Avaya Business Secure Router 252 Configuration - Basics Manuel d'utilisateur Page 241
- Page / 460
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 13 VPN 241
Nortel Business Secure Router 252 Configuration — Basics
Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two
parties to establish a shared secret over an unsecured communications channel.
Diffie-Hellman is used within IKE SA setup to establish session keys. 768-bit
(Group 1 - DH1), 1 024-bit (Group 2 – DH2) and 1 536-bit (Group 5 - DH5)
Diffie-Hellman groups are supported. Upon completion of the Diffie-Hellman
exchange, the two peers have a shared secret, but the IKE SA is not authenticated.
For authentication, use preshared keys.
Perfect Forward Secrecy (PFS)
Enabling PFS means that the key is transient. The key is thrown away and
replaced by a brand new key using a new Diffie-Hellman exchange for each new
IPSec SA setup. With PFS enabled, if one key is compromised, previous and
subsequent keys are not compromised, because subsequent keys are not derived
from previous keys. The (time consuming) Diffie-Hellman exchange is the
trade-off for this extra security.
This can be unnecessary for data that does not require such security, so PFS is
disabled (None) by default in the Business Secure Router. Disabling PFS means
new authentication and encryption keys are derived from the same root secret
(which can have security implications in the long run) but allows faster SA setup
(by bypassing the Diffie-Hellman key exchange).
Configuring advanced Branch office setup
Select one of the VPN rules in the VPN Summary screen and click Edit to
configure the rule. The basic IKE rule setup screen displays.
In the VPN Branch Office Rule Setup screen, click the Advanced button to
display the VPN Branch Office Advanced Rule Setup screen.
- Business Secure Router 1
- Copyright © Nortel 2005–2006 2
- Trademarks 2
- Contents 3
- Chapter 2 4
- Chapter 3 5
- Chapter 4 5
- Chapter 5 6
- Chapter 12 10
- Chapter 13 10
- Chapter 14 11
- Chapter 15 12
- Chapter 16 12
- Chapter 17 13
- Chapter 18 13
- Chapter 19 14
- Chapter 20 14
- Appendix B 16
- 28 Tables 28
- Before you begin 29
- Text conventions 29
- Related publications 30
- Hard copy technical manuals 30
- How to get Help 31
- 32 Preface 32
- Chapter 1 33
- Features 34
- Networking compatibility 35
- Multiplexing 35
- Four-Port switch 35
- Nonphysical features 36
- Dynamic DNS support 39
- IP Multicast 39
- IP Alias 39
- Central Network Management 39
- Traffic Redirect 40
- Port Forwarding 40
- Full network management 40
- Logging and tracing 41
- Embedded FTP and TFTP Servers 41
- Hardware Setup 42
- Introducing the WebGUI 45
- Figure 2 Login screen 46
- Figure 6 MAIN MENU Screen 50
- Figure 7 Contact Support 51
- Wizard setup 53
- VPI and VCI 55
- 56 Chapter 3 Wizard setup 56
- Figure 8 Wizard Screen 1 56
- Table 2 Wizard Screen 1 56
- IP address and subnet mask 57
- IP address assignment 57
- Private IP addresses 58
- Chapter 3 Wizard setup 59 59
- 60 Chapter 3 Wizard setup 60
- Chapter 3 Wizard setup 61 61
- 62 Chapter 3 Wizard setup 62
- Chapter 3 Wizard setup 63 63
- 64 Chapter 3 Wizard setup 64
- DHCP setup 65
- 66 Chapter 3 Wizard setup 66
- Figure 13 Wizard Screen 3 66
- Chapter 3 Wizard setup 67 67
- 68 Chapter 3 Wizard setup 68
- Test your Internet connection 69
- 70 Chapter 3 Wizard setup 70
- User Notes 71
- Security 74
- Advanced Router Configuration 75
- 76 Chapter 4 User Notes 76
- Termination) 77
- Emulation) 77
- 78 Chapter 4 User Notes 78
- Chapter 4 User Notes 79 79
- 80 Chapter 4 User Notes 80
- System screens 81
- Configuring General Setup 82
- Chapter 5 System screens 83 83
- 84 Chapter 5 System screens 84
- Dynamic DNS 85
- Configuring Dynamic DNS 85
- 86 Chapter 5 System screens 86
- Figure 18 DDNS 86
- Table 9 DDNS 86
- Configuring Password 87
- 88 Chapter 5 System screens 88
- Figure 19 Password 88
- Table 10 Password 88
- Chapter 5 System screens 89 89
- Configuring Time and Date 90
- Chapter 5 System screens 91 91
- Figure 20 Time and Date 91
- 92 Chapter 5 System screens 92
- Table 12 Time and Date 92
- Chapter 5 System screens 93 93
- Configuring ALG 94
- Chapter 5 System screens 95 95
- Table 13 ALG 95
- 96 Chapter 5 System screens 96
- LAN screens 97
- LAN TCP/IP 98
- Multicast 99
- Configuring IP 100
- Chapter 6 LAN screens 101 101
- Table 14 LAN IP 101
- 102 Chapter 6 LAN screens 102
- NN47923-500 102
- Configuring Static DHCP 103
- 104 Chapter 6 LAN screens 104
- Figure 23 Static DHCP 104
- Table 15 Static DHCP 104
- Configuring IP Alias 105
- 106 Chapter 6 LAN screens 106
- Table 16 IP Alias 106
- Chapter 7 107
- WAN screens 107
- Configuring Route 108
- PPPoE encapsulation 109
- Configuring WAN ISP 110
- Chapter 7 WAN screens 111 111
- Figure 26 WAN: WAN ISP 111
- 112 Chapter 7 WAN screens 112
- Table 18 WAN: WAN ISP 112
- Configuring WAN IP 113
- 114 Chapter 7 WAN screens 114
- Figure 27 WAN: IP 114
- Chapter 7 WAN screens 115 115
- Table 19 WAN: IP 115
- 116 Chapter 7 WAN screens 116
- Traffic redirect 117
- Configuring Traffic Redirect 118
- Configuring Dial Backup 119
- 120 Chapter 7 WAN screens 120
- Figure 31 Dial Backup Setup 120
- Chapter 7 WAN screens 121 121
- Table 21 Dial Backup Setup 121
- 122 Chapter 7 WAN screens 122
- Chapter 7 WAN screens 123 123
- Advanced Modem Setup 124
- Chapter 7 WAN screens 125 125
- Figure 32 Advanced Setup 125
- 126 Chapter 7 WAN screens 126
- Table 22 Advanced Setup 126
- Chapter 7 WAN screens 127 127
- 128 Chapter 7 WAN screens 128
- Chapter 8 129
- What NAT does 130
- How NAT works 131
- NAT application 132
- NAT mapping types 133
- Using NAT 134
- SUA Server 135
- Configuring SUA Server 137
- Figure 37 SUA/NAT setup 138
- Table 26 SUA/NAT setup 138
- Configuring Address Mapping 139
- Figure 38 Address Mapping 140
- Table 27 Address Mapping 140
- Trigger Port Forwarding 143
- Figure 41 Trigger Port 145
- Table 29 Trigger Port 146
- Chapter 9 147
- Static Route screens 147
- Configuring IP Static Route 148
- Configuring Route entry 150
- Chapter 10 153
- Firewalls 153
- Packet filtering firewalls 154
- Application level firewalls 154
- Chapter 10 Firewalls 155 155
- Denial of Service 156
- Types of DoS attacks 157
- 158 Chapter 10 Firewalls 158
- Chapter 10 Firewalls 159 159
- Figure 47 SYN flood 159
- • ICMP vulnerability 160
- ICMP types trigger an alert: 160
- Stateful inspection 161
- Stateful inspection process 162
- Chapter 10 Firewalls 163 163
- TCP security 164
- UDP/ICMP security 165
- Upper layer protocols 165
- Packet filtering vs. firewall 166
- Firewall 167
- 168 Chapter 10 Firewalls 168
- Chapter 11 169
- Firewall screens 169
- Rule logic overview 171
- Connection direction examples 172
- LAN to WAN rules 173
- WAN to LAN rules 173
- Configuring firewall 174
- Configuring firewall rules 178
- Configuring custom ports 182
- Example firewall rule 183
- Predefined services 186
- Configuring attack alert 190
- Figure 61 Attack alert 192
- Table 41 Attack alert 192
- Content filtering 195
- Configure Content Filtering 196
- Table 42 Content filter 197
- VPN screens overview 200
- Security Association 201
- Other terminology 201
- IPSec architecture 202
- IPSec algorithms 203
- 204 Chapter 13 VPN 204
- Key management 205
- Encapsulation 206
- IPSec and NAT 207
- Secure Gateway Address 208
- Summary screen 209
- 210 Chapter 13 VPN 210
- Figure 67 Summary 210
- IP Policies 210
- Chapter 13 VPN 211 211
- Table 47 Summary 211
- Keep Alive 212
- Nailed up 212
- NAT Traversal 213
- Preshared key 214
- Chapter 13 VPN 215 215
- Configuring Advanced Setup 216
- Chapter 13 VPN 217 217
- ID Type and content 218
- ID type and content examples 219
- My IP Address 220
- Chapter 13 VPN 221 221
- 222 Chapter 13 VPN 222
- Chapter 13 VPN 223 223
- 224 Chapter 13 VPN 224
- Chapter 13 VPN 225 225
- 226 Chapter 13 VPN 226
- Chapter 13 VPN 227 227
- 228 Chapter 13 VPN 228
- Chapter 13 VPN 229 229
- Configuring an IP Policy 230
- Chapter 13 VPN 231 231
- 232 Chapter 13 VPN 232
- Chapter 13 VPN 233 233
- 234 Chapter 13 VPN 234
- Chapter 13 VPN 235 235
- Port forwarding server 236
- Chapter 13 VPN 237 237
- IKE phases 238
- Chapter 13 VPN 239 239
- Negotiation Mode 240
- Perfect Forward Secrecy (PFS) 241
- 242 Chapter 13 VPN 242
- Chapter 13 VPN 243 243
- 244 Chapter 13 VPN 244
- SA Monitor 245
- 246 Chapter 13 VPN 246
- Figure 76 VPN SA Monitor 246
- Table 58 VPN SA Monitor 246
- Global settings 247
- VPN Client Termination 248
- Chapter 13 VPN 249 249
- 250 Chapter 13 VPN 250
- Chapter 13 VPN 251 251
- 252 Chapter 13 VPN 252
- Chapter 13 VPN 253 253
- 254 Chapter 13 VPN 254
- Chapter 13 VPN 255 255
- 256 Chapter 13 VPN 256
- Chapter 13 VPN 257 257
- 258 Chapter 13 VPN 258
- Chapter 13 VPN 259 259
- 260 Chapter 13 VPN 260
- Certificates 261
- Self-signed certificates 262
- Configuration summary 263
- My Certificates 263
- 264 Chapter 14 Certificates 264
- Figure 83 My Certificates 264
- Chapter 14 Certificates 265 265
- Table 64 My Certificates 265
- Certificate file formats 266
- Importing a certificate 267
- 268 Chapter 14 Certificates 268
- Creating a certificate 269
- 270 Chapter 14 Certificates 270
- Chapter 14 Certificates 271 271
- 272 Chapter 14 Certificates 272
- My Certificate details 273
- 274 Chapter 14 Certificates 274
- Chapter 14 Certificates 275 275
- 276 Chapter 14 Certificates 276
- Trusted CAs 277
- 278 Chapter 14 Certificates 278
- Figure 87 Trusted CAs 278
- Table 68 Trusted CAs 278
- Chapter 14 Certificates 279 279
- 280 Chapter 14 Certificates 280
- Figure 88 Trusted CA import 280
- Table 69 Trusted CA import 280
- Chapter 14 Certificates 281 281
- 282 Chapter 14 Certificates 282
- Chapter 14 Certificates 283 283
- Table 70 Trusted CA details 283
- 284 Chapter 14 Certificates 284
- Trusted remote hosts 285
- 286 Chapter 14 Certificates 286
- Chapter 14 Certificates 287 287
- 288 Chapter 14 Certificates 288
- Chapter 14 Certificates 289 289
- 290 Chapter 14 Certificates 290
- Chapter 14 Certificates 291 291
- 292 Chapter 14 Certificates 292
- Chapter 14 Certificates 293 293
- Directory servers 294
- Secure Router can access 295
- 296 Chapter 14 Certificates 296
- Chapter 14 Certificates 297 297
- 298 Chapter 14 Certificates 298
- Bandwidth management 299
- Bandwidth classes and filters 300
- FTP 64 Kb/s 64 Kb/s 301
- H.323 64 Kb/s 64 Kb/s 301
- SIP 64 Kb/s 64 Kb/s 301
- Configuring summary 302
- Configuring class setup 303
- IEEE 802.1x 311
- EAP Authentication overview 312
- Configuring 802.1X 313
- 314 Chapter 16 IEEE 802.1x 314
- Figure 104 802.1X 314
- Table 83 802.1X 314
- Chapter 16 IEEE 802.1x 315 315
- 316 Chapter 16 IEEE 802.1x 316
- Authentication server 317
- Edit Local User Database 319
- Current split networks 322
- Current split networks edit 323
- Configuring RADIUS 325
- Figure 109 RADIUS 326
- Table 88 RADIUS 326
- Remote management screens 329
- Remote management and NAT 330
- System timeout 330
- Introduction to HTTPS 331
- Configuring WWW 332
- Figure 111 WWW 333
- Table 89 WWW 333
- HTTPS example 334
- Logon screen 338
- Secure Router models 340
- SSH overview 343
- How SSH works 344
- Configuring SSH 345
- Figure 122 SSH 346
- Table 90 SSH 346
- Example 1: Microsoft Windows 347
- Example 2: Linux 348
- Secure FTP using SSH example 349
- Configuring TELNET 351
- Configuring FTP 352
- Configuring SNMP 353
- Supported MIBs 355
- SNMP Traps 355
- REMOTE MANAGEMENT: SNMP 356
- Configuring DNS 357
- Configuring Security 358
- Figure 133 Security 359
- Table 96 Security 359
- UPnP implementation 362
- Configuring UPnP 362
- Chapter 19 UPnP 363 363
- Figure 134 Configuring UPnP 363
- Table 97 Configuring UPnP 363
- Displaying UPnP port mapping 364
- Installing UPnP in Windows Me 365
- Installing UPnP in Windows XP 366
- Chapter 19 UPnP 367 367
- 368 Chapter 19 UPnP 368
- Chapter 19 UPnP 369 369
- 370 Chapter 19 UPnP 370
- Figure 144 Service settings 370
- WebGUI easy access 371
- Local Network 372
- WebGUI logon screen displays 372
- Logs Screens 373
- 374 Chapter 20 Logs Screens 374
- Figure 149 View Log 374
- Table 99 View Log 374
- Configuring Log settings 375
- 376 Chapter 20 Logs Screens 376
- Figure 150 Log settings 376
- Chapter 20 Logs Screens 377 377
- Table 100 Log settings 377
- Configuring Reports 378
- Chapter 20 Logs Screens 379 379
- Figure 151 Reports 379
- Viewing Web site hits 380
- Chapter 20 Logs Screens 381 381
- Viewing Protocol/Port 382
- Viewing LAN IP address 383
- 384 Chapter 20 Logs Screens 384
- Reports specifications 385
- 386 Chapter 20 Logs Screens 386
- Chapter 21 387
- Call scheduling screens 387
- Call scheduling 387
- Call scheduling edit 389
- Chapter 22 395
- Maintenance 395
- 396 Chapter 22 Maintenance 396
- Figure 158 System Status 396
- Table 108 System Status 396
- System statistics 397
- 398 Chapter 22 Maintenance 398
- DHCP Table screen 399
- Diagnostic Screen 400
- Chapter 22 Maintenance 401 401
- Figure 161 Diagnostic 401
- Table 111 Diagnostic 401
- F/W Upload screen 402
- Chapter 22 Maintenance 403 403
- Figure 162 Firmware upload 403
- Table 112 Firmware Upload 403
- 404 Chapter 22 Maintenance 404
- Configuration screen 405
- Backup configuration 406
- Restore configuration 407
- Restart screen 408
- Chapter 22 Maintenance 409 409
- Figure 170 Restart screen 409
- 410 Chapter 22 Maintenance 410
- Appendix A 411
- Troubleshooting 411
- Problems with the LAN LED 412
- Problems with Internet access 413
- Problems with the password 414
- Problems with the WebGUI 415
- Permissions 416
- Figure 173 Internet options 418
- Internet Explorer JavaScript 419
- JAVA (Sun) 422
- Netscape Pop-up Blockers 423
- Allowing Pop-ups 424
- Figure 181 Popup Windows 425
- Figure 182 Popup Windows 426
- Figure 183 Allowed Sites 427
- Figure 184 Advanced 428
- Log Descriptions 431
- Table 127 Attack Logs 433
- Table 128 Access Logs 434
- Table 129 ACL Setting Notes 439
- Table 130 ICMP Notes 439
- VPN/IPSec Logs 440
- VPN Responder IPSec Log 441
- Table 135 PKI Logs 446
- Table 137 IEEE 802.1X Logs 449
- Log Commands 450
- Displaying Logs 451
- Log Command Example 452
Produits connexes et manuels pour Mise en réseau Avaya Business Secure Router 252 Configuration - Basics
Mise en réseau Avaya Configuring SNMP, BOOTP, DHCP, and RARP Services Manuel d'utilisateur
(146 pages)
(146 pages)
Mise en réseau Avaya Business Communications Manager 5.0 - Configuration - System Manuel d'utilisateur
(224 pages)
(224 pages)
Mise en réseau Avaya P332MF Manuel d'utilisateur
(182 pages)
(182 pages)
Mise en réseau Avaya G700 Manuel d'utilisateur
(768 pages)
(768 pages)
© 2020, manymanuals.fr. Tous droits réservés | 0.056 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels