11I-WLAN182To set up a stitched interface pair, the StitchedInterface= property for each interface is set tothe other interface in the pair. With I‐WLAN for example, a GTP tunnel may be set up asfollows:Device:/> add Interface GTPInterface Gn LocalEndpoint=gn_ip InterceptDHCPInform=Yes StitchedInterface=MSThe IPsec tunnel in the pair is then defined as:Device:/> add Interface IPsecTunnel MS " " StitchedInterface=GnUsing IP rulesIt is important in an I‐WLAN setup to create the appropriate IP rules in the main SEG IP ruleset.These rules consist of Deny rules that prevent traffic flowing between particular componentsof the network, as well as Allow rules which explicitly permit traffic flow.At minimum, IP rules should perform the following functions for I‐WLAN:1. Prevents communication between external clients.2. Allow DNS lookup to be performed by clients.3. Allow HTTP traffic to flow from clients to the public Internet.Adding client routingAs clients connect in a I‐WLAN solution, there has to be a route for the client in the relevantSEG routing table (usually the main table). This routes the IP address handed out to the clientby the GGSN through the IPsec tunnel to the client. There are two ways this route can exist:• A separate route can be added automatically every time a client connects by enabling theIPsec tunnel option AddRouteToRemoteNetwork.• A single static route is added manually. This routes the entire network range used forclient IP addresses on the IPsec tunnel object (which is treated like an interface in theSEG).The number of connected clients can usually become large with I‐WLAN, so the second optionof manually adding a static route is recommended. This avoids the processing overhead ofcontinually adding and removing client routes, as well as reducing the routing table lookupoverhead.