advertisement
17
Figures
Figure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . . . . . . . 40
Figure 10 Internet connection with ENET ENCAP . . . . . . . . . . . . . . . . . . . . . . . . . . 56
BCM50a Integrated Router Configuration — Basics
18 Figures
Figure 39 Trigger Port Forwarding process: example . . . . . . . . . . . . . . . . . . . . . . . 136
Figure 44 BCM50a Integrated Router firewall application . . . . . . . . . . . . . . . . . . . 148
Figure 53 Adding or editing source and destination addresses . . . . . . . . . . . . . . . 173
Figure 64 Transport and Tunnel mode IPSec encapsulation . . . . . . . . . . . . . . . . . 198
N0115790
Figures 19
Figure 69 VPN Contivity Client advanced rule setup . . . . . . . . . . . . . . . . . . . . . . . 209
Figure 72 VPN Branch Office — IP Policy - Port Forwarding Server . . . . . . . . . . . 229
Figure 74 VPN Branch Office advanced rule setup . . . . . . . . . . . . . . . . . . . . . . . . 234
Figure 78 VPN Client Termination IP pool summary . . . . . . . . . . . . . . . . . . . . . . . . 245
Figure 96 Subnet based bandwidth management example . . . . . . . . . . . . . . . . . . 293
BCM50a Integrated Router Configuration — Basics
20 Figures
Figure 116 Common BCM50a Integrated Router certificate . . . . . . . . . . . . . . . . . . . 329
Figure 123 Secure FTP: Firmware Upload Example . . . . . . . . . . . . . . . . . . . . . . . . 336
Figure 133 Add/Remove programs: Windows setup . . . . . . . . . . . . . . . . . . . . . . . . 352
N0115790
Figures 21
Figure 136 Windows optional networking components wizard . . . . . . . . . . . . . . . . . 354
Figure 140 Internet connection properties advanced setup . . . . . . . . . . . . . . . . . . . 356
BCM50a Integrated Router Configuration — Basics
22 Figures
Figure 183 Example VPN Responder IPSec Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
N0115790
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 3 Contents
- 17 Figures
- 23 Tables
- 27 Preface
- 27 Before you begin
- 27 Text conventions
- 28 Related publications
- 28 Hard copy technical manuals
- 28 How to get Help
- 29 Getting Help from the Nortel Web site
- 29 Getting Help over the phone from a Nortel Solutions Center
- 29 Getting Help from a specialist by using an Express Routing Code
- 30 Getting Help through a Nortel distributor or reseller
- 31 Getting to know your BCM50a Integrated Router
- 31 Introducing the BCM50a Integrated Router
- 31 Features
- 32 Physical features
- 34 Nonphysical features
- 39 Applications for the BCM50a Integrated Router
- 39 Secure broadband internet access and VPN
- 41 Introducing the WebGUI
- 41 WebGUI overview
- 41 Accessing the BCM50a Integrated Router WebGUI
- 44 Restoring the factory-default configuration settings
- 44 Navigating the BCM50a Integrated Router WebGUI
- 47 Wizard setup
- 47 Wizard overview
- 47 Encapsulation
- 47 ENET ENCAP
- 48 PPP over Ethernet
- 48 PPPoA
- 48 RFC 1483
- 48 Multiplexing
- 49 VC-based multiplexing
- 49 LLC-based multiplexing
- 49 VPI and VCI
- 49 Wizard setup configuration: first screen
- 51 IP address and subnet mask
- 51 IP address assignment
- 52 IP assignment with PPPoA or PPPoE encapsulation
- 52 IP assignment with RFC 1483 encapsulation
- 52 IP assignment with ENET ENCAP encapsulation
- 52 Private IP addresses
- 53 Nailed-up connection (only with PPP)
- 53 NAT
- 53 Wizard setup configuration: second screen
- 59 DHCP setup
- 59 IP pool setup
- 59 Wizard setup configuration: third screen
- 63 Wizard setup configuration: connection tests
- 63 Test your Internet connection
- 65 User Notes
- 65 General Notes
- 68 Advanced Router Configuration
- 75 System screens
- 75 System overview
- 75 DNS overview
- 75 Private DNS server
- 76 Configuring General Setup
- 79 Dynamic DNS
- 79 DYNDNS wildcard
- 79 Configuring Dynamic DNS
- 81 Configuring Password
- 83 Predefined NTP time server list
- 84 Configuring Time and Date
- 88 ALG
- 88 Configuring ALG
- 89 LAN screens
- 89 LAN overview
- 89 DHCP setup
- 89 IP pool setup
- 90 DNS servers
- 90 LAN TCP/IP
- 90 Factory LAN defaults
- 90 RIP setup
- 91 Multicast
- 92 Configuring IP
- 95 Configuring Static DHCP
- 97 Configuring IP Alias
- 99 WAN screens
- 99 WAN overview
- 99 TCP/IP Priority (metric)
- 100 Configuring General
- 102 PPPoE encapsulation
- 103 Configuring WAN ISP
- 105 Configuring WAN IP
- 109 Traffic redirect
- 111 Configuring Traffic Redirect
- 112 Configuring Dial Backup
- 117 Advanced Modem Setup
- 117 AT Command Strings
- 117 DTR Signal
- 117 Response Strings
- 118 Configuring Advanced Modem Setup
- 121 Network Address Translation (NAT) Screens
- 121 NAT overview
- 121 NAT definitions
- 122 What NAT does
- 123 How NAT works
- 124 NAT application
- 125 NAT mapping types
- 126 Using NAT
- 126 SUA (Single User Account) versus NAT
- 127 SUA Server
- 127 Default server IP address
- 128 Port forwarding: Services and Port Numbers
- 128 Configuring servers behind SUA (example)
- 129 Configuring SUA Server
- 131 Configuring Address Mapping
- 135 Trigger Port Forwarding
- 135 Trigger Port Forwarding example
- 136 Two points to remember about Trigger Ports
- 137 Configuring Trigger Port Forwarding
- 139 Static Route screens
- 139 Static Route overview
- 140 Configuring IP Static Route
- 142 Configuring Route entry
- 145 Firewalls
- 145 Firewall overview
- 145 Types of firewalls
- 146 Packet filtering firewalls
- 146 Application level firewalls
- 146 Stateful Inspection firewalls
- 147 Introduction to the BCM50a Integrated Router firewall
- 148 Denial of Service
- 148 Basics
- 149 Types of DoS attacks
- 153 Stateful inspection
- 154 Stateful inspection process
- 155 Stateful inspection and the BCM50a Integrated Router
- 156 TCP security
- 157 UDP/ICMP security
- 157 Upper layer protocols
- 158 Guidelines for enhancing security with your firewall
- 158 Packet filtering vs. firewall
- 159 Packet filtering:
- 159 Firewall
- 161 Firewall screens
- 161 Access methods
- 161 Firewall policies overview
- 163 Rule logic overview
- 163 Rule checklist
- 163 Security ramifications
- 164 Key fields for configuring rules
- 164 Connection direction examples
- 165 LAN to WAN rules
- 166 WAN to LAN rules
- 166 Configuring firewall
- 170 Configuring firewall rules
- 173 Configuring source and destination addresses
- 174 Configuring custom ports
- 175 Example firewall rule
- 178 Predefined services
- 181 Alerts
- 182 Configuring attack alert
- 182 Threshold values
- 182 Half-open sessions
- 187 Content filtering
- 187 Introduction to content filtering
- 187 Restrict web features
- 187 Days and Times
- 188 Configure Content Filtering
- 191 VPN
- 191 VPN
- 191 IPSec
- 191 BCM50a Integrated Router VPN functions
- 192 VPN screens overview
- 193 Other terminology
- 193 VPN applications
- 194 IPSec architecture
- 195 IPSec algorithms
- 196 AH (Authentication Header) protocol
- 196 ESP (Encapsulating Security Payload) protocol
- 197 Key management
- 198 Encapsulation
- 198 Transport mode
- 199 Tunnel mode
- 199 IPSec and NAT
- 200 Secure Gateway Address
- 201 Dynamic Secure Gateway Address
- 201 Summary screen
- 204 Keep Alive
- 204 Nailed up
- 205 NAT Traversal
- 206 NAT Traversal configuration
- 206 Preshared key
- 206 Configuring Contivity Client VPN Rule Setup
- 208 Configuring Advanced Setup
- 210 ID Type and content
- 211 ID type and content examples
- 212 My IP Address
- 213 Configuring Branch Office VPN Rule Setup
- 222 Configuring an IP Policy
- 228 Port forwarding server
- 228 Configuring a port forwarding server
- 230 IKE phases
- 232 Negotiation Mode
- 232 Preshared key
- 233 Diffie-Hellman (DH) Key Groups
- 233 Perfect Forward Secrecy (PFS)
- 233 Configuring advanced Branch office setup
- 237 SA Monitor
- 239 Global settings
- 240 VPN Client Termination
- 244 VPN Client Termination IP pool summary
- 246 VPN Client Termination IP pool edit
- 247 VPN Client Termination advanced
- 253 Certificates
- 253 Certificates overview
- 254 Advantages of certificates
- 254 Self-signed certificates
- 255 Configuration summary
- 255 My Certificates
- 258 Certificate file formats
- 259 Importing a certificate
- 261 Creating a certificate
- 265 My Certificate details
- 269 Trusted CAs
- 272 Importing a Trusted CA certificate
- 273 Trusted CA Certificate details
- 277 Trusted remote hosts
- 279 Verifying a certificate of a trusted remote host
- 279 Trusted remote host certificate fingerprints
- 281 Importing a certificate of a trusted remote host
- 282 Trusted remote host certificate details
- 286 Directory servers
- 287 Add or edit a directory server
- 291 Bandwidth management
- 291 Bandwidth management overview
- 292 Bandwidth classes and filters
- 292 Proportional bandwidth allocation
- 292 Application based bandwidth management
- 292 Subnet based bandwidth management
- 293 Application and subnet based bandwidth management
- 293 Reserving bandwidth for nonbandwidth class traffic
- 294 Configuring summary
- 295 Configuring class setup
- 297 Bandwidth Manager Class Configuration
- 300 Bandwidth management statistics
- 302 Monitor
- 303 Authentication server
- 303 Introduction to Local User database
- 303 Local User database
- 305 Edit Local User Database
- 308 Current split networks
- 309 Current split networks edit
- 311 Configuring RADIUS
- 315 Remote management screens
- 315 Remote management overview
- 315 Remote management limitations
- 316 Remote management and NAT
- 316 System timeout
- 317 Introduction to HTTPS
- 318 Configuring WWW
- 320 HTTPS example
- 321 Internet Explorer warning messages
- 321 Netscape Navigator warning messages
- 323 Avoiding the browser warning messages
- 324 Logon screen
- 329 SSH overview
- 330 How SSH works
- 331 SSH implementation on the BCM50a Integrated Router
- 331 Requirements for using SSH
- 331 Configuring SSH
- 333 Secure Telnet using SSH examples
- 333 Example 1: Microsoft Windows
- 334 Example 2: Linux
- 335 Secure FTP using SSH example
- 336 Telnet
- 337 Configuring TELNET
- 338 Configuring FTP
- 339 Configuring SNMP
- 341 Supported MIBs
- 341 SNMP Traps
- 342 REMOTE MANAGEMENT: SNMP
- 343 Configuring DNS
- 344 Configuring Security
- 347 UPnP
- 347 Universal Plug and Play overview
- 347 How do I know if I am using UPnP?
- 347 NAT Traversal
- 348 Cautions with UPnP
- 348 UPnP implementation
- 348 Configuring UPnP
- 350 Displaying UPnP port mapping
- 351 Installing UPnP in Windows example
- 352 Installing UPnP in Windows Me
- 353 Installing UPnP in Windows XP
- 354 Using UPnP in Windows XP example
- 355 Autodiscover Your UPnP-enabled Network Device
- 357 WebGUI easy access
- 359 Logs Screens
- 359 Configuring View Log
- 361 Configuring Log settings
- 364 Configuring Reports
- 367 Viewing Web site hits
- 369 Viewing Protocol/Port
- 370 Viewing LAN IP address
- 372 Reports specifications
- 373 Call scheduling screens
- 373 Call scheduling introduction
- 373 Call schedule summary
- 375 Call scheduling edit
- 377 Applying Schedule Sets to a remote node
- 379 Maintenance
- 379 Maintenance overview
- 379 Status screen
- 381 System statistics
- 383 DHCP Table screen
- 384 Diagnostic Screen
- 386 F/W Upload screen
- 389 Configuration screen
- 389 Back to Factory Defaults
- 390 Backup configuration
- 390 Restore configuration
- 392 Restart screen
- 393 Troubleshooting
- 393 Problems Starting Up the BCM50a Integrated Router
- 394 Problems with the LAN LED
- 394 Problems with the LAN interface
- 395 Problems with the WAN interface
- 395 Problems with Internet access
- 396 Problems accessing an Internet Web site
- 396 Problems with the password
- 396 Problems with the WebGUI
- 396 Problems with Remote Management
- 397 Allowing Pop-up Windows, JavaScript and Java Permissions
- 397 Internet Explorer Pop-up Blockers
- 401 Internet Explorer JavaScript
- 403 Internet Explorer Java Permissions
- 405 Netscape Pop-up Blockers
- 409 Netscape Java Permissions and JavaScript
- 413 Log Descriptions
- 422 VPN/IPSec Logs
- 423 VPN Responder IPSec Log
- 431 Log Commands
- 431 Configuring what you want the BCM50a Integrated Router to log
- 432 Displaying Logs
- 433 Log Command Example
- 435 Index