Compatible Systems 5.4 Manuale Utente
116
Chapter 7 - VPN Client Tunnels
Each of the addresses thus generated must be a valid, unique, and unused IP
address. Also, these addresses must not conflict with any networks specified
in other VPN Group configuration or with any other IP address within the
server.
address. Also, these addresses must not conflict with any networks specified
in other VPN Group configuration or with any other IP address within the
server.
These addresses must be on the internal TCP/IP network (i.e., for an IntraPort
2/2+, on the same network as Ethernet 0 or a subinterface thereof)
2/2+, on the same network as Ethernet 0 or a subinterface thereof)
v Note: There is no default value for the Start IP Address or Local IP Net.
In order for IP-in-IP tunneling to operate with this VPN Group configuration,
a group of local IP addresses must be set. Use the Start IP Address, the Local
IP Net, or configure a Radius server to serve the addresses (see Assign IP
Radius below).
In order for IP-in-IP tunneling to operate with this VPN Group configuration,
a group of local IP addresses must be set. Use the Start IP Address, the Local
IP Net, or configure a Radius server to serve the addresses (see Assign IP
Radius below).
>
Local IP Net
This edit box sets the local network or subnet to be assigned to client sessions
under this configuration. For each new client session, an available IP address
from this network or subnet is assigned to that session, until the Max
Connections limit (specified using the General tab) is reached. The IP
address is freed when the client session is finished.
under this configuration. For each new client session, an available IP address
from this network or subnet is assigned to that session, until the Max
Connections limit (specified using the General tab) is reached. The IP
address is freed when the client session is finished.
This network or subnet must be unused and completely unique in the IP
network to which the IntraPort is connected (i.e., not part of any Class C
network in use) and may not conflict with address ranges specified in other
group configurations. The mask may be between 8 and 30 bits.
network to which the IntraPort is connected (i.e., not part of any Class C
network in use) and may not conflict with address ranges specified in other
group configurations. The mask may be between 8 and 30 bits.
The address should be entered as four decimal numbers separated by periods
(e.g. 198.238.9.1). The part of this address which identifies the network
segment is determined by the size of the mask, specified in bits.
(e.g. 198.238.9.1). The part of this address which identifies the network
segment is determined by the size of the mask, specified in bits.
v Note: If Local IP Net is selected, either a dynamic routing protocol or
static routes must be configured into the controlling router (e.g., the firewall)
in order for traffic to find the Local IP Net.
static routes must be configured into the controlling router (e.g., the firewall)
in order for traffic to find the Local IP Net.
Assign IP Radius
This checkbox specifies whether a RADIUS server can be used to assign IP
addresses to VPN users.
addresses to VPN users.
•
If checked, communication with a RADIUS server must be configured,
and be set up to serve the IP addresses.
and be set up to serve the IP addresses.
•
If left unchecked, IP addresses will be assigned using the address pool
specified by either the Start IP Address or the Local IP Net.
specified by either the Start IP Address or the Local IP Net.
v Note: For more information on RADIUS configuration, see Chapter 14 -
General.
General.