Primary Untrusted Physical Interface

Virtual IP mapping

Optional Remote network

Chapter 3

Configuration via Local Pages

This field shows a list of your SpeedTouch™ interfaces. You select the preferred Primary Untrusted Physical Interface. This interface is used as the primary carrier for your VPN connection. In general, the primary untrusted interface is your DSL connection to the public Internet.

In the SpeedTouch™ the routing engine determines which interface is used for the VPN connection (your DSL connection to the Internet in most cases). So, what is the relevance to select a physical interface?

In a VPN client the selection is relevant only when your SpeedTouch™ is equipped with a backup physical interface, for example an ISDN backup interface. This field determines the preferred interface for your VPN connection. This interface is used whenever it is available. When this interface fails, the active VPN connections are re-routed via the backup interface. When the primary interface becomes available again, the VPN connections are re-routed to the primary interface. On the other hand, when you select any as the Primary Untrusted Physical Interface and this interface fails, the active VPN connections are also re-routed to the backup interface. But when the DSL connection becomes available again, the VPN connections are not re-routed as long as the backup connection is available.

Either dhcp or nat can be selected.

Selecting dhcp as virtual IP address mapping has the effect that the virtual IP address attributed by the VPN server to the SpeedTouch™ VPN client is effectively assigned to the terminal. The SpeedTouch™ creates a new IP address pool, called a spoofing address pool. The SpeedTouch™will use this pool to provide a new IP address to the terminal that starts the secure connection. Simultaneous access to the VPN of multiple terminals in the LAN is not possible. The VPN server attributes a single virtual IP address.

The spoofing address pool inherits the lease time for IP addresses from the originally used address pool. In order to have a swift renewal of IP addresses, it is recommended to set a conveniently low lease time in the original dhcp address pool. A value of 60 seconds is suggested.

Selecting nat as virtual IP address mapping has the effect that the VPN server attributes a virtual IP address to the SpeedTouch™ VPN client. This virtual IP address is stored in the SpeedTouch™. The SpeedTouch™ will automatically create a new NAT entry to map the virtual IP address to the IP addresses used on the local network. Simultaneous access to the VPN of multiple terminals is supported.

These settings allow you to limit the accessible area on the remote network.

Normally the VPN server sets this parameter during the tunnel negotiations.

E-DOC-CTC-20051017-0169 v0.1

55

 

Page 56 Page 58
Page 57
Image 57
Nortel Networks 608(WL), 620 manual Chapter
Page 56 Page 58
Top Page Image Contents