97 Figure 6-1. Two Enterprise LANs connected over an AltaVista Tunnel

6.4.1.2 Tunnel server configuration

Since LAN 1 is the inbound tunnel network, its configured to accept tunnel traffic from LAN 2. The tunnel connection is dedicated, meaning it begins automatically and stays up constantly. Routing table The inbound tunnel server routes all incoming tunnel traffic to its local network address range 1.195.6.. Its routing table is set up like this: • Subnet : 1.195.6. • Netmask : 255.255.255.0 • Description : Local Tunnel Clients Dynamic IP tables The tunnel server, in this case, assigns 1.196.5.1 to the tunnel pseudo-adapter on its end, and 1.196.5.2 to the pseudo-adapter on LAN 2s tunnel server. A dynamic range 98 may be set up for multiple remote LAN or single PC connections to this tunnel. The Dynamic IP tables are configured like this: • Range name : Sales Tunnel. • Range description : Regional Sales Office Tunnels. • First IP : 1.196.5.1. • Total tunnels : The total number of tunnels for this tunnel group is set to one. There is a range of two dynamic IP addresses. The LAN 1 tunnel server assigns a virtual IP address to itself and the other LANs tunnel server in the LAN-to-LAN tunnel connection. • NetMask : 255.255.255.252 for the two IP virtual networks. Authentication table The group username is LAN 2. The password is WHOthere. These two parameters have been extracted into an ETA file called lan2.eta and distributed via secure FTP session to the tunnel server on LAN 2. The key file has been created by the tunnel server on LAN 1 and is specific to this tunnel group. The key file has also been extracted and distributed via secure FTP session to the tunnel server on LAN 2. By default this key file is named lan2.key. LAN 2 controls the outbound tunnel session, and is acting as a tunnel client for its local network. The tunnel connection itself has a single virtual IP address 1.196.5.2, assigned by the tunnel server on LAN 1. The tunnel server on LAN 2 routes all tunnel traffic from its local network to that virtual IP address. The outbound tunnel has been set up to connect in automatic mode, meaning that whenever the tunnel server is up, so is the tunnel connection. The ETA and key files from LAN 1 have been installed, and the outbound tunnel session is configured as below: Tunnel name The name for this tunnel is Sales, as from LAN 1 earlier. Tunnel description This is also the same as the LAN 1 tunnel description: Regional Sales Office Tunnels. Network addresses This outbound tunnel is set up as a static route tunnel, because the virtual IP address assigned to the tunnel comes from the tunnel server on LAN 1. The local IP address for LAN 2s pseudo-adapter is 1.196.5.2. The remote IP address for LAN 1s pseudo- adapter is 1.196.5.1. Routing tables On the LAN 2 end, the tunnel server must route traffic from its local hosts to the tunnels virtual IP address. This is set up as a default route coming from the network 2.15.1., with a netmask of 255.255.255.0.