Compatible Systems INTRAPORT 2+ User Manual

Page 51

Advertising
background image

Chapter 6 - Basic Configuration Guide

45

7. Set up VPN Group Configurations.

This is where tunneling profiles for a group of one or more IntraPort
2/2+ users are defined.

Use configure VPN Group Name to create a VPN Group section and
set the following keywords in the section you just created:

BindTo-Specifies which interface on the device will act as the

local end point for the tunnels defined by this configuration.

MaxConnections-Used to limit the number of client connections

for this VPN Group configuration.

StartIPAddress-Specifies the first IP address to be assigned to cli-

ent sessions under this configuration. This address will be
incremented by one for each new client session, until the Max-
Connections value is reached. Since the MaxConnections
value is 30 for this VPN Group, then the StartIPAddress must
be the first in a block of at least 30 unused IP addresses.

For this very basic setup, it is recommended that these
addresses be on the internal TCP/IP network (i.e., on the same
network as Ethernet 0 or a subinterface thereof). Also, they
cannot conflict with those used for any other VPN Groups.

v Note: For large numbers of users (i.e., over 50), it’s recommended
that the block of addresses be specified as a Local IP Net because
address administration is easier. Using a Start IP Address is
recommended for smaller numbers of users because the routing
setup is simpler. See the

Text-Based Configuration and Command

Line Management Reference Guide for more information on the
difference between the StartIPAddress and the LocalIPNet.

LocalIPXNet-Specifies the first IPX address assigned to an incom-

ing Client tunnel session. The LocalIPXNet also works with
the MaxConnections value, which means you must have at
least 30 consecutive unused IPX addresses available. The IPX
network number entered here must not be the same network
number as any other IPX network on your network and you
must choose a network number which will not overlap as Cli-
ent sessions are established. In this example, the first client to
connect will be assigned the IPX network CAFEB00. The next
client which connects concurrently will be assigned the IPX
network CAFEB01, and so on.

IPNet-Specifies a range of IP addresses which will be reachable by

clients using this configuration. THIS IS A VERY IMPOR-
TANT SETTING. If you enter the internal network (in the dual

Advertising
Popular Brands
Popular manuals