Avaya Business Secure Router 222 Configuration - Basics Manuel d'utilisateur

BSR222Business Secure RouterDocument Number: NN47922-500Document Version: 1.4Date: May 2007Nortel Business Secure Router 222 Configuration — Basics

10 ContentsNN47922-500Configure Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Chapter

100 Chapter 6 LAN screensNN47922-500Configuring Static DHCPWith Static DHCP, you can assign IP addresses on the LAN to specific individual computers b

Chapter 6 LAN screens 101Nortel Business Secure Router 222 Configuration — BasicsConfiguring IP AliasWith IP Alias, you can partition a physical netwo

102 Chapter 6 LAN screensNN47922-500Figure 21 IP AliasTable 16 describes the fields in Figure 21.Table 16 IP AliasLabel DescriptionIP Alias 1,2 Se

Chapter 6 LAN screens 103Nortel Business Secure Router 222 Configuration — BasicsRIP Direction With RIP (Routing Information Protocol, RFC1058 and RFC

104 Chapter 6 LAN screensNN47922-500

105Nortel Business Secure Router 222 Configuration — BasicsChapter 7WAN screensThis chapter describes how to configure WAN settings. WAN OverviewThis

106 Chapter 7 WAN screensNN47922-500The dial backup or traffic redirect routes cannot take priority over the WAN routes.Configuring RouteClick WAN to

Chapter 7 WAN screens 107Nortel Business Secure Router 222 Configuration — BasicsConfiguring WAN ISPTo change your Business Secure Router’s WAN ISP se

108 Chapter 7 WAN screensNN47922-500Table 18 describes the fields in Figure 23.PPPoE EncapsulationThe Business Secure Router supports PPPoE (Point-to-

Chapter 7 WAN screens 109Nortel Business Secure Router 222 Configuration — BasicsOperationally, PPPoE saves significant effort for both you and the IS

Contents 11Nortel Business Secure Router 222 Configuration — BasicsMy IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

110 Chapter 7 WAN screensNN47922-500Table 19 describes the fields in Figure 24.PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network

Chapter 7 WAN screens 111Nortel Business Secure Router 222 Configuration — BasicsFigure 25 PPTP EncapsulationTable 20 describes the fields in Figure

112 Chapter 7 WAN screensNN47922-500Service typeThe screen shown in Figure 26 is for RR- Service type. Password Type the password associated with the

Chapter 7 WAN screens 113Nortel Business Secure Router 222 Configuration — BasicsFigure 26 RR Service typeTable 21 describes the fields in Figure 26

114 Chapter 7 WAN screensNN47922-500Configuring WAN IP To change the WAN IP settings of your Business Secure Router, click WAN , then the WAN IP tab.

Chapter 7 WAN screens 115Nortel Business Secure Router 222 Configuration — BasicsFigure 27 WAN: IP

116 Chapter 7 WAN screensNN47922-500Table 22 describes the fields in this Figure 27.Table 22 WAN: IPLabel DescriptionGet automatically from ISP Sele

Chapter 7 WAN screens 117Nortel Business Secure Router 222 Configuration — BasicsRIP Direction With RIP (Routing Information Protocol), a router can e

118 Chapter 7 WAN screensNN47922-500Configuring WAN MACTo change the WAN MAC settings of your Business Secure Router, click WAN , then the WAN MAC tab

Chapter 7 WAN screens 119Nortel Business Secure Router 222 Configuration — BasicsUsing the MAC address screen, users can configure the MAC address of

12 ContentsNN47922-500Importing a certificate of a trusted remote host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Trusted remote ho

120 Chapter 7 WAN screensNN47922-500Figure 30 Traffic Redirect LAN SetupConfiguring Traffic RedirectTo change your Business Secure Router’s Traffic

Chapter 7 WAN screens 121Nortel Business Secure Router 222 Configuration — BasicsFigure 31 Traffic RedirectTable 23 describes the fields in Figure 3

122 Chapter 7 WAN screensNN47922-500Configuring Dial BackupTo change your Business Secure Router’s Dial Backup settings, click WAN , then the Dial Bac

Chapter 7 WAN screens 123Nortel Business Secure Router 222 Configuration — BasicsFigure 32 Dial Backup Setup

124 Chapter 7 WAN screensNN47922-500Table 24 describes the fields in Figure 32.Table 24 Dial Backup SetupLabel DescriptionEnable Dial Backup Select

Chapter 7 WAN screens 125Nortel Business Secure Router 222 Configuration — BasicsUsed Fixed IP Address Select this check box if your ISP assigned you

126 Chapter 7 WAN screensNN47922-500RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other router

Chapter 7 WAN screens 127Nortel Business Secure Router 222 Configuration — BasicsAdvanced Modem SetupAT Command StringsFor regular telephone lines, th

128 Chapter 7 WAN screensNN47922-500Configuring Advanced Modem Setup Click the Edit button in the Dial Backup screen to display the Advanced Setup scr

Chapter 7 WAN screens 129Nortel Business Secure Router 222 Configuration — BasicsTable 25 describes the fields in Figure 33.Table 25 Advanced SetupL

Contents 13Nortel Business Secure Router 222 Configuration — BasicsConfiguring RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

130 Chapter 7 WAN screensNN47922-500Apply Click Apply to save your changes to the Business Secure Router.Reset Click Reset to begin configuring this s

131Nortel Business Secure Router 222 Configuration — BasicsChapter 8Network Address Translation (NAT) ScreensThis chapter discusses how to configure N

132 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Note that inside/outside refers to the location of a host, while global/local refers

Chapter 8 Network Address Translation (NAT) Screens 133Nortel Business Secure Router 222 Configuration — BasicsHow NAT worksEach packet has two addres

134 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500In Figure 35, B can send packets, with source IP address e.f.g.h and port 20202 to A

Chapter 8 Network Address Translation (NAT) Screens 135Nortel Business Secure Router 222 Configuration — BasicsFigure 36 NAT application with IP Ali

136 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Table 27 summarizes these types.Using NATSUA (Single User Account) versus NATSUA (Si

Chapter 8 Network Address Translation (NAT) Screens 137Nortel Business Secure Router 222 Configuration — BasicsSUA Server A SUA server set is a list o

138 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Port forwarding: Services and Port NumbersThe most often used port numbers are shown

Chapter 8 Network Address Translation (NAT) Screens 139Nortel Business Secure Router 222 Configuration — BasicsFigure 37 Multiple servers behind NAT

14 ContentsNN47922-500Chapter 19UPnP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

140 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Figure 38 SUA/NAT setupTable 29 describes the fields in Figure 38.Table 29 SUA/N

Chapter 8 Network Address Translation (NAT) Screens 141Nortel Business Secure Router 222 Configuration — BasicsConfiguring Address MappingOrdering you

142 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Figure 39 Address MappingTable 30 describes the fields in Figure 39.Table 30 Add

Chapter 8 Network Address Translation (NAT) Screens 143Nortel Business Secure Router 222 Configuration — BasicsConfiguring Address Mapping To edit an

144 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Figure 40 Address Mapping editTable 31 describes the fields in Figure 40.Table 31

Chapter 8 Network Address Translation (NAT) Screens 145Nortel Business Secure Router 222 Configuration — BasicsTrigger Port ForwardingSome services us

146 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Figure 41 Trigger Port Forwarding process: example1 Jane (A) requests a file from

Chapter 8 Network Address Translation (NAT) Screens 147Nortel Business Secure Router 222 Configuration — BasicsConfiguring Trigger Port ForwardingTo c

148 Chapter 8 Network Address Translation (NAT) ScreensNN47922-500Table 32 describes the fields in Figure 42.Table 32 Trigger PortLabel DescriptionN

149Nortel Business Secure Router 222 Configuration — BasicsChapter 9Static Route screensThis chapter shows you how to configure static routes for your

Contents 15Nortel Business Secure Router 222 Configuration — BasicsChapter 22Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

150 Chapter 9 Static Route screensNN47922-500Figure 43 Example of Static Routing topologyConfiguring IP Static RouteClick STATIC ROUTE to open the R

Chapter 9 Static Route screens 151Nortel Business Secure Router 222 Configuration — BasicsFigure 44 Static Route screenTable 33 describes the fields

152 Chapter 9 Static Route screensNN47922-500Configuring Route entrySelect a static route index number and click Edit. The screen is illustrated in Fi

Chapter 9 Static Route screens 153Nortel Business Secure Router 222 Configuration — BasicsMetric Metric represents the cost of transmission for routin

154 Chapter 9 Static Route screensNN47922-500

155Nortel Business Secure Router 222 Configuration — BasicsChapter 10FirewallsThis chapter gives some background information on firewalls and introduc

156 Chapter 10 FirewallsNN47922-500Packet Filtering firewallsPacket filtering firewalls restrict access based on the source or destination computer ne

Chapter 10 Firewalls 157Nortel Business Secure Router 222 Configuration — BasicsIntroduction to the Business Secure Router firewallThe Business Secure

158 Chapter 10 FirewallsNN47922-500Figure 46 Business Secure Router firewall applicationDenial of ServiceDenial of Service (DoS) attacks are aimed a

Chapter 10 Firewalls 159Nortel Business Secure Router 222 Configuration — BasicsWhen computers communicate on the Internet, they use the client/server

16 ContentsNN47922-500Appendix BLog Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423VPN/IPSe

160 Chapter 10 FirewallsNN47922-5002 Weaknesses in the TCP/IP specification leave it open to SYN Flood and LAND attacks. These attacks are executed du

Chapter 10 Firewalls 161Nortel Business Secure Router 222 Configuration — BasicsFigure 48 SYN floodIn a LAND Attack, hackers flood SYN packets into

162 Chapter 10 FirewallsNN47922-500Figure 49 Smurf attack• ICMP vulnerability ICMP is an error reporting protocol that works in concert with IP. The

Chapter 10 Firewalls 163Nortel Business Secure Router 222 Configuration — BasicsAll SMTP commands are illegal except for those displayed in Table 37.•

164 Chapter 10 FirewallsNN47922-500In summary, stateful inspection: • Allows all sessions originating from the LAN (local network) to the WAN (Interne

Chapter 10 Firewalls 165Nortel Business Secure Router 222 Configuration — Basics3 The packet is inspected by a firewall rule to determine and record i

166 Chapter 10 FirewallsNN47922-500• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.These custom rules work by eval

Chapter 10 Firewalls 167Nortel Business Secure Router 222 Configuration — BasicsAfter the Business Secure Router receives any subsequent packet (from

168 Chapter 10 FirewallsNN47922-500Consider the FTP protocol. A user on the LAN opens a control connection to a server on the Internet and requests a

Chapter 10 Firewalls 169Nortel Business Secure Router 222 Configuration — BasicsPacket filtering vs. firewallBelow are some comparisons between the fi

17Nortel Business Secure Router 222 Configuration — BasicsFiguresFigure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . .

170 Chapter 10 FirewallsNN47922-500• The firewall uses session filtering, or smart rules, that enhance the filtering process and control the network s

171Nortel Business Secure Router 222 Configuration — BasicsChapter 11Firewall screensThis chapter shows you how to configure your Business Secure Rout

172 Chapter 11 Firewall screensNN47922-500By default, the Business Secure Router’s stateful packet inspection blocks packets traveling in the followin

Chapter 11 Firewall screens 173Nortel Business Secure Router 222 Configuration — BasicsRule logic overviewRule checklist1 State the intent of the rule

174 Chapter 11 Firewall screensNN47922-500Once these questions have been answered, adding rules is simply a matter of plugging the information into th

Chapter 11 Firewall screens 175Nortel Business Secure Router 222 Configuration — Basicsthe LAN interface is an example of traffic destined for the Bus

176 Chapter 11 Firewall screensNN47922-500Figure 52 WAN to LAN trafficConfiguring firewallClick FIREWALL to open the Summary screen. Enable (or acti

Chapter 11 Firewall screens 177Nortel Business Secure Router 222 Configuration — BasicsIf you list a general rule before a specific rule, traffic that

178 Chapter 11 Firewall screensNN47922-500Figure 53 Enabling the firewall Table 38 describes the fields in Figure 53.Table 38 Firewall rules summa

Chapter 11 Firewall screens 179Nortel Business Secure Router 222 Configuration — BasicsBypass Triangle RouteSelect this check box to have the Business

18 FiguresNN47922-500Figure 30 Traffic Redirect LAN Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Figure 31 Traffic

180 Chapter 11 Firewall screensNN47922-500Configuring firewall rulesFollow these directions to create a new rule.In the Summary screen, type the index

Chapter 11 Firewall screens 181Nortel Business Secure Router 222 Configuration — BasicsFigure 54 Creating and editing a firewall rule Table 39 descr

182 Chapter 11 Firewall screensNN47922-500Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one

Chapter 11 Firewall screens 183Nortel Business Secure Router 222 Configuration — BasicsConfiguring source and destination addressesTo add a new source

184 Chapter 11 Firewall screensNN47922-500Configuring custom portsYou can also configure customized ports for services not predefined by the Business

Chapter 11 Firewall screens 185Nortel Business Secure Router 222 Configuration — Basics Example firewall rule The following Internet firewall rule exa

186 Chapter 11 Firewall screensNN47922-5006 Configure the Firewall Rule Edit IP screen as follows and click Apply.Figure 58 Firewall rule edit IP ex

Chapter 11 Firewall screens 187Nortel Business Secure Router 222 Configuration — BasicsFigure 60 MyService rule configuration exampleAfter completin

188 Chapter 11 Firewall screensNN47922-500Figure 61 My Service example rule summary Predefined servicesThe Available Services list box in the Edit R

Chapter 11 Firewall screens 189Nortel Business Secure Router 222 Configuration — Basicstype. For example, look at the default configuration labeled “(

Figures 19Nortel Business Secure Router 222 Configuration — BasicsFigure 65 IPSec architecture . . . . . . . . . . . . . . . . . . . . . . . . . . .

190 Chapter 11 Firewall screensNN47922-500NEW-ICQ(TCP:5190) An Internet chat program.NEWS(TCP:144) A protocol for news groups.NFS(UDP:2049) Network

Chapter 11 Firewall screens 191Nortel Business Secure Router 222 Configuration — BasicsAlertsAlerts are reports on events, such as attacks, that you w

192 Chapter 11 Firewall screensNN47922-500Configuring attack alertAttack alerts are the first defense against DOS attacks. In the Attack Alert screen

Chapter 11 Firewall screens 193Nortel Business Secure Router 222 Configuration — BasicsThe Business Secure Router measures both the total number of ex

194 Chapter 11 Firewall screensNN47922-500The Business Secure Router also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values

Chapter 11 Firewall screens 195Nortel Business Secure Router 222 Configuration — BasicsOne Minute High This is the rate of new half-open sessions that

196 Chapter 11 Firewall screensNN47922-500

197Nortel Business Secure Router 222 Configuration — BasicsChapter 12Content filtering This chapter provides a brief overview of content filtering usi

198 Chapter 12 Content filteringNN47922-500Configure Content FilteringClick Content Filter on the navigation panel, to open the screen show in Figure

Chapter 12 Content filtering 199Nortel Business Secure Router 222 Configuration — BasicsTable 44 describes the fields in Figure 63.Table 44 Content

2NN47922-500NN47922-500Copyright © Nortel 2005–2006All rights reserved.The information in this document is subject to change without notice. The state

20 FiguresNN47922-500Figure 100 Bandwidth Manager: Class setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Figure 101 Bandwidth Ma

200 Chapter 12 Content filteringNN47922-500Time of Day to BlockTime of Day to Block allows the administrator to define during which time periods conte

201Nortel Business Secure Router 222 Configuration — BasicsChapter 13VPNThis chapter introduces the basics of IPSec VPNs and covers the VPN WebGUI. Se

202 Chapter 13 VPNNN47922-500or • As a VPN router that can have encrypted connections to multiple remote VPN routers. With this role, it can also serv

Chapter 13 VPN 203Nortel Business Secure Router 222 Configuration — BasicsSecurity AssociationA Security Association (SA) is a contract between two pa

204 Chapter 13 VPNNN47922-500Data confidentialityThe IPSec sender can encrypt packets before transmitting them across a network. Data integrityThe IPS

Chapter 13 VPN 205Nortel Business Secure Router 222 Configuration — BasicsFigure 65 IPSec architectureIPSec algorithmsThe ESP (Encapsulating Securit

206 Chapter 13 VPNNN47922-500The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404), provide an authentication mechanism for the

Chapter 13 VPN 207Nortel Business Secure Router 222 Configuration — BasicsAn added feature of the ESP is payload padding, which further protects commu

208 Chapter 13 VPNNN47922-500EncapsulationThe two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 66 Transport and Tunn

Chapter 13 VPN 209Nortel Business Secure Router 222 Configuration — BasicsOutside header: The outside IP header contains the destination IP address of

Figures 21Nortel Business Secure Router 222 Configuration — BasicsFigure 135 Configuring UPnP . . . . . . . . . . . . . . . . . . . . . . . . . . . .

210 Chapter 13 VPNNN47922-500Tunnel mode ESP with authentication is compatible with NAT because integrity checks are performed over the combination of

Chapter 13 VPN 211Nortel Business Secure Router 222 Configuration — BasicsDynamic Secure Gateway AddressIf the remote VPN switch has a dynamic WAN IP

212 Chapter 13 VPNNN47922-500Figure 68 SummaryIP Policies

Chapter 13 VPN 213Nortel Business Secure Router 222 Configuration — BasicsTable 49 describes the fields in Figure 68.Table 49 SummaryLabel Descripti

214 Chapter 13 VPNNN47922-500Keep AliveWhen you initiate an IPSec tunnel with keep alive enabled, the Business Secure Router automatically renegotiate

Chapter 13 VPN 215Nortel Business Secure Router 222 Configuration — Basicsoffice rules. See the VPN Branch Office Rule Setup screen (Figure 72 on page

216 Chapter 13 VPNNN47922-500NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router forwards the IPSec p

Chapter 13 VPN 217Nortel Business Secure Router 222 Configuration — BasicsFigure 70 VPN Contivity Client rule setupTable 50 VPN Contivity Client r

218 Chapter 13 VPNNN47922-500Configuring Advanced SetupSelect one of the VPN rules in the VPN Summary screen and click Edit to configure the rule’s se

Chapter 13 VPN 219Nortel Business Secure Router 222 Configuration — BasicsTable 51 describes the fields in Figure 71.Table 51 VPN Contivity Client a

22 FiguresNN47922-500Figure 170 Restart screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402Figure 171

220 Chapter 13 VPNNN47922-500ID Type and contentWith aggressive negotiation mode (see “Negotiation Mode” on page 239 for more information), the Busine

Chapter 13 VPN 221Nortel Business Secure Router 222 Configuration — BasicsID type and content examplesTwo VPN switches must have matching ID type and

222 Chapter 13 VPNNN47922-500The two Business Secure Routers shown in Table 55 cannot complete their negotiation because Business Secure Router B’s Lo

Chapter 13 VPN 223Nortel Business Secure Router 222 Configuration — BasicsFigure 72 VPN Branch Office rule setup

224 Chapter 13 VPNNN47922-500Table 56 describes the fields in Figure 72.Table 56 VPN Branch Office rule setupLabel DescriptionConnection Type Sele

Chapter 13 VPN 225Nortel Business Secure Router 222 Configuration — BasicsAvailable/ Selected IP PolicyThe Available IP Policy table displays network

226 Chapter 13 VPNNN47922-500Local IP Address This field displays the IP address (or range of IP addresses) of the computers on your Business Secure R

Chapter 13 VPN 227Nortel Business Secure Router 222 Configuration — BasicsRemote IP Address This field displays the IP addresses of computers on the r

228 Chapter 13 VPNNN47922-500Certificate Use the drop-down list to select the certificate to use for this VPN tunnel. You must have certificates alrea

Chapter 13 VPN 229Nortel Business Secure Router 222 Configuration — BasicsPeer Content When you select IP in the Peer ID Type field, type the IP addre

23Nortel Business Secure Router 222 Configuration — BasicsTablesTable 1 Feature Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . .

230 Chapter 13 VPNNN47922-500ESP Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol (RFC 2406) provides encryption a

Chapter 13 VPN 231Nortel Business Secure Router 222 Configuration — BasicsConfiguring an IP PolicySelect one of the IP policies in the VPN Branch Offi

232 Chapter 13 VPNNN47922-500Table 57 describes the fields in Figure 73.Table 57 VPN Branch Office — IP PolicyLabel DescriptionProtocol Enter a num

Chapter 13 VPN 233Nortel Business Secure Router 222 Configuration — BasicsType Select one of the following port mapping types. 1. One-to-One: One-to-o

234 Chapter 13 VPNNN47922-500Virtual Ending IP Address When the Type field is configured to One-to-one or Many-to-One, this field is N/A. When the Typ

Chapter 13 VPN 235Nortel Business Secure Router 222 Configuration — BasicsProtocol Enter a number to specify what type of traffic is allowed to go thr

236 Chapter 13 VPNNN47922-500Port forwarding server A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, tha

Chapter 13 VPN 237Nortel Business Secure Router 222 Configuration — BasicsFigure 74 VPN Branch Office — IP Policy - Port Forwarding ServerTable 58 d

238 Chapter 13 VPNNN47922-500IKE phasesThere are two phases to every IKE (Internet Key Exchange) negotiation–phase 1 (Authentication) and phase 2 (Key

Chapter 13 VPN 239Nortel Business Secure Router 222 Configuration — BasicsIn Phase 1 you must:• Choose a negotiation mode.• Authenticate the connectio

24 TablesNN47922-500Table 30 Address Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142Table 31 Address

240 Chapter 13 VPNNN47922-500Main Mode ensures the highest level of security when the communicating parties are negotiating authentication (phase 1).

Chapter 13 VPN 241Nortel Business Secure Router 222 Configuration — BasicsThis can be unnecessary for data that does not require such security, so PFS

242 Chapter 13 VPNNN47922-500Table 59 describes the fields in Figure 76.Table 59 VPN Branch Office Advanced Rule SetupLabel DescriptionEnable Replay

Chapter 13 VPN 243Nortel Business Secure Router 222 Configuration — BasicsKey Group You must choose a key group for phase 1 IKE setup. DH1 (default)

244 Chapter 13 VPNNN47922-500SA MonitorIn the WebGUI, click VPN and the SA Monitor tab. Use this screen to display and manage all of the active VPN co

Chapter 13 VPN 245Nortel Business Secure Router 222 Configuration — BasicsA Security Association (SA) is the group of security settings related to a s

246 Chapter 13 VPNNN47922-500 Global settingsIn the WebGUI, click VPN on the navigation panel, then click the Global Setting tab. Encapsulation This f

Chapter 13 VPN 247Nortel Business Secure Router 222 Configuration — BasicsFigure 78 VPN Global Setting Table 61 describes the fields in Figure 78

248 Chapter 13 VPNNN47922-500VPN Client Termination Use these screens to configure the Business Secure Router for VPN connections from computers using

Chapter 13 VPN 249Nortel Business Secure Router 222 Configuration — BasicsFigure 79 VPN Client Termination

Tables 25Nortel Business Secure Router 222 Configuration — BasicsTable 65 VPN Client Termination advanced . . . . . . . . . . . . . . . . . . . . .

250 Chapter 13 VPNNN47922-500Table 62 describes the fields in Figure 79.Table 62 VPN Client TerminationLabel DescriptionEnable Client TerminationTu

Chapter 13 VPN 251Nortel Business Secure Router 222 Configuration — BasicsEncryption Select the combinations of protocol and encryption and authentic

252 Chapter 13 VPNNN47922-500VPN Client Termination IP pool summaryIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to

Chapter 13 VPN 253Nortel Business Secure Router 222 Configuration — BasicsFigure 80 VPN Client Termination IP pool summaryTable 63 describes the fie

254 Chapter 13 VPNNN47922-500VPN Client Termination IP pool editIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to ope

Chapter 13 VPN 255Nortel Business Secure Router 222 Configuration — BasicsVPN Client Termination advancedIn the WebGUI, click VPN on the navigation pa

256 Chapter 13 VPNNN47922-500Figure 82 VPN Client Termination advanced

Chapter 13 VPN 257Nortel Business Secure Router 222 Configuration — BasicsTable 65 describes the fields in Figure 82.Table 65 VPN Client Termination

258 Chapter 13 VPNNN47922-500Accept ISAKMP Initial Contact PayloadThe Business Secure Router can accept the INITIAL-CONTACT status messages to inform

Chapter 13 VPN 259Nortel Business Secure Router 222 Configuration — BasicsPassword Management You can have the Business Secure Router use some passwor

26 TablesNN47922-500Table 100 UPnP Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362Table 101 V

260 Chapter 13 VPNNN47922-500

261Nortel Business Secure Router 222 Configuration — BasicsChapter 14CertificatesThis chapter gives background information about public-key certificat

262 Chapter 14 CertificatesNN47922-500The Business Secure Router uses certificates based on public-key cryptology to authenticate users attempting to

Chapter 14 Certificates 263Nortel Business Secure Router 222 Configuration — BasicsConfiguration summaryThis section summarizes how to manage certific

264 Chapter 14 CertificatesNN47922-500Figure 84 My Certificates

Chapter 14 Certificates 265Nortel Business Secure Router 222 Configuration — BasicsTable 66 describes the labels in Figure 84.Table 66 My Certificat

266 Chapter 14 CertificatesNN47922-500Certificate file formatsThe certification authority certificate that you want to import has to be in one of thes

Chapter 14 Certificates 267Nortel Business Secure Router 222 Configuration — Basics• Binary PKCS#7: This is a standard that defines the general syntax

268 Chapter 14 CertificatesNN47922-500Figure 85 My Certificate ImportTable 67 describes the labels in Figure 85.Table 67 My Certificate ImportLabe

Chapter 14 Certificates 269Nortel Business Secure Router 222 Configuration — BasicsCreating a certificateClick CERTIFICATES, My Certificates and then

Tables 27Nortel Business Secure Router 222 Configuration — BasicsTable 135 RFC-2408 ISAKMP Payload Types . . . . . . . . . . . . . . . . . . . . . .

270 Chapter 14 CertificatesNN47922-500Table 68 describes the labels in the Figure 86.Table 68 My Certificate createLabel DescriptionCertificate Name

Chapter 14 Certificates 271Nortel Business Secure Router 222 Configuration — BasicsCreate a certification request and save it locally for later manual

272 Chapter 14 CertificatesNN47922-500After you click Apply in the My Certificate Create screen, you see a screen that tells you the Business Secure R

Chapter 14 Certificates 273Nortel Business Secure Router 222 Configuration — BasicsFigure 87 My Certificate details

274 Chapter 14 CertificatesNN47922-500Table 69 describes the labels in Figure 87.Table 69 My Certificate detailsLabel DescriptionName This field dis

Chapter 14 Certificates 275Nortel Business Secure Router 222 Configuration — BasicsIssuer This field displays identifying information about the certif

276 Chapter 14 CertificatesNN47922-500Trusted CAsClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen, shown in Figure 88. This screen displ

Chapter 14 Certificates 277Nortel Business Secure Router 222 Configuration — BasicsFigure 88 Trusted CAsTable 70 describes the labels in Figure 88.T

278 Chapter 14 CertificatesNN47922-500Issuer This field displays identifying information about the certificate’s issuing certification authority, such

Chapter 14 Certificates 279Nortel Business Secure Router 222 Configuration — BasicsImporting a Trusted CA’s certificateClick CERTIFICATES, Trusted CAs

28 TablesNN47922-500

280 Chapter 14 CertificatesNN47922-500Trusted CA Certificate detailsClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen. Click the details

Chapter 14 Certificates 281Nortel Business Secure Router 222 Configuration — BasicsFigure 90 Trusted CA details

282 Chapter 14 CertificatesNN47922-500Table 72 describes the labels in Figure 90.Table 72 Trusted CA detailsLabel DescriptionName This field display

Chapter 14 Certificates 283Nortel Business Secure Router 222 Configuration — BasicsSignature AlgorithmThis field displays the type of algorithm that w

284 Chapter 14 CertificatesNN47922-500Trusted remote hostsClick CERTIFICATES, Trusted Remote Hosts to open the Trusted Remote Hosts screen (see Figure

Chapter 14 Certificates 285Nortel Business Secure Router 222 Configuration — BasicsFigure 91 Trusted remote hostsTable 73 describes the labels in Fi

286 Chapter 14 CertificatesNN47922-500Verifying a certificate of a trusted remote hostCertificates issued by certification authorities have the certif

Chapter 14 Certificates 287Nortel Business Secure Router 222 Configuration — BasicsFigure 92 Remote host certificates3 Double-click the certificate’

288 Chapter 14 CertificatesNN47922-500Importing a certificate of a trusted remote hostClick CERTIFICATES, Trusted Remote Hosts to open the Trusted Rem

Chapter 14 Certificates 289Nortel Business Secure Router 222 Configuration — BasicsTable 74 describes the labels in Figure 94.Trusted remote host cert

29Nortel Business Secure Router 222 Configuration — BasicsPrefaceBefore you beginThis guide assists you through the basic configuration of your Busine

290 Chapter 14 CertificatesNN47922-500Figure 95 Trusted remote host details

Chapter 14 Certificates 291Nortel Business Secure Router 222 Configuration — BasicsTable 75 describes the labels in Figure 95.Table 75 Trusted remot

292 Chapter 14 CertificatesNN47922-500Valid To This field displays the date that the certificate expires. The text displays in red and includes an Exp

Chapter 14 Certificates 293Nortel Business Secure Router 222 Configuration — BasicsDirectory serversClick CERTIFICATES, Directory Servers to open the

294 Chapter 14 CertificatesNN47922-500Table 76 describes the labels in Figure 96.Add or edit a directory serverClick CERTIFICATES, Directory Servers t

Chapter 14 Certificates 295Nortel Business Secure Router 222 Configuration — BasicsFigure 97 Directory server addTable 77 describes the labels in Fi

296 Chapter 14 CertificatesNN47922-500Server Port This field displays the default server port number of the protocol that you select in the Access Pro

297Nortel Business Secure Router 222 Configuration — BasicsChapter 15Bandwidth managementThis chapter describes the functions and configuration of ban

298 Chapter 15 Bandwidth managementNN47922-500Bandwidth classes and filtersUse bandwidth subclasses to allocate specific amounts of bandwidth capacity

Chapter 15 Bandwidth management 299Nortel Business Secure Router 222 Configuration — BasicsFigure 98 Subnet based bandwidth management exampleApplic

3Nortel Business Secure Router 222 Configuration — BasicsContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30 PrefaceNN47922-500Related publicationsFor more information about using the Business Secure Router, refer to the following publications:• Nortel Bus

300 Chapter 15 Bandwidth managementNN47922-500Configuring summaryClick BW MGMT to open the Summary screen. Enable bandwidth management on an interface

Chapter 15 Bandwidth management 301Nortel Business Secure Router 222 Configuration — BasicsConfiguring class setupThe class setup screen displays the

302 Chapter 15 Bandwidth managementNN47922-500Figure 100 Bandwidth Manager: Class setupTable 80 describes the labels in Figure 100.Table 80 Bandwi

Chapter 15 Bandwidth management 303Nortel Business Secure Router 222 Configuration — BasicsBandwidth Manager Class ConfigurationConfigure a bandwidth

304 Chapter 15 Bandwidth managementNN47922-500Figure 101 Bandwidth Manager: Edit classTable 81 describes the labels in Figure 101.Table 81 Bandwid

Chapter 15 Bandwidth management 305Nortel Business Secure Router 222 Configuration — BasicsFilter ConfigurationEnable Bandwidth Filter Select Enable B

306 Chapter 15 Bandwidth managementNN47922-500Bandwidth management statisticsUse the Bandwidth Management Statistics screen to view network performanc

Chapter 15 Bandwidth management 307Nortel Business Secure Router 222 Configuration — BasicsFigure 102 Bandwidth management statistics Table 83 descr

308 Chapter 15 Bandwidth managementNN47922-500MonitorTo view the device’s bandwidth usage and allotments, click BW MGMT, then the Monitor tab. The scr

309Nortel Business Secure Router 222 Configuration — BasicsChapter 16IEEE 802.1xIEEE 802.1x overviewThe IEEE 802.1x standard outlines enhanced securit

Preface 31Nortel Business Secure Router 222 Configuration — BasicsHow to get HelpThis section explains how to get help for Nortel products and service

310 Chapter 16 IEEE 802.1xNN47922-500• Access-RequestSent by the Business Secure Router requesting authentication.• Access-RejectSent by a RADIUS serv

Chapter 16 IEEE 802.1x 311Nortel Business Secure Router 222 Configuration — BasicsYour Business Secure Router supports EAP-MD5 (Message-Digest Algorit

312 Chapter 16 IEEE 802.1xNN47922-500Figure 105 802.1X Table 85 describes the labels in Figure 105.Table 85 802.1X Label DescriptionAuthentication

Chapter 16 IEEE 802.1x 313Nortel Business Secure Router 222 Configuration — BasicsAuthentication DatabasesThe authentication database contains user lo

314 Chapter 16 IEEE 802.1xNN47922-500

315Nortel Business Secure Router 222 Configuration — BasicsChapter 17Authentication serverThe Business Secure Router can use either the local user dat

316 Chapter 17 Authentication serverNN47922-500Figure 106 Local User databaseTable 86 describes the labels in Figure 106. Table 86 Local User data

Chapter 17 Authentication server 317Nortel Business Secure Router 222 Configuration — BasicsEdit Local User DatabaseTo change a local user database en

318 Chapter 17 Authentication serverNN47922-500Figure 107 Local User database edit

Chapter 17 Authentication server 319Nortel Business Secure Router 222 Configuration — BasicsTable 87 describes the labels in Figure 107. Table 87 Lo

32 PrefaceNN47922-500Getting Help from a specialist by using an Express Routing CodeTo access some Nortel Technical Solutions Centers, you can use an

320 Chapter 17 Authentication serverNN47922-500Current split networksIn the Local User Database Edit screen, click Configure Network to display the Cu

Chapter 17 Authentication server 321Nortel Business Secure Router 222 Configuration — BasicsTable 88 describes the labels in Figure 108. Current split

322 Chapter 17 Authentication serverNN47922-500Figure 109 Current split networks editTable 89 describes the labels in Figure 109. Table 89 Current

Chapter 17 Authentication server 323Nortel Business Secure Router 222 Configuration — BasicsConfiguring RADIUSUse RADIUS if you want to authenticate u

324 Chapter 17 Authentication serverNN47922-500Figure 110 RADIUSTable 90 describes the labels in Figure 110.Table 90 RADIUSLabel DescriptionAuthen

Chapter 17 Authentication server 325Nortel Business Secure Router 222 Configuration — BasicsPort Number The default port of the RADIUS server for auth

326 Chapter 17 Authentication serverNN47922-500

327Nortel Business Secure Router 222 Configuration — BasicsChapter 18Remote management screensThis chapter provides information on the Remote Manageme

328 Chapter 18 Remote management screensNN47922-5001 A filter in SMT menu 3.1 (LAN) or in menu 11.1.4 (WAN) is applied to block a Telnet, FTP, or Web

Chapter 18 Remote management screens 329Nortel Business Secure Router 222 Configuration — BasicsIntroduction to HTTPSHTTPS (HyperText Transfer Protoco

33Nortel Business Secure Router 222 Configuration — BasicsChapter 1Getting to know your Nortel Business Secure Router 222This chapter introduces the m

330 Chapter 18 Remote management screensNN47922-500Figure 111 HTTPS implementationConfiguring WWWTo change your Business Secure Router’s Web setting

Chapter 18 Remote management screens 331Nortel Business Secure Router 222 Configuration — BasicsFigure 112 WWWTable 91 describes the labels in Figur

332 Chapter 18 Remote management screensNN47922-500HTTPS exampleTo change the default HTTPS port on the Business Secure Router, in your browser, enter

Chapter 18 Remote management screens 333Nortel Business Secure Router 222 Configuration — BasicsInternet Explorer warning messagesWhen you attempt to

334 Chapter 18 Remote management screensNN47922-500Select Accept this certificate permanently to import the Business Secure Router’s certificate into

Chapter 18 Remote management screens 335Nortel Business Secure Router 222 Configuration — BasicsFigure 115 Security Certificate 2 (Netscape)Avoiding

336 Chapter 18 Remote management screensNN47922-500a Click REMOTE MGMT. Write down the name of the certificate displayed in the Server Certificate fie

Chapter 18 Remote management screens 337Nortel Business Secure Router 222 Configuration — BasicsFigure 116 Logon screen (Internet Explorer)

338 Chapter 18 Remote management screensNN47922-500Figure 117 Login screen (Netscape)Click Login to proceed. The screen shown in Figure 118 appears.

Chapter 18 Remote management screens 339Nortel Business Secure Router 222 Configuration — BasicsFigure 118 Replace certificateClick Apply in the Rep

34 Chapter 1 Getting to know your Nortel Business Secure Router 222NN47922-500Physical features4-Port switchA combination of switch and router makes y

340 Chapter 18 Remote management screensNN47922-500Figure 119 Device-specific certificateClick Ignore in the Replace Certificate screen to use the c

Chapter 18 Remote management screens 341Nortel Business Secure Router 222 Configuration — BasicsFigure 120 Common Business Secure Router certificate

342 Chapter 18 Remote management screensNN47922-500Figure 121 SSH Communication ExampleHow SSH worksFigure 122 summarizes how a secure connection is

Chapter 18 Remote management screens 343Nortel Business Secure Router 222 Configuration — BasicsThe client automatically saves any new server public k

344 Chapter 18 Remote management screensNN47922-500Figure 123 SSHTable 92 describes the labels in Figure 123.Table 92 SSHLabel DescriptionServer H

Chapter 18 Remote management screens 345Nortel Business Secure Router 222 Configuration — BasicsSecure Telnet using SSH examplesThis section shows two

346 Chapter 18 Remote management screensNN47922-500Example 2: LinuxThis section describes how to access the Business Secure Router using the OpenSSH c

Chapter 18 Remote management screens 347Nortel Business Secure Router 222 Configuration — BasicsFigure 126 SSH Example 2: Log on3 The SMT main menu

348 Chapter 18 Remote management screensNN47922-500Figure 127 Secure FTP: Firmware Upload ExampleTelnetYou can configure your Business Secure Router

Chapter 18 Remote management screens 349Nortel Business Secure Router 222 Configuration — BasicsConfiguring TELNETClick REMOTE MANAGEMENT to open the

Chapter 1 Getting to know your Nortel Business Secure Router 222 35Nortel Business Secure Router 222 Configuration — BasicsAuxiliary portThe Business

350 Chapter 18 Remote management screensNN47922-500Configuring FTPYou can upload and download the Business Secure Router’s firmware and configuration

Chapter 18 Remote management screens 351Nortel Business Secure Router 222 Configuration — BasicsConfiguring SNMPSimple Network Management Protocol is

352 Chapter 18 Remote management screensNN47922-500Figure 131 SNMP Management ModelAn SNMP-managed network consists of two main types of component:

Chapter 18 Remote management screens 353Nortel Business Secure Router 222 Configuration — Basics• Get-Allows the manager to retrieve an object variabl

354 Chapter 18 Remote management screensNN47922-500REMOTE MANAGEMENT: SNMPTo change your Business Secure Router’s SNMP settings, click REMOTE MANAGEME

Chapter 18 Remote management screens 355Nortel Business Secure Router 222 Configuration — BasicsConfiguring DNSUse DNS (Domain Name System) to map a d

356 Chapter 18 Remote management screensNN47922-500Figure 133 DNSTable 97 describes the fields in Figure 133.Configuring SecurityTo change your Busi

Chapter 18 Remote management screens 357Nortel Business Secure Router 222 Configuration — BasicsIf an outside user attempts to probe an unsupported po

358 Chapter 18 Remote management screensNN47922-500Do not respond to requests for unauthorized servicesSelect this option to prevent hackers from find

359Nortel Business Secure Router 222 Configuration — BasicsChapter 19UPnPThis chapter introduces the Universal Plug and Play feature. Universal Plug a

36 Chapter 1 Getting to know your Nortel Business Secure Router 222NN47922-500CertificatesThe Business Secure Router can use certificates (also called

360 Chapter 19 UPnPNN47922-500Windows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnPThe automated

Chapter 19 UPnP 361Nortel Business Secure Router 222 Configuration — BasicsFigure 135 Configuring UPnPTable 99 describes the fields in Figure 135.Ta

362 Chapter 19 UPnPNN47922-500Displaying UPnP port mappingClick UPnP and then Ports to display the screen as shown in Figure 136. Use this screen to v

Chapter 19 UPnP 363Nortel Business Secure Router 222 Configuration — BasicsInstalling UPnP in Windows exampleThis section shows how to install UPnP in

364 Chapter 19 UPnPNN47922-500Figure 137 Add/Remove programs: Windows setup3 In the Communications window, select the Universal Plug and Play check

Chapter 19 UPnP 365Nortel Business Secure Router 222 Configuration — Basics1 Click Start and Control Panel. 2 Double-click Network Connections.3 In th

366 Chapter 19 UPnPNN47922-5005 In the Networking Services window, select the Universal Plug and Play check box. Figure 141 Windows XP networking se

Chapter 19 UPnP 367Nortel Business Secure Router 222 Configuration — Basics2 Right-click the icon and select Properties. Figure 142 Internet gateway

368 Chapter 19 UPnPNN47922-5004 You can edit or delete the port mappings or click Add to manually add port mappings.Figure 144 Internet connection p

Chapter 19 UPnP 369Nortel Business Secure Router 222 Configuration — Basics5 Select the Show icon in notification area when connected check box and cl

Chapter 1 Getting to know your Nortel Business Secure Router 222 37Nortel Business Secure Router 222 Configuration — BasicsBrute force password guessi

370 Chapter 19 UPnPNN47922-5003 Select My Network Places under Other PlacesFigure 148 Network connections 4 An icon with the description for each UP

371Nortel Business Secure Router 222 Configuration — BasicsChapter 20Logs ScreensThis chapter contains information about configuring general log setti

372 Chapter 20 Logs ScreensNN47922-500Figure 150 View LogTable 101 describes the fields in Figure 150.Table 101 View LogLabel DescriptionDisplay

Chapter 20 Logs Screens 373Nortel Business Secure Router 222 Configuration — BasicsConfiguring Log settingsTo change your Business Secure Router’s log

374 Chapter 20 Logs ScreensNN47922-500Figure 151 Log settings

Chapter 20 Logs Screens 375Nortel Business Secure Router 222 Configuration — BasicsTable 102 describes the fields in Figure 151.Table 102 Log settin

376 Chapter 20 Logs ScreensNN47922-500Configuring ReportsTo change your Business Secure Router’s log reports, click Logs, and then the Reports tab. Th

Chapter 20 Logs Screens 377Nortel Business Secure Router 222 Configuration — Basics• How much traffic has been sent to and from the LAN IP addresses t

378 Chapter 20 Logs ScreensNN47922-500Table 103 describes the fields in Figure 152.Viewing Web site hitsIn the Reports screen, select Web Site Hits fr

Chapter 20 Logs Screens 379Nortel Business Secure Router 222 Configuration — BasicsFigure 153 Web site hits report exampleTable 104 describes the fi

38 Chapter 1 Getting to know your Nortel Business Secure Router 222NN47922-500PPTP EncapsulationPoint-to-Point Tunneling Protocol (PPTP) is a network

380 Chapter 20 Logs ScreensNN47922-500Viewing Protocol/PortIn the Reports screen, select Protocol/Port from the Report Type drop-down list to have the

Chapter 20 Logs Screens 381Nortel Business Secure Router 222 Configuration — BasicsTable 105 describes the fields in Figure 154.Viewing LAN IP address

382 Chapter 20 Logs ScreensNN47922-500Figure 155 LAN IP address report exampleTable 106 describes the fields in Figure 155.Table 106 LAN IP Addres

Chapter 20 Logs Screens 383Nortel Business Secure Router 222 Configuration — BasicsReports specificationsTable 107 lists detailed specifications on th

384 Chapter 20 Logs ScreensNN47922-500

385Nortel Business Secure Router 222 Configuration — BasicsChapter 21Call scheduling screensWith call scheduling (applicable for PPPoA or PPPoE encaps

386 Chapter 21 Call scheduling screensNN47922-500Figure 156 Call schedule summaryTable 108 describes the fields in Figure 156.Table 108 Call Sched

Chapter 21 Call scheduling screens 387Nortel Business Secure Router 222 Configuration — BasicsCall scheduling editTo configure a schedule set, click t

388 Chapter 21 Call scheduling screensNN47922-500If a connection has been already established, your Business Secure Router will not drop it. After the

Chapter 21 Call scheduling screens 389Nortel Business Secure Router 222 Configuration — BasicsApplying Schedule Sets to a remote nodeOnce your schedul

Chapter 1 Getting to know your Nortel Business Secure Router 222 39Nortel Business Secure Router 222 Configuration — BasicsSNMPSNMP (Simple Network Ma

390 Chapter 21 Call scheduling screensNN47922-500Figure 158 Applying Schedule Sets to a remote node

391Nortel Business Secure Router 222 Configuration — BasicsChapter 22MaintenanceThis chapter displays system information such as firmware, port IP add

392 Chapter 22 MaintenanceNN47922-500Figure 159 System Status Table 110 describes the fields in Figure 159.Table 110 System StatusLabel Descript

Chapter 22 Maintenance 393Nortel Business Secure Router 222 Configuration — BasicsSystem statisticsRead-only information here includes port status and

394 Chapter 22 MaintenanceNN47922-500DHCP Table screen With DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) individual clients can o

Chapter 22 Maintenance 395Nortel Business Secure Router 222 Configuration — BasicsFigure 161 DHCP TableTable 112 describes the fields in Figure 161.

396 Chapter 22 MaintenanceNN47922-500Click MAINTENANCE, and then the F/W UPLOAD tab. Follow the instructions to upload firmware to your Business Secur

Chapter 22 Maintenance 397Nortel Business Secure Router 222 Configuration — BasicsFigure 163 Firmware Upload In ProcessThe device automatically rest

398 Chapter 22 MaintenanceNN47922-500Configuration screenClick MAINTENANCE, and then the Configuration tab. Information related to factory defaults, b

Chapter 22 Maintenance 399Nortel Business Secure Router 222 Configuration — BasicsFigure 167 Reset warning messageYou can also press the RESET butto

4 ContentsNN47922-500HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36IEEE 802.1x

40 Chapter 1 Getting to know your Nortel Business Secure Router 222NN47922-500Full network managementThe embedded web configurator is an all platform,

400 Chapter 22 MaintenanceNN47922-500Restore configuration With restore configuration, you can upload a new or previously saved configuration file fro

Chapter 22 Maintenance 401Nortel Business Secure Router 222 Configuration — BasicsFigure 169 Network Temporarily DisconnectedIf you uploaded the def

402 Chapter 22 MaintenanceNN47922-500Figure 170 Restart screen

403Nortel Business Secure Router 222 Configuration — BasicsAppendix ATroubleshootingThis chapter covers potential problems and the corresponding remed

404 Appendix A TroubleshootingNN47922-500Problems with the LAN LEDProblems with the LAN interfaceTable 116 Troubleshooting the LAN LEDProblem Correc

Appendix A Troubleshooting 405Nortel Business Secure Router 222 Configuration — BasicsProblems with the WAN interfaceProblems with Internet AccessTabl

406 Appendix A TroubleshootingNN47922-500Problems accessing an internet Web site Problems with the passwordTable 120 Troubleshooting Web Site Intern

Appendix A Troubleshooting 407Nortel Business Secure Router 222 Configuration — BasicsProblems with the WebGUI Problems with Remote ManagementTable 12

408 Appendix A TroubleshootingNN47922-500Allowing Pop-up Windows, JavaScript and Java Permissions In order to use the WebGUI, you must allow:• Web bro

Appendix A Troubleshooting 409Nortel Business Secure Router 222 Configuration — Basics1 In Internet Explorer, select Tools, Internet Options, Privacy.

Chapter 1 Getting to know your Nortel Business Secure Router 222 41Nortel Business Secure Router 222 Configuration — BasicsApplications for the Nortel

410 Appendix A TroubleshootingNN47922-5002 Select Settings… to open the Pop-up Blocker Settings screen.Figure 173 Internet options3 Type the IP addr

Appendix A Troubleshooting 411Nortel Business Secure Router 222 Configuration — Basics4 Click Add to move the IP address to the list of Allowed sites.

412 Appendix A TroubleshootingNN47922-5001 In Internet Explorer, click Tools, Internet Options, and then the Security tab. Figure 175 Internet optio

Appendix A Troubleshooting 413Nortel Business Secure Router 222 Configuration — Basics6 Click OK to close the window.Figure 176 Security Settings -

414 Appendix A TroubleshootingNN47922-5005 Click OK to close the window.Figure 177 Security Settings - Java JAVA (Sun)1 From Internet Explorer, clic

Appendix A Troubleshooting 415Nortel Business Secure Router 222 Configuration — Basics4 Close your existing browser session and open a new browser.Fig

416 Appendix A TroubleshootingNN47922-500Allowing Pop-ups1 In Netscape, click Tools, Popup Manager and then select Allow Popups From This Site. Figure

Appendix A Troubleshooting 417Nortel Business Secure Router 222 Configuration — Basics3 Clear the Block unrequested popup windows check box. Figure 1

418 Appendix A TroubleshootingNN47922-5004 Click the Allowed Sites... button. Figure 182 Popup Windows5 Type the IP address of your device (the Web

Appendix A Troubleshooting 419Nortel Business Secure Router 222 Configuration — Basics6 Click Add to move the IP address to the Site list.Figure 183

42 Chapter 1 Getting to know your Nortel Business Secure Router 222NN47922-500Hardware SetupRefer to Nortel Business Secure Router 222 — Fundamentals

420 Appendix A TroubleshootingNN47922-5004 Click OK to close the window.Figure 184 Advanced 5 Click the Advanced directory and then select Scripts &

Appendix A Troubleshooting 421Nortel Business Secure Router 222 Configuration — Basics7 Click OK to close the window.Figure 185 Scripts & Plug-i

422 Appendix A TroubleshootingNN47922-500

423Nortel Business Secure Router 222 Configuration — BasicsAppendix BLog DescriptionsThis appendix provides descriptions of example log messages.Table

424 Appendix B Log DescriptionsNN47922-500TELNET Login Fail Someone has failed to log on to the router via Teln et.FTP Login Successfully Someone has

Appendix B Log Descriptions 425Nortel Business Secure Router 222 Configuration — Basicsattack ESP The firewall detected an ESP attack.attack GRE The f

426 Appendix B Log DescriptionsNN47922-500For type and code details, see Table 131.teardrop ICMP (type:%d, code:%d)The firewall detected an ICMP teard

Appendix B Log Descriptions 427Nortel Business Secure Router 222 Configuration — BasicsFirewall default policy: ICMP (set:%d, type:%d, code:%d)ICMP ac

428 Appendix B Log DescriptionsNN47922-500Firewall rule match: (set:%d, rule:%d)Access matched the listed firewall rule and the Business Secure Router

Appendix B Log Descriptions 429Nortel Business Secure Router 222 Configuration — BasicsFilter default policy DROP!Access matched a default filter poli

43Nortel Business Secure Router 222 Configuration — BasicsChapter 2Introducing the WebGUIThis chapter describes how to access the Business Secure Rout

430 Appendix B Log DescriptionsNN47922-500(set:%d) With firewall messages, this is the number of the ACL policy set and denotes the packet's dire

Appendix B Log Descriptions 431Nortel Business Secure Router 222 Configuration — BasicsFor type and code details, see Table 131.Table 130 ACL Settin

432 Appendix B Log DescriptionsNN47922-500VPN/IPSec LogsTo view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the I

Appendix B Log Descriptions 433Nortel Business Secure Router 222 Configuration — BasicsFigure 186 Example VPN Initiator IPSec LogVPN Responder IPSec

434 Appendix B Log DescriptionsNN47922-500Figure 187 Example VPN Responder IPSec LogThis menu is useful for troubleshooting your Business Secure Rou

Appendix B Log Descriptions 435Nortel Business Secure Router 222 Configuration — BasicsTable 133 Sample IKE Key Exchange LogsLog Message Description

436 Appendix B Log DescriptionsNN47922-500!! Remote IP <IP start> / <IP end> conflictsIf the security gateway is “0.0.0.0”, the Business

Appendix B Log Descriptions 437Nortel Business Secure Router 222 Configuration — BasicsTable 134 shows sample log messages during packet transmission.

438 Appendix B Log DescriptionsNN47922-500Table 135 shows RFC-2408 ISAKMP payload types that the log displays. Refer to the RFC for detailed informati

Appendix B Log Descriptions 439Nortel Business Secure Router 222 Configuration — BasicsFailed to resolve <CMP CA server url>The CMP online certi

44 Chapter 2 Introducing the WebGUINN47922-5001 Launch your web browser.2 Type 192.168.1.1 as the URL.3 Type the user name (nnadmin is the default) an

440 Appendix B Log DescriptionsNN47922-500Table 137 Certificate Path Verification Failure Reason CodesCode Description1 Algorithm mismatch between t

Appendix B Log Descriptions 441Nortel Business Secure Router 222 Configuration — BasicsTable 138 IIEEE 802.1X LogsLog Message DescriptionLocal User

442 Appendix B Log DescriptionsNN47922-500Log CommandsGo to the command interpreter interface (the Command Interpreter Appendix explains how to access

Appendix B Log Descriptions 443Nortel Business Secure Router 222 Configuration — BasicsUse the sys logs save command to store the settings in the Busi

444 Appendix B Log DescriptionsNN47922-500Log Command ExampleThis example shows how to set the Business Secure Router to record the access logs and al

Nortel Business Secure Router 222 Configuration — Basics445IndexNumbers10/100 Mb/s Ethernet WAN 343DES 2074-Port Switch 34AAction 179Action for Matche

446 IndexNN47922-500Call Control 129Call Scheduling 37, 385Maximum Number of Schedule Sets 385Precedence 385Precedence Example 385Called ID 129Calling

Index 447Nortel Business Secure Router 222 Configuration — BasicsEncapsulating Security Payload 206ESP 206ESP Protocol 206Ethernet 52, 53, 56Ethernet

448 IndexNN47922-500Internet Control Message Protocol (ICMP) 161Internet Group Multicast Protocol 95, 117IP Address 58, 59, 137, 394IP Alias 38, 101IP

Index 449Nortel Business Secure Router 222 Configuration — BasicsNNTP 138Nortel Firmware Version392Number of Retransmissions 257OOff Line 83On Demand

Chapter 2 Introducing the WebGUI 45Nortel Business Secure Router 222 Configuration — BasicsFigure 3 Change password screen5 Click Apply in the Repla

450 IndexNN47922-500RIP-2B 95, 117, 125RIP-2M 95, 117, 125Roadrunner Manager 113RoadRunner Support 40RoadRunner Toshiba 113Root Class 301Routing Infor

Index 451Nortel Business Secure Router 222 Configuration — BasicsTCP Security 166TCP/IP 158, 159, 160, 348Teardrop 159technical publications 30Telnet

46 Chapter 2 Introducing the WebGUINN47922-500The MAIN MENU screen appears.Restoring the factory default configuration settingsIf you just want to res

Chapter 2 Introducing the WebGUI 47Nortel Business Secure Router 222 Configuration — Basics5 Wait for the Starting XMODEM upload message before activa

48 Chapter 2 Introducing the WebGUINN47922-500Figure 6 MAIN MENU ScreenClick the Contact link to display the customer support contact information. F

Chapter 2 Introducing the WebGUI 49Nortel Business Secure Router 222 Configuration — BasicsFigure 7 Contact Support

Contents 5Nortel Business Secure Router 222 Configuration — BasicsNavigating the Business Secure Router WebGUI . . . . . . . . . . . . . . . . . . .

50 Chapter 2 Introducing the WebGUINN47922-500

51Nortel Business Secure Router 222 Configuration — BasicsChapter 3Wizard setupThis chapter provides information on the Wizard screens in the WebGUI.W

52 Chapter 3 Wizard setupNN47922-500Domain NameThe Domain Name entry is what is propagated to the DHCP clients on the LAN. If you leave this blank, th

Chapter 3 Wizard setup 53Nortel Business Secure Router 222 Configuration — BasicsEthernetChoose Ethernet when the WAN port is used as a regular Ethern

54 Chapter 3 Wizard setupNN47922-500Table 2 describes the fields in Figure 9.PPTPPoint-to-Point Tunneling Protocol (PPTP) is a network protocol that e

Chapter 3 Wizard setup 55Nortel Business Secure Router 222 Configuration — BasicsFigure 10 Wizard 2: PPTP EncapsulationTable 3 describes the fields

56 Chapter 3 Wizard setupNN47922-500PPPoE EncapsulationPoint-to-Point Protocol over Ethernet (PPPoE) functions as a dial-up connection. PPPoE is an IE

Chapter 3 Wizard setup 57Nortel Business Secure Router 222 Configuration — BasicsBy implementing PPPoE directly on the Business Secure Router (rather

58 Chapter 3 Wizard setupNN47922-500Wizard setup: Screen 3 Using the third screen you can configure WAN IP address assignment, DNS server address assi

Chapter 3 Wizard setup 59Nortel Business Secure Router 222 Configuration — BasicsYou can obtain your IP address from the IANA, from an ISP, or have it

6 ContentsNN47922-500Preventing heavy data traffic from impacting telephone calls . . . . . . . . . . . . . 75Setting Up a Remote Office with a UNISt

60 Chapter 3 Wizard setupNN47922-500The subnet mask specifies the network number portion of an IP address. Your Business Secure Router computes the su

Chapter 3 Wizard setup 61Nortel Business Secure Router 222 Configuration — BasicsThe WAN port of your Business Secure Router is set at half-duplex mod

62 Chapter 3 Wizard setupNN47922-500Figure 12 Wizard 3Table 7 describes the fields in Figure 12.Table 7 Wizard 3Label DescriptionWAN IP Address As

Chapter 3 Wizard setup 63Nortel Business Secure Router 222 Configuration — BasicsIP Subnet Mask Enter the IP subnet mask in this field if you select U

64 Chapter 3 Wizard setupNN47922-500First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server inf

Chapter 3 Wizard setup 65Nortel Business Secure Router 222 Configuration — BasicsBasic Setup CompleteWell done! You have successfully set up your Busi

66 Chapter 3 Wizard setupNN47922-500

67Nortel Business Secure Router 222 Configuration — BasicsChapter 4User NotesGeneral NotesThere are some router functions that, although performing as

68 Chapter 4 User NotesNN47922-500If the Administrator Timeout is set to 0, and an administration session is terminated without logging off, the route

Chapter 4 User Notes 69Nortel Business Secure Router 222 Configuration — BasicsVPN Client Termination1 Change of User Account Does Not Drop Existing C

Contents 7Nortel Business Secure Router 222 Configuration — BasicsChapter 7WAN screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 Chapter 4 User NotesNN47922-500VPN Clients can have dynamically assigned IP addresses, or they can have a statically assigned addresses. However,

Chapter 4 User Notes 71Nortel Business Secure Router 222 Configuration — BasicsThe number controls the operating mode:None (disabled)RIP-1 onlyRIP-2 o

72 Chapter 4 User NotesNN47922-500b Enter the authentication information, with either a pre-shared key or an imported certificate.c Enter the IP Addre

Chapter 4 User Notes 73Nortel Business Secure Router 222 Configuration — BasicsScenario 2: A BCM50 in each site, each acting as the backup call server

74 Chapter 4 User NotesNN47922-500Allowing remote management of a LAN-connected BCM50 1 Create the appropriate NAT server rules to add the BCM50.Go to

Chapter 4 User Notes 75Nortel Business Secure Router 222 Configuration — Basics5 In the FIREWALL, set up a LAN-to-LAN rule to block traffic between th

76 Chapter 4 User NotesNN47922-500Under VPN / Global Setting, enable Exclusive Mode, and fill in the MAC address of the telephone set.Under Bandwidth

77Nortel Business Secure Router 222 Configuration — BasicsChapter 5System screensThis chapter provides information on the System screens.System overvi

78 Chapter 5 System screensNN47922-500Figure 13 depicts an example where three VPN tunnels are created from Business Secure Router A; one to branch of

Chapter 5 System screens 79Nortel Business Secure Router 222 Configuration — BasicsFigure 14 System general setupTable 8 describes the fields in Fig

8 ContentsNN47922-500Configuring servers behind SUA (example) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Configuring SUA Server .

80 Chapter 5 System screensNN47922-500System DNS Servers (if applicable)DNS (Domain Name System) is for mapping a domain name to its corresponding IP

Chapter 5 System screens 81Nortel Business Secure Router 222 Configuration — BasicsDynamic DNSWith Dynamic DNS, you can update your current dynamic IP

82 Chapter 5 System screensNN47922-500Figure 15 DDNSTable 9 describes the fields in Figure 15.Table 9 DDNSLabel DescriptionActive Select this chec

Chapter 5 System screens 83Nortel Business Secure Router 222 Configuration — BasicsConfiguring PasswordTo change the password of your Business Secure

84 Chapter 5 System screensNN47922-500Figure 16 PasswordTable 10 describes the fields in Figure 16.Table 10 PasswordLabel DescriptionAdministrator

Chapter 5 System screens 85Nortel Business Secure Router 222 Configuration — BasicsPredefined NTP time server listThe Business Secure Router uses the

86 Chapter 5 System screensNN47922-500When the Business Secure Router uses the predefined list of NTP time servers, it randomly selects one server and

Chapter 5 System screens 87Nortel Business Secure Router 222 Configuration — BasicsFigure 17 Time and Date

88 Chapter 5 System screensNN47922-500Table 12 describes the fields in Figure 17.Table 12 Time and DateLabel DescriptionCurrent Time and DateCurrent

Chapter 5 System screens 89Nortel Business Secure Router 222 Configuration — BasicsTime Zone SetupTime Zone Choose the time zone of your location. Thi

Contents 9Nortel Business Secure Router 222 Configuration — BasicsFirewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

90 Chapter 5 System screensNN47922-500ALG With Application Layer Gateway (ALG), applications can pass through NAT and the firewall. You must also con

Chapter 5 System screens 91Nortel Business Secure Router 222 Configuration — BasicsTable 13 describes the labels in Figure 18.Table 13 ALGLabel Desc

92 Chapter 5 System screensNN47922-500

93Nortel Business Secure Router 222 Configuration — BasicsChapter 6LAN screens This chapter describes how to configure LAN settings.LAN overviewLocal

94 Chapter 6 LAN screensNN47922-500DNS serversUse the LAN IP screen to configure the DNS server information that the Business Secure Router sends to t

Chapter 6 LAN screens 95Nortel Business Secure Router 222 Configuration — BasicsBoth RIP-2B and RIP-2M send routing data in RIP-2 format; the differen

96 Chapter 6 LAN screensNN47922-500Configuring IP Click LAN to open the IP screen.Figure 19 LAN IP

Chapter 6 LAN screens 97Nortel Business Secure Router 222 Configuration — BasicsTable 14 describes the fields in Figure 19.Table 14 LAN IPLabel Desc

98 Chapter 6 LAN screensNN47922-500First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server info

Chapter 6 LAN screens 99Nortel Business Secure Router 222 Configuration — BasicsRIP Version The RIP Version field controls the format and the broadcas