Server 2, Client, Limitations – Enterasys Networks Security Router X-PeditionTM User Manual

XSR VPN Features

14-18 Configuring the Virtual Private Network

Server 2

Interfaces Fast/GigabitEthernet 1 and VPN 1

Client

Interfaces Fast/GigabitEthernet 1, VPN 1 and VPN 2.

Figure 14-10 OSPF Used with Failover

Limitations

Peer-to-Peer IPSec tunnels are configured without the VPN interface by applying crypto maps to
physical interfaces. In this application, IPSec is treated as a side effect of data transmission through
the interface. Since no virtual interface (VPN1, e.g.) is applied to the IPSec connection, a routing
protocol like OSPF cannot be used.

As mentioned earlier, OSPF may advertise a network’s reachability but IPSec policies may deny
access to that network. As a remedy, you may extend the crypto maps attached to interfaces, but
this requires prior knowledge of networks advertised by OSPF, which renders OSPF’s dynamic
network discovery useless. In this case, OSPF is used only for monitoring the links and providing
alternate routes in case of link failure.

XSR VPN Features

The XSR supports the following VPN features:

•

Site-to-Site (Peer-to-Peer) application

–

IPSec/IKE with pre-shared secrets

–

IPSec/IKE with certificates (PKI)

–

EZ-IPSec with PKI or pre-shared secrets:

- Network Extension Mode (NEM)

Corporate network

INTERNET

F1

VPN 1

Server 2

Client

F2

Segment is extension of corporate network

F2

F1

VPN 1

VPN 1

Server 1

F2

F1

VPN 2