1. Manuals
  2. Brands
  3. Extreme Networks Manuals
  4. Network Accessory
  5. Sentriant AG200
  6. Installation manual

Deploying Sentriant Ag In Vpn Mode On A Different Network - Extreme Networks AG200 Installation Manual

Version 5.0
Hide thumbs Also See for AG200:
Table of Contents

Advertisement

Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes
NOTE
In normal operation, Sentriant AG does not respond to Internet Control Message Protocol (ICMP or ping) echo
requests.
Deploying Sentriant AG in VPN Mode on a Different
Network
When Sentriant AG is deployed in VPN mode, the eth1 interface on Sentriant AG is usually connected directly
(either by way of a crossover cable, isolated switch, or VLAN) to the LAN-facing side of the VPN concentrator. If
the same logical subnet (such as, 10.10.0.0/16) is used for Sentriant AG, the concentrator, and the VPN clients, no
modifications need be made.
However, problems can arise if the following conditions are all true:
Sentriant AG is in a different logical subnet than that used by the VPN concentrator OR the VPN client
endpoints.
The router on the LAN (eth0) side of Sentriant AG is configured for best-practices egress filtering, and will not
route packets that have a source IP address outside the network segment from which they appear to originate.
See the SANS Egress Filtering FAQ,
for a more thorough discussion of egress filtering.
The most obvious symptom of this situation is that Sentriant AG will not be able to redirect endpoint clients (they
will get a blank browser page that appears to take forever to load) but the endpoint browser is able to browse
directly to
<Sentriant AG_IP_Address>
https://
For example, for the following IP addresses:
Router IP—10.1.90.254, on a /24
Sentriant AG IP—10.1.90.130, on a /24
VPN concentrator IP—10.1.90.131, on a /24
VPN client IP range—10.1.105.0/24
The VPN concentrator is configured to hand out IP addresses on the 10.1.105.0/24 subnet, while Sentriant AG and
the VPN concentrator itself are on the 10.1.90.0/24 subnet. Both Sentriant AG and the VPN concentrator have a
default route set through 10.1.90.254 which is a router or Layer 3 switch on the LAN (eth0) side of Sentriant AG.
Sentriant AG Installation Guide, Version 5.0
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
http://www.sans.org/reading_room/whitepapers/firewalls/1059.php
and get tested.
:89/
Deployment Flexibility
21

Advertisement

Table of Contents
loading

Related Manuals for Extreme Networks AG200

Related Content for Extreme Networks AG200

This manual is also suitable for:

Sentriant ag

Table of Contents