Lucent Technologies AP-8 Connection Manual

. . . . .

CCESS OINT

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

UILDER

SER UIDE

This manual describes how to use the Access Point QVPN Builder™ applica-

tion with Access Point™ IP Services routers.

Product: Access Point QVPN Builder

Version: Version 2.4

Part Number: 610-5004-061

Lucent Technologies May 2001

. . . . .

Important - Please Read

Access Point QVPN Builder User Guide III

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

IMPORTANT - PLEASE READ

NOTICE

The information in this manual is provided without warranty of any kind and is

subject to change without notice. Lucent Technologies Inc. assumes no respon-

sibility, and shall have no liability of any kind arising from supply or use of

this publication or any material contained herein.

Company and product names are trademarks or registered trademarks of their

respective companies.

part of this publication may be reproduced, photocopied, or transmitted with-

out express, written consent of Lucent Technologies Inc.

Lucent Technologies Inc.

50 Nagog Park

Acton, MA 01720

USA

http://www.lucent.com

FEDERAL COMMUNICATIONS COMMISSION WARNING

This device complies with Part 15 of the FCC Rules and Regulations. Opera-

tion is subject to the following two conditions:

• The device may not cause harmful interference.

• The device must withstand any interference received, including interfer-

ence that may cause undesired operation.

The Access Point router has been tested and found to comply with the limits

for a Class A digital device pursuant to Part 15 of the FCC Rules and Regula-

tions. These limits are designed to provide reasonable protection against harm-

ful interference when this equipment is operated in a commercial environment.

This equipment generates, uses, and can radiate radio-frequency energy and, if

not installed and used in accordance with the instruction manual, may cause

harmful interference to radio and television communications. Operation of this

equipment in a residential area is likely to cause interference in which case the

user will be required to correct the interference at his or her own expense.

Important - Please Read

IV Access Point QVPN Builder User Guide

Shielded cables must be used with this unit to ensure compliance with the FCC

Class A limits.

QVPN Builder User Guide V

. . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C

ONTENTS

Preface ........................................................................................................ XI

1 Product Overview........................................................................................ 1

Access Point QVPN Builder Application...................................................................1

Integrated Applications...............................................................................................2

Platform Requirements ...............................................................................................2

NT 4.0 Requirements .................................................................................................................2

Solaris 2.6 Requirements............................................................................................................3

Access Point Operating System Support Matrix ........................................................3

2 Installing the QVPN Builder........................................................................ 5

Installing Builder ........................................................................................................5

Installing the Standalone Version on Solaris Systems...............................................................6

Installing the Client/Server Version on Solaris Systems ...........................................................9

Installing the Standalone Version on Windows NT Systems ....................................................13

Installing the Client/Server Version on Windows NT Systems.................................................14

Initial Startup Tasks....................................................................................................16

Logging In For the First Time....................................................................................................17

Logging In For the First Time As a Client.................................................................................17

Evolving Version 2.1 and 2.3 Databases....................................................................................18

Accessing UNIX Server Databases From Windows NT Client Systems ..................................19

Setting Up the QVPN Request Config Daemon to Access UNIX Databases............................20

CONTENTS

VI QVPN Builder User Guide

3 Getting Started With Builder ......................................................................21

About the Builder Window ........................................................................................21

The Tree Frame ..........................................................................................................................23

The Configuration and Deployment Tabs..................................................................................23

The Log Frame ...........................................................................................................................24

Getting Detailed Help Information.............................................................................26

Configuring SNMP Access Settings ..........................................................................26

Managing Access Point Systems................................................................................28

Adding Access Point Systems....................................................................................................28

Modifying Access Point Systems...............................................................................................28

Removing Access Point Systems ...............................................................................................28

Using the Traffic Status and Tunnel Status Applications ..........................................29

Traffic Status Application ..........................................................................................................30

Tunnel Status Application..........................................................................................................31

Using the QVPN Request Config Daemon................................................................32

Starting Up the Daemon.............................................................................................................33

Using the Daemon......................................................................................................................33

Shutting Down the Daemon .......................................................................................................34

Verifying Daemon Operation.....................................................................................................34

Changing the SNMP Community Name for the Daemon..........................................................35

Troubleshooting the Daemon .....................................................................................................35

4 Managing VPNs ...........................................................................................37

Creating or Modifying VPN Definitions....................................................................38

Selecting the Configuration Method...........................................................................................38

Changing VPN Settings for the VPN.........................................................................................39

Changing VPN Settings for the Access Point Systems..............................................................41

Changing Probe Settings ............................................................................................................43

Saving the VPN Definition.........................................................................................45

Saving the VPN Definition With the Standalone Version .........................................................46

Saving the VPN Definition With the Client/Server Version......................................................46

Opening VPN Definitions ..........................................................................................46

Opening the VPN Definition With the Standalone Version.......................................................47

Opening the VPN Definition With the Client/Server Version...................................................47

Accessing Locked Files..............................................................................................................48

Removing VPN Definitions .......................................................................................48

Removing the VPN Definition With the Standalone Version....................................................48

. . . . .

CONTENTS

QVPN Builder User Guide VII

Removing the VPN Definition With the Client/Server Version................................................49

Using VPN Definitions...............................................................................................49

Exporting Data ...........................................................................................................................49

Importing VPN Data Files..........................................................................................................50

Importing VPN Definitions From Version 1.1...........................................................................53

Verifying the Configuration........................................................................................53

Deploying the Configuration ......................................................................................53

Using the VPN Deployment Tables............................................................................54

VPN Statistics ............................................................................................................................55

VPN or AP Summary Information.............................................................................................55

Tunnel, Route, and IPSec Interface Information........................................................................56

Managing Security Profiles ........................................................................................58

Adding Security Profiles............................................................................................................59

Modifying Security Profiles.......................................................................................................59

Deleting Security Profiles ..........................................................................................................60

5 Managing QoS/Firewall Policies................................................................61

Using the QoS/Firewall Rule Set Editor.....................................................................62

Default Template Rule Set Definition and Modification...........................................................64

Defining a Rule Set.....................................................................................................66

Adding a Rule.............................................................................................................................67

Specifying Parameters................................................................................................................67

Changing the Rule Name ...........................................................................................................75

Specifying Execution Order.......................................................................................................76

Adding or Changing Comments.................................................................................................76

Removing a Rule........................................................................................................................77

Purging Unused Parameters.......................................................................................................77

Modifying a Rule Set..................................................................................................77

Modifying the Default New Rule Set .........................................................................78

Removing a Rule Set ..................................................................................................79

Associating a Rule Set................................................................................................79

Setting Parameter Values............................................................................................80

Verifying the QoS/Firewall Policies...........................................................................82

Deploying the QoS/Firewall Policies to APs..............................................................82

Using the QoS/Firewall Deployment Table................................................................83

Modifying the Definition View..................................................................................................83

Using the Apply/Query View.....................................................................................................84

CONTENTS

VIII QVPN Builder User Guide

Using Rule Sets ..........................................................................................................85

Exporting Rule Sets....................................................................................................................85

Importing Rule Set Files.............................................................................................................86

Specifying a Rule Set for a VPN................................................................................87

Using the QoS/Firewall: Examples............................................................................88

Configuring a Firewall That Allows Web Surfing.....................................................................88

Configuring SYN Flood Protection............................................................................................95

Classifying ICMP Packets..........................................................................................................99

Creating a Forwarding Policy.....................................................................................................101

6 Managing NAT .............................................................................................105

Configuring General NAT Parameters.......................................................................106

Enabling NAT.............................................................................................................................106

Specifying Maximum Number of Sessions................................................................................107

Specifying Session Timers .........................................................................................................107

Applying Parameters ..................................................................................................................108

Saving the NAT Configuration...................................................................................................109

Adding the NAT Layer...............................................................................................109

Configuring Static Bindings.......................................................................................111

Configuring Address Translation Pools .....................................................................112

Configuring Basic NAT Pools....................................................................................................113

Configuring NAPT Pools ...........................................................................................................114

Configuring LSNAT Pools.........................................................................................................115

Removing Pools..........................................................................................................................117

Configuring Private Networks....................................................................................117

Checking the Configuration .......................................................................................119

Deploying the NAT Configuration to All APs...........................................................120

Using the NAT Deployment Tab ...............................................................................120

7 Advanced Features of Builder....................................................................125

Specifying Preferences...............................................................................................126

General Preferences....................................................................................................................126

Logging Preferences...................................................................................................................126

Directory Preferences.................................................................................................................128

Configuring Logging..................................................................................................129

Clearing the Log Display............................................................................................................129

Purging the Log Database...........................................................................................................129

. . . . .

CONTENTS

QVPN Builder User Guide IX

Exporting the Log Table To a File.............................................................................................130

Managing User Profiles ..............................................................................................130

Adding User Profiles..................................................................................................................131

Modifying User Profiles.............................................................................................................131

Deleting User Profiles................................................................................................................132

Restoring VPN Databases...........................................................................................132

Finding a VPN Name..................................................................................................133

Troubleshooting..........................................................................................................133

Figures

Figure 1 QVPN Builder Login Screen ........................................................................16

Figure 2 QVPN Builder Definition View Window .....................................................22

Figure 3 QoS/Firewall Rule Set Editor Window ........................................................62

Figure 4 Stateful Firewall that Allows Web Surfing ...................................................88

Tables

Table 1 Definition View Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Table 2 QoS/Firewall Rule Set Editor Tool Bar Buttons . . . . . . . . . . . . . . . . . . . . . 62

Table 3 Default Action Profiles and Associated CBQ Trees . . . . . . . . . . . . . . . . . . 75

CONTENTS

X QVPN Builder User Guide

Access Point QVPN Builder User Guide XI

. . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

P

REFACE

The Access Point™ IP Services family comprises a set of bridging rout-

ers with advanced bandwidth management and VPN server capabilities.

The Access Point QVPN Builder

™ application lets you manage and

monitor a virtual private network of Access Point systems. This guide

explains how to install, configure, and manage the Access Point QVPN

Builder application. Chapter titles and their subject areas are outlined

below.

Audience

The Access Point product is a bridging router with advanced bandwidth

management and VPN capabilities. Configuring any IP routing engine

Chapter Title Areas Treated

1

Product Overview Provides an overview of the Access Point

QVPN Builder application

2

Installing the QVPN Builder Provides information about installing Access

Point QVPN Builder

3

Getting Started With Builder Provides general information about the

Builder graphical user interface, application-

wide tasks, and associated applications

4

Managing VPNs Explains how to configure IPSEC tunnels

using VPN definitions

5

Managing QoS/Firewall

Policies

Explains how to set firewall rules and QoS

policies

6

Managing NAT Explains how to configure the Network

Address Translator (NAT)

7

Advanced Features of

Builder

Provides information about preferences,

logging, and user profiles for Builder

PREFACE

XII Access Point QVPN Builder User Guide

requires considerable experience with routers, hubs, bridges, and other net-

working devices. In particular, Lucent Technologies assumes that persons

installing, configuring, and managing the Access Point product have several

years of networking experience.

The Access Point QVPN Builder application lets you configure and manage

virtual private networks from a central management station. Builder is flexible

enough to provision the security profiles, firewall rules, and Quality of Service

policies for small or large VPNs.

Conventions

This guide uses the following conventions.

• Bold indicates items that you select from the Builder application.

• Italics indicates command.

• A vertical bar | between elements indicates that you must choose one of

them.

• Square brackets [ ] indicate optional elements.

• Parentheses ( ) contain a group from which you make a selection.

• Angle brackets < > contain an element that you specify, such as a name or

an address.

• Ellipses ... following a component, subcomponent, or parameter indicate

that it can be repeated.

S

AFETY SYMBOLS

The following safety symbols are used to call attention to certain topics. To

avoid equipment damage or possible injury, please devote special attention to

these areas and follow all applicable procedures and warnings.

WARNING:

This symbol calls attention to issues or practices that

could cause serious injury to yourself or others if safety

precautions are disregarded.

CAUTION: This symbol calls attention to issues or practices that

could damage the equipment or cause loss of data if you

disregard the required safety precautions.

. . . . .

PREFACE

Access Point QVPN Builder User Guide XIII

Contacting Lucent Support

For questions or problems with the Access Point QVPN Builder application or

the Access Point router, refer to this manual or to the Lucent Technologies

Lucent Worldwide Services Web site at:

http://www.lucent.com/networkcare

If you are not able to find the help you need, contact Lucent Technologies Inc.

at one of the following locations:

Customer Service: 1.800.272.3634

E-mail:webmai[email protected]

PREFACE

XIV Access Point QVPN Builder User Guide

Access Point QVPN Builder User Guide 1

. . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

P

RODUCT

O

VERVIEW

The Access Point QVPN Builder™ application (Builder) lets you manage

and monitor a virtual private network consisting of Access Point

™ sys-

tems (APs). This application lets you:

• Configure and create virtual private networks

• Configure QoS/Firewall parameters

• Configure NAT

• Monitor usage data

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ACCESS POINT QVPN BUILDER APPLICATION

As use of the Internet for business-class applications continues to grow, so

has the importance of virtual private networks (VPNs). VPNs use a com-

bination of encryption, authentication, and tunneling techniques to create

secure pathways, or tunnels, between geographically separated hosts over

a public network infrastructure. Moreover, with the increasing flow of

data over costly infrastructure, bandwidth management and firewalling

capabilities are essential to classify and schedule IP traffic. Setting up

secure tunnels and managing bandwidth and firewalls to protect business

communications among widely dispersed sites can be time-consuming

and costly.

The Access Point QVPN Builder application is a powerful tool that lets

you create and deploy VPNs easily from a central management station.

While most VPNs must be configured on a host-by-host basis, Builder

enables VPNs to be defined at a single location and exported to defined

PRODUCT OVERVIEW

Integrated Applications

2 Access Point QVPN Builder User Guide

1

sets of hosts (Access Point systems) without network disruptions. Builder also

lets you incorporate firewall and Quality of Service (QoS) parameters as part

of a VPN definition, allowing you to rate-limit and shape traffic flowing over

tunnels. Thus, you get the benefits of IP QoS integrated within a remotely

managed tunnel framework, or QVPN.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

INTEGRATED APPLICATIONS

The Builder includes integrated applications:

• The QVPN Request Config daemon allows APs to request (pull) their con-

figuration information from a Builder client or server.

• The Traffic Status application displays dynamic bandwidth usage informa-

tion with pie and bar graphs and tracks the performance of defined traffic

classes with a graph wizard.

• The Tunnel Status application has specialized applets that display sum-

mary information and traffic rate usage for the tunnels.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

PLATFORM REQUIREMENTS

To run the Builder application, your NT or Solaris platform, for standalone or

client/server operation, should meet the following requirements:

NT 4.0 R

EQUIREMENTS

• Standalone

• 400 MHz system

• 50 MB disk (and additional space for the user-created databases)

• 128 MB RAM

• Java Runtime Environment version 1.2.2 software

• Client/Server

• 400 MHz system

• 270 MB disk (and additional space for the user-created databases on

the server)

. . . . .

PRODUCT OVERVIEW

Access Point Operating System Support Matrix

Access Point QVPN Builder User Guide 3

• 256 MB RAM

• Java Runtime Environment version 1.2.2 software

S

OLARIS

2.6 R

EQUIREMENTS

• Standalone

• 100 MB disk (and additional space for the user-created databases)

• 256 MB RAM

• Java Runtime Environment version 1.2.2 software

• Client/Server

• 200 MB disk (and additional space for the user-created databases on

the server)

• 256 MB RAM

• Java Runtime Environment version 1.2.2 software

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ACCESS POINT OPERATING SYSTEM SUPPORT MATRIX

The following table shows the relationship of AP operating systems and fea-

tures that Builder supports.

Access Point

Operating System

VPN CBQ NAT

V2.1 Yes No No

V2.2.0 Yes Yes Partial

V2.2.1 Yes Yes Yes

V2.3 Yes Yes Yes

V2.4 Yes Yes Yes

PRODUCT OVERVIEW

Access Point Operating System Support Matrix

4 Access Point QVPN Builder User Guide

1

Access Point QVPN Builder User Guide 5

. . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

I

NSTALLING

THE

QVPN B

UILDER

This section provides general information about installing the Access

Point QVPN Builder application (Builder) and performing initial startup

tasks. Read through the installation and initial startup sections to deter-

mine specific requirements for those tasks.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

INSTALLING BUILDER

Before installing or using Builder, make sure the Access Point systems

(APs) are configured and reachable through SNMP. Otherwise, Builder

will not be able to configure these systems. You must configure the AP

with Access Point version 2.2.1 or later software beforehand (including

SNMP access and routing information) so that the Builder can connect to

each AP to perform its tasks.

The Builder has two versions — standalone and client/server.

The standalone version has these features:

• Installs on a single system

• Supports up to 250 QVPN nodes per VPN (VPN count is limited

by only disk space)

The client/server version has these features:

• Installs on a single server or many clients of the central server

• Supports up to 800 QVPN nodes per VPN (VPN count is limited

by only disk space)

INSTALLING THE QVPN BUILDER

Installing Builder

6 Access Point QVPN Builder User Guide

2

This section describes how to install either the standalone or the client/server

version of the Builder on Solaris or Windows NT systems. You will find

instructions for installing Builder from both a CD-ROM and an executable file.

Refer to one of the following sections to install the Builder.

• “Installing the Standalone Version on Solaris Systems” on Page 6

• “Installing the Client/Server Version on Solaris Systems” on Page 9

• “Installing the Standalone Version on Windows NT Systems” on Page 13

• “Installing the Client/Server Version on Windows NT Systems” on Page

14

I

NSTALLING

THE

S

TANDALONE

V

ERSION

ON

S

OLARIS

S

YSTEMS

Builder runs on a Sun SPARC workstation with these system requirements:

• Solaris 2.6 operating system

• The JDK patches for Solaris SPARC 2.6 (5.6) with these patch IDs:

- 105490-05 (Linker Patch)

- 105568-13 (Libthread Patch)

- 105210-17 (LibC Patch)

- 105181-11 (Kernel Update Patch — socket close/hang)

- 105669-04 (CDE 1.2: libDTSvc Patch — dtmail)

To download the patches, start at http://www.sun.com/solaris/java and fol-

low the links to download the JDK; the patches are available on the same

page as the JDK. Follow the instructions to load the patch from the

README.sparc file.

• 100 MB disk, 256 MB RAM (standalone version)

I

NSTALLING THE STANDALONE VERSION ON SOLARIS SYSTEMS FROM A CD-ROM

Builder is distributed on a CD-ROM. LUxavs, the standalone version of the

Builder application, comes as a directory package that is ready for installation.

The following procedure describes how to install Builder:

1 Make sure you are logged on as a superuser (root).

2 To install Builder, enter the following command:

Page is loading ...

Lucent Technologies AP-8 Connection Manual

This manual is also suitable for

Lucent Technologies AP-8 Connection Manual

Related papers

Other documents