Nortel Secure Router 4134 Configuration

Nortel Secure Router 4134

Security — Conﬁguration and

Management

NN47263-600 (323257-A).

Document status: Standard

Document version: 01.02

Document date: 3 August 2007

This document is protected by copyright laws and international treaties. All information, copyrights and any other

intellectual property rights contained in this document are the property of Nortel Networks. Except as expressly

authorized in writing by Nortel Networks, the holder is granted no rights to use the information contained herein and

this document shall not be published, copied, produced or reproduced, modiﬁed, translated, compiled, distributed,

displayed or transmitted, in whole or part, in any form or media.

Sourced in Canada, the United States of America, and India.

3

Contents

New in this release 13

Features 13

Firewall and NAT 13

Packet ﬁlter 14

IPsec VPN 14

GRE and IPIP tunneling 15

PPPoE client 15

Authentication, Authorization, and Accounting 16

SSH2 17

Introduction 19

Navigation 19

Firewall and NAT Fundamentals 21

Firewall Overview 21

Stateful inspection elements 22

Virtual ﬁrewall zones 22

Transit policies on trusted zones only 23

No transit policies on internet untrusted zone 23

Default ﬁrewall 24

Three-legged ﬁrewall 24

Firewall network protection features 25

Application and URL ﬁltering 25

Policy-based controls 26

Logging and statistics 26

ALG Overview 27

Supported ALGs 27

NAT Overview 28

Static NAT 29

Dynamic NAT 29

PAT 29

NAT failover for ﬁrewalls 30

Scalability 30

Interoperability with CS 1000 and MCS 5100 call servers 30

Cone NAT for CS 1000 30

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

4Contents

SIP ALG for MCS 5100 31

NAT Hairpinning 35

Standards compliance 36

Packet ﬁlter fundamentals 37

Packet ﬁlters on WAN modules and chassis Ethernet ports 37

Packet ﬁlters on Ethernet modules 37

Maximum allowable ﬁlter rules on Ethernet modules 38

Available packet ﬁlters 38

IPv4 packet ﬁlters 38

IPv6 packet ﬁlters 39

MAC packet ﬁlters 40

Logging 40

Scalability 40

Ethernet module limits 40

Conﬁguration considerations 41

Troubleshooting 41

IPsec VPN fundamentals 43

Site-to-Site VPN 44

Remote access VPN 46

Remote access VPN with L2TP server 47

Supported IPsec security protocols 48

IPsec modes 48

Shared key negotiation with IKE 48

IKE modes 49

Peer authentication methods for IKE 50

User authentication for remote access VPN 51

Digital Certiﬁcates in IKE 51

Internet X.509 PKI certiﬁcate and CRL proﬁle 52

Certiﬁcate validation 52

Certiﬁcate enrollment using SCEP client 53

Manual certiﬁcate enrollment 54

Dead peer detection 54

Nat Traversal support 54

Multiple IKE proposals 54

Multiple IPsec proposals 55

Identifying trafﬁc to be encrypted with VPN 56

Firewall considerations for trusted and untrusted VPN interfaces 57

Routing considerations for VPN (and ﬁrewall) 57

Perfect forward secrecy 57

Dead peer detection 58

Security Policy Database 59

PMTU support 59

Firewall considerations with VPN 59

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Contents 5

QoS over VPN 60

Crypto QoS (CBQ) for IPsec VPN 60

Logging and Statistics 62

Standards compliance 62

GRE and IPIP tunneling fundamentals 65

GRE and IPIP tunneling for IPv4 65

IPIP 66

GRE 66

Tunnel protection 66

IPv6 over IPv4 tunneling 66

IPv6 over manually-conﬁgured IPv4 tunnels 66

IPv6 over IPv4 GRE tunnels 67

Auto 6to4 tunneling 67

Standards compliance 67

PPPoE client fundamentals 69

Standards compliance 70

Authentication, Authorization, and Accounting fundamentals 71

Authentication 71

PAP authentication 71

CHAP authentication 72

RADIUS 72

TACACS 72

EAP IEEE 802.1X 73

Standards compliance 73

Authorization 74

Accounting 74

SSH2 fundamentals 75

SSH2 features 75

SSH ciphers 76

SSH MAC algorithms 76

SSH compression 76

SSH key exchange methods 77

SSH public key algorithms 77

SSH user authentication methods 77

SSH public key ﬁle formats 78

Standards compliance 78

Firewall and NAT conﬁguration 79

Conﬁguring global properties 79

Conﬁguring global ALGs 79

Conﬁguring global bypass trusted 80

Conﬁguring global DOS protection 81

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

6Contents

Conﬁguring global NAT hairpinning 83

Conﬁguring global IP reassembly 84

Conﬁguring global logging 87

Conﬁguring global maximum connection limits for the ﬁrewall 89

Conﬁguring NAT failover 90

Conﬁguring proxy NAT 91

Conﬁguring global timeout 91

Conﬁguring global URL key ﬁlters 93

Conﬁguring port trigger records 93

Conﬁguring policy-speciﬁc properties 95

Conﬁguring ﬁrewall objects 95

Conﬁguring connection reservations 97

Conﬁguring reset of invalid ACK packets 97

Conﬁguring stealth mode 98

Conﬁguring ﬁrewall policies 98

Applying an object to a policy 100

Conﬁguring bandwidth for the policy 101

Conﬁguring the maximum connections for the policy within a conﬁgured

timeframe 102

Conﬁguring the maximum connections for the policy 102

Conﬁguring policing for the policy 103

Enabling the policy 104

Adding interfaces to the ﬁrewall zone 104

Displaying ﬁrewall information 105

Clearing ﬁrewall connections 106

Clearing ﬁrewall statistics 106

Packet ﬁlter conﬁguration 107

Conﬁguring IPv4 packet ﬁlters 107

Conﬁguring IPv6 packet ﬁlters 110

Conﬁguring MAC packet ﬁlters 112

Applying a packet ﬁlter to an interface 113

Deleting rules from packet ﬁlters 113

Deleting a packet ﬁlter 114

Displaying packet ﬁlters 114

Displaying packet ﬁlters applied to an interface 114

IPsec VPN conﬁguration 117

Conﬁguring IKE for site-to-site VPN 118

Creating an IKE policy 118

Conﬁguring the local address for IKE negotiations 118

Conﬁguring the IKE policy local ID 119

Conﬁguring the IKE policy remote ID 120

Conﬁguring the IKE mode 120

Conﬁguring the IKE exchange type 121

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Contents 7

Conﬁguring the pre-shared key for IKE 122

Enabling or disabling PFS 123

Conﬁguring IKE proposal 123

Conﬁguring OCSP for the IKE policy 128

Conﬁguring IPsec for site-to-site VPN 129

Creating an IPsec policy 129

Conﬁguring anti-replay 129

Enabling or disabling the IPsec policy entry 130

Specifying the IP stream on which to apply IPsec 130

Conﬁguring DH prime modulus group for PFS 131

Conﬁguring IPsec proposal 132

Conﬁguring remote access IKE policies 137

Creating an IKE policy for remote access VPN 137

Conﬁguring an IKE proposal for remote access VPN 146

Conﬁguring remote access IPsec policies 151

Creating an IPsec policy for remote access VPN 151

Specifying the IP stream on which to apply IPsec for remote access VPN 152

Conﬁguring DH prime modulus group for PFS 153

Conﬁguring IPsec proposal template for remote access VPN 154

Enabling the dynamic IPsec policy 158

Conﬁguring L2TP server for L2TP remote access 159

Creating the L2TP remote access interface 159

Conﬁguring IP address for the L2TP access interface 159

Conﬁguring IPsec protection for the L2TP access interface 160

Conﬁguring client parameters for L2TP remote access 161

Conﬁguring user parameters for L2TP remote access 161

Shutting down the L2TP access interface 162

Conﬁguring dead peer detection keepalive 162

Enabling dead peer detection 162

Conﬁguring the keepalive retry interval 163

Conﬁguring the keepalive transmit-interval 163

Conﬁguring PMTU 163

Conﬁguring DF bit 163

Conﬁguring the MTU threshold value 164

Conﬁguring processing of unsecured ICMP messages 164

Conﬁguring CA trustpoint 165

Conﬁguring the certiﬁcate enrollment method 165

Conﬁguring parameters for the certiﬁcate request 166

Conﬁguring certiﬁcate password 169

Authenticating the CA and importing a CA certiﬁcate 169

Generating a certiﬁcate request for enrollment 170

Manually importing a self certiﬁcate 171

Manually importing an OCSP Responder certiﬁcate 171

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

8Contents

Conﬁguring LDAP parameters 172

Requesting a CRL from the CA 173

Conﬁguring OCSP 173

Displaying IPsec VPN conﬁgurations 174

Displaying certiﬁcates 174

Displaying CRL 174

Displaying trustpoint 174

Displaying IKE policies 175

Displaying IKE SA 175

Displaying IPsec policies 175

Displaying IPsec SA 175

Displaying remote access IKE policies 176

Displaying remote access IPsec policies 176

Displaying remote access VPN clients 176

Displaying status of interfaces as trusted or untrusted 176

Displaying dead peer detection conﬁguration 177

Displaying PMTU information 177

Displaying IPsec statistics 177

Displaying L2TP server conﬁguration 177

Clearing IPsec conﬁgurations 178

Deleting certiﬁcates 178

Deleting CRL 178

Deleting CA private key 178

Clearing IKE SA information 178

Clearing IPsec SA information 179

Clearing IPsec statistics 179

GRE and IPIP tunnel conﬁguration 181

Conﬁguring a tunnel 181

Creating a tunnel 181

Conﬁguring tunnel encapsulation mode 182

Conﬁguring an IP address for the tunnel 182

Conﬁguring tunnel source 183

Conﬁguring tunnel destination 183

Conﬁguring GRE tunnel parameters 184

Conﬁguring keepalive for GRE tunnels 184

Conﬁguring checksum for GRE tunnels 185

Conﬁguring tunnel key for GRE tunnels 185

Conﬁguring tunnel sequencing 186

Conﬁguring tunnel parameters 186

Conﬁguring path MTU discovery for tunnel packets 186

Conﬁguring the tunnel as an untrusted interface for IPsec protection 187

Conﬁguring tunnel protection with IPsec 187

Conﬁguring tunnel ToS 188

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Contents 9

Conﬁguring tunnel TTL 189

Shutting down a tunnel 189

Displaying tunnel information 190

Clearing tunnel counters 190

PPPoE client conﬁguration 191

Creating a PPPoE interface 191

Conﬁguring IP address for PPPoE interface 191

Conﬁguring PPPoE tunneling protocol 192

Conﬁguring PPPoE Ethernet interface 193

Conﬁguring PPP authentication method and parameters 193

Conﬁguring PPPoE access concentrator 194

Conﬁguring PPP keepalive 194

Displaying PPPoE client information 195

Authentication, Authorization, and Accounting conﬁguration 197

Enabling AAA 197

Conﬁguring AAA authentication 197

Conﬁguring AAA authentication login 197

Conﬁguring AAA authentication protocol 198

Applying AAA authentication to an interface 199

Conﬁguring AAA authorization 199

Applying AAA authorization to an interface 200

Conﬁguring AAA accounting 200

Conﬁguring AAA accounting update 201

Applying AAA accounting to an interface 202

Conﬁguring RADIUS primary and secondary servers 202

Conﬁguring RADIUS server port for accounting 202

Conﬁguring RADIUS server port for authentication 203

Conﬁguring the RADIUS server IP address 203

Conﬁguring RADIUS client retries 204

Conﬁgure RADIUS shared secret key 205

Conﬁgure RADIUS timeout 205

Conﬁguring RADIUS client source address 206

Conﬁguring TACACS+ primary or secondary server IP address 206

Conﬁguring TACACS+ retries 207

Conﬁguring TACACS+ server port 207

Conﬁguring TACACS+ shared encryption key 208

Conﬁguring TACACS+ timeout 208

Conﬁguring 802.1x 209

Conﬁguring 802.1x on an Ethernet interface 209

Enable 802.1x on the interface 209

Conﬁguring the maximum failed requests 210

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

10 Contents

Conﬁguring port control 210

Conﬁguring quiet period 211

Enabling reauthentication 211

Conﬁguring reauthorization period 212

Conﬁguring authentication server response timeout 212

Conﬁguring supplicant response timeout 213

Displaying AAA information 214

Displaying AAA accounting information 214

Displaying AAA authentication information 214

Displaying AAA authorization information 214

Displaying AAA interface information 214

Displaying AAA status 215

Displaying RADIUS information 215

Displaying TACACS+ information 215

Displaying 802.1x information 215

Clearing 802.1x statistcs 216

SSH2 conﬁguration 217

Conﬁguring SSH2 server keys 217

Generating SSH2 server keys 217

Encrypting a private key ﬁle 218

Changing the passphrase used for encryption 218

Converting public key ﬁles to SSH format 219

Generating a public key digest of a key ﬁle 220

Conﬁguring SSH2 server parameters 221

Conﬁguring SSH2 authentication 221

Conﬁguring SSH2 authentication retries 221

Conﬁguring SSH encryption algorithms 222

Conﬁguring SSH compression 222

Enabling and disabling SSH server 223

Specifying host key ﬁle for the SSH server 223

Enabling and disabling log events 224

Conﬁguring MAC algorithms 225

Conﬁguring SSH listen port 225

Restoring default SSH parameter values 226

Enabling and disabling SSH SFTP server 226

Conﬁguring SSH session timeout 227

Displaying SSH server conﬁguration 227

Displaying SSH server sessions 228

Clearing SSH sessions 228

Conﬁguration examples 229

Conﬁguring an IPv4 packet ﬁlter 229

Conﬁguring an IPv6 packet ﬁlter 229

Conﬁguring a MAC packet ﬁlter 230

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Contents 11

Conﬁguring a default ﬁrewall policy 230

Conﬁguring a simple ﬁrewall policy with DMZ 231

Conﬁguring a simple PAT policy 233

Conﬁguring a PAT policy with an inbound forwarding policy 234

Conﬁguring SIP ALG line-side 235

Conﬁguring SIP ALG trunk-side 236

Conﬁguring a Site-to-site IPsec VPN 238

Conﬁguring SR4134 1 238

Conﬁguring SR4134 2 239

Conﬁguring a trust point for PKI 240

Conﬁguring a remote access IPsec VPN 241

Conﬁguring a remote access VPN with L2TP server 242

Conﬁguring an IPv4 tunnel 243

SR4134 1 244

SR4134 2 245

Conﬁguring an auto 6to4 tunnel 246

SR4134 1 247

SR4134 2 248

Conﬁguring the ﬁrewall for NAT and IPsec tunnels 248

Firewall conﬁguration for SR4134 1 249

Firewall conﬁguration for SR4134 2 250

Conﬁguring a PPPoE client 251

SR4134 1 251

SR4134 2 252

SR4134 conﬁguration for dynamic route exchange over IPsec tunnel interoperability

with VPN Router 253

Capabilities 253

Secure router conﬁguration for BGP 254

Secure router conﬁguration for OSPF 255

Secure router conﬁguration for RIPv2 255

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

12 Contents

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

13

New in this release

The following section details what is new in Nortel Secure Router 4134

Security — Conﬁguration and Management (NN47263-600).

Features See the following sections for information about supported features:

Firewall and NAT

The SR4134 implements a stateful inspection ﬁrewall. The stateful

inspection ﬁrewall relies on building network connections and monitoring

their state to make a decision on admitting an inbound packet. All trafﬁc

passing through the stateful inspection ﬁrewall is analyzed against the state

of the network connections in order to determine whether it is allowed to

pass through. In a typical setup, only outbound rules are deﬁned to permit or

deny certain types of trafﬁc. When allowing a packet to go from the trusted

to untrusted network based on a rule match, the stateful ﬁrewall creates a

network connection, which is uniquely identiﬁed by certain elements of the

packet. Based on the application type (and the corresponding protocol),

the appropriate inbound policy is dynamically created. When a return

packet is received, the packet is allowed as long as the state of the network

connection allows reception of this packet.

In order to allow the inbound trafﬁc to pass, the ﬁrewall creates a temporary

inbound policy which expires upon the expiry of the ﬁrewall connection.

This dynamic inbound policy creation requires intimate knowledge of the

applications generating the trafﬁc.

To create these policies, the stateful ﬁrewall uses Application Level

Gateways (ALG). ALGs are application-aware and support dynamic port

opening, providing the supported applications with the required ports to

receive trafﬁc across the ﬁrewall.

The SR4134 also supports Network Address Translation (NAT), which gives

ports on a private network access to the Internet using one or more globally

unique IP addresses.

The SR4134 supports the following NAT types:

•Static NAT

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

14 New in this release

•Dynamic NAT

•Port Restricted Cone NAT

For information on ﬁrewall and NAT fundamentals, see "Firewall and NAT

Fundamentals" (page 21). For conﬁguration information, see "Firewall and

NAT conﬁguration" (page 79).

Packet ﬁlter

With the SR4134, the packet ﬁlter feature provides stateless, interface-based

packet ﬁltering as an alternative to the stateful ﬁrewall. It also provides IPv6

packet ﬁlter functionality to complement the IPv4-only stateful ﬁrewall.

The SR4134 packet ﬁlter examines each packet on the interface to

determine whether to permit or drop the packet, based on the criteria

speciﬁed within user-conﬁgured access lists. This control can restrict

network trafﬁc and restrict network use for certain users or devices.

The SR4134 supports three packet ﬁlter types; IPv4, IPv6, and MAC. WAN

and chassis Ethernet interfaces only support IPv4 and IPv6 packet ﬁlters.

The Module Ethernet interface support IPv4, IPv6, and MAC packet ﬁlters

in a slight different implementation.

For information on packet ﬁlter fundamentals, see "Packet ﬁlter fundamentals

" (page 37). For conﬁguration information, see "Packet ﬁlter conﬁguration"

(page 107).

IPsec VPN

IPsec can protect packets between hosts, between security gateways (for

example, routers or ﬁrewalls), or between hosts and security gateways.

The IPsec-based virtual private network (VPN) operates in the network

layer. Based on the policy deﬁned, it secures individual IP packet. So, it is

transparent to the higher layer applications.

The SR4134 supports two basic types of VPN, each with an associated set

of business requirements:

•Site-to-Site VPN

•Remote access VPN

For information on IPsec VPN fundamentals, see "IPsec VPN fundamentals"

(page 43). For conﬁguration information, see "IPsec VPN conﬁguration"

(page 117).

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Features 15

GRE and IPIP tunneling

A tunnel is a logical interface that provides a framework for encapsulating

passenger packets inside a transport protocol. GRE and IPIP are

standards-based (RFC2784) (RFC1853) tunneling protocols that can

encapsulate packets inside an IP tunnel, creating a virtual point-to-point link

between routers at remote points over an IP network.

The advantage of using tunnels is that, while IPsec VPNs only function with

IP unicast frames, GRE and IPIP are capable of handling the transportation

of IP multicast trafﬁc between two sites that only have IP unicast connectivity.

If encryption is required for a tunnel, you can enable IPsec transport mode

over GRE/IPIP tunneling.

The SR4134 also supports a tunneling feature set for transitioning to IPv6,

including IPv6 over manually-conﬁgured IPv4 tunnels, IPv6 over IPv4 GRE

tunnels, and automatic 6to4 tunnels. These tunneling features provide a

basic way for IPv6 hosts or islands to reach other IPv6 entities using IPv4

routing domains as the transport layer.

Multicast routing and unicast routing are supported on all tunnels, except

automatic 6to4 tunnels.

For information on IPsec VPN fundamentals, see "GRE and IPIP tunneling

fundamentals" (page 65). For conﬁguration information, see "GRE and

IPIP tunnel conﬁguration" (page 181).

PPPoE client

PPPoE (RFC 2516) is a commonly used application in the deployment of

DSL One of the main advantages of PPPoE is that it offers authentication

based on Password Authentication Protocol (PAP) or Challenge Handshake

Authentication Protocol (CHAP).

With the SR4134, the PPPoE client must be deployed with a DSL modem

providing a connection to a PPPoE server for access to Internet resources.

The main purpose of PPPoE is to serve as a backup and fail-over solution.

When the primary connectivity goes down, trafﬁc can switch over to a

backup interface, in this case the virtual PPPoE interface. In this scenario,

a PPPoE client session is established with a PPPoE server and trafﬁc is

routed through this path until the primary connectivity is restored.

For information on PPPoE client fundamentals, see "PPPoE client

fundamentals" (page 69). For conﬁguration information, see "PPPoE client

conﬁguration" (page 191).

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

16 New in this release

Authentication, Authorization, and Accounting

Authentication, Authorization, and Accounting (AAA) provides a modular

way of performing the following services:

•Authentication

•Authorization

•Accounting

Authentication

Authentication determines how a user is identiﬁed prior to being allowed

access to the network and network services. You conﬁgure AAA

authentication by deﬁning a named list of authentication methods, and then

applying that list to various interfaces.

All authentication methods, except for local, line password, and enable

authentication, must be deﬁned through AAA.

SR4134 supports the following authentication methods:

•PAP authentication

•CHAP authentication

•RADIUS

•TACACS

•EAP IEEE 802.1X

Authorization

Authorization provides the method for remote access control, including

one-time authorization or authorization for each service, per-user account

list and proﬁle, user support, and support of SSH and Telnet.

All authorization methods must be deﬁned through AAA. As with

authentication, you conﬁgure AAA authorization by deﬁning a named list of

authorization methods, and then applying that list to various interfaces.

Accounting

Accounting provides the method for collecting and sending security server

information used for billing, auditing, and reporting, such as user identities,

start and stop times, executed commands (such as PPP), number of

packets, and number of bytes.

All accounting methods must be deﬁned through AAA. As with authentication

and authorization, you conﬁgure AAA accounting by deﬁning a named list of

accounting methods, and then applying that list to various interfaces

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Features 17

AAA navigation

For information on AAA fundamentals, see "Authentication, Authorization

and Accounting fundamentals" (page 71). For conﬁguration information, see

"Authentication, Authorization, and Accounting conﬁguration" (page 197).

SSH2 The Secure Shell (SSH) server is designed as a secure alternative to well

known applications like Telnet, rlogin, RCP, RSH and FTP. The SR4134

supports an SSH version 2.0 server to provide authentication, conﬁdentiality

and integrity. It is a protocol for secure remote login and other secure

network services over an insecure network. It also supports compression.

For information on SSH2 fundamentals, see "SSH2 fundamentals" (page

75). For conﬁguration information, see "SSH2 conﬁguration" (page 217).

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

18 New in this release

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

19

Introduction

This document describes the operation and conﬁguration of the security

features on the Secure Router 4134 (SR4134).

Navigation

•"Firewall and NAT Fundamentals" (page 21)

•"Packet Filter Fundamentals " (page 37)

•"IPsec VPN fundamentals" (page 43)

•"GRE and IPIP tunneling fundamentals" (page 65)

•"PPPoE client fundamentals" (page 69)

•"Authentication, Authorization and Accounting fundamentals" (page 71)

•"SSH2 fundamentals" (page 75)

•"Firewall and NAT conﬁguration" (page 79)

•"Packet ﬁlter conﬁguration" (page 107)

•"IPsec VPN conﬁguration" (page 117)

•"GRE and IPIP tunnel conﬁguration" (page 181)

•"PPPoE client conﬁguration" (page 191)

•"AAA conﬁguration" (page 197)

•"SSH2 conﬁguration" (page 217)

•"Conﬁguration examples" (page 229)

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

20 Introduction

Nortel Secure Router 4134

Security — Conﬁguration and Management

NN47263-600 01.02 Standard

10.0 3 August 2007

.

Page is loading ...

Nortel Secure Router 4134 Configuration

Nortel Secure Router 4134 Configuration

Related papers

Other documents