Manualshelf

Installation guide

ManualsBrandsExtreme Networks ManualsComputer equipmentSentriant AG
21222324252627282930
Deployment Flexibility
Sentriant AG Software Installation Guide, Version 5.2
14
# ethtool eth0
Settings for eth0:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes
NOTE
In normal operation, Sentriant AG does not respond to Internet Control Message Protocol (ICMP or ping) echo
requests.
Deploying Sentriant AG in VPN Mode on a Different
Network
When Sentriant AG is deployed in VPN mode, the eth1 interface on Sentriant AG is usually connected
directly (either by way of a crossover cable, isolated switch, or VLAN) to the LAN-facing side of the
VPN concentrator. If the same logical subnet (such as, 10.10.0.0/16) is used for Sentriant AG, the
concentrator, and the VPN clients, no modifications need be made.
However, problems can arise if the following conditions are all true:
Sentriant AG is in a different logical subnet than that used by the VPN concentrator OR the VPN
client endpoints.
The router on the LAN (eth0) side of Sentriant AG is configured for best-practices egress filtering,
and will not route packets that have a source IP address outside the network segment from which
they appear to originate.
See the SANS Egress Filtering FAQ, http://www.sans.org/reading_room/whitepapers/firewalls/1059.php
for a more thorough discussion of egress filtering.
The most obvious symptom of this situation is that Sentriant AG will not be able to redirect endpoint
clients (they will get a blank browser page that appears to take forever to load) but the endpoint
browser is able to browse directly to
https://<Sentriant AG_IP_Address>:89/ and get tested.
For example, for the following IP addresses: