Dynamic tunnels are relatively easy to use, by means of the graphical interface provided with TCP/IP V4.1 and above. For this reason, and because dynamic tunnels may only be used to connect with an AIX SecureWay Firewall server, this book does not discuss them further. A detailed example of using dynamic tunnels is provided in chapter 7 of IBM RedBook SG23-5201-00, A Comprehensive Guide to Virtual Private Networks, Volume I: IBM Firewall, Server and Client Solutions

The remainder of this chapter is concerned with the configuration and use of manual tunnels.

Setting up a manual IPSec tunnel involves the following steps:

1. Install the device drivers for packet filtering, IPSec and the encryption algorithms you will use.

2. Create the tunnel by means of a tunnel context entry.

3. Define the tunnel's behaviour by creating a tunnel policy.

4. Create filter rules which will direct the appropriate IP traffic through the tunnel.

These steps are described over the next several pages.

The following conventions are used in this section:

• The current system is referred to as the 'local host'.

• The system on the other end of the tunnel is referred to as the 'partner host'.

• The directory indicated by the environment variable ETC is listed as '%ETC%'. On most systems, this defaults to the directory 'x:\MPTN\ETC' (where x is the drive on which MPTS is installed).