Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
281282283284285286287288289290
248 XSR Users Guide
VPN Applications Chapter 11
Configuring the Virtual Private Network
Figure 45 Site-to-Site Client Mode Topology
In this scenario, you may use OSPF to advertise the corporate network’s
reachability via an established tunnel. OSPF can also monitor the health of a
VPN link.
Advertising these networks becomes extremely valuable when the client
connects to more than one server. In that case, the client will maintain two
VPN interfaces, expressed on the XSR as VPN 1 and VPN 2. Routes learned
by OSPF will instruct the IP routing engine which IP addresses are reachable
via the VPN 1 interface and which are reachable via the VPN 2 interface.
Based on the example shown in Figure 45, the following OSPF settings should
be applied to the interfaces.
Corporate network
INTERNET
F1
VPN 1
Server
VPN tunnel
Client
F2
To another client
Private segment invisible from server
Point-to-multipoint interface.
Terminates, not initiates
Point-to-point interface.
This endpoint’s IP address
is assigned by the server.
The other tunnel endpoint’s
IP address is configured on
the server’s VPN interface.
F2
F1
VPN 1
NAT
tunnels