Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-7000
11121314151617181920
Release Notes Using Peer to Peer Tunnels
Release 3.5 Enhanced Support for VPN Clients
Rel. 3.5 Release Notes Page 19 of 30
Using Peer to Peer Tunnels
Aurorean Release 3.5 introduces Peer to Peer tunnel mode, which is designed to
connect ANG-1100s in remote branch offices, giving a device on one remote network
access to a device on another remote network as well as connect to a central
ANG-3000/7000 or third-party VPN gateway (refer to Figure 14).
Figure 14 Peer to Peer Mode Tunnels
Configuration requirements are as follows:
! Configuring Peer to Peer tunnels requires setting preshared keys (passwords),
public IP addresses, and knowing both devices are on reachable networks.
! Peer to Peer tunnels use IKE Main Mode with Group 2 (1024-bit modulus),
3DES encryption, and either the SHA or MD5 hash functions. The identity of
each peer is implicitly the peer's IP address.
! Routing information is defined for each Peer to Peer tunnel. The network
administrator may enter up to 3 IP subnets (subnet and mask) which are
reachable via the remote security gateway. (Only one subnet is supported per
tunnel if both peers are ANG-1100 gateways).
! Peer to Peer mode tunnels can coexist with Client mode tunnels (refer to
Figure 15). For example, a set of ANG-1100s can be configured with a mesh of
Peer to Peer tunnels and each of those ANG-1100s can also be connected to a
central ANG-3000/7000 via a Client mode tunnel. Note that if the same
remote subnet is reachable by a Client mode and Peer to Peer tunnel, the
Client tunnel takes precedence.
Figure 15 Coexisting Peer to Peer Mode and Client Mode Tunnels
ANG-1100
Router
ANG-7000
Router
Client Mode tunnel
ANG-1100
Third-party
ANG-1100
ANG-7000
ANG-1100
Client Mode tunnel
Peer to Peer Mode tunnel
ANG-1100
Router