Defining a network object that contains IP addresses assigned to mobile peers
If IPSec clients must reach n discontiguous networks, i.e., networks that cannot be grouped in an IP address range or in a single network:
- n Phase 2 configurations must be created on each IPSec client,
- Each IPSec client will then need n IP addresses.
This will directly affect the size of the network dedicated to IPSec clients.
Defining the network object
In the module Configuration > Objects > Network objects:
- Click on Add.
- Select Network.
- Assign a Name to this object (Mobile_Users_Network in the example).
- Enter the Network IP address field in the form of a network/mask.
This network must contain at least as many IP addresses as the number of users likely to connect via an IPSec VPN tunnel.
192.168.9.0/24 or 192.168.9.0/255.255.255.0 : 254 addresses so 254 Phase 2.
192.168.9.0/23 or 192.168.9.0/255.255.254.0 : 510 addresses so 510 Phase 2.
- Click on Create.