During the IKE negotiations VPN

During the IKE negotiations, the Lucent IKEmodule receives policy information pertaining to thenetwork, such as the local presence IP address for themachine (i.e., an IP address on the enterprise subnetto be used by the machine while the IPSec tunnel isenabled) and the IP addresses on the enterprise subnet for which traffic from the client should be sentthrough the IPSec tunnel. The Lucent IKE moduleupdates this information on the local machine bymodifying the routing table.For example, assume that the physical IP addressof a client machine is 135.180.144.174 and the IPaddress of an enterprise VPN gateway is 135.180.144.254. Figure 9 shows the IP configuration and the routing table on the client machine after it has established an IPSec tunnel to the VPN gateway. Assumethat the policy that is downloaded specifies that packets destined to subnet IP address/mask 192.168.5.0/24within the enterprise must be sent through the IPSectunnel. A local presence IP address for the VPN clienthas been provided that falls within this enterprise subnet. For this example, assume that this address is192.168.5.10. To accommodate sending the appropriate packets through the IPSec tunnel, a route entryhas been added to the routing table shown in Figure9 that specifies that to reach any IP address in the subnet 192.168.5.0/24, the default gateway at IP address192.168.5.10 (i.e., the local presence IP address) mustbe used.