Support User Manuals

Nortel Networks 608(WL) Network Card User Manual

Open as PDF

of 222

Chapter 3

Configuration via Local Pages

E-DOC-CTC-20051017-0169 v0.1

25

3.1 LAN to LAN Application

Reference network A simple LAN-to-LAN network configuration is shown here.

The figure shows two LAN networks connected via a SpeedTouch™ to the public

Internet. In each LAN segment, the IP addresses of the terminals are typically

managed by a DHCP server, which may be the built-in DHCP server of the

SpeedTouch™.

Making use of the VPN capabilities of the SpeedTouch™, it is possible to connect

the two LAN segments via a secure VPN tunnel over the public Internet. At each

peer the SpeedTouch™ serves as an IPSec Security Gateway.

A dedicated set of user-friendly configuration pages allows you to quickly and easily

implement this scenario. Selections are made in accordance to the data known to

the user, and the VPN layout.

The GUI pages are organized along two main alternative paths.

 Path 1: You know exactly to which Remote Gateway you want to establish a

VPN connection. You know its location in the public Internet (either the IP

address or the domain name). This generally is the case in a symmetrical LAN-

to-LAN scenario.

 Path 2: Your SpeedTouch™ is located in a central facility where services are

provided to remote locations that require a secure connection. For the

moment, you have no idea which Remote Gateway may want to establish a

secure connection. In this case, your SpeedTouch™ always has the role of

responder in the VPN connection establishment negotiations. It can not initiate

the establishment of a VPN connection. This leads to an asymmetrical LAN-to-

LAN scenario, where one peer is always the responder, while the remote

peer(s) is/are the initiator. You can think of a corporate head quarter that

constructs a hub and spoke VPN network with its branch offices. It is

convenient to configure the SpeedTouch™ at the head quarter in such a way

that it will accept new branch offices in the VPN without requiring any

adaptation to its configuration.

Host

20.0.0.5

Internet

SpeedTouch A SpeedTouch B

100.100.0.1 200.200.0.1

10.0.0.254 20.0.0.254

Network 10.0.0.0/24 Network 20.0.0.0/24

Host

10.0.0.1

previous next