Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-7000
11121314151617181920
Page 16 of 30 Rel. 3.5 Release Notes
Using Network Extension Mode for ANG-1100 Tunnels Release Notes
Release 3.5 Enhanced Support for VPN Clients
Caveats
If you configure NEM, be aware that:
! The subnet attached to the remote ANG-1100s trusted interface is the only
subnet routed across the tunnel to the central ANG-3000/7000. Other subnets
connected via routers to the ANG-1100s trusted interface are not routed.
NOTE
IP address space management is not automatic: the network administrator must
assure that each ANG-1100 using NEM has a unique subnet on its trusted
interface by setting the DHCP server enabled parameter and an IP address pool in
the LAN Setup window of the ANG-1100s Web Config utility to distribute
unique IP addresses. Refer to the ANG-1100 Users Guide for more information.
! An ANG-1100 may use NEM to tunnel to one site only. That site can have
multiple ANG-3000/7000s for failover but the ANG-1100 cannot export its
trusted network to two or more separate sites.
Configuring Network Extension Mode
All ANG-1100 internal tunnel configuration is automatic based on the choice of
Connection Mode choices - Client, Network Extension or Peer to Peer (described in
the next section).
Additionally, a user must configure the IP subnet of the trusted network with a subnet
provided by the network administrator who manages the IP address space of remote
ANG-1100 sites using NEM (refer to note above). Trusted subnets at those remote sites
are routed to a central intranet so they must have distinct IP addresses. By default, the
ANG-1100 uses 192.168.1.0/24 as the trusted network subnet but that address must be
changed (on the LAN Setup window of the ANG-1100s Web Config utility) to a
unique subnet that is not in use elsewhere in the network.
NOTE
For detailed instructions on how to configure Network Extension Mode on an
ANG-1100, refer to the ANG-1100 Users Guide.
The network administrator must also reconfigure the ANG-3000/7000 which includes
reserving a pool of unique IP addresses for ANG-1100 users and changing IPSec
policy. Perform the steps below to configure NEM on the central ANG-3000/7000:
1. Set up a pool of Class C virtual subnets on the central ANG to use as trusted
networks for ANG-1100 devices. In this example, all 192.168.0.0/16 networks
are reserved and distributed in blocks to the ANG-1100s. For example, assign
192.168.1.0/24 to Network A, 192.168.2.0/24 to Network B, etc., up to 255
remote sites (see Figure 13). Refer to "Configuring Subnet Parameters" in the
Installation & Service Guide for more detailed instructions.