Filter
Top Products
30 RiverMaster Administrator’s Guide
Before You Begin
Chapter 3
Configuring an ANG-3000/7000
H Using RiverMaster, adding a static route for all addresses in the
Virtual Subnet #1 range with the router’s IP address as the default
gateway.
H On the router, create a static route to forward all packets addressed
with IP addresses in the Virtual Subnet #1 range to the IP address of
the ANG Trusted interface.
With this arrangement, remote clients that receive addresses from Virtual
Subnet #1 will be able to access Server #2. Without a static route, remote
clients that receive addresses from Virtual Subnet #2 will be unable to access
Server #2 or any other device on the 200.100.201.0 segment
Virtual Subnets for Site-to-Site and Remote Access Tunnel Servers
When you set up a site-to-site tunnel in conjunction with remote access
service, we recommend creating separate groups and assigning separate
virtual subnets for all your site-to-site and remote access users. This is
necessary because RIP does not forward knowledge of a route over the
interface from which it learned of that route. So if a remote client and a site-to-
site tunnel obtain their virtual IP addresses from the same virtual subnet on
the terminating ANG, then that remote access client will not be able to learn
the routes that are known to the initiator of the site-to-site tunnel. This
condition does not apply to a terminating ANG, though.
As shown in Figure 13, if ANG1 initiates a tunnel connection to ANG2, RIP
will broadcast knowledge of ANG1’s associated networks A, B and C to
ANG2 just as it will propagate knowledge of ANG2’s associated networks X,
Y and Z to ANG1. Then, if the virtual subnet 10.10.10.0 is created on ANG2
for use by ANG1 site-to-site clients and is shared with remote Aurorean
clients, the Aurorean users cannot access networks A,B, and C on ANG1
because they have no knowledge of those networks.
To remedy this situation, create virtual subnet 187.14.57.0 on ANG2 for
Aurorean users. RIP will broadcast knowledge of this route to ANG2
enabling Aurorean users to dial into ANG1 as well as ANG2.