Filter
Top Products
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
58
Local LAN IP Range In this field you have to configure the local access policy. In other words, you define
which IP range of local terminals has access to the VPN. You can specify either a
single IP address, a subnet, or a range.
Set of Server Vendor
specific parameters
When for the IKE Authentication method the Preshared Key method was selected,
some Server Vendor specific fields must be filled out for the Automatic Start
mechanism.
For a generic VPN server:
You have to fill out your e-mail address. This e-mail address (User FQDN) is used as
the local identity of the VPN client.
For a Cisco VPN server:
You have to fill out the Group ID. The value should correspond with the groupname,
as configured on the Cisco VPN server with the command:
For a Nortel VPN server:
Configuring XAuth Optionally, you can use the Extended Authentication protocol in combination with
the Automatic Start mechanism. Simply fill out a Username and Password in the
optional fields, and XAuth is used when the connection is established. The
Username and Password in this case act as a group key for all local terminals
authorized to use the VPN connection.
Local LAN IP range: Examples:
a single IP address
10.0.0.15
a single IP subnet
10.0.0.0/24
a contiguous IP address range
10.0.0.5-10.0.0.56
10.0.0.[5-56]
!
When building a VPN with multiple SpeedTouch™ devices configured as
VPN client at different locations, you must take care to configure a unique e-
mail address in each VPN client. The e-mail address is used by the VPN
server as an identifier to bind an IP address to the VPN client.
crypto isakmp client configuration group groupname
!
Interworking with a Nortel VPN server is possible only when IKE
Authentication is done via Certificates. Pre-shared key authentication can
not be used on an IPSec connection between a SpeedTouch™ VPN client
and a Nortel VPN server.