Setting up the network

In the example shown in Figure 28, when client 10.1.2.101 initially sends a packet to a host on the public network, the security gateway dynamically maps the client’s private address 10.1.2.101 to a public address selected from the N1.N2.N3.0/24 address pool. Since the packet is going out the public interface, the security gateway changes the packet’s source address 10.1.2.101 to its assigned public address N1.N2.N3.X.

When the public host receives the packet, it sends a reply to N1.N2.N3.X. The reply packet is routed into the security gateway through the public interface, the security gateway changes the packet’s destination address back to the client’s private address 10.1.2.101 before sending the packet back to the client.

The public address assigned to the client’s private address remains in effect until the client traffic is idle for a user-defined period of time. When this idle period is reached, the mapped address is returned to the pool of available addresses. When all public addresses have been assigned, no other private clients can initiate a connection to the public network until a public address becomes available.

One limitation for dynamic mapping is that communication with remote hosts on the public network can only be initiated from clients on the private network. If communication initiated from either the public or private side is required, static address mapping must be used. Static address mapping permanently maps private addresses to their corresponding public addresses, thereby allowing communication between clients and hosts to be initiated from either the private or public network.

Setting up VPN with overlapping private addresses

Figure 29 shows an example of using NAT to set up VPNs between two sites that use the same private network addresses while still allowing private network connections to the Internet. Three NAT rules are applied to each security gateway: one on the private interface, one on the public interface, and one on the VPN tunnel. A DNS entry is also required for each host that can be reached through the tunnel.

The tunnel-mode VPN, named Sales_VPN, provides a secure connection between the

SF_Sales_Group and LA_Sales_Group over the public network. Since both sites are using the same private network addresses, NAT mapping must be performed on packets entering and leaving the Sales_VPN tunnel. This is required to ensure that unique host addresses are used on each side of the tunnel.

Communication between a member of the SF_Sales_Group and the server in LA_Sales_Group starts with a DNS lookup of the LA_Sales_Group server address which in this example returns a destination address of 10.0.88.20. The SF_VSU proxy ARPs for 10.0.88.20 by sending its own MAC address in response to an ARP request.

When the packet sent from 10.1.1.17 to 10.0.88.20 enters SF_VSU

through the private interface, its destination address is changed from 10.0.88.20 to 172.16.1.20 by applying the NAT rule assigned to the security gateway’s private interface.

The SF_VSU performs a VPN lookup and determines that the packet

needs to be tunneled to the LA_VSU. Since the packet is leaving the SF_VSU through the Sales_VPN tunnel, the SF_VSU applies the tunnel NAT rule to the packet’s source address

90 Avaya VPNmanager Configuration Guide Release 3.7

Page 90
Image 90
Avaya 3.7 manual Setting up VPN with overlapping private addresses

3.7 specifications

Avaya 3.7 represents a significant evolution in unified communications technology, designed to enhance collaboration and streamline communication workflows for organizations of all sizes. As a cornerstone of Avaya's offerings, this version incorporates a range of features and improvements that cater to contemporary business needs, emphasizing flexibility, reliability, and seamless integration.

One of the most notable features of Avaya 3.7 is its robust call management capabilities. The platform allows users to manage calls effectively through a user-friendly interface, enabling intuitive functionalities such as drag-and-drop call handling, call forwarding, and conference calling. These features help employees stay connected, facilitating better communication and teamwork across departments.

In terms of mobility, Avaya 3.7 supports mobile applications that allow users to access the system remotely. This is particularly advantageous for businesses with a workforce that relies on remote or hybrid work models. The mobile integration ensures users can make and receive calls, check voicemail, and manage their schedules directly from their smartphones, maintaining productivity regardless of location.

The system also embraces advanced collaboration tools, such as video conferencing and instant messaging. These features promote a more dynamic interaction environment, fostering real-time communication among team members. Video conferencing capabilities allow for high-definition video quality and reliable connectivity, making virtual meetings more engaging and effective.

Security is another critical characteristic of Avaya 3.7. The platform includes enhanced encryption protocols to protect sensitive communications and ensure data integrity. With cybersecurity remaining a top concern for businesses, Avaya has prioritized the security of its communications solutions, safeguarding organizations' information against potential threats.

Furthermore, Avaya 3.7 benefits from the incorporation of AI and analytics. These technologies provide businesses with valuable insights into communication patterns and user behavior, enabling them to optimize their processes. The analytics can help identify areas for improvement and drive informed decision-making, thus enhancing overall efficiency.

Interoperability with existing systems is another hallmark of Avaya 3.7. The platform easily integrates with various applications and services, allowing businesses to leverage their current technology investments and create a cohesive communication ecosystem.

In summary, Avaya 3.7 stands out as a comprehensive communication solution that addresses the modern demands of the workplace. With its advanced call management features, mobility support, collaboration tools, strong security measures, and integration capabilities, Avaya 3.7 positions itself as a vital asset for organizations aiming to enhance their communication strategies and drive business success.