Nortel 200 Technical Configuration Manual
  1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Router
  5. 200 Series
  6. Technical configuration manual

Nortel 200 Technical Configuration Manual

Soho secure remote access solution with nortel vpn gateway vpn router
Hide thumbs Also See for 200:
Table of Contents

Advertisement

Quick Links

Download this manual
Nortel VPN Router, VPN Gateway
Technical Configuration Guide
Engineering
> SOHO Secure Remote Access
Solution with Nortel VPN Gateway
VPN Router 200
Enterprise Solutions Engineering
Document Date: September 2006
Document Version: 1.0

Advertisement

Table of Contents
loading

Related Manuals for Nortel 200

Summary of Contents for Nortel 200

  • Page 1 Nortel VPN Router, VPN Gateway Technical Configuration Guide Engineering > SOHO Secure Remote Access Solution with Nortel VPN Gateway VPN Router 200 Enterprise Solutions Engineering Document Date: September 2006 Document Version: 1.0...

  • Page 2: Soho Secure Ras With Vpn Gateway And Vpn Router V1.0 September

    No part of it shall be disclosed to a third party for any reason except after receiving express written permission from Nortel and only after securing agreement from the third party not to disclose any part of this document. Receipt of this document does not confer any type of license to make, sell or use any device based upon the teachings of the document.
  • Page 3 For further understanding Nortel Enterprise Secure RAS solution, please refer to the “Secure Remote Access Technical Solution Guide” V1.0. The solution guide can be downloaded from: http://www.nortel.com/solutions/security/collateral/secure_remote_access_solution_guide.pdf Note: Nortel VPN Router (NVR or VR) was formerly known as Contivity, and Nortel SSL VPN was formally known as Alteon SSL VPN. _______________________________________________________________________________________________________________________...

  • Page 4: Table Of Contents

    September, 2006 Table of Contents OVERVIEW................................ 5 OVERVIEW................................ 5 ........................5 OMPONENTS VERVIEW 1.1.1 Nortel VPN Gateway ..........................6 1.1.2 Nortel SOHO VPN Router........................7 SOHO SECURE RAS SOLUTION LAB DEMO....................9 ............................9 OPOLOGY ........................10 ARDWARE AND OFTWARE IP A ............................
  • Page 5 Figure 1: SOHO RAS using NVG and NVR200................5 Figure 2: VPN Gateway 3050 ......................6 Figure 3: VPN Gateway 3070 ......................6 Figure 4: VPN Router 200 (VR200) ....................7 Figure 5: LAB Topology ........................9 Figure 6: Console Configuration Parameters ................17 Figure 7: Pinouts of VPN Gateway DB-9 Serial Connector ............

  • Page 6: Overview

    For full information of Nortel Enterprise Secure VPN RAS solutions, please refer to the “Secure Remote Access Technical Solution Guide” V1.0, which can be downloaded from: http://www.nortel.com/solutions/security/collateral/secure_remote_access_solution_guide.pdf Note: Nortel VPN Router (NVR or VR) was formerly known as Contivity, and Nortel SSL VPN was formally known as Alteon SSL VPN. 1.1 Key Components Overview In this section, the RAS solution key components are introduced.

  • Page 7: Nortel Vpn Gateway

    The VPN Gateway removes the ongoing client support and maintenance requirements associated with traditional remote access solutions. With on-the-fly content transformation and seamless applet-based and network-level SSL VPN access, the Nortel VPN Gateway mitigates the need to recode and secure individual applications or deploy redundant extranet infrastructure to "externalize" private applications.

  • Page 8: Nortel Soho Vpn Router

    VPN tunnel. 1.1.2 Nortel SOHO VPN Router The VPN Router 200 series is an affordable all-in-one solution for tying small office and home office locations as well as teleworkers into a secure corporate network.
  • Page 9 VPN Router in a variety of IPSec modes (e.g. branch office or client mode) to best fit an enterprise’s VPN needs. As a member of the VPN Router family, the VPN Router 200 can also participate as an endpoint in VPN Router’s Secure Routing Technology (SRT) framework.

  • Page 10: Soho Secure Ras Solution Lab Demo

    September, 2006 2. SOHO Secure RAS Solution LAB Demo The following lab demo will help Nortel sales force to demonstrate the SOHO Secure RAS solution and Interoperability for customers and channel partners. The demo was successfully tested, and the detailed information of lab topology, setups, configurations and end-to-end test steps are documented in this section.

  • Page 11: Hardware And Software

    SOHO: PC-1 static IP 192.168.1.11/24, gateway 192.168.1.1/24 • Headquarter: NVG Host IP address 192.168.2.13/24, MVP 192.168.2.113, Portal IP 192.168.2.100 • Headquarter: PC-2 static 192.168.2.12/24, gateway 192.168.2.13/24 • Headquarter: BCM200 private LAN-1 interface 192.168.2.40/24, Default gateway 192.168.2.241/24. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 12: Vpn Router 221 Configuration

    Before configuring the NVR221, make sure to reset it to factory default configuration. On PC-1, start IE, and open URL http://192.168.1.1, logon to VR221 with default user ID “admin” and password “setup”. 2.4.1 Factory Default LAN Keep factory default LAN setting on VR221, see below: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 13: Static Fixed Wan Ip And Default Gateway

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.4.2 Static Fixed WAN IP and Default Gateway Go to WAN -> WAN IP, select fixed IP address: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 14: Vpn Ip Policy

    V1.0 September, 2006 2.4.3 VPN IP Policy Go to VPN, select Edit to start BO configuration. Name the BO tunnel. Add local and remote networks in IP policy, and select them. The result is shown below: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 15: Configure Pre-Shared Key And Tunnel Algorithm

    When selecting Encryption and Authentication algorithms, make sure they are compatible with the configuration on the headquarter NVG. In this demo, 3DES/MD5 is used. For complete algorithms supported by VR200, refer to VR200 technical specification in the Appendix. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 16: Advanced Parameter

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.4.5 Advanced Parameter Click “Advanced” button from previous screen shown above and select both Phase1 and Phase2 as shown below. “Apply” the changes. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 17: Default Firewall Policy On Vr221

    In this LAB demo, we used VR221’s factory default firewall and filters without altering. You may define additional rules or modify existing ones, but please exercise extreme caution in doing so. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 18: Vpn Gateway Configuration

    Figure 6: Console Configuration Parameters • A DB-9 male to female serial cable is required. The serial port on the unit is a DCE female DB-9 connector with the following pinouts. Figure 7: Pinouts of VPN Gateway DB-9 Serial Connector _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 19: Initial Setup

    Now, you are ready to use the BBI for NVG configuration. To access the NVG on PC-2, open IE, and access http://192.168.2.13, login with the user ID of “admin” and the password that you input during initial setup. 2.5.5 IKE Profiles IKE profiles are required to configure a BO tunnel _______________________________________________________________________________________________________________________ External Distribution NORTEL...
  • Page 20 Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 Add a new IKE Profile named “ipsec-BO-c221-NVG” _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 21: Configure Ike Profile General Settings

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.5.6 Configure IKE Profile General Settings _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 22: Configure Ip Addresses For The Two End-Points Of The Bo Tunnel

    SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.5.7 Configure IP Addresses for the Two End-Points of the BO Tunnel The remote end-point of the BO tunnel is 192.168.2.241, and local end-point is 192.168.2.100. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 23: Add Remote Network

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.5.8 Add Remote Network The remote network in NVG should be compatible with the “IP Policy” configured on VR221 _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 24: Add Local Network

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.5.9 Add Local Network The local network in NVG should be compatible with the “IP Policy” configured on VR221 _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 25: Configure Shared Secret For The Bo Tunnel

    September, 2006 2.5.10 Configure Shared Secret for the BO Tunnel The shared secret must be exactly the same as configured on the VR221 (boc221nvg). The VR221 requires the secrete password to contain at least 8 characters. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 26: Branch-Office Tunnel Monitoring

    BO tunnel is up and able to pass traffic between the remote and local network. 2.6.1 Check BO Status on VR221 Go to VPN -> SA Monitor, click the “Refresh” button. If the BO is up, it should be displayed in Current IPSec Security Associations as shown below: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 27: Check Bo Status On Nvg

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 4ms, Maximum = 4ms, Average = 4ms Repeat the test on PC-2. Open a command window, and issue the ping command to PC-1. Ping should be successful. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 28: Bcm 200 Configuration

    SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.7 BCM 200 Configuration Connect the T7208 terminal phone to the BCM 4X16 Media Bay Module (MBM). This phone is used for answering incoming calls and making outgoing calls from/to SOHO.

  • Page 29: Default Gateway For Bcm200

    SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.7.2 Default Gateway for BCM200 On PC-2, open IE and access http://192.168.2.40 for the BCM Unified Manager. This will be used for further configuration. 2.7.3 IP Terminals Version _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 30: Ip Terminal Auto Assign Dns

    SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.7.4 IP Terminal Auto Assign DNs By selecting Auto Assign DN, IP phones will be granted phone numbers after registration to the BCM. 2.7.5 IP Phone Features List _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 31: Ip Phone 2004 Configuration

    BCM will assign a DN to the IP phone. Below is a picture of the IP Phone display after a successful registration to the BCM. The assigned DN is 2429. Figure 8: IP Phone Registered with DN 2429 _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 32: Ip Softphone 2050 Configuration

    2.9.1 Install and Configure Softphone 2050 On PC-1 and PC-2, install IP Softphone 2050 software V2, then go to File -> Settings for further configurations. (If you use older version of IP Softphone 2050, please refer to Appendix for installation). _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 33: Configure "Server Type

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 2.9.2 Configure “Server Type” Select Primary Server Type of “BCM”, Server IP of 192.168.2.40 and Port of 7000. See below screenshot: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 34: Ip Softphone 2050 Registering To Bcm

    IP Softphone 2050 V2 on PC-1 will initially connect to its communication server BCM for registration. Once successfully registered, the BCM will assign a DN to the IP Softphone. The following screenshot shows the assigned DN 2428. On PC-2, the IP Softphone 2050 is assigned a DN of 2427 _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 35: Check Ip Phone Status

    The BCM keeps the up-to-date status of its IP phone clients. To check the current status of the IP Phone 2004 and the IP Softphone 2050, go to Service -> IP Telephone -> IP terminals -> Nortel IP Terminals, as shown below: The complete list of active DN can be displayed under “System DNs->...

  • Page 36: End-To-End Phone Calls Over Bo

    FTP file transfer between PC-1 and PC-2 (over BO tunnel) • Make phone calls over BO tunnel during file transferring. FTP Files transferred successfully with zero failure rate 2.11.1 Start FTP Server on PC-2 Figure 9: Start FTP Server on PC-2 _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 37: Start Ftp Client On Pc-1

    226 Closing data connection ftp: 60 bytes received in 0.00Seconds 60000.00Kbytes/sec. ftp> bin 200 Type set to I. ftp> mget * 200 Type set to I. mget capture.zip? y 200 PORT command successful. 150 File status OK ; about to open data connection 226 File transfer successful.

  • Page 38: Ipsec Bo Tunnel Traffic Statistics On Nvg

    Kb/sec. 2.12 Traffic Statistics on NVR200 The traffic statistics in the poll intervals can be displayed on the NVR221. See below for example of TxPkts and RxPkts on the WAN and LAN ports. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 39: Data Capture And Examine

    VR221), and 192.168.2.100 (VPN portal on NVG). See below diagram and refer to the diagram of the “Lab Topology” for complete LAB topology. IPSec BO tunnel VR221 - NVG NVG (portal IP) VR221, WAN 192.168.2.100 192.168.2.241 Figure 10: Two End Points of the VPN Tunnel _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 40: Figure 11: Encapsulating Security Payload

    IPsec. The ESP provides confidentiality and integrity by encrypting data to be protected and placing the encrypted data in the data portion of the IP ESP. See below example of Ethereal examination: Figure 11: Encapsulating Security Payload _______________________________________________________________________________________________________________________ External Distribution NORTEL...
  • Page 41 V1.0 September, 2006 Terminology • BO: Branch Office • BOT: Branch Office Tunnel • NVR221: Nortel VPN Router 221 • NVR251: Nortel VPN Router 251 • DHCP: Dynamic Host Configuration Protocol • DNS: Domain Name System • DSL: Digital Subscribe Line •...

  • Page 42: Reference Documentation

    • Secure VoIP for SOHO & Telecommuter, CS1000 NAT traversal solution TCG. Shangli Lu V1.1 Feb, 2005 • Configuring and Troubleshooting the Contivity 221 VPN Switch V2.5, Nortel NTP • VPN gateway User’s guide V6.0 • VPN Gateway 6.0 BBI application guide for VPN V6.0 •...

  • Page 43: Appendix

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 4. Appendix 4.1 VR200 Series Technical Specifications _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 44: Bcm Serial Cable

    SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 4.2 BCM Serial Cable The following BCM Serial Cable information is extracted from Nortel BCM NTP “BCM200/400 Installation and Maintenance Guide”, Chapter of “ Business Communications Manager System Startup”. _______________________________________________________________________________________________________________________ External Distribution...

  • Page 45: Initializing The Ip Phone 2004

    4.3 Initializing the IP Phone 2004 When the IP Phone 2004 is first powered up, you will see the “Nortel” introduction screen. To begin the initialization process, you must enter a key sequence while the “Nortel” introduction screen appears after powering your IP Phone 2004.

  • Page 46: Configure Ip Softphone 2050 Previous Version

    On PC-1, install IP Softphone 2050 software, then go to Start -> Settings -> Control Panel Right click “i2050 Software Phone Properties” to select “Communication Server” The Communication Server’s IP is 192.168.2.40 and Port is 7000. See below screen: _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 47: Configure "Server Type

    Technical Configuration Guide: SOHO Secure RAS with VPN Gateway and VPN Router V1.0 September, 2006 4.4.2 Configure “Server Type” Select Server Type of “BCM” _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 48: Ip Softphone 2050 Registering To Bcm

    4.4.3 IP Softphone 2050 Registering to BCM IP Softphone 2050 on PC-1 will initial connection to its communication server BCM for registration. Once successfully registered, BCM will assign a DN to the soft-phone. Below screenshot shows the assigned DN 2428. _______________________________________________________________________________________________________________________ External Distribution NORTEL...

  • Page 49: _______________________________________________________________________________________________________________________

    (1-800-466-7835) to learn the telephone number for the nearest Technical Solutions Center. An Express Routing Code (ERC) is available for many Nortel products and services. When you use an ERC, your call is routed to a technical support person who specializes in supporting that product or service. To locate an ERC for your product or service, go to www.nortel.com/erc.

Table of Contents