How To Configure Vpns In Typical Corporate Networks - Allied Telesis AlliedWare AR440S How To Configure
How to configure vpns in a corporate network, with optional prioritisation of voip
Hide thumbs
Also See for AlliedWare AR440S:
- User manual (134 pages) ,
- Release note (99 pages) ,
- Installation and safety manual (56 pages)
Table of Contents
Advertisement
How to configure VPNs in typical corporate
networks
This section describes a typical corporate network using secure VPN. The network consists
of a headquarters (HQ) router and two branch office routers. The headquarters router is
acting as a VPN Access Concentrator, and allows for VPN access from either of the branch
office sites or from roaming laptop VPN clients. The network is illustrated in the following
figure.
branch office 1
VPN router
VLAN 1
192.168.141.254
branch office 2
192.168.142.254
VLAN 1
Branch office 1 uses the PPPoA ADSL link type, and branch office 2 uses the PPPoEoA ADSL
link type. We have done this to illustrate these two commonly used ADSL link types. For
information about the ADSL link type you need, see your ADSL provider.
This How To Note gives you the commands for configuring each of the following:
1.
Page 6 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
Telco's ADSL
exchange
222.222.222.1
dynamically
assigned
The headquarters VPN access concentrator router, which includes:
an ethernet connection to the Internet
a fixed Internet address. This means that the branch offices and the roaming VPN
clients have a known target for the headquarters end of the VPN
VPN access to and from branch office 1. This can be initiated from the headquarters
or branch office end. This is a site-to-site VPN and uses IPsec tunnel mode (see
"Background: NAT-T and policies" on page
VPN access from branch office 2. This can only be initiated from the branch office end,
because the branch office has a dynamically-assigned IP address. This also uses IPsec
tunnel mode.
VPN client access from roaming users on Windows 2000 and Windows XP. This is
provided by using IPsec transport mode with L2TP (see
and transport" on page
optionally, prioritisation of voice (VoIP) traffic for these VPN clients by using Software
Quality of Service (SQoS). If the VPN clients use VoIP to establish voice calls via the
headquarters network, this helps maintain voice quality.
ISP's
router
222.222.222.254
200.200.200.254
211.211.211.254
211.211.211.1
hotel's NAT gateway
192.168.200.254
4).
3)
headquarters
VPN access
concentrator
200.200.200.1
Pool of addresses available
for roaming clients:
192.168.143.1-50
roaming VPN client
physical address: 192.168.200.1
VPN tunnel address from pool: 192.168.143.1
"About IPsec modes: tunnel
192.168.140.254
corporate
LAN
vpn-corporate.eps
Advertisement
Table of Contents
