Nortel Networks 608(WL) Manuale Utente
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
25
3.1 LAN to LAN Application
Reference network
A simple LAN-to-LAN network configuration is shown here.
The figure shows two LAN networks connected via a SpeedTouch™ to the public
Internet. In each LAN segment, the IP addresses of the terminals are typically
managed by a DHCP server, which may be the built-in DHCP server of the
SpeedTouch™.
Internet. In each LAN segment, the IP addresses of the terminals are typically
managed by a DHCP server, which may be the built-in DHCP server of the
SpeedTouch™.
Making use of the VPN capabilities of the SpeedTouch™, it is possible to connect
the two LAN segments via a secure VPN tunnel over the public Internet. At each
peer the SpeedTouch™ serves as an IPSec Security Gateway.
the two LAN segments via a secure VPN tunnel over the public Internet. At each
peer the SpeedTouch™ serves as an IPSec Security Gateway.
A dedicated set of user-friendly configuration pages allows you to quickly and easily
implement this scenario. Selections are made in accordance to the data known to
the user, and the VPN layout.
implement this scenario. Selections are made in accordance to the data known to
the user, and the VPN layout.
The GUI pages are organized along two main alternative paths.
Path 1: You know exactly to which Remote Gateway you want to establish a
VPN connection. You know its location in the public Internet (either the IP
address or the domain name). This generally is the case in a symmetrical LAN-
to-LAN scenario.
VPN connection. You know its location in the public Internet (either the IP
address or the domain name). This generally is the case in a symmetrical LAN-
to-LAN scenario.
Path 2: Your SpeedTouch™ is located in a central facility where services are
provided to remote locations that require a secure connection. For the
moment, you have no idea which Remote Gateway may want to establish a
secure connection. In this case, your SpeedTouch™ always has the role of
responder in the VPN connection establishment negotiations. It can not initiate
the establishment of a VPN connection. This leads to an asymmetrical LAN-to-
LAN scenario, where one peer is always the responder, while the remote
peer(s) is/are the initiator. You can think of a corporate head quarter that
constructs a hub and spoke VPN network with its branch offices. It is
convenient to configure the SpeedTouch™ at the head quarter in such a way
that it will accept new branch offices in the VPN without requiring any
adaptation to its configuration.
provided to remote locations that require a secure connection. For the
moment, you have no idea which Remote Gateway may want to establish a
secure connection. In this case, your SpeedTouch™ always has the role of
responder in the VPN connection establishment negotiations. It can not initiate
the establishment of a VPN connection. This leads to an asymmetrical LAN-to-
LAN scenario, where one peer is always the responder, while the remote
peer(s) is/are the initiator. You can think of a corporate head quarter that
constructs a hub and spoke VPN network with its branch offices. It is
convenient to configure the SpeedTouch™ at the head quarter in such a way
that it will accept new branch offices in the VPN without requiring any
adaptation to its configuration.
Host
20.0.0.5
Internet
SpeedTouch A
SpeedTouch B
100.100.0.1
200.200.0.1
10.0.0.254
20.0.0.254
Network 10.0.0.0/24
Network 20.0.0.0/24
Host
10.0.0.1