Lucent Technologies AP-1 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Lucent Technologies AP-1. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Lucent Technologies AP-1 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Lucent Technologies AP-1 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Lucent Technologies AP-1, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Lucent Technologies AP-1 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Lucent Technologies AP-1
- nombre de fabricante y año de fabricación del dispositivo Lucent Technologies AP-1
- condiciones de uso, configuración y mantenimiento del dispositivo Lucent Technologies AP-1
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Lucent Technologies AP-1 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Lucent Technologies AP-1 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Lucent Technologies en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Lucent Technologies AP-1, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Lucent Technologies AP-1, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Lucent Technologies AP-1. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    . . . . . CCESS OINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UILDER SER UIDE This manual describes how to use the Access Point QVPN Builder™ applica- tion with Access Point™ IP Services routers. Product: Access Point QVPN Builder V ersion: V ersion 2.4[...]

  • Página 2

    [...]

  • Página 3

    . . . . . Import ant - Please Read Access Point QVPN Builder User Guide III . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I MPORT ANT - P LEASE R EAD NOTICE The info rmatio n in this manual is provided without wa rranty of a ny kind and is subject to cha[...]

  • Página 4

    Impo rtant - Plea se Re ad IV Access Point QVPN Builder User Guide Shie lded c ables m ust b e used with this un it to en sure compl iance with th e FCC Class A li mits.[...]

  • Página 5

    QVPN Builder User Guide V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONT ENTS Preface ... .................. ................... ................... ......... ......... .......... ................. XI 1 Product Overvi ew ..... .......... ......... ......... .............. ................... ................... ... [...]

  • Página 6

    CONTENT S VI QVPN Builder User Guide 3 Getti ng Started With Builder .............. .................. ..... ................... .... ..... ..... 2 1 About the Builder Window ........................................................................................ 21 The Tree Frame ................... ...................... ....................... .[...]

  • Página 7

    . . . . . CONTENT S QVPN Builder User Guide VII Removing the VPN Definition With the Client/Server Version .................... ...................... ...... 49 Using VPN Definitions ...............................................................................................49 Exportin g Data ................ ...................... .............[...]

  • Página 8

    CONTENT S VIII QVPN Builder User Guide Using Rule Sets .......................................................................................................... 85 Exportin g Rule Sets ............. ........... ........... ........... ................. ....................... ...................... ........ 85 Importin g Rule Set Files ...........[...]

  • Página 9

    . . . . . CONTENT S QVPN Builder User Guide IX Exportin g the Log Table To a Fil e ........ ........... ............ ........... ........... ............ ........... ........... ...... 1 30 Managing User Profiles ..............................................................................................130 Adding User Profiles ............ .....[...]

  • Página 10

    CONTENT S X QVPN Builder User Guide[...]

  • Página 11

    Access Point QVPN Builder User Guide XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P REFACE The A cces s P oint ™ IP Servi ces family c omprises a set of bridging rou t- ers wit h advanced bandwidth management and VPN serve r capabiliti es. The Access Point QVPN Builder ™ app l ication lets you manage and moni[...]

  • Página 12

    PREFACE XII Access Point QV PN Builder User Guide requir es considerable experience wi th rou ters, hubs, bridg es, and other n et- working de vices. In par ticular , Lucent T echnologi es assumes tha t persons instal ling, configuri ng, and managing t he Acce ss Poin t product have several years of networking ex perience . The Access Point QVPN Bu[...]

  • Página 13

    . . . . . PREFACE Access Point QVPN Builder User Guide XIII Contac ting Luc ent Support For questi ons or problems wit h th e Access Point QVPN Builder appli cati on or the Acces s Point route r , refer to this man ual or to the Luce nt T echnologies Luce nt W orl dwid e Servi ce s W eb s ite at: http ://w ww . lucen t.co m/netw ork care If you are[...]

  • Página 14

    PREFACE XIV Access Poin t QVPN Builde r User Guide[...]

  • Página 15

    Access Point QVP N Builder User Gu ide 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P RODU CT O VER VI EW The Access Poi nt QVPN B uil der ™ applicat ion (Builder) let s you manage and monito r a virtual private network consis ting of Access Poi nt ™ sys- tems (APs). This ap plica tion le ts you : • Config[...]

  • Página 16

    PRODUCT OVERVIEW Integra ted App lic a tions 2 Access Po int QVPN Bui lder User Gui de 1 sets of host s (Access Point sys te ms ) wi th out net work d isruptions. Buil der also lets y ou inc o rpora te fire w all an d Qual ity of S ervi ce (QoS) param e ters a s part of a VPN def inition, allowi ng you to rate -limit a nd shape traf fic flowing ov [...]

  • Página 17

    . . . . . PRODUCT OVERVIEW Access Po in t Operating Syst em Support Ma trix Access Poin t QVPN Builder User Guide 3 • 256 MB RAM • Java Runt ime Environment v ersion 1.2.2 sof tware S OLARIS 2.6 R EQUI REME NTS • S tandalon e • 100 MB dis k (and additiona l space for the use r -creat ed databases) • 256 MB RAM • Java Runt ime Environmen[...]

  • Página 18

    PRODUCT OVERVIEW Access Po int Operating S ystem Support Matrix 4 Access Po int QVPN Bui lder User Gui de 1[...]

  • Página 19

    Access Point QVP N Builder User Gu ide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NSTALLING THE QVPN B UILDER This sec tion provides ge neral informa tion about installing t he Access Point QVPN Bui l der applicati on (Builder) an d performing init ial s tartup tasks. Re ad through the installatio n and init[...]

  • Página 20

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 6 Access Po int QVPN Bui lder User Gui de 2 This sec tion describes how to instal l either the standal one or the client/se rver version of the Builde r on Solar is or W indows NT systems. Y ou will find instru ctions for i nstalling Bui lder from both a CD- ROM and an execut able file. Refe r to [...]

  • Página 21

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 7 pkgadd - d /cdrom/bu ilder -R < des ired-install-path > LUxavs 3 The in stallat ion asks if you wa nt to creat e the inst allation d irector y if it doesn ’ t alr ea dy ex is t. 4 Next , the i nstal latio n a sks if you w a nt to ru n the in[...]

  • Página 22

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 8 Access Po int QVPN Bui lder User Gui de 2 2 Copy th e xavs2 _4_R001.bin pr ogram to the appr opriate director y . 3 Use th e chmod +x command (s pecifyin g your program f ile) to change the privil eges so you can execute t he program. 4 Use th e ./xavs2_ 4_R001.bin command t o install the p rogr[...]

  • Página 23

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 9 Do you want the QVPNRequestConfigDaemon configured to start at system boot ? [yes] Successfully created /etc/rc2.d/S90rcd. Successfully created link from /etc/rc2.d/K90rcd to / etc/rc2.d/ S90rcd. Do you want to st art the QVPNRequestConfigDaemon now[...]

  • Página 24

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 10 Access Po int QVPN Builder User G uide 2 • The JDK patc hes for Solaris SP ARC 2.6 (5.6) wit h these patch IDs : - 105490 -05 (Li nker Patch ) - 105568 -13 (Li bth re ad Patc h) - 105210 -17 (Li bC Patch ) - 105181 -1 1 (Kernel Up date Patch — sock et close/ha ng) - 105669-04 (CDE 1.2: libD[...]

  • Página 25

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Point QVPN Builder User Guide 11 6 Yo u ’ ll be asked additional ques tions about h ow you want to configure Builder , including whet her you want to in sta ll as a client or a ser ver . After you ’ ve answ ered all the ques tions , the i nstal lation begi ns. 7 Afte r the in s[...]

  • Página 26

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 12 Access Po int QVPN Builder User G uide 2 4 Use t he ./xavd2_4_R00 1.bin command to in stall the applicat ion as a serve r or as a c l ient. T o instal l the applic ation as a se rver , use t he -s option. T o instal l the applic ation as a clie nt, use the -c opti on. If you i nst all the app l[...]

  • Página 27

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 13 cuta ble file is located in the direc tory where you install ed the appl ication. After i nstalling Buil der , you can start up the applicat ion with this command: > Q VPNBuilde r NOTE Y ou must not b e logged on as the superus er when starting[...]

  • Página 28

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 14 Access Po int QVPN Builder User G uide 2 I NST ALLING THE S T ANDALONE V ERS ION ON W INDOWS NT FROM AN E XECUT ABLE F ILE T o instal l Builder from an exec utable f ile, complete the followin g step s: 1 Close down a l l W indows programs. 2 In W indows Expl orer , double-cl ick on t he self- [...]

  • Página 29

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 15 I NST ALLING THE C LIENT /S ERVER V ERSION ON W INDOWS NT FROM A CD-ROM Builder is distribute d on a CD-ROM. The followin g procedure de scribes h ow to ins tall B u ilder . 1 Insert the CD into your CD-ROM dr ive. 2 Double cl ick on the CD-ROM dr[...]

  • Página 30

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 16 Access Po int QVPN Builder User G uide 2 Instal lation. The de fault i nstallation de stination pat h is C:ODI. By defaul t, Builder is in stalled in C:Program Files LucentAccessV iew direct ory . The C:Progra m Fil esLucent AccessV iewdb direct ory is the default database des tinat[...]

  • Página 31

    . . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 17 Before a nyone else can use Builder: • The user roo t mus t log in wi th the init ial account inform ation. • The user roo t shoul d modify the root account ’ s passwo rd. The user r oot can al so cr eate othe r user profile s. L OGGING I[...]

  • Página 32

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 18 Access Po int QVPN Builder User G uide 2 file us ing t he naming conv ention of the se rver to which you a re connect- ing. For a PC with the ap plica t ion in stalle d in th e defa u lt dire ctory : c:P rogram Fil e sLucent Acces sView db A ccessV iewMaster .db For a PC using the c:A[...]

  • Página 33

    . . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 19 direct ory where you i nstalled Builder usin g this command: cd <di r>/AccessV iew/db 3 Manually r un the evolve pro cess on all o f the copied dat abases using thi s comm and: For a Solaris s ystem: ../bin/ EvolveDatabas e <database n[...]

  • Página 34

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 20 Access Po int QVPN Builder User G uide 2 S ETTI NG U P THE QVPN R EQUE ST C ONFIG D AEMON TO A CCES S UNIX D AT ABAS ES T o set up th e QVPN Request Config daemon servic e o n W indo ws NT systems to acces s UNIX databases, follow t hese steps: 1 W ith User Mana ger , cre ate a local NT ac [...]

  • Página 35

    Access Point QVP N Builder User Gu ide 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING S TARTED W ITH B UI LDE R This sec tion describes the Access Poi nt QVPN Builder applicatio n (Builde r) graphical us er interface. It also prov ides informatio n about applica tion-wide tasks and associat ed appl icati[...]

  • Página 36

    GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 22 Access Po int QVPN Builder User G uide 3 Figure 2 QVPN Builder Definition V iew Window Note that if you make any changes t o the prop erties, a n asteri sk appears next to the m odifi ed ite m in the tree fr ame. O nce y o u save the V P N def in ition , the aste ri sk dis app ears. Exp[...]

  • Página 37

    . . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 23 T HE T REE F RAM E The T ree fr ame shows the rel ationshi p betw een th e VPN and Access Poin t in a tree format. Y ou can expa nd o r collapse the t ree at any t i me. The root of th e tree (the glo bal VPN) contai ns fou r childr en: VP[...]

  • Página 38

    GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 24 Access Po int QVPN Builder User G uide 3 T HE D EPLOY MENT TAB The Deployme nt tab provid es detail s about the tunn els that will b e generated. As wi th the Con figur ation ta b, the Deploy men t tab refle cts th e item select ed in the tr ee fra me. T he De ploym ent tab sho ws wh at[...]

  • Página 39

    . . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 25 Ta b l e 1 describe s the tool bar bu ttons in the Definiti on V iew wind ow . T able 1. De finition V iew T ool Bar Buttons Button Descript ion Create a new VPN Creates a new VPN def inition. Same as File → New . Open an exist ing V P N[...]

  • Página 40

    GETTING STARTED WITH BUIL DER Getting Detailed Help Information 26 Access Po int QVPN Builder User G uide 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING D ET AILED H ELP I NFORMATI ON Builder provid es Help when you s elect Hel p T opic s from [...]

  • Página 41

    . . . . . GETT ING S TAR TED WITH BUILDER Configuring SNM P Access Settings Access P oint QVPN Build er User Guide 27 For th e AP , se lect Edit → SNMP Propertie s to make cha nges to the SNMP acces s info rmat io n. The SNMP Prop erties Dial og lets y ou co nfigur e SNMP para meters for ea ch of the fol l owing SNMP operations : • Config — u[...]

  • Página 42

    GETTING STARTED WITH BUIL DER Managi ng Access Po i nt System s 28 Access Po int QVPN Builder User G uide 3 secure S N MP acce ss). If y ou are using either SNM Pv2 or SNM Pv3, yo u should s pecify the Community/ user name. If you are usin g SNMPv3, you can speci fy the authenticat ion prot ocol (NONE, MD5, or SHA) and i t s password. Y ou can also[...]

  • Página 43

    . . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE T RAFFIC S TA T U S AND T UNNEL S TA T U S A PPLICA[...]

  • Página 44

    GETTING STARTED WITH BUIL DER Using the T raf fic S tatus and T unn el S tatus Applicatio ns 30 Access Po int QVPN Builder User G uide 3 T RAF FIC S TATUS A PPLI CATION The T raf fic Stat us applicat ion displ ays: • A graphic al representat ion of the CBQ tree runni ng on the AP • A pie char t showing the bandwidt h allocat ed to each cl ass a[...]

  • Página 45

    . . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 31 • Bar char ts showing the actual ba ndwidth usage b y selected clas ses (when you ha ve select ed the Equali zer tab) The T raf fic S t atus ap plica tion als o lets you chang e the bandwi dth for a par[...]

  • Página 46

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 32 Access Po int QVPN Builder User G uide 3 have sel ected the Summary ta b) • Bar char ts showing the traf fic rates on selected tun nels (when you h ave sel ec ted th e T r affic Rat es tab ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 47

    . . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 33 If you ar e using the sta ndalone version, the Config daemon ru ns on the same machin e as Builde r . If you a re using t he client/se rver version , the Config da e- mon runs on the same machine as the ObjectS tore serv er or c[...]

  • Página 48

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 34 Access Po int QVPN Builder User G uide 3 NOTE Y ou must c lose the VP N definiti on before us ing the da emon from the A P to reques t a confi guration. 2 Using the CLI, issue the following command from th e AP to request th e configur ation: qvpn_Bu ilderCon figReques t <IP[...]

  • Página 49

    . . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 35 C HANG ING THE SNMP C OMMUNITY N AME FOR THE D AEM ON Y ou can cha nge the SNMP Community na me for the Config d aemon as f ol- lows : 1 S top the da emon with the f ollowing command: /etc/rc2.d/ S90 rcd sto p 2 Edit the followi[...]

  • Página 50

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 36 Access Po int QVPN Builder User G uide 3 The fo llowing t able lists the daemon commands a nd provides a des cription: Comma nd Descripti on show ver sio n Shows the cu rrent versi on of the daem on show deb ug Shows the deb ug mo de show data base Shows the databa se path whe [...]

  • Página 51

    Access Point QVP N Builder User Gu ide 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG VPN S The A cces s P oint QVPN B uilde r appl ic ation (Bui ld er) re duces the co m - plexit y of deploying lar ge-scale vi rtual private networks (VPNs) by enablin g you to centr ally define tun nel configurat ions[...]

  • Página 52

    MANA GING VPNS Cr eating or Modifying VPN Definitions 38 Access Po int QVPN Builder User G uide 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C REATING OR M ODIFYING VPN D EFINITIONS This sec tion describes how to create or c hange VPN settings for the[...]

  • Página 53

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 39 Config Daemo n ” on Page 32 . • Mixed — The config uration method must be selected for each AP . If you ha ve chosen the Mixed c onfigura tion method for t he VPN, you must select the config ura tion metho d for each AP (unle ss you acc[...]

  • Página 54

    MANA GING VPNS Cr eating or Modifying VPN Definitions 40 Access Po int QVPN Builder User G uide 4 On th e T r ee fram e, cli ck on V PN to displ ay the VPN P roper ties fr ame. The f ollow i ng tab le des c ribes the fie lds in the VPN Prope rties frame : Field Descripti on Poller ID A user-def inable option fo r future exp ansion. Secur ity Profil[...]

  • Página 55

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 41 C HANG ING VPN S ETTIN GS FOR THE A CCE S S P OINT S YSTEMS For the AP , click on t he VPN folder to display the Access Point Prope rties frame. When defi ning the V PN settings fo r the APs, you must specify the fo l- lowin g fields : C ONFI[...]

  • Página 56

    MANA GING VPNS Cr eating or Modifying VPN Definitions 42 Access Po int QVPN Builder User G uide 4 Propert ies frame. 2 Select Primary or Seco ndary from the HUB T ype drop-d own list. Primary se ts the AP as the pr ima ry hub . Route s to the primary hub are cre - ated wit h a cost of 50. Second ar y se ts the AP as the backup hub. Ro ute s to the [...]

  • Página 57

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 43 subinte rface in a do wn and then a te sting state, and at tempts to reestablis h a tunnel c onnection. Y ou can specify how often Keepalive update messages a re sent. By defaul t, Keepaliv e update messag es are se nt every 10 sec onds as sh[...]

  • Página 58

    MANA GING VPNS Cr eating or Modifying VPN Definitions 44 Access Po int QVPN Builder User G uide 4 the APs th at you add to VPN defi nitions. The fo llowing t able explain s the i nteract ion of the che ckboxes in th e Probes Propert ies frame: In order to delete a ll pro bes from th e devic e using Buil der , unc heck t he Device Manages Pr obes an[...]

  • Página 59

    . . . . . MANAGI NG VPNS Saving the VPN Defin ition Access P oint QVPN Build er User Guide 45 If you cl ick on the Sele cted AP(s) but ton, the Access- Points Di alog appears whic h allows you to se lect the APs to which you wa nt to apply the probe se ttings. For the AP y ou want, expand VPN and se lect Probe to make changes to the Probe set tings[...]

  • Página 60

    MANA GING VPNS Opening VPN Defi niti ons 46 Access Po int QVPN Builder User G uide 4 S AVING THE VPN D EFINIT ION W ITH THE S TAND ALONE V ERSI ON When using the standalone version, the Sav e VPN As... dialog windo w sho wn here app ears. Ente r the n ame of t he file to wh ich yo u want to sav e the VP N de fi niti on and click o n the Save butt o[...]

  • Página 61

    . . . . . MANAGI NG VPNS Opening VPN Definition s Access P oint QVPN Build er User Guide 47 O PENIN G THE VPN D EFINITI ON W ITH THE S TAND ALONE V ERSI ON When using t he standalon e version , the Choose the VPN to be opened dial og window shown h ere appears. Select the VPN definition you want to open and cl ick Open to open the VPN defini tion. [...]

  • Página 62

    MANA GING VPNS Removing VPN Defin itions 48 Access Po int QVPN Builder User G uide 4 A CCESS ING L OCKE D F ILE S If the application was not shut down pr operly or if ano ther user is activel y usin g the same VPN definit ion, the S teal the lock? pop-up win dow shown here appe ars. NOTE Y ou sh ould steal th e lock o nly if the ap plicatio n was n[...]

  • Página 63

    . . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 49 R EMOVIN G THE VPN D EFINI TION W ITH THE C LIEN T /S ERVE R V ERSI ON When using t he client/ server ve rsion, to re m ove VPN de finitions: 1 Sele ct File → Remove to dis play the VPN Open dial og box. 2 Select the VPN name you want t o remove and click Rem[...]

  • Página 64

    MANA GING VPNS Using VPN Definit ions 50 Access Po int QVPN Builder User G uide 4 I MPORTING VPN D ATA F ILES Y ou c an im p ort VP N data text fi le s for V PN de finiti ons. T o imp o rt this data , sel ect T ools → Import → VPN T ext File . Y ou create t hese t ext fi les usi ng the format de scribed in the next section . F ORMATTING VPN D A[...]

  • Página 65

    . . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 51 2 The n ext li ne mu st start w ith th e SNMP or ACCESSPOINT keywor d. If the next line is n ot the SNMP l ine, th en the V PN us es th e defa ult SN MP access p arameters. Oth erwise, th ese ru les ap ply to the fiel ds in the SNMP line : - The S NMP V e rs io[...]

  • Página 66

    MANA GING VPNS Using VPN Definit ions 52 Access Po int QVPN Builder User G uide 4 S AMPLE VPN D ATA F ILE This samp le file de fines a VP N with t hree A Ps. # ****** ****** V PN defini tion bloc k begins! * ******* ******** ***** # VPN,Q VPN mame, VPN ID, Use Wildca rd T unnels VPN,Xedi a VPN,ID001,tr ue # SNMP ,SNMP V er sion,Commu nity/User ,Au [...]

  • Página 67

    . . . . . MANAGI NG VPNS V erifying th e Configu r ation Access P oint QVPN Build er User Guide 53 I MPORTING VPN D EFINITI ONS F ROM V ERSI ON 1.1 T o use VPN defi nitions creat ed with V ersion 1.1, you m ust import the VPN defini tions. 1 Sele ct T ools → Impor t → AV 1 . 1 V P N to dis play all VPN file s in the Choose the VPN to be importe[...]

  • Página 68

    MANA GING VPNS Using the VPN Deployment T a bles 54 Access Po int QVPN Builder User G uide 4 Y ou also h ave the optio n of app lying all con figurations to all APs by sel ect- ing All Co nfi gur at ion s . Click on the St a r t button when yo u are finished. If you have n ot saved the VPN definit i on yet, th e appl ic at ion prompt s you to do so[...]

  • Página 69

    . . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 55 Y ou ca n sort t he VPN Deploymen t table in ascen ding or de scendi ng order for a specif ic field by sel ecting the hea der for the field you want. The sort ing toggles between a scending and de scending o rder each ti me you cl ick on the fiel d [...]

  • Página 70

    MANA GING VPNS Using the VPN Deployment T a bles 56 Access Po int QVPN Builder User G uide 4 The window r esembles the f ollowing displa y: T UNNE L , R OUTE , AND IPS EC I NTERF ACE I NFORMA T ION Selecti ng VPN for an AP and the n clic king on the Deployment tab provid es three v iews — T unnels, Rout es, and IPSec I nterf aces: The Tunne l s t[...]

  • Página 71

    . . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 57 The Tunne ls tab re semble s the f ollowi ng dis play : The Routes tab displays the foll owing informat ion: • State — th e rout e ’ s cur rent c onfigu ration s tate (Add — to be added, Current — deployed, Remove — to be removed) • C [...]

  • Página 72

    MANA GING VPNS Mana ging Securi ty Pr ofiles 58 Access Po int QVPN Builder User G uide 4 • Remote Gate way — IP address of th e remote gateway The I PSec In terfa ces tab rese m bles t he foll o wing d ispla y: Y ou can sort VPN Depl oyment tables in a scending or desc ending order for a specif ic field by cli cking on the heade r for the fiel [...]

  • Página 73

    . . . . . MANAGI NG VPNS Managi ng Secu rity Pr ofiles Access P oint QVPN Build er User Guide 59 A DDING S ECURI TY P ROFI LES T o add se curity pr ofiles: 1 Sele ct Edit → Security Profile s to di splay the Secu rity P r o file D ialog window . 2 Click Add to add the new s ecuri ty prof ile. 3 Select <New Secur it y Profil e> from the Prof[...]

  • Página 74

    MANA GING VPNS Mana ging Securi ty Pr ofiles 60 Access Po int QVPN Builder User G uide 4 D ELETING S ECUR ITY P ROFI LES T o delete s ecurity pro files: 1 Sele ct Ed it → Security Pr ofiles to display the Security P rofile Dialog window . 2 Click on t he profile in the Profile Lis t that yo u want to delete a nd click Remove to d elete the pr ofi[...]

  • Página 75

    Access Point QVP N Builder User Gu ide 61 M ANAG I NG Q O S/F IREW ALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P OLICIES The A cces s Poin t syst em (AP ) uses CBQ to provi de fi rewall and Qo S ser - vices by classifying an d scheduling h ow traffic flows throug h the AP . T raffic is c lassi fied by m atch [...]

  • Página 76

    MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 62 Access Po int QVPN Builder User G uide 5 • Supp lies v a lues fo r the p a rame ters fr om the rule se t or the A cces s Point propert ies. The more specificity provided by th e rule, the mor e secure the rul e. Y ou can create , modify , save , and delete rul e sets. [...]

  • Página 77

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 63 The Q oS/Fi rewa ll Rul e S et Ed it or fi el ds are desc ribed in the fo llow ing ta bl e: Save the active rule set Saves th e open rule set. Same as File → Save . Set sele cted rule as a peer t o current p arent Chang e[...]

  • Página 78

    MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 64 Access Po int QVPN Builder User G uide 5 D EFAULT T EMPL ATE R ULE S ET D EFIN ITION AND M ODIFICATI ON When you sel ect File → New in th e R ule S et Edit or , th e cur rent d efaul t tem- plate r ule set is d uplicate d as the curr ent rule set de finition. Th e defa[...]

  • Página 79

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 65 Remember t hat the “ -defa ult ” suffix has special meani ng when applied to a CBQ cl as s on t he AP ( For mo re in form ation about defaul t cl asses , see th e Access Point Confi gur ation Guide ). NOTE These rul es [...]

  • Página 80

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 66 Access Po int QVPN Builder User G uide 5 2 Add the foll owing ru le: AP Allow Shapi ng-d efau lt . Conf igure this rul e before s etting up addit ional rules , so you don ’ t i nadvertentl y prevent acces s to th e AP . Gi ve the ru le the follo w ing fl ow sh ape ac t ion: • Bandwid th [...]

  • Página 81

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 67 NOTE If you ar e modifying a rule set for an AP , m ake sure y ou set parameter val ues so you can pro vide the corr ect values for a specific AP . Refer to “ Settin g Paramete r V alues ” on Page 80 for more in formation. 4 Save the ru le s[...]

  • Página 82

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 68 Access Po int QVPN Builder User G uide 5 • Edit... t o add or cha nge a parameter For Apply p arameters (I nterfac e or Action), choos e one of thes e options: • A valu e as th e parame ter • Edit... t o add or cha nge a parameter NOTE If a parameter d oesn ’ t exist, first you n eed[...]

  • Página 83

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 69 E DITING S OURC E OR D ESTINATION P ARAMETERS When you choos e Edit... from the po p-up menu for sourc e or destinati on parame ters, th e Rule Source Defin ition Dialog or Ru le Destinati on Defi nition Dialog ap pears. The Rule Source Definiti[...]

  • Página 84

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 70 Access Po int QVPN Builder User G uide 5 E DITING S ER VICE P ARAMETERS When you choos e Edit... from th e pop-u p menu for se r- vice p arame ters, th e Rule Classi ficati on Dialog ap pears. Add a new ser vice classi fication by speci fyin g the na me and the c las sifi cati on type (S tat[...]

  • Página 85

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 71 For th e S tatef ul cl assif icati on type , in addi tion t o making i t easy t o creat e a sin - gle cla ss for aggre gating all po ssible p ort pairing s for a well-known service, you can st atefully cla ssify TCP and UDP appli cations. T o do[...]

  • Página 86

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 72 Access Po int QVPN Builder User G uide 5 For the Datalink classif icati on type, add the datal ink ind ex (range list of 16-bit TCI value exp ressed in hex) by fil li ng i n the Add Data link Indices s ect io n and clicki ng Add In dices . A d d the datal ink mas k (ma sk th at is app lied t[...]

  • Página 87

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 73 For the S tatele ss classific ation typ e, add a type by selecting the a ppropriate protocol s and ports a nd clicki ng Add as shown he re. Remove a classif i cation typ e by selec ting the item in the list an d clickin g Remove in the Clas sifi[...]

  • Página 88

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 74 Access Po int QVPN Builder User G uide 5 For in terfa ce para meters , select the In ter- face fi el d yo u want to change , cl ic k on t he right mou se button, and select the appr o- priate value from th e pop-up menu. If you sel ect Edit... , then t he Ru le Set In te rface Associat ion D[...]

  • Página 89

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 75 ify a f orwarding policy for statef ul cla sses, the forwarding pol icy is applie d to the From int erfa ce speci fied in the Rule Set Inter face Dialog box when edit ing the In terfa ce fiel d. T abl e 2 Default Action Profiles and Associat ed [...]

  • Página 90

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 76 Access Po int QVPN Builder User G uide 5 2 Click on t he right mouse but ton and se lect Rename.. . from the pop-u p menu (sa me as se lecti ng Rule → Rename... ). Fill in the new name when p rompted. 3 Click OK to change the name. 4 Save the ru le set by selec t i ng File → Save As. .. [...]

  • Página 91

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Modi fying a Rule Set Access P oint QVPN Build er User Guide 77 R EMOVIN G A R ULE T o remove a rule: 1 Select the rule you wa nt to d elete. 2 Sele ct Rule → De lete (or clic k on the ri ght mouse button and s elect Delete from the pop-up menu) to remove the se lected r ule from the rul e set. 3 Save th[...]

  • Página 92

    MANA GING QOS/ FIREW ALL P OLICIES Modif ying the Default New Ru le Set 78 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open in the QoS/Firewa ll Rule Set Edit or to bring up the Open Rule Set Dia- log box. Select the rule set you want to modify and click Open Rule Set . 3 Modify the rules i n your r ule se t. NOTE If you ar e modify[...]

  • Página 93

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Remo ving a Rule Set Access P oint QVPN Build er User Guide 79 3 Make an y changes t o the rul e set an d select File → Save to use this rul e set as the defau lt new r ule se t. NOTE If yo u decide you want t o us e the ori ginal de fa ul t new ru le set, then sel ect File → Reset T emplate . . . . . [...]

  • Página 94

    MANA GING QOS/ FIREW ALL P OLICIES Setting Para me ter V alues 80 Access Po int QVPN Builder User G uide 5 box is ch ecked by default as shown below . Make su re the Us e VPN Firewa ll Rulese t box is not chec ked if y ou want to use a dif fere nt rule set from the one specifi ed in the VP N Propertie s frame. 3 Click Sel ect Rule Set... to choo s [...]

  • Página 95

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Setting Parameter V alues Access P oint QVPN Build er User Guide 81 the corr ect one, asso ciate the co rrect r ule set with this AP as d escribed in “ Ass ociat ing a R u le Se t ” on Page 79 . 3 A list o f parameters for this rule set app ears in the drop -down list be low the Set AP Parameter b utto[...]

  • Página 96

    MANA GING QOS/ FIREW ALL P OLICIES V erifying the QoS/Fir ewall Polic ies 82 Access Po int QVPN Builder User G uide 5 list a nd clicki ng Edit Over ride or Remove Override . 5 Apply your ch anges t o the QoS/Firewal l Pro perti es and sa ve the defin ition so t ha t thes e QoS / Firew all po licie s are in clud ed as part of your VPN de fi- nition.[...]

  • Página 97

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using t he QoS/F ir ewa ll De ployment T able Access P oint QVPN Build er User Guide 83 Deployme nt table . • Creates or modifies all CBQ classes in the class list. T o apply the QoS/fi rewall poli cies to a ll the APs, sel ect Devic e → Apply and in the App ly Configurat ion pop up that app ears, adju[...]

  • Página 98

    MANA GING QOS/ FIREW ALL P OLICIES Using t he QoS/F ir ewa ll De ployment T able 84 Access Po int QVPN Builder User G uide 5 ures th e class but s ets it to not i n service. • Defi niti on — the d efini tion f o r this c lass • Comment — the c o mment assoc iated with this cl a ss T o display the Def initi on V iew , click on the QoS/Fir ew[...]

  • Página 99

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using Rule S e ts Access P oint QVPN Build er User Guide 85 • Name — the cl as s nam e • Mess age Stat us — the mess age status f or this c lass • State — the c urren t stat e for th is cla ss (Mod ify , Add, Curren t, or Remov e) • C — configur ation • Q — query T o display the Apply/Q[...]

  • Página 100

    MANA GING QOS/ FIREW ALL P OLICIES Using Ru le Sets 86 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open to open t he rule set tha t you want to expor t to a file. 3 Sele ct To o l s → Export to speci fy th e expor t pat h for the expo rt fil e in the followi ng dialog box and cl ick Export . By defaul t, the export fi le is named [...]

  • Página 101

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Specifyin g a Rule Set fo r a VPN Access P oint QVPN Build er User Guide 87 set fi le that you wan t to im port. NOTE Importin g the file ov erwrites the e xisting ru le set or temp late, so make sure you a re overwr iting the cor rect one. 4 Choose the file name and click Import . . . . . . . . . . . . . [...]

  • Página 102

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 88 Access Po int QVPN Builder User G uide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE Q O S/ F IREWALL : E XAMPLES The fol lowing secti ons p rovide ex amples of r eal[...]

  • Página 103

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 89 the conf iguration ensur es that onl y limited s ervices are al lowed onto the LAN and o nly if these se rvice s mat ch a flow p revio usly in itiate d by a n i ntern al cli - ent. This arrangement b oth sec ures the internal LAN,[...]

  • Página 104

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 90 Access Po int QVPN Builder User G uide 5 log box sh own here, and cl ick OK . Change the Src parameter fr om Any to LANHosts by s electing th e Src fiel d, clicki ng on the right mous e button, and sele cting Sele ct... f rom the pop-up men u. Select the LANHosts para m ete [...]

  • Página 105

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 91 in the d ialog box. Add th e http to the Applicat ion List, a nd click OK . Change the Servi ce parameter f rom Any to allo wW eb Acce s s by se lecting the S er - vice fi eld, clicking on the right mouse button, a nd selectin g S[...]

  • Página 106

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 92 Access Po int QVPN Builder User G uide 5 Spec ifying the A ct ion P a ramete r Change the Action parameter from Undefined to P ermit by selecti ng the Action f ield, clicking on the rig ht mouse button , and selecting Pe rmit from the pop-up menu. After sp ecifying th e acti[...]

  • Página 107

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 93 5 Setti ng Pa ramete r V a lues Next , set p a rame te r valu es by s e lectin g the parame ter fo r which you wa nt to spe cify a value from th e dro p-dow n lis t belo w the Set AP Parameter button. Selec t APMg mtSe rvice s fro[...]

  • Página 108

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 94 Access Po int QVPN Builder User G uide 5 of the I nterface Dialo g screens aft er checking the boxes. Once yo u set p aramete r values, the parameter is listed in the Paramet er Override s list. Y ou can edit or re m ove a n override by selecti ng the param- ete r in the P a[...]

  • Página 109

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 95 After maki ng all your changes, cl ick Apply in the upper l eft-hand c orner of the Acces s Point Properti es frame. Save the VPN definition by s electing File → Save or File → Save As... to include these QoS/fire wall poli ci[...]

  • Página 110

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 96 Access Po int QVPN Builder User G uide 5 C ONFIGURING I NTERVENE M ODE Interv ene mode works by r esponding t o the SYN+ACK with an immediate ACK that moves t he connection ou t of the ser ver ’ s backlog qu eue a nd st ar ting a timer . If an ACK d oes not return i n a sp[...]

  • Página 111

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 97 7 Save the ru le set by selec t i ng File → Save As. .. or File → Save . 8 Next, if nece ssary , chan ge the SYN Protect Ti meout value. For the AP you want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure[...]

  • Página 112

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 98 Access Po int QVPN Builder User G uide 5 3 Select the Ser- vice fi eld for the rule you want to change, cl ick on the ri ght m ouse button, an d select Edit... from th e pop-up menu. The Rule Cl assi- ficati on Dial og appe ars. 4 Add a new ser - vice cl assifica- tion by sp[...]

  • Página 113

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 99 want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure t hat the specif ied SYN Prote ct T imeout value is appropriate. The d efaul t inte rval is 30 seco nds. 10 Apply your changes to th e QoS/Firewall Pro per[...]

  • Página 114

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 100 Access Point QVPN Bu ilder User Guide 5 cation Dial og appe ars . 4 For s tateful classificat ion, add a new servi ce classif ication by specifying the name a nd the St ateful classi fication type from the drop-down l ist and clicki ng Add in the New Cl assific ation se cti[...]

  • Página 115

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 101 5 For stat eful classif i cation, clic k ICM P Filt ering in the Appl icati on sectio n t o bring up the ICMP Fi lter - ing dial og box. St atefu l classi fica- tion al lows only replie s (for the Establi shed traf fic class) and [...]

  • Página 116

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 102 Access Point QVPN Bu ilder User Guide 5 3 Click New to add f orwarding policy to the forwar ding pr ofile. Enter t he name of the forwa rding policy and click Apply . 4 Select the policy fr om the Fo rwarding Po licy List for whi ch you want to set for warding acti ons (up [...]

  • Página 117

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 103 • Forward pac kets to next hop — Packets are forwarded to a next hop I P address that must b e reachabl e through a l ocal interfac e. Y ou can ov erride the IP address in the Fo rwarding Policy Actions list or in th e Access [...]

  • Página 118

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 104 Access Point QVPN Bu ilder User Guide 5[...]

  • Página 119

    Access Point QVPN Bu ilder User Guide 105 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG NAT The A cces s Point s ystem (AP) has a N etwo rk Addr ess Transla tor th at pro - vides gl obally-uniq ue, regist ered IP address es for domains using pri vate IP ad dress es to c onnect to the Intern et. Pri vate[...]

  • Página 120

    MANA GING NA T Configur ing General NA T Paramete rs 106 Access Point QVPN Bu ilder User Guide 6 W ith the Bui lder , you can co nfigure NA T by: 1 Configur ing general NA T param eters. 2 Adding the NA T layer . 3 Enabling NA T . 4 Addi ng st a tic bi ndi n gs. 5 Creatin g address tr anslation pools . 6 Configur ing private net works and assoc i a[...]

  • Página 121

    . . . . . MANAGI NG NA T Configu ring Gen eral NA T Parameters Access Point QVPN Bu ilder User Guide 107 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. S PECI FYING M AXIM UM N UMBE R OF S ESSION S T o prevent the AP from being flooded by too many sessio n requests, you ca n configur e the maximum number of sessions that[...]

  • Página 122

    MANA GING NA T Configur ing General NA T Paramete rs 108 Access Point QVPN Bu ilder User Guide 6 A PPLYIN G P ARAM ETERS W ith NA T select ed for the VPN root, y ou can apply t he changes t o either all APs or to s elected APs by selecti ng the appropria te button for Apply Para m e- ters T o... as shown below . If you cl ick on the Sele cted AP(s)[...]

  • Página 123

    . . . . . MANAGI NG NA T Adding the NA T La yer Access Point QVPN Bu ilder User Guide 109 S AVING THE NAT C ONFIGU RATION Save the N A T configuration b y selecting File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DDING THE NA T L AY ER T [...]

  • Página 124

    MANA GING NA T Adding the NAT Layer 11 0 Access Po int QVPN Bu ilder User Gu ide 6 When you cli ck on the Insert NA T ... butto n, the Int erface Dialog box shown belo w appears so you can select t he desire d IP layers. Select the IP layers and click Apply . NOTE Y ou ca n add the NA T layer under an IP Sec ins tance by sele cting an IP i nstance [...]

  • Página 125

    . . . . . MANAGI NG NA T Configurin g S tatic Binding s Access Point QVPN Builder User Guide 111 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. 4 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 126

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 2 Access Po int QVPN Bu ilder User Gu ide 6 3 If you want to remove a stat ic bin din g, selec t the r ow and the n clic k on the - butto n. 4 Click Appl y . 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 127

    . . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 3 C ONFI GU RING B ASIC NAT P OOLS T o configur e pools for Ba sic NA T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Poo[...]

  • Página 128

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 4 Access Po int QVPN Bu ilder User Gu ide 6 C ONFI GU RING NAPT P OOLS T o configur e pools for NAP T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Pool names ca n c[...]

  • Página 129

    . . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 5 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . Once a NAP T pool is d eployed, its paramet ers cannot be modifi ed. T o modify the pool ’ s parameters, yo u must delete the NAP T pool and add anoth[...]

  • Página 130

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 6 Access Po int QVPN Bu ilder User Gu ide 6 4 Y ou can add pri vate IP a ddresses at any time by clicki ng on the Add IP Ranges butto n. Add the IP addr ess range by clicking on th e + button. Select the field t hat you want to change by dou ble-clicking o n the field. Y ou can modify[...]

  • Página 131

    . . . . . MANAGI NG NA T Configurin g Private Network s Access Poin t QVPN Builder User Gu ide 11 7 R EMOVIN G P OOLS T o remove pool s: 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Select the pool that you want to delete f rom the Created Pool s list. NOTE Y ou ca nnot remove pools tha[...]

  • Página 132

    MANA GING NA T Configu ring P rivate Netwo rks 11 8 Access Po int QVPN Bu ilder User Gu ide 6 pools. A sample ent ry is shown her e: 4 If you want t o remov e a pri va te ne twor k, se lect the private net wo rk on the left an d the n clic k Remove . NOTE Removing a private n etwork wi ll only di sassocia te all its po ols. These p ools are no t re[...]

  • Página 133

    . . . . . MANAGI NG NA T Checkin g t he Con figurat i on Access Poin t QVPN Builder User Gu ide 11 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C HECKING THE C ONFIGURATION When you h ave confi gured the stati c bindings , address trans lation pools, [...]

  • Página 134

    MANA GING NA T Deployin g the NA T Configuratio n to All APs 120 Access Point QVPN Bu ilder User Guide 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D EPL OYIN G THE NA T C ONFIGURATION TO A LL AP S When yo u apply t he NA T configur ation to t he VPN [...]

  • Página 135

    . . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 121 Y ou c an vie w the IP laye rs sele cted for NA T in serti on by click ing on t he NA T folder for an AP and selec ting the Deployment tab as shown below: The Deployme nt tab for S tatic Bindings, T ranslat ion Pools, and Private Ne t- works dis plays [...]

  • Página 136

    MANA GING NA T Using the NA T Dep loyment T ab 122 Access Point QVPN Bu ilder User Guide 6 The Deployme nt tab for bindi ngs resembles the fo llowing di splay: For th e transl ation pools configuration: • Pool Name — t he name of t he pool • Range S tart — th e starti ng value for the range • Range En d — the en ding v alue for the ra n[...]

  • Página 137

    . . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 123 • Private Net Addr — the IP address of the private network • Mask — the net work mask for the priv ate network • Associat ed Pool — the pool associat ed with t he private ne twork Note that each private n etwork can have up t o three a ssoc[...]

  • Página 138

    MANA GING NA T Using the NA T Dep loyment T ab 124 Access Point QVPN Bu ilder User Guide 6[...]

  • Página 139

    QVPN Builder User Guide 125 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DVAN CED F EATUR ES OF B UI LDE R This sec tion provides ge neral informati on about mana ging the Access Point QVPN Bui l der applicati on (Bui lder), i ncluding: • Spec ifyin g Pr efere nces • Configur ing Logging • Managing Use r P[...]

  • Página 140

    ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 126 QVPN Builde r User Guide 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S PECIFYING P REFERENCES T o set th e prefe rences for di splaying in formation, sel ect Edit → P references to disp[...]

  • Página 141

    . . . . . ADVAN CED FE ATURES OF BUILDE R Specifyi ng Prefer ences QVPN Builder User Guide 127 set the log displ ay and log fi le st ora ge limi ts . T o display events in cer tain col ors, modify the Log Filte rs section by cl icking Sele ct next to t he color . By def ault, the se verity l evels have these color indic a- tors. By defaul t, all me[...]

  • Página 142

    ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 128 QVPN Builde r User Guide 7 D IRECTORY P REFE RENCE S Y ou n eed s uperu ser pr ivile ge (ro ot) to set dir ect or y pref ere n ces. Set the directory pr eference s to specif y the default path fo r the da tabase/log (standa lone version s ) and export directo ries. T o modify th e path,[...]

  • Página 143

    . . . . . ADVAN CED FE ATURES OF BUILDE R Conf igurin g L ogging QVPN Builder User Guide 129 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONFIGURING L OGGING The Log fr ame (bottom frame of main window) displa ys the time st amp, the severi t y level,[...]

  • Página 144

    ADVA NCED FE ATURE S OF BUILD ER Mana ging User P rofiles 130 QVPN Builde r User Guide 7 E XPOR TING THE L OG T ABLE T O A F ILE Y ou c an ex port th e Log t able to a text fi le by s elect in g T ools → Export → Database Log File to di splay the Choo se the expo rt log fil e name win dow . Enter t he export pat h for t he log file and click Sa[...]

  • Página 145

    . . . . . ADVAN CED FE ATURES OF BUILDE R Managi ng User Profiles QVPN Builder User Guide 131 A DDING U SER P ROFILE S T o add us er profil es: 1 Sele ct Ed it → Users to di splay the User Profiles wi ndow shown here : 2 Click Add to add the user profil e. 3 Repl ace N ew user (in t h e Nam e field ) with the us er name in the User Parame te rs s[...]

  • Página 146

    ADVA NCED FE ATURE S OF BUILD ER Restori ng VPN Dat a bases 132 QVPN Builde r User Guide 7 5 Repeat st eps 2 through 4 for e ach add itional user . 6 Click Done when y ou have finis hed modif ying profiles . D ELETING U SER P ROFIL ES T o delete u ser profiles: 1 Sele ct Ed it → Users... to di splay the Use r Profil es window . 2 Select the user [...]

  • Página 147

    . . . . . ADVAN CED FE ATURES OF BUILDE R Find ing a VPN Name QVPN Builder User Guide 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F INDING A VPN N AME On a S olari s syst em or a P C, yo u can e n ter the finddbna m e comman d at the command lin e [...]

  • Página 148

    ADVA NCED FE ATURE S OF BUILD ER T r oublesh ooting 134 QVPN Builde r User Guide 7[...]

  • Página 149

    QVPN Builder User Guide 135 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NDEX A Acce ss Po int Pr op ertie s HUB Type 41 IKE Keep Alive Update 41 Route Cos t 41 Router Address 41 Security Profile 41 Subnets 41 Acce ss Po in t syst ems adding 28 applying NAT configurat ion to w ith Build er 120 applying QoS/Fir e[...]

  • Página 150

    136 QVPN Builde r User Guide E Evolv ing databa ses 18 F Firew a ll rul es associating a rule set 79 , 92 configuring 66 creating a rule set 66 defini ng a rule set 66 ICMP packets, classifying 99 modify ing a rul e set 66 , 77 removin g a rule set 79 saving a rule set 92 setting 61 setting parameter valu es 80 , 93 SYN floo d protection configurin[...]

  • Página 151

    . . . . . QVPN Builder User Guide 137 specifyi ng number of sess ions 107 specif yin g sessio n tim ers 107 layers adding 109 inserting under all IP Sec in stances 10 9 numb er of sessi ons, sp ecifyi ng 107 priv ate n e twork s, conf igur i n g 117 session timers, specif ying 107 stati c bin dings, co nfigur ing 111 verifying the configuratio n 11[...]

  • Página 152

    138 QVPN Builde r User Guide configuring 95 configuring intervene mode 96 SYN floo d protection, configur i ng monitor mode 97 QVPN Builder adding APs to 28 configu rati on method s 38 data list, exporting to text file 49 Dep loyme nt V iew 53 desc ripti on of f rames Log tabl e 129 QoS/Firewall Dep loyme nt t able 83 VPN Dep loyme nt t able 54 des[...]

  • Página 153

    . . . . . QVPN Builder User Guide 139 operation, verifying 34 shut ting dow n 34 starting 33 usin g 33 rule sets, exporting to a file 85 rule sets, importing 86 security profiles adding 59 deleting 60 managing 58 modify i ng 59 Solaris requirem ents 2 specifying prefer ences 126 directory 128 gene ral 126 logging 12 6 specifying SNMP access 26 star[...]

  • Página 154

    140 QVPN Builde r User Guide installing on (standal one) 6 runnin g online h el p 133 Sola ris req u iremen ts 2 Startu p tasks 16 T Traffi c Status applic ation accessing from QVPN Builder 29 changin g bandwidth al locat ion 31 displaying band w id th allocation 30 displaying band w id th utilization 30 disp laying CBQ tr ee struc ture 30 installi[...]

  • Página 155

    . . . . . QVPN Builder User Guide 141 desc ripti on of 21 Windows NT installing (client/ server) 14 Windows NT, install ing (sta ndalone) 13[...]

  • Página 156

    142 QVPN Builde r User Guide[...]