|
|
The VPN 3002 includes an IP routing subsystem with static routing, default gateways, and DHCP.
To route packets, the subsystem uses static routes and the default gateway. If you do not configure the default gateway, the subsystem drops packets that it can not otherwise route.
You configure static routes and default gateways in this section. This section also includes the system-wide DHCP (Dynamic Host Configuration Protocol) server parameters.
This section of the Manager lets you configure system-wide IP routing parameters.
This section of the Manager lets you configure static routes for IP routing.
The Static Routes list shows manual IP routes that have been configured. The format is [destination network address/subnet mask -> outbound destination]; for example, 192.168.12.0/255.255.255.0 -> 10.10.0.2. If you have configured the default gateway, it appears first in the list as [Default -> default router address]. If no static routes have been configured, the list shows --Empty--.
To configure and add a new static route, click Add. The Manager opens the Configuration | System | IP Routing | Static Routes | Add screen.
To modify a configured static route, select the route from the list and click Modify. The Manager opens the Configuration | System | IP Routing | Static Routes | Modify screen. If you select the default gateway, the Manager opens the Configuration | System | IP Routing | Default Gateways screen.
To delete a configured static route, select the route from the list and click Delete. There is no confirmation or undo. The Manager refreshes the screen and shows the remaining static routes in the list. You cannot delete the default gateways here; to do so, see the Configuration | System | IP Routing | Default Gateways screen.
The Manager immediately includes your changes in the active configuration. To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
These Manager screens let you:
Enter the destination network IP address that this static route applies to. Packets with this destination address will be sent to the Destination below. Used dotted decimal notation; for example, 192.168.12.0.
Enter the subnet mask for the destination network IP address, using dotted decimal notation (for example, 255.255.255.0). The subnet mask indicates which part of the IP address represents the network and which part represents hosts. The router subsystem looks at only the network part.
The Manager automatically supplies a standard subnet mask appropriate for the IP address you just entered. For example, the IP address 192.168.12.0 is a Class C address, and the standard subnet mask is 255.255.255.0. You can accept this entry or change it. Note that 0.0.0.0 is not allowed here, since that would resolve to the equivalent of a default gateway.
Enter the metric, or cost, for this route. Use a number from 1 to 16, where 1 is the lowest cost. The routing subsystem always tries to use the least costly route. For example, if a route uses a low-speed line, you might assign a high metric so the system will use it only if all high-speed routes are unavailable.
Click a radio button to select the outbound destination for these packets. You can select only one destination: either a specific router/gateway, or a VPN 3002 interface.
Enter the IP address of the specific router or gateway to which to route these packets; that is, the IP address of the next hop between the VPN 3002 and the packet's ultimate destination. Use dotted decimal notation; for example, 10.10.0.2. We recommend that you select this option.
Click the drop-down menu button and select a configured VPN 3002 interface as the outbound destination. We do not recommend this option; enter a destination router address above.
To add a new static route to the list of configured routes, click Add. Or to apply your changes to a static route, click Apply. Both actions include your entries in the active configuration. The Manager returns to the Configuration | System | IP Routing | Static Routes screen. Any new route appears at the bottom of the Static Routes list.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your entries, click Cancel. The Manager returns to the Configuration | System | IP Routing | Static Routes screen, and the Static Routes list is unchanged.
This screen lets you configure the default gateway for IP routing. You use this same screen both to initially configure and to change default gateways. You can also configure the default gateway on the Configuration | Quick | System Info screen.
The IP routing subsystem routes data packets first using static routes, then the default gateway. If you do not specify a default gateway, the system drops packets it can not otherwise route.
Enter the IP address of the default gateway or router. Use dotted decimal notation; for example, 192.168.12.77. This address must not be the same as the IP address configured on any VPN 3002 interface. If you do not use a default gateway, enter 0.0.0.0 (the default entry).
To delete a configured default gateway, enter 0.0.0.0.
The default gateway must be reachable from a VPN 3002 interface, and it is usually on the public network. The Manager displays a warning screen if you enter an IP address that is not on one of its interface networks, and it displays a dialog box if you enter an IP address that is not on the public network.
Enter the metric, or cost, for the route to the default gateway. Use a number from 1 to 16, where 1 is the lowest cost. The routing subsystem always tries to use the least costly route. For example, if this route uses a low-speed line, you might assign a high metric so the system will use it only if all high-speed routes are unavailable.
To apply the settings for default gateways, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | IP Routing screen. If you configure a Default Gateway, it also appears in the Static Routes list on the Configuration | System | IP Routing | Static Routes screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your entries, click Cancel. The Manager returns to the Configuration | System | IP Routing screen.
This screen lets you configure DHCP (Dynamic Host Configuration Protocol) server parameters that apply to DHCP server functions within the VPN 3002.
The DHCP server for the private interface lets IP hosts in its network automatically obtain IP addresses from a limited pool of addresses for a fixed length of time, or lease period. Before the lease period expires, the VPN 3002 displays a message offering to renew it. If the lease is not renewed, the connection terminates when the lease expires, and the IP address becomes available for reuse. Using DHCP simplifies configuration since you do not need to know what IP addresses are considered valid on a particular network.
Check the box to enable the DHCP server functions on the VPN 3002. The box is checked by default. To use DHCP address assignment, you must enable DHCP functions here.
Enter the timeout in minutes for addresses that are obtained from the DHCP server. Minimum is 5, default is 120, maximum is 500000 minutes. DHCP servers "lease" IP addresses to clients on the VPN 3002 private network for this period of time.
The Lease Timeout period you configure applies only when the tunnel to the VPN Concentrator is established. When the tunnel is not established, the Lease Timeout period is 5 minutes.
Enter the range of IP addresses that the DHCP server can assign. Use dotted decimal notation. The default is 127 successive addresses, with the first address being the address immediately after that of the private interface. The maximum number of addresses you can configure is 127.
To apply the settings for DHCP parameters, and to include your settings in the active configuration, click Apply. The Manager returns to the Configuration | System | IP Routing screen.
To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
To discard your entries, click Cancel. The Manager returns to the Configuration | System | IP Routing screen.
This section lets you configure DHCP options.
DHCP Options are facilities that allow the VPN 3002 DHCP server to respond to configurable parameters for specific kinds of devices such as PCs, IP telephones, print servers, etc., as well as an IP address.
To configure and add DHCP options, click Add. The Manager opens the Configuration | System | IP | DHCP Options | Add screen.To modify a configured DHCP option, select the option from the list and click Modify. The Manager opens the Configuration | System | IP | DHCP Options | Modify screen.
To remove a configured DHCP option, select the option from the list and click Delete. There is no confirmation or undo. The Manager refreshes the screen and shows the remaining DHCP options in the list.
The Manager immediately includes your changes in the active configuration. To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.
Add a new DHCP option to the list of DHCP options this VPN 3002 uses.
Modify a configured DHCP option.
Use the pull-down menu to the DHCP Options field to select the option you want to add or modify. You can add or modify only one option at a time.
 |
Note Configured VPN 3002 DHCP server options are sent to DHCP client only if those options are specified in the Parameters Request List of the DHCPDISCOVER and DHCPREQUEST messages. |
Enter the value you want this option to use, for example, the IP address for the TFTP server option, the number of seconds for the ARP Cache Timeout option, 1 or 0 to enable or disable IP forwarding, etc.
You cannot configure the following DHCP Options:
You configure these values on the central-site VPN Concentrator for the group to which the VPN 3002 Hardware Client belongs. As is the case for all group configuration parameters, the central-site VPN Concentrator pushes these values to the VPN 3002 over the tunnel.
Posted: Wed Feb 4 10:54:06 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
