User`s guide
Release Notes Using Network Extension Mode for ANG-1100 Tunnels
Release 3.5 Enhanced Support for VPN Clients
Rel. 3.5 Release Notes Page 17 of 30
Figure 13 Multiple Network Extension Mode Tunnels
CAUTION
Be sure no central ANG-3000/7000 virtual subnet pools overlap with this range of
network addresses.
2. Telnet to the central ANG-3000/7000 (with the login and password netadmin)
to begin IPSec policy changes.
3. Change directory to /usr/indus/ipsec and press
ENTER to access the CLI.
4. Create a set of security parameters for use with the IPSec tunnel. Type
./ipsecEsp -a -n ezipsec -e 3des -i hmac-sha and press
ENTER.
The encryption and integrity algorithms used above should match the same
tunnel security parameters set in RiverMaster.
5. Type ./ipsecEsp -L and press
ENTER to display and verify the security
parameters were added.
6. Create an IPSec proposal. Type ./ipsecProposal -a -n ezipsec -p
enabled -g modp768 -e ezipsec and press
ENTER.
You may select another Modp number if required.
7. Type ./ipsecProposal -L and press
ENTER to display and verify the
proposal was added.
8. Type ./ipsecSelector -a -n ezipsec -o 0.0.0.0/0 -r
192.168.0.0/16 and press
ENTER.
This command creates an IPSec selector covering the entire pool of networks
for use by all ANG-1100 devices.
9. Type ./ipsecSelector -L and press
ENTER to display and verify the
selector was added.
ANG-1100
ANG-7000
ANG-7000
Router
Network Extension Mode tunnel
ANG-1100
ANG-1100
192.168.1.0
192.168.2.0
192.168.3.0
Network A
Network B
Network C