Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
281282283284285286287288289290
250 XSR Users Guide
VPN Applications Chapter 11
Configuring the Virtual Private Network
The commands to configure this scenario are illustrated on page 277.
Configuring OSPF Over Site-to-Site in Network Extension Mode
Compared to Site-to-Site Client Mode configuration, Network Extension
Mode is more flexible at the cost of a more sophisticated configuration. As
shown in Figure 46, NAT is not used on the VPN interface at the client site as
it is in the Client Mode application. The trusted network behind the client is a
fully routable segment and may be reached from the server.
Figure 46 Site-to-Site Network Mode Topology
In this scenario, the VPN interface on the server may terminate a mix of
connections - some of which may be Client-type connections and others may
be Network Extension connections.
The following OSPF settings should be applied in this scenario:
Corporate network
INTERNET
F1
VPN 1
Server
VPN tunnel
Client
F2
To another client
Segment is extension of corporate net
Point-to-multipoint interface.
Terminates, not initiates
Point-to-point interface.
This endpoint’s IP address
is assigned by the server.
The other tunnel endpoint’s
IP address is configured on
the server’s VPN interface.
F2
F1
tunnels
VPN 1