VPN Communities - VPN Routing
What can I do here?
Use this window to configure VPN routing for satellites.
|
Getting Here - SmartConsole > Security Policies > Access Control > Policy > Access Tools > VPN Communities > New Star Community > VPN Routing
|
Understanding VPN Routing
VPN Star Communities
A Star Community is a VPN Community composed of two types of members, Central and Satellite, where:
- Each central gateway can establish VPN tunnel with each satellite gateway
- Satellite gateways cannot establish VPN tunnels with each other
- Central gateways cannot establish VPN tunnel with each other by default, but this is configurable on the Central Gateways page
VPN Routing
VPN routing is a way of directing communication through a specific VPN tunnel in order to enhance existing connectivity or security. In addition VPN routing can be used to reduce connectivity costs. A star VPN Community supports VPN routing in the following way. The HUB (the machine through which the VPN communication is redirected) is defined as a central gateway, and the SPOKES (the endpoint machines that receive or initiate the VPN connection) as Satellites. A VPN tunnel is created between the central gateway and the satellite gateways. Packets sent by the SPOKES are routed through the HUB.
VPN Routing Options
- To center only. No VPN routing actually occurs. Only connections between the satellite gateways and central gateway go through the VPN tunnel. Other connections are routed in the normal way
- To center and to other satellites through center. Use VPN routing for connection between satellites. Every packet passing from a satellite gateway to another satellite gateway is routed through the central gateway. Connection between satellite gateways and gateways that do not belong to the community are routed in the normal way.
- To center, or through the center to other satellites, to internet and other VPN targets. Use VPN routing for every connection a satellite gateway handles. Packets sent by a satellite gateway pass through the VPN tunnel to the central gateway before being routed to the destination address.
In a star community, RDP packets are sent to the gateways and the first to respond is used for routing only when:
- There is more than one center gateway, and
- One of the following VPN routing options was selected:
- To center and to other satellites through center
- To center, or through the center to other satellites, to internet and other VPN targets
