User`s guide
Page 14 of 30 Rel. 3.5 Release Notes
Using Network Extension Mode for ANG-1100 Tunnels Release Notes
Release 3.5 Enhanced Support for VPN Clients
Figure 10 Configuring the Microsoft RADIUS Plugin on RiverMaster
Using Network Extension Mode for ANG-1100 Tunnels
Network Extension Mode (NEM) is designed to open up network resources situated
behind ANG-1100s. Using the Command Line Interface (CLI) on the ANG-3000/7000,
you configure NEM to provide routing for nodes connected to the trusted port of an
ANG-1100 so that locally and remotely connected devices can discover and
communicate with each other across an IKE/IPSec tunnel (refer to Figure 1).
Capabilities
Tunnels on the ANG-1100 can be configured in Client mode, NEM, or Peer to Peer
mode (described in a later section) by setting radio buttons on Web Config. Client
mode provides the functionality of Aurorean Releases 3.1/3.2 on the ANG-1100 while
NEM modifies the behavior of a tunnel in these ways:
! NAT is disabled for that tunnel. All traffic from the ANG-1100 trusted
network is passed, as is, across the tunnel, with the benefit of improved
tunnel performance.
! A new IPSec Security Policy Database rule is automatically inserted into the
SPD to secure traffic from the subnet (by default 192.168.1.0/24) attached to
the ANG-1100 trusted network into the intranet. (The original rule that
secures traffic sent to the address assigned to the ANG-1100 is retained to