Preface This Quick Start Guide provides instructions for installing and configuring your Nortel Business Secure Router 222 as an Office Gateway for your network. After completing this guide, you can access the Internet securely through your Nortel Business Secure Router 222. Before you begin This Quick Start Guide is intended for network managers who are installing the Nortel Business Secure Router 222 for the first time.
ENET PPPoA PPPoE TCP/IP Related publications For more information about using the Nortel Business Secure Router 222, refer to the following publication: • Configuring and Troubleshooting the Nortel Business Secure Router 222 (317517-A) NN47922-301 domain name server Ethernet Internet Protocol Internet Service Provider local area network logical link control...
Hard-copy technical manuals You can print selected technical manuals and release notes free, directly from the Internet. Go to www.nortel.com/documentation. Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use *Adobe Reader* to open the manuals and release notes, search for the sections you need, and print them on most standard printers.
AC Power Adapter Specifications Use only power supplies listed in the user instructions. Phihong, Model PSA21R-180 Note: Not to remove the plug and plug into a wall outlet by itself; always attach the plug to the power supply first before insert into the wall. Leader, Model MU18-2180100-XX (XX can be A1, A2, A3, B2 or C5 for the different plugs used) NN47922-301...
Chapter 1 Introducing the Business Secure Router The Nortel Business Secure Router 222 is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating Network Address Translation (NAT), firewall and Virtual Private Network (VPN) capability, the Nortel Business Secure Router 222 is a complete security solution that protects your Intranet and efficiently manages data traffic on your network.
Page 12
12 Chapter 1 Introducing the Business Secure Router NN47922-301...
Chapter 2 Hardware installation Caution: To keep the Business Secure Router operating at optimal internal temperature, keep the bottom, sides, and rear clear of obstructions and away from the exhaust of other equipment. Caution: AC Power Adapter Specifications Only use the approved Phihong Model PSA21R-180 power supply with this device.
2.1 Front panel Table 2 Front panel details LABEL Step 1: 1-4 Step 2 NN47922-301 DESCRIPTION Connect a computer to one of these ports with an Ethernet cable. These ports are auto-negotiating (can connect at 10 or 100Mb/s) and auto-sensing (automatically adjusts to the type of Ethernet cable you use, straight-through or crossover).
2.2 Rear panel Table 3 Rear panel details LABEL DESCRIPTION Step 3 Connect the included power adaptor (use only this adapter) to this power socket. POWER After you have made the connections, connect the power cable to a power supply and look at the front panel LEDs.
Chapter 3 Setting up your computer IP address The BSR222 is already set up to assign your computer an IP address. Use this section to set up your computer to receive an IP address or assign it a static IP address in the 192.168.1.34 to 192.168.1.254 range with a subnet mask of...
Page 18
Nortel recommends that you do not use a static IP address in the same range as the Business Secure Router DHCP server address pool (192.168.1.2 to 192.168.1.33 by default). Click Advanced. Remove any previously installed gateways in the IP Settings tab and click OK to go back to the Internet Protocol TCP/IP Properties screen.
Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). If you know your DNS server IP addresses, click Use the following DNS server addresses, and type them in the Preferred DNS server and Alternate DNS server fields.
Page 20
20 Chapter 3 Setting up your computer IP address NN47922-301...
Chapter 4 Configuring your Business Secure Router Choose one of these methods to access and configure the Business Secure Router. This guide shows you how to use the WebGUI wizard only. See Nortel Business Secure Router 222 Configuration — Basics (NN47922-500) and Nortel Business Secure Router 222 Configuration —...
Page 22
22 Chapter 4 Configuring your Business Secure Router Nortel recommends you change the default password! Enter a new password, retype it to confirm it and click Apply. Alternatively click Ignore to proceed to the main menu if you do not want to change the password now. NN47922-301...
Page 23
Click Apply in the Replace Factory Default Certificate screen to create a certificate using your Business Secure Router MAC address, which will be specific to this device. The WebGUI MAIN MENU screen appears. • Select WIZARD if you want help configuring your Business Secure Router for the first time.
24 Chapter 4 Configuring your Business Secure Router 4.2 Using the wizard to configure for internet access Select WIZARD to display the first wizard screen. NN47922-301...
Page 25
System Name is for identification purposes. Enter the name of your computer in the System Name field, to easily identify your computer. The Domain Name entry defines the domain name that is passed on to the DHCP clients on the LAN. If you leave this field blank, the domain name obtained by DHCP from the ISP is used.
26 Chapter 4 Configuring your Business Secure Router Internet connection with ethernet This variation is shown when the WAN port is used as a regular Ethernet. Choose either Standard or a Road Runner ISP version. You need your User Name, Password and Login Server IP Address for some Road Runner ISP versions.
Chapter 4 Configuring your Business Secure Router 27 Internet connection with PPPoE Point-to-Point Protocol over Ethernet (PPPoE) also functions as a dial-up connection. Therefore, you also need a username and password and possibly the PPPoE service name (from ISP). Select Nailed-Up Connection when you want your connection active all the time. The Business Secure Router tries to bring up the connection automatically if it is disconnected.
28 Chapter 4 Configuring your Business Secure Router Internet connection with PPTP Choose PPTP if your service provider uses a DSL terminator with PPTP log on. The Business Secure Router must have a static IP address in this case. You need a log on name, associated password, the PPTP server IP address, and a connection Type the subnet mask assigned to you by your ISP (if given).
Chapter 4 Configuring your Business Secure Router 29 Click Next to continue. Fill in the fields and click Finish to save and complete the wizard setup. WAN IP address assignment Select Get automatically from ISP if your ISP did not assign you a fixed IP address.
30 Chapter 4 Configuring your Business Secure Router System DNS servers Select From ISP if your ISP dynamically assigns DNS server information (and the Business Secure Router's WAN IP address). The right field displays the (read-only) DNS server IP address that the ISP assigns. If you chose From ISP, but the Business Secure Router has a fixed WAN IP address, From ISP changes to None after you click Apply.
Chapter 5 User Notes General Notes There are some router functions that, although performing as expected, might cause some confusion. These are summarized below. General Default Address Mapping Rules When First Enable NAT Full Feature. When NAT Full Feature is first enabled, two address mapping rules are added to the address mapping table.
Clicking Sound The Business Secure Router will click once every two minutes until an ADSL line is connected. Firewall Address Range Validation In the firewall rules, the router does not confirm when given an address range, that the second address is higher than the first. If this type of address range is entered, the range is ignored.
Page 33
If a VPN Client user account is de-activated, deleted, or changed, and that user is currently connected, the connection is not automatically dropped. To drop the connection, the administrator needs to disconnect the user using the 'Disconnect' function in the VPN/SA Monitor GUI. This is consistent with other Nortel Contivity products.
When defining a Client Termination account for another Business Secure Router that will connect using Contivity Client Emulation, the following configuration is required: • Encryption must be Triple DES with SHA1 integrity, or Triple DES with MD5 integrity. • IKE Encryption must be Triple DES with Diffie-Hellman Group 2. •...
Both RIP-1 and RIP-2 Advanced Router Configuration The following notes are intended to help with advanced router configuration. Setting up the router when the system has a server If you are using a Full-Feature NAT configuration, first, do the following... In SUA/NAT / Address Mapping, add a 'Server' rule, specifying the 'Public' IP address of the server.
Repeat these steps at the other end of the branch. Note: If VPN Client Termination is used on these sites, the client termination address range will need to be included in the tunnel policies in order for the VPN clients to see the other site. Adding IP telephony to a multi-site network Scenario 1: A BCM50 in the primary site acting as the gateway for both sites...
Create a tunnel between the sites, as described above. Create an H.323 trunk between the BCM50s, as per the BCM50 User Guide. Configuring the router to act as a Nortel VPN Server (Client Termination) Under VPN / Client Termination, Enable Client Termination. b Select authentication type and the encryption algorithms supported.
Note: In DHCP Server mode, the BCM50 IP address will be the lowest address in the pool. Create the appropriate Firewall rules to add BCM50 access. Go to FIREWALL / Summary, and create two WAN-to-LAN firewall rules: One rule allowing access from allowed remote computer IP addresses, to the BCM50 IP address, for service type HTTPS(TCP:443) One rule allowing access from allowed remote computer IP addresses, to the BCM50 IP address, for custom port TCP:5989...
Determine your actual WAN up-stream bandwidth by connecting to a web site such as http://myvoipspeed.visualware.com/. On BANDWIDTH MANAGEMENT / Summary, activate WAN bandwidth management, and fill in your actual uplink speed in the WAN Speed field.. On BANDWIDTH MANAGEMENT / Class Setup, add a WAN subclass, and reserve sufficient bandwidth based on the number of telephones, for Protocol ID 17 (UDP Traffic).
Business Secure Router and a Cisco router, the following configuration rules should be followed: Ensure that the WAN IP of the BSR222/252 router and the Cisco router are not in the same subnet. Configure the connection to use DES Encryption and MD5 Authentication.
Chapter 6 Troubleshooting Problem: None of the LEDs turn on when you turn on the Business Secure Router Make sure that you have the correct power adapter connected to the Business Secure Router and that it is plugged in to an appropriate power source. Check all cable connections.
42 Chapter 6 Troubleshooting Problem: You cannot get a WAN IP address from the ISP The WAN IP is provided after the ISP verifies the MAC address, hostname or user Find out the verification method used by your ISP and configure the corresponding fields.