At times you will want to assign a virtual IP address on your organization's private network to remote VPN users. The IKE mode config option can be configured for client-to-site VPNs — for example, that telecommuters would use. These users connect to the private network through the VPN tunnel, often from their home Internet connection. IKE mode config assigns virtual private addresses to these mobile users for as long as they connect through the VPN gateway. IKE mode config allows a relatively small pool of mobile users to access the VPN from remote locations. (IKE mode config is not designed for wide-scale management.) The remote client requests an IP address and default gateway from the IRAS IPsec Remote Access Server on the TMS zl Module between IKE phase 1 and phase 2 negotiations. It may also request addresses for DNS and WINS servers that will resolve domain names for the user while on the private network. The users appear as internal users on the network once they have received the IKE mode config parameters. When configuring IKE mode config, follow these guidelines.
|