Lucent Technologies AP-8 Connection Manual

Category
Networking
Type
Connection Manual

This manual is also suitable for

. . . . .
CCESS OINT
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
UILDER
SER UIDE
This manual describes how to use the Access Point QVPN Builder™ applica-
tion with Access Point™ IP Services routers.
Product: Access Point QVPN Builder
Version: Version 2.4
Part Number: 610-5004-061
Lucent Technologies May 2001
. . . . .
Important - Please Read
Access Point QVPN Builder User Guide III
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IMPORTANT - PLEASE READ
NOTICE
The information in this manual is provided without warranty of any kind and is
subject to change without notice. Lucent Technologies Inc. assumes no respon-
sibility, and shall have no liability of any kind arising from supply or use of
this publication or any material contained herein.
Company and product names are trademarks or registered trademarks of their
respective companies.
Copyright © 1997 - 2001 by Lucent Technologies Inc. All rights reserved. No
part of this publication may be reproduced, photocopied, or transmitted with-
out express, written consent of Lucent Technologies Inc.
Lucent Technologies Inc.
50 Nagog Park
Acton, MA 01720
USA
http://www.lucent.com
FEDERAL COMMUNICATIONS COMMISSION WARNING
This device complies with Part 15 of the FCC Rules and Regulations. Opera-
tion is subject to the following two conditions:
The device may not cause harmful interference.
The device must withstand any interference received, including interfer-
ence that may cause undesired operation.
The Access Point router has been tested and found to comply with the limits
for a Class A digital device pursuant to Part 15 of the FCC Rules and Regula-
tions. These limits are designed to provide reasonable protection against harm-
ful interference when this equipment is operated in a commercial environment.
This equipment generates, uses, and can radiate radio-frequency energy and, if
not installed and used in accordance with the instruction manual, may cause
harmful interference to radio and television communications. Operation of this
equipment in a residential area is likely to cause interference in which case the
user will be required to correct the interference at his or her own expense.
Important - Please Read
IV Access Point QVPN Builder User Guide
Shielded cables must be used with this unit to ensure compliance with the FCC
Class A limits.
QVPN Builder User Guide V
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C
ONTENTS
Preface ........................................................................................................ XI
1 Product Overview........................................................................................ 1
Access Point QVPN Builder Application...................................................................1
Integrated Applications...............................................................................................2
Platform Requirements ...............................................................................................2
NT 4.0 Requirements .................................................................................................................2
Solaris 2.6 Requirements............................................................................................................3
Access Point Operating System Support Matrix ........................................................3
2 Installing the QVPN Builder........................................................................ 5
Installing Builder ........................................................................................................5
Installing the Standalone Version on Solaris Systems...............................................................6
Installing the Client/Server Version on Solaris Systems ...........................................................9
Installing the Standalone Version on Windows NT Systems ....................................................13
Installing the Client/Server Version on Windows NT Systems.................................................14
Initial Startup Tasks....................................................................................................16
Logging In For the First Time....................................................................................................17
Logging In For the First Time As a Client.................................................................................17
Evolving Version 2.1 and 2.3 Databases....................................................................................18
Accessing UNIX Server Databases From Windows NT Client Systems ..................................19
Setting Up the QVPN Request Config Daemon to Access UNIX Databases............................20
CONTENTS
VI QVPN Builder User Guide
3 Getting Started With Builder ......................................................................21
About the Builder Window ........................................................................................21
The Tree Frame ..........................................................................................................................23
The Configuration and Deployment Tabs..................................................................................23
The Log Frame ...........................................................................................................................24
Getting Detailed Help Information.............................................................................26
Configuring SNMP Access Settings ..........................................................................26
Managing Access Point Systems................................................................................28
Adding Access Point Systems....................................................................................................28
Modifying Access Point Systems...............................................................................................28
Removing Access Point Systems ...............................................................................................28
Using the Traffic Status and Tunnel Status Applications ..........................................29
Traffic Status Application ..........................................................................................................30
Tunnel Status Application..........................................................................................................31
Using the QVPN Request Config Daemon................................................................32
Starting Up the Daemon.............................................................................................................33
Using the Daemon......................................................................................................................33
Shutting Down the Daemon .......................................................................................................34
Verifying Daemon Operation.....................................................................................................34
Changing the SNMP Community Name for the Daemon..........................................................35
Troubleshooting the Daemon .....................................................................................................35
4 Managing VPNs ...........................................................................................37
Creating or Modifying VPN Definitions....................................................................38
Selecting the Configuration Method...........................................................................................38
Changing VPN Settings for the VPN.........................................................................................39
Changing VPN Settings for the Access Point Systems..............................................................41
Changing Probe Settings ............................................................................................................43
Saving the VPN Definition.........................................................................................45
Saving the VPN Definition With the Standalone Version .........................................................46
Saving the VPN Definition With the Client/Server Version......................................................46
Opening VPN Definitions ..........................................................................................46
Opening the VPN Definition With the Standalone Version.......................................................47
Opening the VPN Definition With the Client/Server Version...................................................47
Accessing Locked Files..............................................................................................................48
Removing VPN Definitions .......................................................................................48
Removing the VPN Definition With the Standalone Version....................................................48
. . . . .
CONTENTS
QVPN Builder User Guide VII
Removing the VPN Definition With the Client/Server Version................................................49
Using VPN Definitions...............................................................................................49
Exporting Data ...........................................................................................................................49
Importing VPN Data Files..........................................................................................................50
Importing VPN Definitions From Version 1.1...........................................................................53
Verifying the Configuration........................................................................................53
Deploying the Configuration ......................................................................................53
Using the VPN Deployment Tables............................................................................54
VPN Statistics ............................................................................................................................55
VPN or AP Summary Information.............................................................................................55
Tunnel, Route, and IPSec Interface Information........................................................................56
Managing Security Profiles ........................................................................................58
Adding Security Profiles............................................................................................................59
Modifying Security Profiles.......................................................................................................59
Deleting Security Profiles ..........................................................................................................60
5 Managing QoS/Firewall Policies................................................................61
Using the QoS/Firewall Rule Set Editor.....................................................................62
Default Template Rule Set Definition and Modification...........................................................64
Defining a Rule Set.....................................................................................................66
Adding a Rule.............................................................................................................................67
Specifying Parameters................................................................................................................67
Changing the Rule Name ...........................................................................................................75
Specifying Execution Order.......................................................................................................76
Adding or Changing Comments.................................................................................................76
Removing a Rule........................................................................................................................77
Purging Unused Parameters.......................................................................................................77
Modifying a Rule Set..................................................................................................77
Modifying the Default New Rule Set .........................................................................78
Removing a Rule Set ..................................................................................................79
Associating a Rule Set................................................................................................79
Setting Parameter Values............................................................................................80
Verifying the QoS/Firewall Policies...........................................................................82
Deploying the QoS/Firewall Policies to APs..............................................................82
Using the QoS/Firewall Deployment Table................................................................83
Modifying the Definition View..................................................................................................83
Using the Apply/Query View.....................................................................................................84
CONTENTS
VIII QVPN Builder User Guide
Using Rule Sets ..........................................................................................................85
Exporting Rule Sets....................................................................................................................85
Importing Rule Set Files.............................................................................................................86
Specifying a Rule Set for a VPN................................................................................87
Using the QoS/Firewall: Examples............................................................................88
Configuring a Firewall That Allows Web Surfing.....................................................................88
Configuring SYN Flood Protection............................................................................................95
Classifying ICMP Packets..........................................................................................................99
Creating a Forwarding Policy.....................................................................................................101
6 Managing NAT .............................................................................................105
Configuring General NAT Parameters.......................................................................106
Enabling NAT.............................................................................................................................106
Specifying Maximum Number of Sessions................................................................................107
Specifying Session Timers .........................................................................................................107
Applying Parameters ..................................................................................................................108
Saving the NAT Configuration...................................................................................................109
Adding the NAT Layer...............................................................................................109
Configuring Static Bindings.......................................................................................111
Configuring Address Translation Pools .....................................................................112
Configuring Basic NAT Pools....................................................................................................113
Configuring NAPT Pools ...........................................................................................................114
Configuring LSNAT Pools.........................................................................................................115
Removing Pools..........................................................................................................................117
Configuring Private Networks....................................................................................117
Checking the Configuration .......................................................................................119
Deploying the NAT Configuration to All APs...........................................................120
Using the NAT Deployment Tab ...............................................................................120
7 Advanced Features of Builder....................................................................125
Specifying Preferences...............................................................................................126
General Preferences....................................................................................................................126
Logging Preferences...................................................................................................................126
Directory Preferences.................................................................................................................128
Configuring Logging..................................................................................................129
Clearing the Log Display............................................................................................................129
Purging the Log Database...........................................................................................................129
. . . . .
CONTENTS
QVPN Builder User Guide IX
Exporting the Log Table To a File.............................................................................................130
Managing User Profiles ..............................................................................................130
Adding User Profiles..................................................................................................................131
Modifying User Profiles.............................................................................................................131
Deleting User Profiles................................................................................................................132
Restoring VPN Databases...........................................................................................132
Finding a VPN Name..................................................................................................133
Troubleshooting..........................................................................................................133
Figures
Figure 1 QVPN Builder Login Screen ........................................................................16
Figure 2 QVPN Builder Definition View Window .....................................................22
Figure 3 QoS/Firewall Rule Set Editor Window ........................................................62
Figure 4 Stateful Firewall that Allows Web Surfing ...................................................88
Tables
Table 1 Definition View Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Table 2 QoS/Firewall Rule Set Editor Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . 62
Table 3 Default Action Profiles and Associated CBQ Trees . . . . . . . . . . . . . . . . . . 75
CONTENTS
X QVPN Builder User Guide
Access Point QVPN Builder User Guide XI
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
P
REFACE
The Access Point IP Services family comprises a set of bridging rout-
ers with advanced bandwidth management and VPN server capabilities.
The Access Point QVPN Builder
application lets you manage and
monitor a virtual private network of Access Point systems. This guide
explains how to install, configure, and manage the Access Point QVPN
Builder application. Chapter titles and their subject areas are outlined
below.
Audience
The Access Point product is a bridging router with advanced bandwidth
management and VPN capabilities. Configuring any IP routing engine
Chapter Title Areas Treated
1
Product Overview Provides an overview of the Access Point
QVPN Builder application
2
Installing the QVPN Builder Provides information about installing Access
Point QVPN Builder
3
Getting Started With Builder Provides general information about the
Builder graphical user interface, application-
wide tasks, and associated applications
4
Managing VPNs Explains how to configure IPSEC tunnels
using VPN definitions
5
Managing QoS/Firewall
Policies
Explains how to set firewall rules and QoS
policies
6
Managing NAT Explains how to configure the Network
Address Translator (NAT)
7
Advanced Features of
Builder
Provides information about preferences,
logging, and user profiles for Builder
PREFACE
XII Access Point QVPN Builder User Guide
requires considerable experience with routers, hubs, bridges, and other net-
working devices. In particular, Lucent Technologies assumes that persons
installing, configuring, and managing the Access Point product have several
years of networking experience.
The Access Point QVPN Builder application lets you configure and manage
virtual private networks from a central management station. Builder is flexible
enough to provision the security profiles, firewall rules, and Quality of Service
policies for small or large VPNs.
Conventions
This guide uses the following conventions.
Bold indicates items that you select from the Builder application.
Italics indicates command.
A vertical bar | between elements indicates that you must choose one of
them.
Square brackets [ ] indicate optional elements.
Parentheses ( ) contain a group from which you make a selection.
Angle brackets < > contain an element that you specify, such as a name or
an address.
Ellipses ... following a component, subcomponent, or parameter indicate
that it can be repeated.
S
AFETY SYMBOLS
The following safety symbols are used to call attention to certain topics. To
avoid equipment damage or possible injury, please devote special attention to
these areas and follow all applicable procedures and warnings.
WARNING:
This symbol calls attention to issues or practices that
could cause serious injury to yourself or others if safety
precautions are disregarded.
CAUTION: This symbol calls attention to issues or practices that
could damage the equipment or cause loss of data if you
disregard the required safety precautions.
. . . . .
PREFACE
Access Point QVPN Builder User Guide XIII
Contacting Lucent Support
For questions or problems with the Access Point QVPN Builder application or
the Access Point router, refer to this manual or to the Lucent Technologies
Lucent Worldwide Services Web site at:
http://www.lucent.com/networkcare
If you are not able to find the help you need, contact Lucent Technologies Inc.
at one of the following locations:
Customer Service: 1.800.272.3634
E-mail:webmai[email protected]
PREFACE
XIV Access Point QVPN Builder User Guide
Access Point QVPN Builder User Guide 1
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
P
RODUCT
O
VERVIEW
The Access Point QVPN Builder application (Builder) lets you manage
and monitor a virtual private network consisting of Access Point
sys-
tems (APs). This application lets you:
Configure and create virtual private networks
Configure QoS/Firewall parameters
Configure NAT
Monitor usage data
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ACCESS POINT QVPN BUILDER APPLICATION
As use of the Internet for business-class applications continues to grow, so
has the importance of virtual private networks (VPNs). VPNs use a com-
bination of encryption, authentication, and tunneling techniques to create
secure pathways, or tunnels, between geographically separated hosts over
a public network infrastructure. Moreover, with the increasing flow of
data over costly infrastructure, bandwidth management and firewalling
capabilities are essential to classify and schedule IP traffic. Setting up
secure tunnels and managing bandwidth and firewalls to protect business
communications among widely dispersed sites can be time-consuming
and costly.
The Access Point QVPN Builder application is a powerful tool that lets
you create and deploy VPNs easily from a central management station.
While most VPNs must be configured on a host-by-host basis, Builder
enables VPNs to be defined at a single location and exported to defined
PRODUCT OVERVIEW
Integrated Applications
2 Access Point QVPN Builder User Guide
1
sets of hosts (Access Point systems) without network disruptions. Builder also
lets you incorporate firewall and Quality of Service (QoS) parameters as part
of a VPN definition, allowing you to rate-limit and shape traffic flowing over
tunnels. Thus, you get the benefits of IP QoS integrated within a remotely
managed tunnel framework, or QVPN.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
INTEGRATED APPLICATIONS
The Builder includes integrated applications:
The QVPN Request Config daemon allows APs to request (pull) their con-
figuration information from a Builder client or server.
The Traffic Status application displays dynamic bandwidth usage informa-
tion with pie and bar graphs and tracks the performance of defined traffic
classes with a graph wizard.
The Tunnel Status application has specialized applets that display sum-
mary information and traffic rate usage for the tunnels.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PLATFORM REQUIREMENTS
To run the Builder application, your NT or Solaris platform, for standalone or
client/server operation, should meet the following requirements:
NT 4.0 R
EQUIREMENTS
Standalone
400 MHz system
50 MB disk (and additional space for the user-created databases)
128 MB RAM
Java Runtime Environment version 1.2.2 software
Client/Server
400 MHz system
270 MB disk (and additional space for the user-created databases on
the server)
. . . . .
PRODUCT OVERVIEW
Access Point Operating System Support Matrix
Access Point QVPN Builder User Guide 3
256 MB RAM
Java Runtime Environment version 1.2.2 software
S
OLARIS
2.6 R
EQUIREMENTS
Standalone
100 MB disk (and additional space for the user-created databases)
256 MB RAM
Java Runtime Environment version 1.2.2 software
Client/Server
200 MB disk (and additional space for the user-created databases on
the server)
256 MB RAM
Java Runtime Environment version 1.2.2 software
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ACCESS POINT OPERATING SYSTEM SUPPORT MATRIX
The following table shows the relationship of AP operating systems and fea-
tures that Builder supports.
Access Point
Operating System
VPN CBQ NAT
V2.1 Yes No No
V2.2.0 Yes Yes Partial
V2.2.1 Yes Yes Yes
V2.3 Yes Yes Yes
V2.4 Yes Yes Yes
PRODUCT OVERVIEW
Access Point Operating System Support Matrix
4 Access Point QVPN Builder User Guide
1
Access Point QVPN Builder User Guide 5
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I
NSTALLING
THE
QVPN B
UILDER
This section provides general information about installing the Access
Point QVPN Builder application (Builder) and performing initial startup
tasks. Read through the installation and initial startup sections to deter-
mine specific requirements for those tasks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
INSTALLING BUILDER
Before installing or using Builder, make sure the Access Point systems
(APs) are configured and reachable through SNMP. Otherwise, Builder
will not be able to configure these systems. You must configure the AP
with Access Point version 2.2.1 or later software beforehand (including
SNMP access and routing information) so that the Builder can connect to
each AP to perform its tasks.
The Builder has two versions standalone and client/server.
The standalone version has these features:
Installs on a single system
Supports up to 250 QVPN nodes per VPN (VPN count is limited
by only disk space)
The client/server version has these features:
Installs on a single server or many clients of the central server
Supports up to 800 QVPN nodes per VPN (VPN count is limited
by only disk space)
INSTALLING THE QVPN BUILDER
Installing Builder
6 Access Point QVPN Builder User Guide
2
This section describes how to install either the standalone or the client/server
version of the Builder on Solaris or Windows NT systems. You will find
instructions for installing Builder from both a CD-ROM and an executable file.
Refer to one of the following sections to install the Builder.
Installing the Standalone Version on Solaris Systems on Page 6
Installing the Client/Server Version on Solaris Systems on Page 9
Installing the Standalone Version on Windows NT Systems on Page 13
Installing the Client/Server Version on Windows NT Systems on Page
14
I
NSTALLING
THE
S
TANDALONE
V
ERSION
ON
S
OLARIS
S
YSTEMS
Builder runs on a Sun SPARC workstation with these system requirements:
Solaris 2.6 operating system
The JDK patches for Solaris SPARC 2.6 (5.6) with these patch IDs:
- 105490-05 (Linker Patch)
- 105568-13 (Libthread Patch)
- 105210-17 (LibC Patch)
- 105181-11 (Kernel Update Patch socket close/hang)
- 105669-04 (CDE 1.2: libDTSvc Patch dtmail)
To download the patches, start at http://www.sun.com/solaris/java and fol-
low the links to download the JDK; the patches are available on the same
page as the JDK. Follow the instructions to load the patch from the
README.sparc file.
100 MB disk, 256 MB RAM (standalone version)
I
NSTALLING THE STANDALONE VERSION ON SOLARIS SYSTEMS FROM A CD-ROM
Builder is distributed on a CD-ROM. LUxavs, the standalone version of the
Builder application, comes as a directory package that is ready for installation.
The following procedure describes how to install Builder:
1 Make sure you are logged on as a superuser (root).
2 To install Builder, enter the following command:
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156

Lucent Technologies AP-8 Connection Manual

Category
Networking
Type
Connection Manual
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI