Nortel 1010 用户指南
Chapter 4 Configuring user tunnels 87
Nortel VPN Router Configuration — Basic Features
To select the split tunneling mode in which you wish to operate, the Split
Tunneling drop down menu has been modified to include two new options.
Enabled – Inverse and Enabled – Inverse (locally connected). The default will
remain Disabled.
Tunneling drop down menu has been modified to include two new options.
Enabled – Inverse and Enabled – Inverse (locally connected). The default will
remain Disabled.
Inverse split tunneling
Using the 0.0.0.0/0 subnet wildcard
The option to perform auto-detection of directly connected local subnets is
configured by adding a subnet of 0.0.0.0 with a 0.0.0.0 mask to the inverse split
tunnel networks list on the Nortel VPN Router. When the NVC receives the list of
inverse split networks, it expands the 0.0.0.0 to be all of the directly connected
local subnets detected on the host. Any additional subnets in a list are processed as
before. The 0.0.0.0/0 is simply a wildcard to be expanded. After expansion, traffic
destined for these subnets is allowed to flow outside of the tunnel. While this
option is valid for both the Inverse Split and Inverse Split (Locally Connected)
modes, it is really only useful for the first variant. The subnets generated by the
0.0.0.0/0 expansion always pass the Locally Connected test because, by definition
they must be locally connected. Any additional subnets listed would are either
duplicates of the wildcard expansion or not do pass the test.
configured by adding a subnet of 0.0.0.0 with a 0.0.0.0 mask to the inverse split
tunnel networks list on the Nortel VPN Router. When the NVC receives the list of
inverse split networks, it expands the 0.0.0.0 to be all of the directly connected
local subnets detected on the host. Any additional subnets in a list are processed as
before. The 0.0.0.0/0 is simply a wildcard to be expanded. After expansion, traffic
destined for these subnets is allowed to flow outside of the tunnel. While this
option is valid for both the Inverse Split and Inverse Split (Locally Connected)
modes, it is really only useful for the first variant. The subnets generated by the
0.0.0.0/0 expansion always pass the Locally Connected test because, by definition
they must be locally connected. Any additional subnets listed would are either
duplicates of the wildcard expansion or not do pass the test.
Configuring the subnet wildcard
To configure the subnet wildcard:
1
Select Profiles > Groups > Edit > IPsec.
Figure 12 shows the Edit > IPsec page with Inverse split tunneling.