Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

How IPSec is implemented > Using the z/OS Network Security Configuration Assist... - Pg. 72

Example 3-12 Define access control for the ipsec command SETROPTS GENERIC(SERVAUTH) RDEFINE SERVAUTH EZB.IPSECCMD.* UACC(NONE) PERMIT EZB.IPSECCMD.* CLASS(SERVAUTH) ID(IKED) ACCESS(READ) SETROPTS GENERIC(SERVAUTH) REFRESH 3.3.7 Install the Policy Agent (PAGENT) PAGENT reads the configuration files that contain the IP security policy configuration statements, checks them for errors, and installs them into the IKE daemon and the TCP/IP stack. Setting up the PAGENT is described in Chapter 1, "Policy Agent (PAGENT)" on page 3. Note: You need superuser authority to start PAGENT, and the PAGENT executable modules must be in an APF-authorized library. After setting it up you need to define the IpSecConfig statement to specify the path of the policy file that contains stack-specific IPSec policy statements to PAGENT. 3.3.8 Define the IPSec policies to PAGENT IPSec provides flexible building blocks that can support a variety of configurations. You can choose from a number of protocols and encryption algorithms provided by IPSec to suit to the security requirements of your installation. You can define your IPSec security policies to PAGENT in one of two ways: Manually code all of the required policy statements to create a configuration file in a z/OS UNIX file or an MVS data set.