IBM i 7.1 and 7.2 enhancements to VPN give clients new security options and more flexibility for management and configuration. VPN is configurable on IBM i through Navigator for i.
Three new commands are provided in IBM i 7.2 to assist clients with VPN configuration and management actions previously only possible through Navigator. The Load/Unload IP Filter (LODIPFTR) command is used to load and unload Internet protocol (IP) filter rules. The Copy VPN Configuration File (CPYVPNCFGF) command provides new functionality to import, export, or validate all VPN configurations on a system. The Start VPN Connection (STRVPNCNN) and End VPN Connection (ENDVPNCNN) commands provide the options to start and end VPN connections, respectively.
The Internet Key Exchange version 2 protocol (IKEv2) is an enhancement to the IKE protocol and is supported starting in 7.1. IKEv2 enhances the function of performing dynamic key exchange and partner authentication for VPN. IKEv2 simplifies the message flow for key exchange negotiations and introduces measures to fix ambiguities and vulnerabilities inherent in IKE version 1 (IKEv1). Additional enhancements to IKEv2 are provided in 7.2.Stronger encryption and integrity algorithms may be required for VPN for compliance with security policies. New algorithms are available for both IKEv1 and IKEv2 negotiations starting in 7.1. Additional algorithms are provided in 7.2 for IKEv2 negotiations.
This blog post was originally published on IBMSystemsMag.com and is reproduced here by permission of IBM Systems Media.