Other Settings

The Other Settings section captures your preferences regarding nested subnets, remote access to Gateway Viewer, and the session re-key interval.

You can enable any of the following options:

  • Perform DNS/WINS Fixup: If a computer has name services such as DNS or WINS configured on the system, the name used by the computer to make a connection will be resolved by DNS or WINS. For name resolution, the IP address of a computer that is stored on a DNS or WINS server is usually the computer's real IP address. If NAT occurs between two Corente Services Gateway partners within the application network, computers on one network of the application network will not be able to use the real IP address returned from DNS or WINS to connect to remote computers on the other network.

    The problem can be solved with DNS/WINS Fixup. If the Perform DNS/WINS Fixup option is checked, computers behind this Corente Services Gateway will always use the correct IP address to connect to another computer across the application network, either its real or NATed IP address. To provide this service, all packets from DNS/WINS servers within the application network are redirected to the DNS/WINS proxy on the Corente Services Gateway. Every name query response packet is checked and, if necessary, its contents are updated. The final DNS/WINS response packet with correct IP information is then forwarded to the original requester. The fixup is done automatically and is completely transparent to the end users. This feature allows all computers behind the Corente Services Gateway, including Corente Clients, to connect by name to remote NATed computers within the application network, using any application (such as ftp, http, telnet, and ping).

    Note

    The DNS/WINS Fixup will work only when name resolution requests are made via the Corente Services Gateway. This means that the DNS/WINS servers cannot reside on the same subnet as the computers using this service. Also, the fixup applies only to DNS/WINS packets within the application network. Therefore, a computer using DNS/WINS servers on the Internet will not benefit from this feature. Computers behind the Corente Services Gateway can have different DNS/WINS configurations as long as the Corente Services Gateway is in the name service request path.

    By default, this option is disabled.

  • Nested Subnets: When you create a User Group for your Location during Location gateway creation in the Location Wizard, or on the User Groups tab, you indicate one or more ranges of IP addresses in your local network that will participate in the application network. Each Corente Services Gateway has one or more User Groups.

    By default, the service will not permit ambiguous handling of any IP address. For example, this means that no conflicting rules are permitted where the same IP address exists in a User Group for the local Corente Services Gateway and also exists in a User Group for this remote Location partner.

    However, many network administrators make use of the fact that normal IP routing rules are ordered so that a more specific rule applies before a more general one. If there are conflicting rules for certain IP addresses, the rule describing the smaller subnet would take precedence. For example, a central site might have a User Group that includes all of 172.16.0.0/16 and a remote Location partner might have a User Group that includes 172.16.1.0/24. The remote Location partner's User Group description would override the central site's User Group because it contains a more specific range of addresses. Notice that the remote partner's User Group is completely contained inside the central site's User Group. This is what is referred to as a "nested subnet". Address ranges that overlap each other entirely are never permitted between Locations.

    When this option is checked, nested subnets as described above will be permitted by this Corente Services Gateway. It is recommended that you do not check this option, as nested subnets can cause routing problems that are difficult to diagnose.

    By default, this option will be unchecked for new Location gateways. When this option is unchecked, nested subnets will cause a Configuration Alert and no tunnels will be established between this Location and its partners.

    A Configuration Alert for nested subnets can be prevented between two Locations that are partners, if you:

    • Enter mutually exclusive IP address ranges in the User Groups

    • Enable Allow Locations to be configured with nested subnets for both Locations

    • Enable Auto Resolve NAT on both Corente Services Gateways for each other. Auto Resolve NAT is enabled by a Location on a per partner basis. If any conflicts occur between a Location and its partner when Auto Resolve NAT is enabled, the Corente Services Gateway will automatically translate the IP addresses of the partner's User Group to new subnets to prevent the conflicts.)

  • Compact NAT Subnets: When this option is selected, the Location will sort addresses largest to smallest in order to keep the NAT table to a minimum. This feature applies to both Inbound NAT and Auto Resolve NAT. Locations have this option enabled by default.

  • Session Re-Key Interval: Session keys are used by a Corente Services Gateway to encrypt the data that is being sent over each of its application network tunnels. A Corente Services Gateway will automatically regenerate its session keys according to the interval that you select with this pull-down menu. The default interval is 8 hours. You may choose a shorter interval,if you prefer.

Copyright © 2016, 2017, Oracle and/or its affiliates. All rights reserved. Legal Notices