Filter
Top Products
Issue 4 May 2005 97
Chapter 4: Configuring IP Groups
An IP Group is composed of a set of hosts (workstations and servers) that are located behind a
common security gateway. The hosts are defined by their IP address and mask. The security
gateway must exist prior to creating IP Groups.
Virtual private networks (VPNs) are made up of IP Groups at multiple locations linked across a
public IP network. Assigning workstations and servers to different IP Groups offers a powerful
way to limit VPN traffic to specifically designated users.
About IP Groups
Data Terminal Equipment (DTE), such as computers, printers, and network servers, are devices
that can be members of a VPN. Two methods are used for creating members. One involves
User Objects, which is described in Configuring remote access users
, but is reserved for
creating members that are remote and have to dial into the VPN. The other method involves IP
Group Objects (or IP Groups), which is reserved for DTEs that are connected to a LAN.
An IP Group contains an IP address and IP mask. An IP Group can be configured with many of
these address/mask pairs. The address/mask pair is used to create an address space (range).
Pairs are used for identifying a range of addresses used in a LAN. Therefore, a DTE that has an
address within the range of the pair, belongs to a specific IP Group.
IP Groups can be created and edited at anytime. However, since IP Groups are associated with
a security gateway, it’s recommended that IP Groups are defined after the security gateways is
created and configured.
Creating a New IP Group
To create a new IP Group:
1. From the VPNmanager Console main window, click New Object and select IP Group. The
New IP Group dialog is displayed.
2. In the Name text box, type in a name for your new IP Group. Any characters can be used,
except a comma [,], forward slash [/], and backward slash [\].
3. A good practice is to incorporate identifiers in a name so they can be easily managed. For
example, a LAN used by an accounting department in San Francisco that is made into an IP
Group can be named SF Accounting LAN. Using this scheme clearly identifies who are the
members of an IP Group.
4. Click Apply, then click Close to go to the Configuration Console window.