Overview of implementation
26 Avaya VPNmanager Configuration Guide Release 3.7

Static Routes

Static routes are specified when more than one router exists on a network to which the security
gateway must forward either VPN traffic or non-VPN traffic. You can build a static route table
with up to 32 network address/mask pairs.
IP groups
Data Terminal Equipment (DTE); such as computers, pr inters, and network servers, are devices
that can be members of a VPN. To make these devices members, you create I P Groups. An IP
Group is composed of a set of hosts (workstations and servers) that are located behind a
common security gateway. The hosts are defined by their IP address and mask. VPNs are
made up of IP groups at multiple locations linked across a public IP network (Internet).
Assigning workstations and servers to different IP groups offers a powerful way to limit VPN
traffic to specifically designated users.
Remote users and user groups
VPNremote Client users who log in to the VPN through the security gateway must have their
user authentication configured on that security gateway.
If RADIUS is not used, you must configure the user name and the password for each remote
user. With RADIUS, you can configure a remote user as a default user. When a remote user is
configured as a default user, the user password is not required to log in. The user is
authenticated by a third-party authentication server, such as RADIUS.
You can also change the default Internet Key Exchange ( IKE) identity, the split tunneling option
and the security option.
You can configure User Groups to setup and maintain logical groups of users.
VPN
A VPN object is the method used to link security gateways, remote terminals, and LAN
terminals in a fully configured virtual private network. Creating a VPN involves naming each
VPN, adding users and user groups, and adjusting the IKE and IPSec security protocols for
VPN traffic.