AP-6

Lucent Technologies AP-6, AP-1, AP-3, AP-4, AP-5, AP-7, AP-8 Connection Manual

  • Hello! I am an AI chatbot trained to assist you with the Lucent Technologies AP-6 Connection Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
. . . . .
CCESS OINT
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
UILDER
SER UIDE
This manual describes how to use the Access Point QVPN Builder™ applica-
tion with Access Point™ IP Services routers.
Product: Access Point QVPN Builder
Version: Version 2.4
Part Number: 610-5004-061
Lucent Technologies May 2001
. . . . .
Important - Please Read
Access Point QVPN Builder User Guide III
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IMPORTANT - PLEASE READ
NOTICE
The information in this manual is provided without warranty of any kind and is
subject to change without notice. Lucent Technologies Inc. assumes no respon-
sibility, and shall have no liability of any kind arising from supply or use of
this publication or any material contained herein.
Company and product names are trademarks or registered trademarks of their
respective companies.
Copyright © 1997 - 2001 by Lucent Technologies Inc. All rights reserved. No
part of this publication may be reproduced, photocopied, or transmitted with-
out express, written consent of Lucent Technologies Inc.
Lucent Technologies Inc.
50 Nagog Park
Acton, MA 01720
USA
http://www.lucent.com
FEDERAL COMMUNICATIONS COMMISSION WARNING
This device complies with Part 15 of the FCC Rules and Regulations. Opera-
tion is subject to the following two conditions:
The device may not cause harmful interference.
The device must withstand any interference received, including interfer-
ence that may cause undesired operation.
The Access Point router has been tested and found to comply with the limits
for a Class A digital device pursuant to Part 15 of the FCC Rules and Regula-
tions. These limits are designed to provide reasonable protection against harm-
ful interference when this equipment is operated in a commercial environment.
This equipment generates, uses, and can radiate radio-frequency energy and, if
not installed and used in accordance with the instruction manual, may cause
harmful interference to radio and television communications. Operation of this
equipment in a residential area is likely to cause interference in which case the
user will be required to correct the interference at his or her own expense.
Important - Please Read
IV Access Point QVPN Builder User Guide
Shielded cables must be used with this unit to ensure compliance with the FCC
Class A limits.
QVPN Builder User Guide V
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C
ONTENTS
Preface ........................................................................................................ XI
1 Product Overview........................................................................................ 1
Access Point QVPN Builder Application...................................................................1
Integrated Applications...............................................................................................2
Platform Requirements ...............................................................................................2
NT 4.0 Requirements .................................................................................................................2
Solaris 2.6 Requirements............................................................................................................3
Access Point Operating System Support Matrix ........................................................3
2 Installing the QVPN Builder........................................................................ 5
Installing Builder ........................................................................................................5
Installing the Standalone Version on Solaris Systems...............................................................6
Installing the Client/Server Version on Solaris Systems ...........................................................9
Installing the Standalone Version on Windows NT Systems ....................................................13
Installing the Client/Server Version on Windows NT Systems.................................................14
Initial Startup Tasks....................................................................................................16
Logging In For the First Time....................................................................................................17
Logging In For the First Time As a Client.................................................................................17
Evolving Version 2.1 and 2.3 Databases....................................................................................18
Accessing UNIX Server Databases From Windows NT Client Systems ..................................19
Setting Up the QVPN Request Config Daemon to Access UNIX Databases............................20
CONTENTS
VI QVPN Builder User Guide
3 Getting Started With Builder ......................................................................21
About the Builder Window ........................................................................................21
The Tree Frame ..........................................................................................................................23
The Configuration and Deployment Tabs..................................................................................23
The Log Frame ...........................................................................................................................24
Getting Detailed Help Information.............................................................................26
Configuring SNMP Access Settings ..........................................................................26
Managing Access Point Systems................................................................................28
Adding Access Point Systems....................................................................................................28
Modifying Access Point Systems...............................................................................................28
Removing Access Point Systems ...............................................................................................28
Using the Traffic Status and Tunnel Status Applications ..........................................29
Traffic Status Application ..........................................................................................................30
Tunnel Status Application..........................................................................................................31
Using the QVPN Request Config Daemon................................................................32
Starting Up the Daemon.............................................................................................................33
Using the Daemon......................................................................................................................33
Shutting Down the Daemon .......................................................................................................34
Verifying Daemon Operation.....................................................................................................34
Changing the SNMP Community Name for the Daemon..........................................................35
Troubleshooting the Daemon .....................................................................................................35
4 Managing VPNs ...........................................................................................37
Creating or Modifying VPN Definitions....................................................................38
Selecting the Configuration Method...........................................................................................38
Changing VPN Settings for the VPN.........................................................................................39
Changing VPN Settings for the Access Point Systems..............................................................41
Changing Probe Settings ............................................................................................................43
Saving the VPN Definition.........................................................................................45
Saving the VPN Definition With the Standalone Version .........................................................46
Saving the VPN Definition With the Client/Server Version......................................................46
Opening VPN Definitions ..........................................................................................46
Opening the VPN Definition With the Standalone Version.......................................................47
Opening the VPN Definition With the Client/Server Version...................................................47
Accessing Locked Files..............................................................................................................48
Removing VPN Definitions .......................................................................................48
Removing the VPN Definition With the Standalone Version....................................................48
. . . . .
CONTENTS
QVPN Builder User Guide VII
Removing the VPN Definition With the Client/Server Version................................................49
Using VPN Definitions...............................................................................................49
Exporting Data ...........................................................................................................................49
Importing VPN Data Files..........................................................................................................50
Importing VPN Definitions From Version 1.1...........................................................................53
Verifying the Configuration........................................................................................53
Deploying the Configuration ......................................................................................53
Using the VPN Deployment Tables............................................................................54
VPN Statistics ............................................................................................................................55
VPN or AP Summary Information.............................................................................................55
Tunnel, Route, and IPSec Interface Information........................................................................56
Managing Security Profiles ........................................................................................58
Adding Security Profiles............................................................................................................59
Modifying Security Profiles.......................................................................................................59
Deleting Security Profiles ..........................................................................................................60
5 Managing QoS/Firewall Policies................................................................61
Using the QoS/Firewall Rule Set Editor.....................................................................62
Default Template Rule Set Definition and Modification...........................................................64
Defining a Rule Set.....................................................................................................66
Adding a Rule.............................................................................................................................67
Specifying Parameters................................................................................................................67
Changing the Rule Name ...........................................................................................................75
Specifying Execution Order.......................................................................................................76
Adding or Changing Comments.................................................................................................76
Removing a Rule........................................................................................................................77
Purging Unused Parameters.......................................................................................................77
Modifying a Rule Set..................................................................................................77
Modifying the Default New Rule Set .........................................................................78
Removing a Rule Set ..................................................................................................79
Associating a Rule Set................................................................................................79
Setting Parameter Values............................................................................................80
Verifying the QoS/Firewall Policies...........................................................................82
Deploying the QoS/Firewall Policies to APs..............................................................82
Using the QoS/Firewall Deployment Table................................................................83
Modifying the Definition View..................................................................................................83
Using the Apply/Query View.....................................................................................................84
CONTENTS
VIII QVPN Builder User Guide
Using Rule Sets ..........................................................................................................85
Exporting Rule Sets....................................................................................................................85
Importing Rule Set Files.............................................................................................................86
Specifying a Rule Set for a VPN................................................................................87
Using the QoS/Firewall: Examples............................................................................88
Configuring a Firewall That Allows Web Surfing.....................................................................88
Configuring SYN Flood Protection............................................................................................95
Classifying ICMP Packets..........................................................................................................99
Creating a Forwarding Policy.....................................................................................................101
6 Managing NAT .............................................................................................105
Configuring General NAT Parameters.......................................................................106
Enabling NAT.............................................................................................................................106
Specifying Maximum Number of Sessions................................................................................107
Specifying Session Timers .........................................................................................................107
Applying Parameters ..................................................................................................................108
Saving the NAT Configuration...................................................................................................109
Adding the NAT Layer...............................................................................................109
Configuring Static Bindings.......................................................................................111
Configuring Address Translation Pools .....................................................................112
Configuring Basic NAT Pools....................................................................................................113
Configuring NAPT Pools ...........................................................................................................114
Configuring LSNAT Pools.........................................................................................................115
Removing Pools..........................................................................................................................117
Configuring Private Networks....................................................................................117
Checking the Configuration .......................................................................................119
Deploying the NAT Configuration to All APs...........................................................120
Using the NAT Deployment Tab ...............................................................................120
7 Advanced Features of Builder....................................................................125
Specifying Preferences...............................................................................................126
General Preferences....................................................................................................................126
Logging Preferences...................................................................................................................126
Directory Preferences.................................................................................................................128
Configuring Logging..................................................................................................129
Clearing the Log Display............................................................................................................129
Purging the Log Database...........................................................................................................129
. . . . .
CONTENTS
QVPN Builder User Guide IX
Exporting the Log Table To a File.............................................................................................130
Managing User Profiles ..............................................................................................130
Adding User Profiles..................................................................................................................131
Modifying User Profiles.............................................................................................................131
Deleting User Profiles................................................................................................................132
Restoring VPN Databases...........................................................................................132
Finding a VPN Name..................................................................................................133
Troubleshooting..........................................................................................................133
Figures
Figure 1 QVPN Builder Login Screen ........................................................................16
Figure 2 QVPN Builder Definition View Window .....................................................22
Figure 3 QoS/Firewall Rule Set Editor Window ........................................................62
Figure 4 Stateful Firewall that Allows Web Surfing ...................................................88
Tables
Table 1 Definition View Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Table 2 QoS/Firewall Rule Set Editor Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . 62
Table 3 Default Action Profiles and Associated CBQ Trees . . . . . . . . . . . . . . . . . . 75
CONTENTS
X QVPN Builder User Guide
Access Point QVPN Builder User Guide XI
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
P
REFACE
The Access Point IP Services family comprises a set of bridging rout-
ers with advanced bandwidth management and VPN server capabilities.
The Access Point QVPN Builder
application lets you manage and
monitor a virtual private network of Access Point systems. This guide
explains how to install, configure, and manage the Access Point QVPN
Builder application. Chapter titles and their subject areas are outlined
below.
Audience
The Access Point product is a bridging router with advanced bandwidth
management and VPN capabilities. Configuring any IP routing engine
Chapter Title Areas Treated
1
Product Overview Provides an overview of the Access Point
QVPN Builder application
2
Installing the QVPN Builder Provides information about installing Access
Point QVPN Builder
3
Getting Started With Builder Provides general information about the
Builder graphical user interface, application-
wide tasks, and associated applications
4
Managing VPNs Explains how to configure IPSEC tunnels
using VPN definitions
5
Managing QoS/Firewall
Policies
Explains how to set firewall rules and QoS
policies
6
Managing NAT Explains how to configure the Network
Address Translator (NAT)
7
Advanced Features of
Builder
Provides information about preferences,
logging, and user profiles for Builder
PREFACE
XII Access Point QVPN Builder User Guide
requires considerable experience with routers, hubs, bridges, and other net-
working devices. In particular, Lucent Technologies assumes that persons
installing, configuring, and managing the Access Point product have several
years of networking experience.
The Access Point QVPN Builder application lets you configure and manage
virtual private networks from a central management station. Builder is flexible
enough to provision the security profiles, firewall rules, and Quality of Service
policies for small or large VPNs.
Conventions
This guide uses the following conventions.
Bold indicates items that you select from the Builder application.
Italics indicates command.
A vertical bar | between elements indicates that you must choose one of
them.
Square brackets [ ] indicate optional elements.
Parentheses ( ) contain a group from which you make a selection.
Angle brackets < > contain an element that you specify, such as a name or
an address.
Ellipses ... following a component, subcomponent, or parameter indicate
that it can be repeated.
S
AFETY SYMBOLS
The following safety symbols are used to call attention to certain topics. To
avoid equipment damage or possible injury, please devote special attention to
these areas and follow all applicable procedures and warnings.
WARNING:
This symbol calls attention to issues or practices that
could cause serious injury to yourself or others if safety
precautions are disregarded.
CAUTION: This symbol calls attention to issues or practices that
could damage the equipment or cause loss of data if you
disregard the required safety precautions.
. . . . .
PREFACE
Access Point QVPN Builder User Guide XIII
Contacting Lucent Support
For questions or problems with the Access Point QVPN Builder application or
the Access Point router, refer to this manual or to the Lucent Technologies
Lucent Worldwide Services Web site at:
http://www.lucent.com/networkcare
If you are not able to find the help you need, contact Lucent Technologies Inc.
at one of the following locations:
Customer Service: 1.800.272.3634
E-mail:webmail@lucent.com
PREFACE
XIV Access Point QVPN Builder User Guide
Access Point QVPN Builder User Guide 1
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
P
RODUCT
O
VERVIEW
The Access Point QVPN Builder application (Builder) lets you manage
and monitor a virtual private network consisting of Access Point
sys-
tems (APs). This application lets you:
Configure and create virtual private networks
Configure QoS/Firewall parameters
Configure NAT
Monitor usage data
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ACCESS POINT QVPN BUILDER APPLICATION
As use of the Internet for business-class applications continues to grow, so
has the importance of virtual private networks (VPNs). VPNs use a com-
bination of encryption, authentication, and tunneling techniques to create
secure pathways, or tunnels, between geographically separated hosts over
a public network infrastructure. Moreover, with the increasing flow of
data over costly infrastructure, bandwidth management and firewalling
capabilities are essential to classify and schedule IP traffic. Setting up
secure tunnels and managing bandwidth and firewalls to protect business
communications among widely dispersed sites can be time-consuming
and costly.
The Access Point QVPN Builder application is a powerful tool that lets
you create and deploy VPNs easily from a central management station.
While most VPNs must be configured on a host-by-host basis, Builder
enables VPNs to be defined at a single location and exported to defined
PRODUCT OVERVIEW
Integrated Applications
2 Access Point QVPN Builder User Guide
1
sets of hosts (Access Point systems) without network disruptions. Builder also
lets you incorporate firewall and Quality of Service (QoS) parameters as part
of a VPN definition, allowing you to rate-limit and shape traffic flowing over
tunnels. Thus, you get the benefits of IP QoS integrated within a remotely
managed tunnel framework, or QVPN.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
INTEGRATED APPLICATIONS
The Builder includes integrated applications:
The QVPN Request Config daemon allows APs to request (pull) their con-
figuration information from a Builder client or server.
The Traffic Status application displays dynamic bandwidth usage informa-
tion with pie and bar graphs and tracks the performance of defined traffic
classes with a graph wizard.
The Tunnel Status application has specialized applets that display sum-
mary information and traffic rate usage for the tunnels.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PLATFORM REQUIREMENTS
To run the Builder application, your NT or Solaris platform, for standalone or
client/server operation, should meet the following requirements:
NT 4.0 R
EQUIREMENTS
Standalone
400 MHz system
50 MB disk (and additional space for the user-created databases)
128 MB RAM
Java Runtime Environment version 1.2.2 software
Client/Server
400 MHz system
270 MB disk (and additional space for the user-created databases on
the server)
. . . . .
PRODUCT OVERVIEW
Access Point Operating System Support Matrix
Access Point QVPN Builder User Guide 3
256 MB RAM
Java Runtime Environment version 1.2.2 software
S
OLARIS
2.6 R
EQUIREMENTS
Standalone
100 MB disk (and additional space for the user-created databases)
256 MB RAM
Java Runtime Environment version 1.2.2 software
Client/Server
200 MB disk (and additional space for the user-created databases on
the server)
256 MB RAM
Java Runtime Environment version 1.2.2 software
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ACCESS POINT OPERATING SYSTEM SUPPORT MATRIX
The following table shows the relationship of AP operating systems and fea-
tures that Builder supports.
Access Point
Operating System
VPN CBQ NAT
V2.1 Yes No No
V2.2.0 Yes Yes Partial
V2.2.1 Yes Yes Yes
V2.3 Yes Yes Yes
V2.4 Yes Yes Yes
PRODUCT OVERVIEW
Access Point Operating System Support Matrix
4 Access Point QVPN Builder User Guide
1
Access Point QVPN Builder User Guide 5
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I
NSTALLING
THE
QVPN B
UILDER
This section provides general information about installing the Access
Point QVPN Builder application (Builder) and performing initial startup
tasks. Read through the installation and initial startup sections to deter-
mine specific requirements for those tasks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
INSTALLING BUILDER
Before installing or using Builder, make sure the Access Point systems
(APs) are configured and reachable through SNMP. Otherwise, Builder
will not be able to configure these systems. You must configure the AP
with Access Point version 2.2.1 or later software beforehand (including
SNMP access and routing information) so that the Builder can connect to
each AP to perform its tasks.
The Builder has two versions standalone and client/server.
The standalone version has these features:
Installs on a single system
Supports up to 250 QVPN nodes per VPN (VPN count is limited
by only disk space)
The client/server version has these features:
Installs on a single server or many clients of the central server
Supports up to 800 QVPN nodes per VPN (VPN count is limited
by only disk space)
INSTALLING THE QVPN BUILDER
Installing Builder
6 Access Point QVPN Builder User Guide
2
This section describes how to install either the standalone or the client/server
version of the Builder on Solaris or Windows NT systems. You will find
instructions for installing Builder from both a CD-ROM and an executable file.
Refer to one of the following sections to install the Builder.
Installing the Standalone Version on Solaris Systems on Page 6
Installing the Client/Server Version on Solaris Systems on Page 9
Installing the Standalone Version on Windows NT Systems on Page 13
Installing the Client/Server Version on Windows NT Systems on Page
14
I
NSTALLING
THE
S
TANDALONE
V
ERSION
ON
S
OLARIS
S
YSTEMS
Builder runs on a Sun SPARC workstation with these system requirements:
Solaris 2.6 operating system
The JDK patches for Solaris SPARC 2.6 (5.6) with these patch IDs:
- 105490-05 (Linker Patch)
- 105568-13 (Libthread Patch)
- 105210-17 (LibC Patch)
- 105181-11 (Kernel Update Patch socket close/hang)
- 105669-04 (CDE 1.2: libDTSvc Patch dtmail)
To download the patches, start at http://www.sun.com/solaris/java and fol-
low the links to download the JDK; the patches are available on the same
page as the JDK. Follow the instructions to load the patch from the
README.sparc file.
100 MB disk, 256 MB RAM (standalone version)
I
NSTALLING THE STANDALONE VERSION ON SOLARIS SYSTEMS FROM A CD-ROM
Builder is distributed on a CD-ROM. LUxavs, the standalone version of the
Builder application, comes as a directory package that is ready for installation.
The following procedure describes how to install Builder:
1 Make sure you are logged on as a superuser (root).
2 To install Builder, enter the following command:
1/156