Netopia 3300 User Manual

Internet Key Exchange (IKE) IPsec Key Management for VPNs 6-17

This feature allows you to define many local and remote network ranges for a given IPsec VPN profile. Each of
these ranges has its own IPsec tunnel. However, each tunnel has a common tunneling endpoint and encr yption
policy. This is useful, for example, for branch office management of multiple IP subnets over an encr ypted VPN
tunnel. The following diagram illustrates this feature:

Advantages of Multiple Network IPsec are:

•

scalability

•

flexibility, by adding any combination of remote/local network ranges

•

suppor t for sub-netting, host and network range addressing modes

•

works with manual keying and Internet Key Exchange (IKE), including Xauth IKE extension (see

page 6-6

).

•

each IPsec network works under the same local/remote tunnel endpoints

•

Select Add Network and press Return. The Add Network Configuration screen appears.

•

The Remote Member Format and Local Member Format pop-up menus allow you to choose a format for
your network end points: Subnet, Range, or a single Host Address.

Add Network Configuration
+--------------+
+--------------+
Remote Member Format... | Subnet |
Remote Member Address: | Range |
Remote Member Mask: | Host Address |
Local Member Format... +--------------+
Local Member Address: 0.0.0.0
Local Member Mask: 0.0.0.0

COMMIT CANCEL