you need to. One of the following mode types must be selected if you choose a switched line connection: Switched line: answer Choose this mode type to enable a remote system to dial into the AS/400. Switched line: dial Choose this mode type to enable the AS/400 to dial out to a remote system. Switched line: dial on-demand (dial only) Choose this mode type to enable the AS/400 to automatically dial a remote system when TCP/IP traffic is detected for the system. The connection ends when all data is exchanged and no TCP/IP traffic flows for a specified period of time. Switched line: dial on-demand (answer-enabled dedicated peer) Choose this mode type to allow the AS/400 to answer calls from a dedicated remote system. This mode will also allow the AS/400 to call the remote system when TCP/IP traffic for the remote system is detected. If both systems are 8 AS/400e: Networking PPP connections

15 AS/400s and use this mode type, TCP/IP traffic flows between the two systems, on-demand, without the need for a permanent physical connection. This mode type requires a dedicated resource. The remote peer must dial in for the mode type to function properly. Switched line: dial on-demand (remote peer enabled) Choose this mode type to enable a remote system to be dialed or answered. To handle incoming calls, you must reference an existing answer profile from a PPP connection profile that specifies this mode type. This enables one answer profile to handle all incoming calls from one or more remote peers and to handle a separate dial on-demand profile for each outgoing call. This mode type does not require a dedicated resource to handle the incoming calls from remote peers. Leased line A leased line connection between two systems is considered a permanent or dedicated line. It is always open and aailable. In a leased line connection, one end of the connection is configured as the initiator, and the other end is configured as the terminator. The terminator mode type refers to a leased line answer profile, and the initiator mode type refers to a leased line dial profile. One of the following mode types must be selected if you choose a leased line connection: Leased line (terminator): Choose this mode type to enable a remote system to access the AS/400 through a dedicated line. Leased line (initiator): Choose this mode type to enable the AS/400 to access a remote system through a dedicated line. Virtual line (L2TP) One of the following mode types must be selected if you choose a irtual line (L2TP) connection: Virtual line (terminator): Choose this mode type to enable a remote system to connect to the AS/400 oer an L2TP tunnel. Virtual line (initiator): Choose this mode type to enable the AS/400 to connect to a remote system oer an L2TP tunnel. Layer 2 Tunneling Protocol (L2TP) for PPP connections Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that extends PPP to support a link layer tunnel between a requesting L2TP client and the target L2TP serer endpoint. By using L2TP tunnels, it is possible to separate the location at which the dial-up protocol ends and where access to the network is proided. The tunnel can extend across the entire PPP session or only across one segment of a two-segment session. The tunnel implementation can be represented by three different tunneling models. The AS/400 can be the initiator or the terminator for any of these models. Also, an Internet Serice Proider (ISP) uses the irtual line mode to operate Virtual Priate Networks (VPN). See Configuring an L2TP connection protected by VPN for a better understanding of how VPN works with L2TP. The following figures illustrate the proper mode to select for each scenario. Chapter 3. Planning your PPP connections 9

16 Figure 1. PPP Virtual Initiator or PPP Virtual Terminator (Voluntary tunnel) Figure 2. PPP Dial Initiator or PPP Virtual Terminator (Compulsory tunnel-incoming call) Choosing the type of line serice for your PPP connection The type of line serice that you choose is used to define the line or line pool that represents your PPP connection. Your options for type of line serice are: Single line: Choose this line serice to define a PPP line that is associated with an analog modem. This option is also used for leased lines where a modem is not required. The PPP connection profile will always use the same AS/400 communications port resource. Line pool: Choose this line serice to select a PPP line from a line pool when the connection profile starts. Use this line serice when you want a single connection profile to handle multiple incoming analog calls or to handle a single outgoing analog call. The PPP line returns to the line pool when the connection profile ends. You can also use the line pool option when you want a single connection profile to handle multiple incoming analog calls at the same time. In this instance, you need to indicate the maximum number of connections on the Connections page of the New Point-to-Point Profile Properties dialog when you configure your connection profile. See Multiple-connection profile support for information about creating and using multiple-connection line pools. Integrated ISDN line: Choose this line serice to define a PPP line that is associated with an ISDN network connection. The adantages of using an integrated line (ISDN) include clearer communication at faster speeds. The aim of ISDN is to proide uniersal connectiity by using a single interface and a high-speed digital network to transport all types of data. Another adantage of using a digital line is the 10 AS/400e: Networking PPP connections

17 capability of fast connection times for switched connections. Analog modem connections can take up to 30 seconds or more to establish, while an ISDN connection takes only a few seconds. Line pool You can specify one or more line descriptions in a line pool. When the PPP connection profile starts, your AS/400 selects an unused line from the line pool. For Dial on-demand profiles, the system does not select the line until it detects TCP/IP traffic for the remote system. You can use a line pool instead of defining a particular line description for a connection profile. Adantages of using line pools: You do not commit a line resource to a connection profile until it starts. For connection profiles that use a specific line, the connection profile ends if the line is not aailable. For connection profiles that use a line pool, only one line in the line pool must be aailable when the profile starts. You can use dial-on-demand profiles with line pools to use resources more efficiently. The system selects a line from the line pool only when using a dial-on-demand connection. At other times, other connection profiles can use the same line. You can start more profiles than you hae resources to support. If, for example, your enironment needs four unique connection types, but you only need two lines at any gien time, here is what you would do. You would create four dial-on-demand connection profiles and hae each profile reference a pool that contains two line descriptions. Each of the lines would be aailable for use by all four connection profiles, thus allowing two connections to be actie at any time. By using a line pool, you do not need to hae four separate lines. Multiple-connection profile support Point-to-point connection profiles that support multiple connections allow you to hae one connection profile that handles many digital, analog, or L2TP calls. This is useful when you want multiple users to connect to your AS/400 but do not want to specify a separate point-to-point connection profile to handle each PPP line. This feature is especially useful for the port integrated modem where eight lines are aailable for use from one adapter, or the 2750 and 2751 adapters, which support eight separate ISDN B-channel connections. For analog lines with multiple-connection profile support, all lines in the specified line pool are used up to the maximum number of connections. Basically, a separate connection profile job is started for each line that is defined in the line pool. All connection profile jobs wait for incoming calls on their respectie lines. Local IP address for multiple-connection profiles: You can use the local IP address with multiple-connection profiles, but it must be an existing IP address that is defined on your AS/400. You can use the Local IP address pull down list to select the existing address. Remote users can access the resources that are on your local network if you choose its local AS/400 IP address as the local IP address for your PPP profile. Also, you must define the IP addresses that are in the remote IP address pool to be in the same network as the local IP address. Chapter 3. Planning your PPP connections 11

18 If you do not hae a local AS/400 IP address or do not want the remote users to access the LAN, you must define a irtual IP address for your AS/400. A Virtual IP address is also known as a circuitless interface. Your point-to-point profiles can use this IP address as their local IP address. Since this address is not tied to a physical network, it will not automatically forward traffic to other networks that are attached to your AS/400. To create a Virtual IP address, follow these steps: 1. In Operations Naigator, expand your AS/400 serer > Network >Protocols. 2. Right-click TCP/IP and select New Interface >Virtual IP. 3. Follow the Interface Wizard instructions to create your Virtual IP interface. Your point-to-point connection profiles can use the Virtual IP address once it is created. You can use the pull down list from the Local IP address field that is on the TCP/IP Settings page to use the address with your profile. Note: The Virtual IP address must be actie prior to starting your multiple-connection profile; otherwise, the profile will not start. To actiate the address after creating the interface, you select the option to start the address when using the Interface Wizard. Also, you should set IP forwarding to No to ensure that the address does not forward traffic to other networks that are attached to your AS/400. Remote IP address pools for multiple-connection profiles: You can also use remote IP address pools with multiple-connection profiles. A typical one-connection point-to-point profile only allows you to specify one remote IP address, which is gien to the calling system when the connection is made. Since multiple callers can now connect simultaneously, a remote IP address pool is used to define a starting remote IP address as well as a range of additional IP addresses that are gien to the calling system. Line pool restrictions: These restrictions apply when using line pools for multiple connections: A specific line can only exist in one line pool at a time. If you remoe a line from a line pool, it can be used in another line pool. When starting a multiple connection profile that uses a line pool, all lines in the line pool are used up to the maximum number of connections. When there are no aailable lines, all new connections will fail. Also, if there are no aailable lines and another profile starts, it will end. When you start a single connection profile that has a line pool, the system uses only one line from the line pool. If you start a multiple connection profile that uses the same line pool, the remaining lines in the line pool are aailable for use. Remote IP address pools The system can use remote IP address pools for any answering or terminating point-to-point connection profile that is used with multiple incoming connections. This includes L2TP, natie ISDN, and line pools with a maximum number of connections greater than one. This function allows the system to assign a unique remote IP address to each incoming connection. The first system to connect receies the IP address defined in the Starting IP address field. If that address is already in use, the next aailable IP address within the Number of addresses range is gien out. For example, assume that the Starting IP address is and the Number of addresses is defined as 5. The aailable 12 AS/400e: Networking PPP connections

19 addresses within the remote IP address pool will be , , , , and The subnet mask defined for the remote IP address pool addresses will always be These restrictions apply when using remote IP address pools: More than one connection profile can specify the same address pool. Howeer, once all the addresses in the pool are used, any subsequent connection request is refused until another connection ends and frees up an address. To allocate specific addresses to some remote systems while allowing other incoming systems to use an address from the pool, follow these steps: 1. Enable Remote system authentication from the Authentication tab, so the user name of the remote system can be learned. 2. Define a remote IP address pool for all incoming connection requests that do not require a specific IP address. 3. Define Remote IP addresses for specific users by clicking Routing that is on the TCP/IP Settings page. From the Routing dialog, enter specific remote IP addresses and subnet masks for indiidual remote user names. You can also use this dialog box to define additional routes for the remote system. When the remote user connects, the AS/400 determines whether a specific IP address is defined for this user. In this case, the IP address is gien to the remote system; otherwise, an address from the remote IP address pool is returned. CHAP and PAP authentication for PPP The PPP protocol defines two types of authentication that peer systems can use to identify each other: Challenge Handshake Authentication Protocol (CHAP): CHAP uses an algorithm (MD-5) to calculate a alue that is known only to the authenticating system and the remote deice. With CHAP, the userid and the password are always encrypted, so it is a more secure protocol than PAP. This protocol is effectie against playback and trial-and-error access attempts. CHAP authentication can occur more than once during a connection. The authenticating system sends a challenge to the remote deice that is attempting to connect to the network. The remote deice responds with a alue that is calculated by a common algorithm (MD-5) that both deices use. The authenticating system checks the response against its own calculation. Authentication is acknowledged when the alues match; otherwise, the connection is ended. Password Authentication Protocol (PAP): PAP uses a two-way handshake to proide the peer system with a simple method to establish its identity. The handshake is conducted when establishing a link. After the link is established, the remoe deice sends a userid/password pair to the authenticating system. Depending on the correctness of the pair, the authenticating system either continues or ends the connection. With PAP, the user id and password are neer encrypted which makes them possible to trace. For this reason, you should use CHAP wheneer possible. Chapter 3. Planning your PPP connections 13

20 14 AS/400e: Networking PPP connections

21 Chapter 4. Configuring your PPP connections When you hae decided on a mode and type of line serice, you can start configuring your PPP connection. To configure a connection, follow these steps: 1. Configure a PPP connection profile. A PPP connection profile has property alues that are associated with it. Those alues consist of mode, mode type, type of line serice, TCP/IP- related settings, and authentication options. 2. Test your PPP connection profile. The testing procedure makes sure that you can successfully connect to a remote host with the new connection profile. Reiew these related pages which describe arious PPP connections: IBM Global Network Dial Connection wizard Configuring irtual line (L2TP) connection profiles Configuring PPP connection profiles to use an ISDN integrated adapter Configuring remote PC to AS/400 with PPP Configuring a PPP connection profile Before you start your configuration, reiew these items: You must hae *IOSYSCFG authority to change connection profile configurations. You must hae *ALLOBJ authority to the objects to work with alidation lists or to work with irtual line properties for L2TP. Verify that you hae configured your modem or configured your terminal adapter properly. If you are connecting to the IBM Global Network (IGN), you must use the IBM Global Network Dial Connection wizard to configure a PPP connection profile. To configure a PPP connection profile, complete these steps: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile to open the New Point-to-Point Profile Properties dialog. 3. From the New Point-to-Point Profile Properties dialog, click each tab to set properties for each connection profile. To reiew an example of the configuration procedure, see Example: Configuring a switched line-dial connection profile on page 20. Setting properties for PPP connection profiles This information includes guidelines for completing each page in the New Point-to-Point Profile Properties dialog. The settings that you select on each page depend on your enironment and the type of connection you are configuring. The Operations Naigator on-line help describes each option that is on the dialog box. Examples and procedures throughout the PPP connections topic gie you additional details. General page: On this page you define a name and description for your connection profile. Copyright IBM Corp. 1998,

22 Under Mode, select a line connection type and mode type from the pull down lists. Connection page: For dial or initiator profiles, the Connection page lets you type the telephone numbers of the remote machines to which you are connecting. To create a new line description while you are configuring a PPP connection profile, see Configuring a line description for the procedure. To create a line pool while configuring your PPP connection profile, see Configuring a line pool. For answer/terminator profiles, you can define the maximum number of connections that are supported by a line pool. TCP/IP Settings page: On this page you can define the local and remote IP addresses that are used for your point-to-point connections. You can also set other TCP/IP attributes, such as IP forwarding and IP address masquerading, on this page. Local IP addresses: - For answer profiles, you can choose to use an existing local AS/400 IP address as your local point-to-point address (recommended) or choose to create a unique IP address. If you use an existing local address, the point-to-point connection that is created is known as an un-numbered network. This is because you are expanding your existing network and not creating a new one. For multiple connection answer profiles, you must use an existing local IP address. To select an existing local address, use the pull down list of the Local IP address field. The line type that the local IP address is associated with is specified next to the IP address to aid in finding the appropriate local IP address to use. - For dial profiles, the Local IP address is normally defined as dynamic, especially if the profile connects to an Internet Serice Proider (ISP). Remote IP addresses: - The remote IP address is the IP address that is defined for the remote system. For answer profiles, the remote user can access the network that is attached to the local IP address if you want them to. To do this, you use for the local IP address an existing address and use a remote ID that is on the same network as the local address. If you do not want the remote user to access the network that is attached to the local IP address, use a remote IP address that is not on the same network as the local address. - For dial profiles, the Remote IP address is normally defined as dynamic, especially if the profile is used to connect to an ISP. For Remote peer enabled mode, you can specify the Peer answer connection profile along with the Local and Remote IP addresses. If required, you can define additional routes by using the Routing button. Howeer, you can select the remote system as the default route when dialing your ISP. Then all the traffic between your AS/400 and your ISP is routed oer the point-to-point link. Use the Routing button to open the Routing dialog to add the remote system as a default gateway. Then all TCP/IP traffic without a specific route is sent oer the point-to-point link. Dynamic routing (RouteD): Select whether you want Routing Information Protocol (RIP) traffic to be receied or generated with this PPP connection profile. 16 AS/400e: Networking PPP connections

23 Static routing: Select either the remote system as the default route (dial only) or select Use static routes to add routes when the connection profile starts. Script page: On this page you can specify the SLIP connection script. PPP does not require connection scripts. SLIP uses a connection script for authentication and to pass IP address information. This page does not display for irtual line mode types. Subsystem page: On this page you can identify the name of the subsystem that will run all the jobs for a specific connection profile. The default subsystem is QSYSWRK. The subsystem is only configurable for L2TP, ISDN, or multi-connection analog line profiles. Authentication page: On this page you can define the users that may connect to the system. For dial connections, you must specify the user name and password that will be used to connect to the remote system. Challenge Handshake Authentication Protocol (CHAP) is always the recommended authentication protocol. The CHAP authentication data is encrypted and unique for each challenge. The IBM Global Network requires customers to use the Password Authentication Protocol (PAP) for authentication. Other ISPs may use CHAP. Consult your ISP to learn their user name and password requirements. Do not use the same user name and password for both CHAP and PAP protocols. Someone can discoer your CHAP user name and password by reading the unencrypted PAP user name and password. The user name and password work with a particular protocol. The authentication fails if the protocol does not match the user name and password on a challenge. Domain Name Serer page: On this page you define the domain name serer for the connection. This page only displays for dial or initiator connection profiles. Configuring a line description for PPP connections A line description describes the physical line and the line protocol including the modem or terminal adapter that are associated with the line. While you are configuring your PPP connection profile, you can start a set of dialogs to create a line description. Once you are finished with the line description, you should return to your original location and finish configuring the connection profile. To configure a digital line (ISDN), see Configuring an ISDN line. To configure an analog line, follow these steps: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile. 3. At the New Point-to-Point Profile Properties dialog, click the Connection tab. 4. Under Link configuration, select Single line from the Type of line serice list. Chapter 4. Configuring your PPP connections 17

24 a. In the Name text box, type a name for the line description. b. Click New to open the New Line Properties dialog and create a line description. 5. At the New Line Properties dialog, select a resource from the General page. 6. Click Modem, and select a modem from the name list. The modem page lets you associate a modem or ISDN terminal adapter with the line description you are using. You are required to associate a modem or an ISDN terminal adapter to the line description. Leased lines do not hae a modem or ISDN terminal adapter, so this step is not required. 7. Click OK and return to New Point-to-Point Profile Properties dialog to finish configuring your connection profile. Example: Configuring a line description: This example creates a connection profile for a switched line that dials to initiate a connection and that uses an ISDN terminal adapter. Reiew the steps in this example to help you configure your own PPP line description and its associated modem or its ISDN terminal adapter. 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile to open the New Point-to-Point Profile Properties dialog. 3. From the General page, complete these fields: For Name, specify a meaningful name, such as DIALISDN. For Description, specify a description like Switched ISDN dial profile. For Type, select PPP. For Mode, select Switched line-dial. 4. Click the Connection tab, and complete the page options: For Remote phone numbers, click Add to add a telephone number. In this example, the telephone number is , but a remote telephone number can be any of the following: Local company extension (for example, 34567) Outside telephone number (for example, 9,,,,, ) Long distance number (for example, ) If you want to disconnect from the ISP after a certain period of inactiity, select Oerride line inactiity timeout and specify the length of the timeout. In this way, the ISP does not charge you for the idle time. You are not oerriding the line inactiity timeout in this example. For Name, specify a meaningful line name like MYISDNLINE. Click New to open the New Line Properties dialog and create a line description. 5. From the General page of the New Line Properties dialog, specify alues for the following: For Description, specify a description such as ISDN switched dial line. Select a Hardware resource such as CMN15 from the list of hardware resources. For Hardware resource, select RS232/V.24 as the Interface type. For Framing, select Asynchronous. 6. Click the Connection tab to open the Connection page. For Dial command type, specify AT command set for an AT compatible modem. 18 AS/400e: Networking PPP connections

25 For Connections allowed, specify Both. Select Use flow control (RTS/CTS). For CTS timeout (10 60), specify a alue like 25 seconds. 7. Click the Link tab to open the Link page. For Line speed, select the alue for your modem. You may need to consult your modem manufacturer s user guide to obtain the correct alue. Usually, you will want to select the highest RS232/V.24 line speed that your modem supports. You should select the line speed of bps for most ISDN terminal adapters that support multilink PPP connections with asynchronous-to-synchronous PPP conersion. For Maximum frame size, specify a alue like 2048 bytes. 8. Click the Modem tab, and select the modem from the list that you would like to associate with this line description. For this example, select 3COM/US Robotics Courier I. 9. Click the ISDN Parameters tab. If you select a non-isdn modem, the tab reads Additional Parameters. If you want to add a terminal adapter command, name, and alue, click Add to open the Add Line Modem Parameters dialog. For Name, specify a useful name like Data/Voice 2 Directory Number. For Command, specify a alue such as ATS52=. For Value, the example uses To add a alue to an existing terminal adapter command, double-click an existing terminal adapter command name, such as the Data/Voice 2 Directory Number command. The Name and Command text boxes are completed for you. To change (replace) an existing terminal adapter command default alue, you must first add a corrected command to the list and delete the old one. To replace a command, select the command you want to replace and click Add. This allows you to insert a new command in the list. Then add the new command information. Note that the new command appears immediately after the command you want to replace. Then select the name of the command that you want to replace, and click Remoe. This action leaes the corrected command in place of the old one. Note: The order of the commands that are in the list may be important for some modems. 10. Click OK, and return to the New Point-to-Point Profile Properties dialog to finish configuring your connection profile. Configuring a line pool To create or change a line pool: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile. 3. At the New Point-to-Point Profile Properties dialog, click the Connection tab. 4. Under Link configuration, select Line pool from the Type of line serice list and choose one of these: To create a new line pool, type a new name in the Name text box, and click New. To change a line pool, select an existing line pool name from the drop-down list, and click Open. Chapter 4. Configuring your PPP connections 19

26 5. From the New Line Pool Properties dialog, do any of the following: To add lines to a line pool, select a line from the Aailable lines list, and click Add. The Selected lines list displays the lines that you choose. To delete lines from a line pool, select a line from the Selected lines list, and click Remoe. The lines you choose show in the Aailable lines list. 6. Click OK to complete the line pool definition. The following restrictions apply when creating line pools: A specific line can only be in one line pool at a time. If you remoe a line from a line pool, it becomes aailable to any line pool. Only lines that work with a particular Profile mode are shown in the Aailable lines list. For example, only PPP lines that are defined as switched are shown when a connection profile is defined as Dial on-demand. Example: Configuring a switched line-dial connection profile This example shows the steps to create a connection profile for switched line-dial connection to an Internet Serice Proider (ISP) by using an existing PPP line description. 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile to open the New Point-to-Point Profile Properties dialog. 3. From the General page, complete these fields: For Name, specify a meaningful name such as DIALPPP. For Description, specify a description such as Switched dial profile. For Type, select PPP. For Mode, select Switched line-dial. 4. Click the Connection tab, and follow these steps: Under Link Configuration, select Single line and the existing PPP line description name for the Type of line Serice. For Remote phone numbers, click Add to add a telephone number. In this example, the telephone number is , but a remote telephone number can be any of the following: Local company extension (for example, 34567) Outside telephone number (for example, 9,,,,, ) Long distance number (for example, ) 5. Click the TCP/IP Settings tab and select Dynamically assign for the local and remote IP addresses. If you hae another network that is attached to the AS/400 (like a LAN) with other systems and you want the other systems to hae access to the Internet through the AS/400, check the Hide address (full masquerading). 6. Click the Authentication tab. In Local system identification, select the authentication protocol and the user name and password that are used for the connection. 7. Click the Domain Name Serer tab. Enter the IP address of the domain name serer to be added when the connection is made. This setting allows you to use host names instead of IP addresses to access systems oer your PPP connection. Testing your PPP connection profile To test the PPP connection profile that you created, follow these steps: 20 AS/400e: Networking PPP connections

27 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Select Connection Profiles and find your profile name in the Profile column. 3. Right-click your profile name, and select Start. 4. Watch the Status column for these messages: Waiting for incoming call means that the serer is ready for a connection. Actie means that a connection is established for a profile with a single line and that the job is running successfully. For profiles with line pools and ISDN lines, see Actie connections. Actie connections means that a profile with line pools or ISDN lines has started and that the connections are in the process of becoming actie. You must do step 5 to find out when the connections become actie. 5. When the connection is actie, right-click the profile name and select Connections. For profiles with line pools or ISDN lines, you will also see arious status messages for the connection as it progresses to a connected state. When the status reads Actie connections, the connection is established and you are ready to proceed to the next step. 6. Locate the IP address in the RemoteIP column and record it for use in the next step. 7. Verify your connection by using the Ping command and the remote IP address. IBM Global Network Dial Connection wizard IBM proides internet access through its IBM Global Network (IGN). To access this serice, you can use the IBM Global Network Dial Connection wizard to help you configure a switched-dial PPP connection profile to dial the IGN. The wizard walks you through about eight panels and takes about ten minutes to complete. You may cancel the wizard at any time and no existing data is saed. Three types of applications can use the IGN connection: IBM electronic serices application serer: Proides monitoring of your unique AS/400 system enironment to supply you with recommendations of personalized fixes for your system and situation. Mail Exchange: Allows you to periodically retriee mail from a single IGN account and send it to your AS/400 for distribution to your Lotus Mail users or your Simple Mail Transfer Protocol (SMTP) users. Dial-up Networking: Use other dial-up networking applications with IGN, such as standard Internet access. You maintain the IBM Global Network connection profiles like any other PPP connection profiles. You need the one of these adapters to use the IBM Global Network Dial Connection wizard: 2699: Two-line WAN IOA 2720: PCI WAN/Twinaxial IOA 2721: PCI Two-line WAN IOA 2745: PCI Two-line WAN IOA (replaces IOA 2721) 2761: Eight-port analog modem IOA Before starting the IBM Global Network Dial Connection wizard, you need to collect this information about your enironment: Chapter 4. Configuring your PPP connections 21

28 The IBM Global Network account information (account number, user ID, and password) for the mail exchange application or the dial-up networking application. The IP addresses of mail serer and domain name serer for the mail exchange application. The name of the modem that is used for single line connections. To start the IBM Global Network Dial Connection wizard, follow these steps: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New IBM Global Network Dial Connection. 3. When the IBM Global Network Dial Connection wizard starts, click Help for information about completing a panel. Configuring irtual line (L2TP) connection profiles There are two types of irtual line (L2TP) connection profiles: Terminator profiles allow a remote system to connect to your AS/400 oer an L2TP tunnel. Initiator profiles allow your AS/400 to connect to a remote system oer an L2TP tunnel. Once an L2TP tunnel is established, a PPP connection is made between the AS/400 and the remote system. Read these pages for instructions on how to configure irtual line (L2TP) connection profiles: Configuring irtual line (L2TP) terminator profiles Configuring irtual line (L2TP) initiator profiles Configuring irtual line (L2TP) terminator profiles To configure a irtual line (L2TP) terminator profile, complete these steps: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile to open the New Point-to-Point Profile Properties dialog. 3. From the General page, follow these steps: a. Enter a new profile name in the Name text box. b. Under Mode, select Virtual line (L2TP) as the line connection type. c. Select Terminator from the Mode type list box. 4. Click the Connection tab, and follow these steps: a. For terminator profiles, type the IP address of the AS/400 that is at the end of the tunnel into the Local tunnel endpoint IP address text box. You can also select an IP address from the pull down list. b. To define new irtual line properties, use the steps in Configuring L2TP irtual line properties. Return to this step when you hae defined the irtual line properties. c. Type a number into the maximum number of connections to limit the number of incoming requests for this profile. 5. Click the TCP/IP Settings tab to specify local and remote IP addresses. 22 AS/400e: Networking PPP connections

29 For terminator profiles, you must specify your local IP address. The remote IP address is the address that this connection profile uses for the other end of a connection. The remote IP address can be assigned dynamically, with a specific route, or by defining remote IP address pools. (Optional) Click Routing to open the Routing dialog to define a new route. 6. Click the Authentication tab to specify the local-system or remote-system identification. 7. Click the Subsystem tab to change the subsystem where L2TP jobs are run. The default L2TP subsystem is QUSRWRK. This subsystem must be started before an L2TP connection profile is started; otherwise, the connection profile fails. If you chose to change the default subsystem, the specified subsystem must be started before L2TP connections are started. You can control access to PPP connections by ending or starting the related subsystem during specific times. 8. Click OK that is on the New Point-to-Point Profile Properties dialog to complete your connection profile. Configuring irtual line (L2TP) initiator profiles To configure a irtual line (L2TP) initiator connection profile, complete these steps: 1. In Operations Naigator, expand your AS/400 serer > Network > Point-to-Point. 2. Right-click Connection Profiles, and select New Profile to open the New Point-to-Point Profile Properties dialog. 3. From the General page, follow these steps: a. Enter a new profile name in the Name text box. b. Under Mode, select Virtual line (L2TP) as the line connection type. c. Select Initiator from the Mode type list. 4. Click the Connection tab, and follow these steps: a. To define new irtual line properties, use the steps in Configuring L2TP irtual line properties. Return to this step when you hae defined the irtual line properties. b. Type the IP address of the remote endpoint of the tunnel into the Remote tunnel endpoint IP address text box. c. Select the IP-SEC protection option to enable IP security for the connection. 5. Click the TCP/IP settings tab to define any local or remote IP address for the connection. For initiator profiles, you define the address based on the method that is used for the IP address assignment which is usually dictated by the terminator end of the link. Enter your fixed local IP address or select it from the pull down menu. Select Dynamic for the remote address. 6. Click the Subsystem tab. The default L2TP subsystem is QUSRWRK. This subsystem must be started before an L2TP connection profile is started; otherwise, the connection profile fails. If you chose to change the default subsystem, ensure that the specified subsystem starts before the L2TP connections starts. Chapter 4. Configuring your PPP connections 23