Intelligent client routing – Enterasys Networks Network Card User Manual

RiverMaster Administrator’s Guide

31

Chapter 3

Before You Begin

Configuring an ANG-3000/7000

Figure 13 Virtual Subnets for Site-to-Site and Remote Access Tunnels

For instructions on creating virtual subnets for IP address and IPX network
number allocation, refer to “Virtual Subnetting” on page 50.

Intelligent Client Routing

Enterasys Networks’ Intelligent Client Routing feature provides you with a
measure of control over a Aurorean Client user’s access to the Internet. When
enabled (this feature is enabled by default), Intelligent Client Routing allows
remote clients to browse the Internet directly, outside of the tunnel. For
example, if a remote client tries to browse the Internet while tunneled into the
corporate network, packets bound for any destination within the Internet are
sent down the tunnel into the ANG and then back out the network’s Internet
gateway.

When Intelligent Client Routing is enabled, the ANG exports routes over the
tunnel to the client. Based on this information, the client determines if the
destination address can only be reached over the tunnel or can be reached
directly on the Internet. Figure 14 contrasts how packets that are destined for
an Internet server are routed with the Intelligent Client Routing feature
enabled or disabled.

If you allocate a non-routable IP address to a remote client from a virtual
subnet, you may need to enable Intelligent Client Routing to allow the remote
client to browse the Internet.

Virtual Subnet

10.10.10.0

Network X

Network Y

Network Z

ANG2

Aurorean

Learned

Routes:

X, Y, Z

Learned

Routes:

A, B, C

Network A

Network B

Network C

ANG1

INTERNET

10.10.10.3

10.10.10.2

Learned

Routes:

X, Y, Z

Site-to-Site Tunnel