Chapter 6 IP security and VPN 189Using the BayStack Instant Internet Management Software Version 7.11Configuring a VPN between Instant Internet and a CES is a two-step process:• Configure the branch office connection in the CES, (next).• Configure Instant Internet as a main-mode tunnel (page 190).Example for configuring a branch office connection in the CESThis procedure provides an example for configuring a branch office connection onthe CES for tunneling. For detailed information, refer to your productdocumentation.To configure the branch office connection on the CES:1 In the CES main window, Choose Profiles > Networks.2 Create a Network Name, and for the subnet information, if not using splittunneling, specify an IP address of 0.0.0.0 and a mask of 0.0.0.0 or, if you usesplit tunneling, specify the IP addresses of all local subnets that willparticipate in the VPN. To determine whether you are using split or non-splittunnelling, refer to “Managing local and remote IP addresses” on page 172.3 Click Add to create the new network.4 Click Close.5 Choose Profiles > Branch Office.6 Select the user involved in the tunnel and then click Edit.7 Select the Enable Branch Office Connection check box.8 For the user’s connection, specify the Network Name you just created in theLocal Accessible Networks.9 Specify the Instant Internet unit’s public IP address as the Remote Endpoint.10 Specify the Instant Internet unit’s internal LAN-side IP addresses in theRemote Accessible Networks.11 Specify a pre-shared key.12 Click OK.