Avaya Business Secure Router 252 Configuration - Basics Uživatelský manuál

BSR252Business Secure RouterDocument Number: NN47923-500Document Version: 1.2Date: May 2007Nortel Business Secure Router 252 Configuration — Basics

10 ContentsNN47923-500Configuring attack alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Thre

100 Chapter 6 LAN screensNN47923-500Configuring IP Click LAN to open the IP screen.Figure 22 LAN IP

Chapter 6 LAN screens 101Nortel Business Secure Router 252 Configuration — BasicsTable 14 describes the fields in Figure 22.Table 14 LAN IPLabel Des

102 Chapter 6 LAN screensNN47923-500First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server inf

Chapter 6 LAN screens 103Nortel Business Secure Router 252 Configuration — BasicsConfiguring Static DHCPWith Static DHCP, you can assign IP addresses

104 Chapter 6 LAN screensNN47923-500To change the static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown in Figure 23.

Chapter 6 LAN screens 105Nortel Business Secure Router 252 Configuration — BasicsConfiguring IP AliasWith IP Alias, you can partition a physical netwo

106 Chapter 6 LAN screensNN47923-500Table 16 describes the fields in Figure 24.Table 16 IP AliasLabel DescriptionIP Alias 1,2 Select the check box t

107Nortel Business Secure Router 252 Configuration — BasicsChapter 7WAN screensThis chapter describes how to configure WAN settings. WAN overviewThis

108 Chapter 7 WAN screensNN47923-500The dial backup or traffic redirect routes cannot take priority over the WAN routes.Configuring RouteClick WAN to

Chapter 7 WAN screens 109Nortel Business Secure Router 252 Configuration — BasicsTable 17 describes the fields in Figure 25. PPPoE encapsulationThe Bu

Contents 11Nortel Business Secure Router 252 Configuration — BasicsSummary screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

110 Chapter 7 WAN screensNN47923-500By implementing PPPoE directly on the Business Secure Router (rather than individual computers), the computers on

Chapter 7 WAN screens 111Nortel Business Secure Router 252 Configuration — BasicsFigure 26 WAN: WAN ISP

112 Chapter 7 WAN screensNN47923-500Table 18 describes the fields in Figure 26.Table 18 WAN: WAN ISPLabel DescriptionName Enter the name of your Int

Chapter 7 WAN screens 113Nortel Business Secure Router 252 Configuration — BasicsConfiguring WAN IP To change the WAN IP settings of your Business Sec

114 Chapter 7 WAN screensNN47923-500Figure 27 WAN: IP

Chapter 7 WAN screens 115Nortel Business Secure Router 252 Configuration — BasicsTable 19 describes the fields in Figure 27.Table 19 WAN: IPLabel De

116 Chapter 7 WAN screensNN47923-500RIP Direction With RIP (Routing Information Protocol), a router can exchange routing information with other router

Chapter 7 WAN screens 117Nortel Business Secure Router 252 Configuration — BasicsTraffic redirectTraffic redirect forwards WAN traffic to a backup gat

118 Chapter 7 WAN screensNN47923-500The network topology illustrated in Figure 29 avoids triangle route security issues when the backup gateway is con

Chapter 7 WAN screens 119Nortel Business Secure Router 252 Configuration — BasicsFigure 30 Traffic RedirectTable 20 describes the fields in Figure 3

12 ContentsNN47923-500Certificate file formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Im

120 Chapter 7 WAN screensNN47923-500Figure 31 Dial Backup Setup

Chapter 7 WAN screens 121Nortel Business Secure Router 252 Configuration — BasicsTable 21 describes the fields in Figure 31.Table 21 Dial Backup Set

122 Chapter 7 WAN screensNN47923-500Used Fixed IP Address Select this check box if your ISP assigned you a fixed IP address and then enter the IP addr

Chapter 7 WAN screens 123Nortel Business Secure Router 252 Configuration — BasicsRIP Direction RIP (Routing Information Protocol) allows a router to e

124 Chapter 7 WAN screensNN47923-500Advanced Modem SetupAT Command StringsFor regular telephone lines, the default Dial string tells the modem that th

Chapter 7 WAN screens 125Nortel Business Secure Router 252 Configuration — BasicsConfiguring Advanced Modem Setup Click the Edit button in the Dial Ba

126 Chapter 7 WAN screensNN47923-500Table 22 describes the fields in Figure 32.Table 22 Advanced SetupLabel Description ExampleAT Command StringsDia

Chapter 7 WAN screens 127Nortel Business Secure Router 252 Configuration — BasicsApply Click Apply to save your changes to the Business Secure Router.

128 Chapter 7 WAN screensNN47923-500

129Nortel Business Secure Router 252 Configuration — BasicsChapter 8Network Address Translation (NAT) ScreensThis chapter discusses how to configure N

Contents 13Nortel Business Secure Router 252 Configuration — BasicsEAP Authentication overview . . . . . . . . . . . . . . . . . . . . . . . . . . .

130 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Note that inside/outside refers to the location of a host, while global/local refers

Chapter 8 Network Address Translation (NAT) Screens 131Nortel Business Secure Router 252 Configuration — BasicsHow NAT worksEach packet has two addres

132 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500In Figure 34, B can send packets, with source IP address e.f.g.h and port 20202 to A

Chapter 8 Network Address Translation (NAT) Screens 133Nortel Business Secure Router 252 Configuration — BasicsFigure 35 NAT application with IP Ali

134 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Table 24 summarizes these types.Using NATSUA (Single User Account) versus NATSUA (Si

Chapter 8 Network Address Translation (NAT) Screens 135Nortel Business Secure Router 252 Configuration — BasicsSUA Server A SUA server set is a list o

136 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Port forwarding: Services and Port NumbersThe most often used port numbers are shown

Chapter 8 Network Address Translation (NAT) Screens 137Nortel Business Secure Router 252 Configuration — BasicsFigure 36 Multiple servers behind NAT

138 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Figure 37 SUA/NAT setupTable 26 describes the fields in Figure 37.Table 26 SUA/N

Chapter 8 Network Address Translation (NAT) Screens 139Nortel Business Secure Router 252 Configuration — BasicsConfiguring Address MappingOrdering you

14 ContentsNN47923-500Configuring TELNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351Configu

140 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Figure 38 Address MappingTable 27 describes the fields in Figure 38.Table 27 Add

Chapter 8 Network Address Translation (NAT) Screens 141Nortel Business Secure Router 252 Configuration — BasicsConfiguring Address Mapping To edit an

142 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Figure 39 Address Mapping editTable 28 describes the fields in Figure 39.Table 28

Chapter 8 Network Address Translation (NAT) Screens 143Nortel Business Secure Router 252 Configuration — BasicsTrigger Port ForwardingSome services us

144 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Figure 40 Trigger Port Forwarding process: example1 Jane (A) requests a file from

Chapter 8 Network Address Translation (NAT) Screens 145Nortel Business Secure Router 252 Configuration — BasicsConfiguring Trigger Port ForwardingTo c

146 Chapter 8 Network Address Translation (NAT) ScreensNN47923-500Table 29 describes the fields in Figure 41.Table 29 Trigger PortLabel DescriptionN

147Nortel Business Secure Router 252 Configuration — BasicsChapter 9Static Route screensThis chapter shows you how to configure static routes for your

148 Chapter 9 Static Route screensNN47923-500Figure 42 Example of Static Routing topologyConfiguring IP Static RouteClick STATIC ROUTE to open the R

Chapter 9 Static Route screens 149Nortel Business Secure Router 252 Configuration — BasicsFigure 43 Static Route screenTable 30 describes the fields

Contents 15Nortel Business Secure Router 252 Configuration — BasicsChapter 21Call scheduling screens . . . . . . . . . . . . . . . . . . . . . . . .

150 Chapter 9 Static Route screensNN47923-500Configuring Route entrySelect a static route index number and click Edit. The screen is illustrated in Fi

Chapter 9 Static Route screens 151Nortel Business Secure Router 252 Configuration — BasicsMetric Metric represents the cost of transmission for routin

152 Chapter 9 Static Route screensNN47923-500

153Nortel Business Secure Router 252 Configuration — BasicsChapter 10FirewallsThis chapter gives some background information on firewalls and introduc

154 Chapter 10 FirewallsNN47923-500Packet filtering firewallsPacket filtering firewalls restrict access based on the source or destination computer ne

Chapter 10 Firewalls 155Nortel Business Secure Router 252 Configuration — BasicsIntroduction to the Business Secure Router firewallThe Business Secure

156 Chapter 10 FirewallsNN47923-500Figure 45 Business Secure Router firewall applicationDenial of ServiceDenial of Service (DoS) attacks are aimed a

Chapter 10 Firewalls 157Nortel Business Secure Router 252 Configuration — BasicsWhen computers communicate on the Internet, they use the client/server

158 Chapter 10 FirewallsNN47923-5002 Weaknesses in the TCP/IP specification leave it open to SYN Flood and LAND attacks. These attacks are executed du

Chapter 10 Firewalls 159Nortel Business Secure Router 252 Configuration — BasicsFigure 47 SYN floodIn a LAND Attack, hackers flood SYN packets into

16 ContentsNN47923-500Enabling Pop-up Blockers with Exceptions . . . . . . . . . . . . . . . . . . . . . . . . . . 417Internet Explorer JavaScript .

160 Chapter 10 FirewallsNN47923-500Figure 48 Smurf attack• ICMP vulnerability ICMP is an error reporting protocol that works in concert with IP. The

Chapter 10 Firewalls 161Nortel Business Secure Router 252 Configuration — BasicsAll SMTP commands are illegal except for those displayed in Table 35.•

162 Chapter 10 FirewallsNN47923-500• Allows all sessions originating from the LAN (local network) to the WAN (Internet).• Denies all sessions originat

Chapter 10 Firewalls 163Nortel Business Secure Router 252 Configuration — Basicsrule for this packet and it is not an attack, the Action for packets t

164 Chapter 10 FirewallsNN47923-500These custom rules work by evaluating the network traffic source IP address, destination IP address, IP protocol ty

Chapter 10 Firewalls 165Nortel Business Secure Router 252 Configuration — BasicsUDP/ICMP securityUDP and ICMP do not contain any connection informatio

166 Chapter 10 FirewallsNN47923-500Any protocol that operates in this way must be supported on a case-by-case basis. You can use the Custom Ports feat

Chapter 10 Firewalls 167Nortel Business Secure Router 252 Configuration — BasicsWhen to use filtering1 To block or allow LAN packets by their MAC addr

168 Chapter 10 FirewallsNN47923-500distinguish traffic originating from an inside host or an outside host by IP address.4 The firewall performs better

169Nortel Business Secure Router 252 Configuration — BasicsChapter 11Firewall screensThis chapter shows you how to configure your Business Secure Rout

17Nortel Business Secure Router 252 Configuration — BasicsFiguresFigure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . .

170 Chapter 11 Firewall screensNN47923-500By default, the Business Secure Router stateful packet inspection blocks packets traveling in the following

Chapter 11 Firewall screens 171Nortel Business Secure Router 252 Configuration — BasicsRule logic overviewRule checklist1 State the intent of the rule

172 Chapter 11 Firewall screensNN47923-500Once these questions have been answered, adding rules is simply a matter of plugging the information into th

Chapter 11 Firewall screens 173Nortel Business Secure Router 252 Configuration — Basicsthe LAN interface is an example of traffic destined for the Bus

174 Chapter 11 Firewall screensNN47923-500Figure 51 WAN to LAN trafficConfiguring firewallClick FIREWALL to open the Summary screen. Enable (or acti

Chapter 11 Firewall screens 175Nortel Business Secure Router 252 Configuration — BasicsIf you list a general rule before a specific rule, traffic that

176 Chapter 11 Firewall screensNN47923-500Figure 52 Enabling the firewall Table 36 describes the fields in Figure 52.Table 36 Firewall rules summa

Chapter 11 Firewall screens 177Nortel Business Secure Router 252 Configuration — BasicsBypass Triangle RouteSelect this check box to have the Business

178 Chapter 11 Firewall screensNN47923-500Configuring firewall rulesFollow these directions to create a new rule.In the Summary screen, type the index

Chapter 11 Firewall screens 179Nortel Business Secure Router 252 Configuration — BasicsFigure 53 Creating and editing a firewall rule Table 37 descr

18 FiguresNN47923-500Figure 30 Traffic Redirect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Figure 31

180 Chapter 11 Firewall screensNN47923-500Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one

Chapter 11 Firewall screens 181Nortel Business Secure Router 252 Configuration — BasicsConfiguring source and destination addressesTo add a new source

182 Chapter 11 Firewall screensNN47923-500Configuring custom portsYou can also configure customized ports for services not predefined by the Business

Chapter 11 Firewall screens 183Nortel Business Secure Router 252 Configuration — Basics Example firewall rule The following Internet firewall rule exa

184 Chapter 11 Firewall screensNN47923-5006 Configure the Firewall Rule Edit IP screen as follows and click Apply.Figure 57 Firewall rule edit IP ex

Chapter 11 Firewall screens 185Nortel Business Secure Router 252 Configuration — BasicsFigure 59 MyService rule configuration exampleAfter completin

186 Chapter 11 Firewall screensNN47923-500Figure 60 My Service example rule summary Predefined servicesThe Available Services list box in the Edit R

Chapter 11 Firewall screens 187Nortel Business Secure Router 252 Configuration — Basicstype. For example, look at the default configuration labeled “(

188 Chapter 11 Firewall screensNN47923-500NEW-ICQ(TCP:5190) An Internet chat program.NEWS(TCP:144) A protocol for news groups.NFS(UDP:2049) Network

Chapter 11 Firewall screens 189Nortel Business Secure Router 252 Configuration — BasicsAlertsAlerts are reports on events, such as attacks, that you w

Figures 19Nortel Business Secure Router 252 Configuration — BasicsFigure 65 Transport and Tunnel mode IPSec encapsulation . . . . . . . . . . . . . .

190 Chapter 11 Firewall screensNN47923-500Configuring attack alertAttack alerts are the first defense against DOS attacks. In the Attack Alert screen

Chapter 11 Firewall screens 191Nortel Business Secure Router 252 Configuration — BasicsThe Business Secure Router measures both the total number of ex

192 Chapter 11 Firewall screensNN47923-500The Business Secure Router also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values

Chapter 11 Firewall screens 193Nortel Business Secure Router 252 Configuration — BasicsOne Minute High This is the rate of new half-open sessions that

194 Chapter 11 Firewall screensNN47923-500

195Nortel Business Secure Router 252 Configuration — BasicsChapter 12Content filtering This chapter provides a brief overview of content filtering usi

196 Chapter 12 Content filteringNN47923-500Configure Content FilteringClick Content Filter on the navigation panel, to open the screen show in Figure

Chapter 12 Content filtering 197Nortel Business Secure Router 252 Configuration — BasicsTable 42 describes the fields in Figure 62.Table 42 Content

198 Chapter 12 Content filteringNN47923-500Time of Day to BlockTime of Day to Block allows the administrator to define during which time periods conte

199Nortel Business Secure Router 252 Configuration — BasicsChapter 13VPNThis chapter introduces the basics of IPSec VPNs and covers the VPN WebGUI. Se

2NN47923-500NN47923-500Copyright © Nortel 2005–2006All rights reserved.The information in this document is subject to change without notice. The state

20 FiguresNN47923-500Figure 100 Bandwidth Manager: Edit class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306Figure 101 Bandwidth

200 Chapter 13 VPNNN47923-500or • As a VPN router that can have encrypted connections to multiple remote VPN routers. With this role, it can also serv

Chapter 13 VPN 201Nortel Business Secure Router 252 Configuration — BasicsSecurity AssociationA Security Association (SA) is a contract between two pa

202 Chapter 13 VPNNN47923-500Data confidentialityThe IPSec sender can encrypt packets before transmitting them across a network. Data integrityThe IPS

Chapter 13 VPN 203Nortel Business Secure Router 252 Configuration — BasicsFigure 64 IPSec architectureIPSec algorithmsThe ESP (Encapsulating Securit

204 Chapter 13 VPNNN47923-500The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404), provide an authentication mechanism for the

Chapter 13 VPN 205Nortel Business Secure Router 252 Configuration — BasicsAn added feature of the ESP is payload padding, which further protects commu

206 Chapter 13 VPNNN47923-500EncapsulationThe two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 65 Transport and Tunn

Chapter 13 VPN 207Nortel Business Secure Router 252 Configuration — BasicsTunnel mode Tunnel mode encapsulates the entire IP packet to transmit it sec

208 Chapter 13 VPNNN47923-500IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP

Chapter 13 VPN 209Nortel Business Secure Router 252 Configuration — BasicsYou can also enter the domain name of the remote secure gateway in the Secur

Figures 21Nortel Business Secure Router 252 Configuration — BasicsFigure 135 UPnP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

210 Chapter 13 VPNNN47923-500Figure 67 SummaryIP Policies

Chapter 13 VPN 211Nortel Business Secure Router 252 Configuration — BasicsTable 47 describes the fields in Figure 67.Table 47 SummaryLabel Descripti

212 Chapter 13 VPNNN47923-500Keep AliveWhen you initiate an IPSec tunnel with keep alive enabled, the Business Secure Router automatically renegotiate

Chapter 13 VPN 213Nortel Business Secure Router 252 Configuration — Basicsoffice rules. See the VPN Branch Office Rule Setup screen (Figure 71 on page

214 Chapter 13 VPNNN47923-500NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router forwards the IPSec p

Chapter 13 VPN 215Nortel Business Secure Router 252 Configuration — BasicsFigure 69 VPN Contivity Client rule setupTable 48 VPN Contivity Client r

216 Chapter 13 VPNNN47923-500Configuring Advanced SetupSelect one of the VPN rules in the VPN Summary screen and click Edit to configure the rule. If

Chapter 13 VPN 217Nortel Business Secure Router 252 Configuration — BasicsFigure 70 VPN Contivity Client advanced rule setupTable 49 describes the f

218 Chapter 13 VPNNN47923-500ID Type and contentWith aggressive negotiation mode (see “Negotiation Mode” on page 240 for more information), the Busine

Chapter 13 VPN 219Nortel Business Secure Router 252 Configuration — BasicsConfigure the ID type and content in the VPN Branch Office Rule Setup screen

22 FiguresNN47923-500Figure 170 Restart screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409Figure 171

220 Chapter 13 VPNNN47923-500The two Business Secure Routers shown in Table 52 can complete negotiation and establish a VPN tunnel.The two Business Se

Chapter 13 VPN 221Nortel Business Secure Router 252 Configuration — Basics• If the WAN connection goes down, the Business Secure Router uses the dial

222 Chapter 13 VPNNN47923-500Figure 71 VPN Branch Office rule setup

Chapter 13 VPN 223Nortel Business Secure Router 252 Configuration — BasicsTable 54 describes the fields in Figure 71.Table 54 VPN Branch Office rule

224 Chapter 13 VPNNN47923-500Available/ Selected IP PolicyThe Available IP Policy table displays network routes. Use the Add, Edit and Delete buttons

Chapter 13 VPN 225Nortel Business Secure Router 252 Configuration — BasicsLocal IP Address This field displays the IP address (or range of IP addresse

226 Chapter 13 VPNNN47923-500Remote IP Address This field displays the IP addresses of computers on the remote network behind the remote IPSec router.

Chapter 13 VPN 227Nortel Business Secure Router 252 Configuration — BasicsCertificate Use the drop-down list to select the certificate to use for this

228 Chapter 13 VPNNN47923-500Peer Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you make the VP

Chapter 13 VPN 229Nortel Business Secure Router 252 Configuration — BasicsESP Select ESP if you want to use ESP (Encapsulation Security Payload). The

23Nortel Business Secure Router 252 Configuration — BasicsTablesTable 1 Feature specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . .

230 Chapter 13 VPNNN47923-500Configuring an IP PolicySelect one of the IP policies in the VPN Branch Office screen and click Add or Edit to configure

Chapter 13 VPN 231Nortel Business Secure Router 252 Configuration — BasicsFigure 72 VPN Branch Office — IP Policy

232 Chapter 13 VPNNN47923-500Table 55 describes the fields in Figure 72.Table 55 VPN Branch Office — IP PolicyLabel DescriptionProtocol Enter a num

Chapter 13 VPN 233Nortel Business Secure Router 252 Configuration — BasicsType Select one of the following port mapping types. 1. One-to-One: One-to-o

234 Chapter 13 VPNNN47923-500Virtual Ending IP Address When the Type field is configured to One-to-one or Many-to-One, this field is N/A. When the Typ

Chapter 13 VPN 235Nortel Business Secure Router 252 Configuration — BasicsProtocol Enter a number to specify what type of traffic is allowed to go thr

236 Chapter 13 VPNNN47923-500Port forwarding server A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, tha

Chapter 13 VPN 237Nortel Business Secure Router 252 Configuration — BasicsFigure 73 VPN Branch Office — IP Policy - Port Forwarding ServerTable 56 d

238 Chapter 13 VPNNN47923-500IKE phasesThere are two phases to every IKE (Internet Key Exchange) negotiation–phase 1 (Authentication) and phase 2 (Key

Chapter 13 VPN 239Nortel Business Secure Router 252 Configuration — BasicsFigure 74 Two phases to set up the IPSec SAIn Phase 1 you must:• Choose a

24 TablesNN47923-500Table 30 IP Static Route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149Table 31 Edit IP Sta

240 Chapter 13 VPNNN47923-500• Set the IPSec SA lifetime. In this field, you can determine how long the IPSec SA will stay up before it times out. The

Chapter 13 VPN 241Nortel Business Secure Router 252 Configuration — BasicsDiffie-Hellman (DH) Key GroupsDiffie-Hellman (DH) is a public-key cryptograp

242 Chapter 13 VPNNN47923-500Figure 75 VPN Branch Office advanced rule setupTable 57 describes the fields in Figure 75.Table 57 VPN Branch Office

Chapter 13 VPN 243Nortel Business Secure Router 252 Configuration — BasicsMultiple Proposal Select this check box to allow the Business Secure Router

244 Chapter 13 VPNNN47923-500Multiple Proposal Select this check box to allow the Business Secure Router to use any of its phase 2 encryption and aut

Chapter 13 VPN 245Nortel Business Secure Router 252 Configuration — BasicsSA MonitorIn the WebGUI, click VPN and the SA Monitor tab. Use this screen t

246 Chapter 13 VPNNN47923-500Figure 76 VPN SA Monitor Table 58 describes the fields in Figure 76.Table 58 VPN SA MonitorLabel Description# This i

Chapter 13 VPN 247Nortel Business Secure Router 252 Configuration — Basics Global settingsIn the WebGUI, click VPN on the navigation panel, then click

248 Chapter 13 VPNNN47923-500VPN Client Termination Use these screens to configure the Business Secure Router for VPN connections from computers using

Chapter 13 VPN 249Nortel Business Secure Router 252 Configuration — BasicsFigure 78 VPN Client Termination

Tables 25Nortel Business Secure Router 252 Configuration — BasicsTable 65 My Certificate Import . . . . . . . . . . . . . . . . . . . . . . . . . .

250 Chapter 13 VPNNN47923-500Table 60 describes the fields in Figure 78.Table 60 VPN Client TerminationLabel DescriptionEnable Client TerminationTu

Chapter 13 VPN 251Nortel Business Secure Router 252 Configuration — BasicsEncryption Select the combinations of protocol and encryption and authentic

252 Chapter 13 VPNNN47923-500VPN Client Termination IP pool summaryIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to

Chapter 13 VPN 253Nortel Business Secure Router 252 Configuration — BasicsFigure 79 VPN Client Termination IP pool summaryTable 61 describes the fie

254 Chapter 13 VPNNN47923-500VPN Client Termination IP pool editIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to ope

Chapter 13 VPN 255Nortel Business Secure Router 252 Configuration — BasicsVPN Client Termination advancedIn the WebGUI, click VPN on the navigation pa

256 Chapter 13 VPNNN47923-500Figure 81 VPN Client Termination advanced

Chapter 13 VPN 257Nortel Business Secure Router 252 Configuration — BasicsTable 63 describes the fields in Figure 81.Table 63 VPN Client Termination

258 Chapter 13 VPNNN47923-500Accept ISAKMP Initial Contact PayloadThe Business Secure Router can accept the INITIAL-CONTACT status messages to inform

Chapter 13 VPN 259Nortel Business Secure Router 252 Configuration — BasicsPassword Management You can have the Business Secure Router use some passwor

26 TablesNN47923-500Table 100 Log settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377Table 101

260 Chapter 13 VPNNN47923-500

261Nortel Business Secure Router 252 Configuration — BasicsChapter 14CertificatesThis chapter gives background information about public-key certificat

262 Chapter 14 CertificatesNN47923-500The Business Secure Router uses certificates based on public-key cryptology to authenticate users attempting to

Chapter 14 Certificates 263Nortel Business Secure Router 252 Configuration — BasicsConfiguration summaryThis section summarizes how to manage certific

264 Chapter 14 CertificatesNN47923-500Figure 83 My Certificates

Chapter 14 Certificates 265Nortel Business Secure Router 252 Configuration — BasicsTable 64 describes the labels in Figure 83.Table 64 My Certificat

266 Chapter 14 CertificatesNN47923-500Certificate file formatsThe certification authority certificate that you want to import has to be in one of thes

Chapter 14 Certificates 267Nortel Business Secure Router 252 Configuration — Basics• Binary PKCS#7: This is a standard that defines the general syntax

268 Chapter 14 CertificatesNN47923-500Figure 84 My Certificate ImportTable 65 describes the labels in Figure 84.Table 65 My Certificate ImportLabe

Chapter 14 Certificates 269Nortel Business Secure Router 252 Configuration — BasicsCreating a certificateClick CERTIFICATES, My Certificates and then

Tables 27Nortel Business Secure Router 252 Configuration — BasicsTable 135 PKI Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

270 Chapter 14 CertificatesNN47923-500Figure 85 My Certificate create

Chapter 14 Certificates 271Nortel Business Secure Router 252 Configuration — BasicsTable 66 describes the labels in the Figure 85.Table 66 My Certif

272 Chapter 14 CertificatesNN47923-500Create a certification request and save it locally for later manual enrollment Select Create a certification req

Chapter 14 Certificates 273Nortel Business Secure Router 252 Configuration — BasicsAfter you click Apply in the My Certificate Create screen, you see

274 Chapter 14 CertificatesNN47923-500Figure 86 My Certificate details

Chapter 14 Certificates 275Nortel Business Secure Router 252 Configuration — BasicsTable 67 describes the labels in Figure 86.Table 67 My Certificat

276 Chapter 14 CertificatesNN47923-500Issuer This field displays identifying information about the certification authority that issued the certificate

Chapter 14 Certificates 277Nortel Business Secure Router 252 Configuration — BasicsTrusted CAsClick CERTIFICATES, Trusted CAs to open the Trusted CAs

278 Chapter 14 CertificatesNN47923-500Figure 87 Trusted CAsTable 68 describes the labels in Figure 87.Table 68 Trusted CAsLabel DescriptionPKI Sto

Chapter 14 Certificates 279Nortel Business Secure Router 252 Configuration — BasicsIssuer This field displays identifying information about the certif

28 TablesNN47923-500

280 Chapter 14 CertificatesNN47923-500Importing a Trusted CA certificateClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen and then click

Chapter 14 Certificates 281Nortel Business Secure Router 252 Configuration — BasicsTrusted CA Certificate detailsClick CERTIFICATES, Trusted CAs to op

282 Chapter 14 CertificatesNN47923-500Figure 89 Trusted CA details

Chapter 14 Certificates 283Nortel Business Secure Router 252 Configuration — BasicsTable 70 describes the labels in Figure 89.Table 70 Trusted CA de

284 Chapter 14 CertificatesNN47923-500Signature AlgorithmThis field displays the type of algorithm that was used to sign the certificate. Some certifi

Chapter 14 Certificates 285Nortel Business Secure Router 252 Configuration — BasicsTrusted remote hostsClick CERTIFICATES, Trusted Remote Hosts to ope

286 Chapter 14 CertificatesNN47923-500Figure 90 Trusted remote hostsTable 71 describes the labels in Figure 90.Table 71 Trusted Remote HostsLabel

Chapter 14 Certificates 287Nortel Business Secure Router 252 Configuration — BasicsVerifying a certificate of a trusted remote hostCertificates issued

288 Chapter 14 CertificatesNN47923-5002 Make sure that the certificate has a “.cer” or “.crt” file name extension.Figure 91 Remote host certificates

Chapter 14 Certificates 289Nortel Business Secure Router 252 Configuration — BasicsImporting a certificate of a trusted remote hostClick CERTIFICATES,

29Nortel Business Secure Router 252 Configuration — BasicsPrefaceBefore you beginThis guide assists you through the basic configuration of your Busine

290 Chapter 14 CertificatesNN47923-500Table 72 describes the labels in Figure 93.Trusted remote host certificate detailsClick CERTIFICATES, Trusted Re

Chapter 14 Certificates 291Nortel Business Secure Router 252 Configuration — BasicsFigure 94 Trusted remote host details

292 Chapter 14 CertificatesNN47923-500Table 73 describes the labels in Figure 94.Table 73 Trusted remote host detailsLabel DescriptionName This fiel

Chapter 14 Certificates 293Nortel Business Secure Router 252 Configuration — BasicsValid To This field displays the date that the certificate expires.

294 Chapter 14 CertificatesNN47923-500Directory serversClick CERTIFICATES, Directory Servers to open the Directory Servers screen (Figure 95). This sc

Chapter 14 Certificates 295Nortel Business Secure Router 252 Configuration — BasicsTable 74 describes the labels in Figure 95.Add or edit a directory

296 Chapter 14 CertificatesNN47923-500Figure 96 Directory server addTable 75 describes the labels in Figure 96.Table 75 Directory server addLabel

Chapter 14 Certificates 297Nortel Business Secure Router 252 Configuration — BasicsServer Port This field displays the default server port number of t

298 Chapter 14 CertificatesNN47923-500

299Nortel Business Secure Router 252 Configuration — BasicsChapter 15Bandwidth managementThis chapter describes the functions and configuration of ban

3Nortel Business Secure Router 252 Configuration — BasicsContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30 PrefaceNN47923-500Related publicationsFor more information about using the Business Secure Router, refer to the following publications:• Nortel Bus

300 Chapter 15 Bandwidth managementNN47923-500Bandwidth classes and filtersUse bandwidth subclasses to allocate specific amounts of bandwidth capacity

Chapter 15 Bandwidth management 301Nortel Business Secure Router 252 Configuration — BasicsFigure 97 Subnet based bandwidth management exampleApplic

302 Chapter 15 Bandwidth managementNN47923-500Configuring summaryClick BW MGMT to open the Summary screen. Enable bandwidth management on an interface

Chapter 15 Bandwidth management 303Nortel Business Secure Router 252 Configuration — BasicsConfiguring class setupThe class setup screen displays the

304 Chapter 15 Bandwidth managementNN47923-500Figure 99 Bandwidth Manager: Class setupTable 78 describes the labels in Figure 99.Table 78 Bandwidt

Chapter 15 Bandwidth management 305Nortel Business Secure Router 252 Configuration — BasicsBandwidth Manager Class ConfigurationConfigure a bandwidth

306 Chapter 15 Bandwidth managementNN47923-500Figure 100 Bandwidth Manager: Edit classTable 79 describes the labels in Figure 100.Table 79 Bandwid

Chapter 15 Bandwidth management 307Nortel Business Secure Router 252 Configuration — BasicsFilter ConfigurationEnable Bandwidth Filter Select Enable B

308 Chapter 15 Bandwidth managementNN47923-500Bandwidth management statisticsUse the Bandwidth Management Statistics screen to view network performanc

Chapter 15 Bandwidth management 309Nortel Business Secure Router 252 Configuration — BasicsFigure 101 Bandwidth management statistics Table 81 descr

Preface 31Nortel Business Secure Router 252 Configuration — BasicsHow to get HelpThis section explains how to get help for Nortel products and service

310 Chapter 15 Bandwidth managementNN47923-500MonitorTo view bandwidth usage and allotments, click BW MGMT, then the Monitor tab. The screen appears a

311Nortel Business Secure Router 252 Configuration — BasicsChapter 16IEEE 802.1xIEEE 802.1x overviewThe IEEE 802.1x standard outlines enhanced securit

312 Chapter 16 IEEE 802.1xNN47923-500• Access-RequestSent by the Business Secure Router requesting authentication.• Access-RejectSent by a RADIUS serv

Chapter 16 IEEE 802.1x 313Nortel Business Secure Router 252 Configuration — BasicsYour Business Secure Router supports EAP-MD5 (Message-Digest Algorit

314 Chapter 16 IEEE 802.1xNN47923-500Figure 104 802.1X Table 83 describes the labels in Figure 104.Table 83 802.1X Label DescriptionAuthentication

Chapter 16 IEEE 802.1x 315Nortel Business Secure Router 252 Configuration — BasicsAuthentication DatabasesThe authentication database contains user lo

316 Chapter 16 IEEE 802.1xNN47923-500

317Nortel Business Secure Router 252 Configuration — BasicsChapter 17Authentication serverThe Business Secure Router can use either the local user dat

318 Chapter 17 Authentication serverNN47923-500Figure 105 Local User databaseTable 84 describes the labels in Figure 105. Table 84 Local User data

Chapter 17 Authentication server 319Nortel Business Secure Router 252 Configuration — BasicsEdit Local User DatabaseTo change a local user database en

32 PrefaceNN47923-500Getting Help from a specialist by using an Express Routing CodeTo access some Nortel Technical Solutions Centers, you can use an

320 Chapter 17 Authentication serverNN47923-500Figure 106 Local User database edit

Chapter 17 Authentication server 321Nortel Business Secure Router 252 Configuration — BasicsTable 85 describes the labels in Figure 106. Table 85 Lo

322 Chapter 17 Authentication serverNN47923-500Current split networksIn the Local User Database Edit screen, click Configure Network to display the Cu

Chapter 17 Authentication server 323Nortel Business Secure Router 252 Configuration — BasicsTable 86 describes the labels in Figure 107. Current split

324 Chapter 17 Authentication serverNN47923-500Figure 108 Current split networks editTable 87 describes the labels in Figure 108. Table 87 Current

Chapter 17 Authentication server 325Nortel Business Secure Router 252 Configuration — BasicsConfiguring RADIUSUse RADIUS if you want to authenticate u

326 Chapter 17 Authentication serverNN47923-500Figure 109 RADIUSTable 88 describes the labels in Figure 109.Table 88 RADIUSLabel DescriptionAuthen

Chapter 17 Authentication server 327Nortel Business Secure Router 252 Configuration — BasicsPort Number The default port of the RADIUS server for auth

328 Chapter 17 Authentication serverNN47923-500

329Nortel Business Secure Router 252 Configuration — BasicsChapter 18Remote management screensThis chapter provides information on the Remote Manageme

33Nortel Business Secure Router 252 Configuration — BasicsChapter 1Getting to know your Business Secure RouterThis chapter introduces the main feature

330 Chapter 18 Remote management screensNN47923-5001 A filter in SMT menu 3.1 (LAN) or in menu 11.1.4 (WAN) is applied to block a Telnet, FTP, or Web

Chapter 18 Remote management screens 331Nortel Business Secure Router 252 Configuration — BasicsIntroduction to HTTPSHTTPS (HyperText Transfer Protoco

332 Chapter 18 Remote management screensNN47923-500Figure 110 HTTPS implementationConfiguring WWWTo change your Business Secure Router Web settings,

Chapter 18 Remote management screens 333Nortel Business Secure Router 252 Configuration — BasicsFigure 111 WWWTable 89 describes the labels in Figur

334 Chapter 18 Remote management screensNN47923-500HTTPS exampleTo change the default HTTPS port on the Business Secure Router, in your browser, enter

Chapter 18 Remote management screens 335Nortel Business Secure Router 252 Configuration — BasicsInternet Explorer warning messagesWhen you attempt to

336 Chapter 18 Remote management screensNN47923-500Select Accept this certificate permanently to import the Business Secure Router certificate into th

Chapter 18 Remote management screens 337Nortel Business Secure Router 252 Configuration — BasicsFigure 114 Security Certificate 2 (Netscape)Avoiding

338 Chapter 18 Remote management screensNN47923-500a Click REMOTE MGMT. Write down the name of the certificate displayed in the Server Certificate fie

Chapter 18 Remote management screens 339Nortel Business Secure Router 252 Configuration — BasicsFigure 115 Logon screen (Internet Explorer)

34 Chapter 1 Getting to know your Business Secure RouterNN47923-500FeaturesThis section lists the key features of the Business Secure Router.Physical

340 Chapter 18 Remote management screensNN47923-500Figure 116 Login screen (Netscape)Click Login to proceed. The screen shown in Figure 117 appears.

Chapter 18 Remote management screens 341Nortel Business Secure Router 252 Configuration — BasicsFigure 117 Replace certificateClick Apply in the Rep

342 Chapter 18 Remote management screensNN47923-500Figure 118 Device-specific certificateClick Ignore in the Replace Certificate screen to use the c

Chapter 18 Remote management screens 343Nortel Business Secure Router 252 Configuration — BasicsFigure 119 Common Business Secure Router certificate

344 Chapter 18 Remote management screensNN47923-500Figure 120 SSH Communication ExampleHow SSH worksFigure 121 summarizes how a secure connection is

Chapter 18 Remote management screens 345Nortel Business Secure Router 252 Configuration — BasicsThe client automatically saves any new server public k

346 Chapter 18 Remote management screensNN47923-500Figure 122 SSHTable 90 describes the labels in Figure 122.Table 90 SSHLabel DescriptionServer H

Chapter 18 Remote management screens 347Nortel Business Secure Router 252 Configuration — BasicsSecure Telnet using SSH examplesThis section shows two

348 Chapter 18 Remote management screensNN47923-500Example 2: LinuxThis section describes how to access the Business Secure Router using the OpenSSH c

Chapter 18 Remote management screens 349Nortel Business Secure Router 252 Configuration — BasicsFigure 125 SSH Example 2: Log on3 The SMT main menu

Chapter 1 Getting to know your Business Secure Router 35Nortel Business Secure Router 252 Configuration — Basics• Extended-reach ADSL (ER ADSL)• SRA (

350 Chapter 18 Remote management screensNN47923-500Figure 126 Secure FTP: Firmware Upload ExampleTelnetYou can configure your Business Secure Router

Chapter 18 Remote management screens 351Nortel Business Secure Router 252 Configuration — BasicsConfiguring TELNETClick REMOTE MANAGEMENT to open the

352 Chapter 18 Remote management screensNN47923-500Configuring FTPYou can upload and download the Business Secure Router firmware and configuration fi

Chapter 18 Remote management screens 353Nortel Business Secure Router 252 Configuration — BasicsConfiguring SNMPSimple Network Management Protocol is

354 Chapter 18 Remote management screensNN47923-500Figure 130 SNMP Management ModelAn SNMP-managed network consists of two main types of component:

Chapter 18 Remote management screens 355Nortel Business Secure Router 252 Configuration — Basics• Get-Allows the manager to retrieve an object variabl

356 Chapter 18 Remote management screensNN47923-500REMOTE MANAGEMENT: SNMPTo change your Business Secure Router SNMP settings, click REMOTE MANAGEMENT

Chapter 18 Remote management screens 357Nortel Business Secure Router 252 Configuration — BasicsConfiguring DNSUse DNS (Domain Name System) to map a d

358 Chapter 18 Remote management screensNN47923-500Figure 132 DNSTable 95 describes the fields in Figure 132.Configuring SecurityTo change your Busi

Chapter 18 Remote management screens 359Nortel Business Secure Router 252 Configuration — BasicsIf an outside user attempts to probe an unsupported po

36 Chapter 1 Getting to know your Business Secure RouterNN47923-500Autonegotiating 10/100 Mb/s Ethernet LANThe LAN interfaces automatically detect if

360 Chapter 18 Remote management screensNN47923-500Do not respond to requests for unauthorized servicesSelect this option to prevent hackers from find

361Nortel Business Secure Router 252 Configuration — BasicsChapter 19UPnPThis chapter introduces the Universal Plug and Play feature. Universal Plug a

362 Chapter 19 UPnPNN47923-500Windows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnPThe automated

Chapter 19 UPnP 363Nortel Business Secure Router 252 Configuration — BasicsFigure 134 Configuring UPnPTable 97 describes the fields in Figure 134.Ta

364 Chapter 19 UPnPNN47923-500Displaying UPnP port mappingClick UPnP and then Ports to display the screen as shown in Figure 135. Use this screen to v

Chapter 19 UPnP 365Nortel Business Secure Router 252 Configuration — BasicsInstalling UPnP in Windows exampleThis section shows how to install UPnP in

366 Chapter 19 UPnPNN47923-500Figure 136 Add/Remove programs: Windows setup3 In the Communications window, select the Universal Plug and Play check

Chapter 19 UPnP 367Nortel Business Secure Router 252 Configuration — Basics1 Click Start and Control Panel. 2 Double-click Network Connections.3 In th

368 Chapter 19 UPnPNN47923-5005 In the Networking Services window, select the Universal Plug and Play check box. Figure 140 Windows XP networking se

Chapter 19 UPnP 369Nortel Business Secure Router 252 Configuration — Basics2 Right-click the icon and select Properties. Figure 141 Internet gateway

Chapter 1 Getting to know your Business Secure Router 37Nortel Business Secure Router 252 Configuration — BasicsNortel Contivity Client Termination Th

370 Chapter 19 UPnPNN47923-5004 You can edit or delete the port mappings or click Add to manually add port mappings.Figure 143 Internet connection p

Chapter 19 UPnP 371Nortel Business Secure Router 252 Configuration — Basics5 Select the Show icon in notification area when connected check box and cl

372 Chapter 19 UPnPNN47923-5003 Select My Network Places under Other PlacesFigure 147 Network connections 4 An icon with the description for each UP

373Nortel Business Secure Router 252 Configuration — BasicsChapter 20Logs ScreensThis chapter contains information about configuring general log setti

374 Chapter 20 Logs ScreensNN47923-500Figure 149 View LogTable 99 describes the fields in Figure 149.Table 99 View LogLabel DescriptionDisplay Th

Chapter 20 Logs Screens 375Nortel Business Secure Router 252 Configuration — BasicsConfiguring Log settingsTo change your Business Secure Router log s

376 Chapter 20 Logs ScreensNN47923-500Figure 150 Log settings

Chapter 20 Logs Screens 377Nortel Business Secure Router 252 Configuration — BasicsTable 100 describes the fields in Figure 150.Table 100 Log settin

378 Chapter 20 Logs ScreensNN47923-500Configuring ReportsTo change your Business Secure Router log reports, click Logs, and then the Reports tab. The

Chapter 20 Logs Screens 379Nortel Business Secure Router 252 Configuration — Basics• How much traffic has been sent to and from the LAN IP addresses t

38 Chapter 1 Getting to know your Business Secure RouterNN47923-500Brute force password guessing protectionThe Business Secure Router has a special pr

380 Chapter 20 Logs ScreensNN47923-500Table 101 describes the fields in Figure 151.Viewing Web site hitsIn the Reports screen, select Web Site Hits fr

Chapter 20 Logs Screens 381Nortel Business Secure Router 252 Configuration — BasicsFigure 152 Web site hits report exampleTable 102 describes the fi

382 Chapter 20 Logs ScreensNN47923-500Viewing Protocol/PortIn the Reports screen, select Protocol/Port from the Report Type drop-down list to have the

Chapter 20 Logs Screens 383Nortel Business Secure Router 252 Configuration — BasicsTable 103 describes the fields in Figure 153.Viewing LAN IP address

384 Chapter 20 Logs ScreensNN47923-500Figure 154 LAN IP address report exampleTable 104 describes the fields in Figure 154.Table 104 LAN IP Addres

Chapter 20 Logs Screens 385Nortel Business Secure Router 252 Configuration — BasicsReports specificationsTable 105 lists detailed specifications on th

386 Chapter 20 Logs ScreensNN47923-500

387Nortel Business Secure Router 252 Configuration — BasicsChapter 21Call scheduling screensWith call scheduling (applicable for PPPoA or PPPoE encaps

388 Chapter 21 Call scheduling screensNN47923-500Figure 155 Call schedule summaryTable 106 describes the fields in Figure 155.Table 106 Call Sched

Chapter 21 Call scheduling screens 389Nortel Business Secure Router 252 Configuration — BasicsCall scheduling editTo configure a schedule set, click t

Chapter 1 Getting to know your Business Secure Router 39Nortel Business Secure Router 252 Configuration — BasicsDynamic DNS supportWith Dynamic DNS (D

390 Chapter 21 Call scheduling screensNN47923-500If a connection has been already established, your Business Secure Router will not drop it. After the

Chapter 21 Call scheduling screens 391Nortel Business Secure Router 252 Configuration — BasicsApplying Schedule Sets to a remote nodeOnce your schedul

392 Chapter 21 Call scheduling screensNN47923-500Figure 157 Applying Schedule Sets to a remote node

Chapter 21 Call scheduling screens 393Nortel Business Secure Router 252 Configuration — Basics

394 Chapter 21 Call scheduling screensNN47923-500

395Nortel Business Secure Router 252 Configuration — BasicsChapter 22MaintenanceThis chapter displays system information such as firmware, port IP add

396 Chapter 22 MaintenanceNN47923-500Figure 158 System Status Table 108 describes the fields in Figure 158.Table 108 System StatusLabel Descriptio

Chapter 22 Maintenance 397Nortel Business Secure Router 252 Configuration — BasicsSystem statisticsRead-only information here includes port status and

398 Chapter 22 MaintenanceNN47923-500Figure 159 System Status: Show statisticsTable 109 describes the fields in Figure 159.Table 109 System Status

Chapter 22 Maintenance 399Nortel Business Secure Router 252 Configuration — BasicsDHCP Table screen With DHCP (Dynamic Host Configuration Protocol, RF

4 ContentsNN47923-500IPSec VPN capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Nortel Contivity C

40 Chapter 1 Getting to know your Business Secure RouterNN47923-500Network Address Translation (NAT)NAT (Network Address Translation — NAT, RFC 1631)

400 Chapter 22 MaintenanceNN47923-500Figure 160 DHCP TableTable 110 describes the fields in Figure 160.Diagnostic ScreenFrom the Site Map screen, cl

Chapter 22 Maintenance 401Nortel Business Secure Router 252 Configuration — BasicsFigure 161 DiagnosticTable 111 describes the fields in Figure 161.

402 Chapter 22 MaintenanceNN47923-500F/W Upload screenFind firmware at www.nortel.com/index.html in a file that usually uses the system model name wit

Chapter 22 Maintenance 403Nortel Business Secure Router 252 Configuration — BasicsFigure 162 Firmware uploadTable 112 describes the fields in Figure

404 Chapter 22 MaintenanceNN47923-500Figure 163 Firmware Upload In ProcessThe device automatically restarts in this time, causing a temporary networ

Chapter 22 Maintenance 405Nortel Business Secure Router 252 Configuration — BasicsConfiguration screenClick MAINTENANCE, and then the Configuration ta

406 Chapter 22 MaintenanceNN47923-500Figure 167 Reset warning messageYou can also press the RESET button on the rear panel to reset the factory defa

Chapter 22 Maintenance 407Nortel Business Secure Router 252 Configuration — BasicsRestore configuration With restore configuration, you can upload a n

408 Chapter 22 MaintenanceNN47923-500Figure 169 Network Temporarily DisconnectedIf you uploaded the default configuration file, you need to change t

Chapter 22 Maintenance 409Nortel Business Secure Router 252 Configuration — BasicsFigure 170 Restart screen

Chapter 1 Getting to know your Business Secure Router 41Nortel Business Secure Router 252 Configuration — BasicsLogging and tracingThe Business Secure

410 Chapter 22 MaintenanceNN47923-500

411Nortel Business Secure Router 252 Configuration — BasicsAppendix ATroubleshootingThis chapter covers potential problems and the corresponding remed

412 Appendix A TroubleshootingNN47923-500Problems with the LAN LEDProblems with the LAN interfaceTable 115 Troubleshooting the LAN LEDProblem Correc

Appendix A Troubleshooting 413Nortel Business Secure Router 252 Configuration — BasicsProblems with the WAN interfaceProblems with Internet accessTabl

414 Appendix A TroubleshootingNN47923-500Problems accessing an Internet Web site Problems with the passwordTable 119 Troubleshooting Web Site Intern

Appendix A Troubleshooting 415Nortel Business Secure Router 252 Configuration — BasicsProblems with the WebGUI Problems with Remote ManagementTable 12

416 Appendix A TroubleshootingNN47923-500Allowing Pop-up Windows, JavaScript and Java Permissions In order to use the WebGUI, you must allow:• Web bro

Appendix A Troubleshooting 417Nortel Business Secure Router 252 Configuration — Basics1 In Internet Explorer, select Tools, Internet Options, Privacy.

418 Appendix A TroubleshootingNN47923-5002 Select Settings… to open the Pop-up Blocker Settings screen.Figure 173 Internet options3 Type the IP addr

Appendix A Troubleshooting 419Nortel Business Secure Router 252 Configuration — Basics4 Click Add to move the IP address to the list of Allowed sites.

42 Chapter 1 Getting to know your Business Secure RouterNN47923-500Figure 1 Secure Internet Access and VPN ApplicationHardware SetupRefer to Nortel

420 Appendix A TroubleshootingNN47923-5001 In Internet Explorer, click Tools, Internet Options, and then the Security tab. Figure 175 Internet optio

Appendix A Troubleshooting 421Nortel Business Secure Router 252 Configuration — Basics6 Click OK to close the window.Figure 176 Security Settings -

422 Appendix A TroubleshootingNN47923-5005 Click OK to close the window.Figure 177 Security Settings - Java JAVA (Sun)1 From Internet Explorer, clic

Appendix A Troubleshooting 423Nortel Business Secure Router 252 Configuration — Basics4 Close your existing browser session and open a new browser.Fig

424 Appendix A TroubleshootingNN47923-500Allowing Pop-ups1 In Netscape, click Tools, Popup Manager and then select Allow Popups From This Site. Figure

Appendix A Troubleshooting 425Nortel Business Secure Router 252 Configuration — Basics3 Clear the Block unrequested popup windows check box. Figure 1

426 Appendix A TroubleshootingNN47923-5004 Click the Allowed Sites... button. Figure 182 Popup Windows5 Type the IP address of your device (the Web

Appendix A Troubleshooting 427Nortel Business Secure Router 252 Configuration — Basics6 Click Add to move the IP address to the Site list.Figure 183

428 Appendix A TroubleshootingNN47923-5004 Click OK to close the window.Figure 184 Advanced 5 Click the Advanced directory and then select Scripts &

Appendix A Troubleshooting 429Nortel Business Secure Router 252 Configuration — Basics7 Click OK to close the window.Figure 185 Scripts & Plug-i

Chapter 1 Getting to know your Business Secure Router 43Nortel Business Secure Router 252 Configuration — BasicsNote: Please use only No. 26 AWG (Amer

430 Appendix A TroubleshootingNN47923-500

431Nortel Business Secure Router 252 Configuration — BasicsAppendix BLog DescriptionsThis appendix provides descriptions of example log messages.Table

432 Appendix B Log DescriptionsNN47923-500TELNET Login Fail Someone has failed to log on to the router through Teln et.FTP Login Successfully Someone

Appendix B Log Descriptions 433Nortel Business Secure Router 252 Configuration — Basicsattack ESP The firewall detected an ESP attack.attack GRE The f

434 Appendix B Log DescriptionsNN47923-500For type and code details, see Table 130.teardrop ICMP (type:%d, code:%d)The firewall detected an ICMP teard

Appendix B Log Descriptions 435Nortel Business Secure Router 252 Configuration — BasicsFirewall default policy: ICMP (set:%d, type:%d, code:%d)ICMP ac

436 Appendix B Log DescriptionsNN47923-500Firewall rule match: (set:%d, rule:%d)Access matched the listed firewall rule and the Business Secure Router

Appendix B Log Descriptions 437Nortel Business Secure Router 252 Configuration — BasicsFilter default policy DROP!Access matched a default filter poli

438 Appendix B Log DescriptionsNN47923-500(set:%d) With firewall messages, this is the number of the ACL policy set and denotes the packet's dire

Appendix B Log Descriptions 439Nortel Business Secure Router 252 Configuration — BasicsFor type and code details, see Table 130.Table 129 ACL Settin

44 Chapter 1 Getting to know your Business Secure RouterNN47923-500

440 Appendix B Log DescriptionsNN47923-500VPN/IPSec LogsTo view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the I

Appendix B Log Descriptions 441Nortel Business Secure Router 252 Configuration — BasicsFigure 186 Example VPN Initiator IPSec LogVPN Responder IPSec

442 Appendix B Log DescriptionsNN47923-500Figure 187 Example VPN Responder IPSec LogThis menu is useful for troubleshooting your Business Secure Rou

Appendix B Log Descriptions 443Nortel Business Secure Router 252 Configuration — BasicsTable 132 Sample IKE Key Exchange LogsLog Message Description

444 Appendix B Log DescriptionsNN47923-500!! Remote IP <IP start> / <IP end> conflictsIf the security gateway is “0.0.0.0”, the Business

Appendix B Log Descriptions 445Nortel Business Secure Router 252 Configuration — BasicsTable 133 shows sample log messages during packet transmission.

446 Appendix B Log DescriptionsNN47923-500Table 134 shows RFC 2408 ISAKMP payload types that the log displays. Refer to RFC 2408 for detailed informat

Appendix B Log Descriptions 447Nortel Business Secure Router 252 Configuration — BasicsFailed to resolve <CMP CA server url>The CMP online certi

448 Appendix B Log DescriptionsNN47923-500Table 136 Certificate Path Verification Failure Reason CodesCode Description1 Algorithm mismatch between t

Appendix B Log Descriptions 449Nortel Business Secure Router 252 Configuration — BasicsTable 137 IEEE 802.1X LogsLog Message DescriptionLocal User D

45Nortel Business Secure Router 252 Configuration — BasicsChapter 2Introducing the WebGUIThis chapter describes how to access the Business Secure Rout

450 Appendix B Log DescriptionsNN47923-500Log CommandsGo to the command interpreter interface (the Command Interpreter Appendix explains how to access

Appendix B Log Descriptions 451Nortel Business Secure Router 252 Configuration — BasicsUse the sys logs save command to store the settings in the Busi

452 Appendix B Log DescriptionsNN47923-500Log Command ExampleThis example shows how to set the Business Secure Router to record the access logs and al

Nortel Business Secure Router 252 Configuration — Basics453IndexNumbers3DES 2054-Port Switch 35AAction 177Action for Matched Packets 180ActiveX 197Adm

454 IndexNN47923-500Call Scheduling 38, 387Maximum Number of Schedule Sets 387, 391Precedence 387Precedence Example 387Called ID 126Calling Line Ident

Index 455Nortel Business Secure Router 252 Configuration — BasicsEECHO 136Enable Wildcard 87Encapsulating Security Payload 204Encapsulation 53, 56ENET

456 IndexNN47923-500IGMP 99, 116, 123IGMP-V1 116IGMP-v1 123IGMP-V2 116IGMP-v2 123Illegal Commands 160Initial Contact Payload 258Inside 130Inside Globa

Index 457Nortel Business Secure Router 252 Configuration — BasicsMulticast Version 123Multiplexing 35, 54LLC-based 55VC-based 55multiplexing method 54

458 IndexNN47923-500PVC 54QQuick Start Guide 45RRADIUS 311Shared Secret Key 312RADIUS Message Types 311reboot 402regulatory information 2reinitialize

Index 459Nortel Business Secure Router 252 Configuration — BasicsSSH 37, 343SSH Implementation 345Start Port 146Stateful Inspection 37, 153, 154, 161,

46 Chapter 2 Introducing the WebGUINN47923-5001 Launch your web browser.2 Type 192.168.1.1 as the URL.3 Type the username (“nnadmin” is the default) a

460 IndexNN47923-500VPN Client Termination 248WWAN to LAN Rules 173Web Proxy 197Web Site Hits 380WebGUI 45, 49, 155, 166, 172Windows Networking 116, 2

Chapter 2 Introducing the WebGUI 47Nortel Business Secure Router 252 Configuration — BasicsFigure 3 Change password screen5 Click Apply in the Repla

48 Chapter 2 Introducing the WebGUINN47923-500The MAIN MENU screen appears.Restoring the factory-default configuration settingsIf you just want to res

Chapter 2 Introducing the WebGUI 49Nortel Business Secure Router 252 Configuration — Basicsmessage Press Any key to enter Debug Mode within 3 seconds,

Contents 5Nortel Business Secure Router 252 Configuration — BasicsProcedure to use the reset button . . . . . . . . . . . . . . . . . . . . . . . . .

50 Chapter 2 Introducing the WebGUINN47923-500Figure 6 MAIN MENU ScreenClick the Contact link to display the customer support contact information. F

Chapter 2 Introducing the WebGUI 51Nortel Business Secure Router 252 Configuration — BasicsFigure 7 Contact Support

52 Chapter 2 Introducing the WebGUINN47923-500

53Nortel Business Secure Router 252 Configuration — BasicsChapter 3Wizard setupThis chapter provides information on the Wizard screens in the WebGUI.W

54 Chapter 3 Wizard setupNN47923-500PPP over EthernetPPP over Ethernet (PPPoE) provides access control and billing functionality in a manner similar t

Chapter 3 Wizard setup 55Nortel Business Secure Router 252 Configuration — BasicsVC-based multiplexingIn this case, by prior mutual agreement, each pr

56 Chapter 3 Wizard setupNN47923-500Figure 8 Wizard Screen 1Table 2 describes the fields in Figure 8.Table 2 Wizard Screen 1Label DescriptionMode

Chapter 3 Wizard setup 57Nortel Business Secure Router 252 Configuration — BasicsIP address and subnet maskSimilar to the way houses on a street share

58 Chapter 3 Wizard setupNN47923-500IP assignment with PPPoA or PPPoE encapsulationIf you have a dynamic IP, the IP Address and ENET ENCAP Gateway fie

Chapter 3 Wizard setup 59Nortel Business Secure Router 252 Configuration — BasicsYou can obtain your IP address from the IANA, from an ISP, or it can

6 ContentsNN47923-500General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Firewall

60 Chapter 3 Wizard setupNN47923-500Figure 9 Internet connection with PPPoATable 3 describes the fields in Figure 9.Table 3 Internet connection wi

Chapter 3 Wizard setup 61Nortel Business Secure Router 252 Configuration — BasicsFigure 10 Internet connection with RFC 1483Table 4 describes the fi

62 Chapter 3 Wizard setupNN47923-500Figure 11 Internet connection with ENET ENCAPTable 5 describes the fields in Figure 11.Network Address Translati

Chapter 3 Wizard setup 63Nortel Business Secure Router 252 Configuration — BasicsFigure 12 Internet connection with PPPoEENET ENCAP GatewayYou must

64 Chapter 3 Wizard setupNN47923-500Table 6 describes the fields in Figure 12.Table 6 Internet connection with PPPoELabel DescriptionService Name T

Chapter 3 Wizard setup 65Nortel Business Secure Router 252 Configuration — BasicsDHCP setupUsing Dynamic Host Configuration Protocol (DHCP), individua

66 Chapter 3 Wizard setupNN47923-500Figure 13 Wizard Screen 32 To change your Business Secure Router LAN settings, click Change LAN Configuration to

Chapter 3 Wizard setup 67Nortel Business Secure Router 252 Configuration — BasicsFigure 14 Wizard: LAN configurationTable 7 describes the fields in

68 Chapter 3 Wizard setupNN47923-500DHCP With DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) individual clients (workstations) can

Chapter 3 Wizard setup 69Nortel Business Secure Router 252 Configuration — BasicsWizard setup configuration: connection testsThe Business Secure Route

Contents 7Nortel Business Secure Router 252 Configuration — BasicsChapter 6LAN screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 Chapter 3 Wizard setupNN47923-500

71Nortel Business Secure Router 252 Configuration — BasicsChapter 4User NotesGeneral NotesThere are some router functions that, although performing as

72 Chapter 4 User NotesNN47923-500If the Administrator Timeout is set to 0, and an administration session is terminated without logging off, the route

Chapter 4 User Notes 73Nortel Business Secure Router 252 Configuration — BasicsVPN Client Termination1 Change of User Account Does Not Drop Existing C

74 Chapter 4 User NotesNN47923-500VPN Clients can have dynamically assigned IP addresses, or they can have a statically assigned addresses. However,

Chapter 4 User Notes 75Nortel Business Secure Router 252 Configuration — BasicsThe number controls the operating mode:None (disabled)RIP-1 onlyRIP-2 o

76 Chapter 4 User NotesNN47923-500b Enter the authentication information, with either a pre-shared key or an imported certificate.c Enter the IP Addre

Chapter 4 User Notes 77Nortel Business Secure Router 252 Configuration — BasicsScenario 2: A BCM50 in each site, each acting as the backup call server

78 Chapter 4 User NotesNN47923-500Allowing remote management of a LAN-connected BCM50 1 Create the appropriate NAT server rules to add the BCM50.Go to

Chapter 4 User Notes 79Nortel Business Secure Router 252 Configuration — Basics5 In the FIREWALL, set up a LAN-to-LAN rule to block traffic between th

8 ContentsNN47923-500What NAT does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130How NAT wor

80 Chapter 4 User NotesNN47923-500Under VPN / Global Setting, enable Exclusive Mode, and fill in the MAC address of the telephone set.Under Bandwidth

81Nortel Business Secure Router 252 Configuration — BasicsChapter 5System screensThis chapter provides information on the System screens.System overvi

82 Chapter 5 System screensNN47923-500Figure 16 depicts an example where three VPN tunnels are created from Business Secure Router A; one to branch of

Chapter 5 System screens 83Nortel Business Secure Router 252 Configuration — BasicsFigure 17 System general setupTable 8 describes the fields in Fig

84 Chapter 5 System screensNN47923-500System DNS Servers (if applicable)DNS (Domain Name System) is for mapping a domain name to its corresponding IP

Chapter 5 System screens 85Nortel Business Secure Router 252 Configuration — BasicsDynamic DNSWith Dynamic DNS, you can update your current dynamic IP

86 Chapter 5 System screensNN47923-500Figure 18 DDNSTable 9 describes the fields in Figure 18.Table 9 DDNSLabel DescriptionActive Select this chec

Chapter 5 System screens 87Nortel Business Secure Router 252 Configuration — BasicsConfiguring PasswordTo change the password of your Business Secure

88 Chapter 5 System screensNN47923-500Figure 19 PasswordTable 10 describes the fields in Figure 19.Table 10 PasswordLabel DescriptionAdministrator

Chapter 5 System screens 89Nortel Business Secure Router 252 Configuration — BasicsPredefined NTP time server listThe Business Secure Router uses the

Contents 9Nortel Business Secure Router 252 Configuration — BasicsStateful inspection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

90 Chapter 5 System screensNN47923-500When the Business Secure Router uses the predefined list of NTP time servers, it randomly selects one server and

Chapter 5 System screens 91Nortel Business Secure Router 252 Configuration — BasicsFigure 20 Time and Date

92 Chapter 5 System screensNN47923-500Table 12 describes the fields in Figure 20.Table 12 Time and DateLabel DescriptionCurrent Time and DateCurrent

Chapter 5 System screens 93Nortel Business Secure Router 252 Configuration — BasicsTime Zone SetupTime Zone Choose the time zone of your location. Thi

94 Chapter 5 System screensNN47923-500ALG With Application Layer Gateway (ALG), an application can pass through NAT and the firewall. You must also c

Chapter 5 System screens 95Nortel Business Secure Router 252 Configuration — BasicsTable 13 describes the labels in Figure 21.Table 13 ALGLabel Desc

96 Chapter 5 System screensNN47923-500

97Nortel Business Secure Router 252 Configuration — BasicsChapter 6LAN screens This chapter describes how to configure LAN settings.LAN overviewLocal

98 Chapter 6 LAN screensNN47923-500DNS serversUse the LAN IP screen to configure the DNS server information that the Business Secure Router sends to t

Chapter 6 LAN screens 99Nortel Business Secure Router 252 Configuration — BasicsBoth RIP-2B and RIP-2M send routing data in RIP-2 format; the differen