Packet Filter; Ipsec Vpn - Nortel Secure 4134 Configuration

14 New in this release
•
•
For information on firewall and NAT fundamentals, see
Fundamentals" (page
NAT configuration" (page
Packet filter
With the SR4134, the packet filter feature provides stateless, interface-based
packet filtering as an alternative to the stateful firewall. It also provides IPv6
packet filter functionality to complement the IPv4-only stateful firewall.
The SR4134 packet filter examines each packet on the interface to
determine whether to permit or drop the packet, based on the criteria
specified within user-configured access lists. This control can restrict
network traffic and restrict network use for certain users or devices.
The SR4134 supports three packet filter types; IPv4, IPv6, and MAC. WAN
and chassis Ethernet interfaces only support IPv4 and IPv6 packet filters.
The Module Ethernet interface support IPv4, IPv6, and MAC packet filters
in a slight different implementation.
For information on packet filter fundamentals, see
" (page
(page

IPsec VPN

IPsec can protect packets between hosts, between security gateways (for
example, routers or firewalls), or between hosts and security gateways.
The IPsec-based virtual private network (VPN) operates in the network
layer. Based on the policy defined, it secures individual IP packet. So, it is
transparent to the higher layer applications.
The SR4134 supports two basic types of VPN, each with an associated set
of business requirements:
•
•
For information on IPsec VPN fundamentals, see
(page
(page
Copyright © 2007, Nortel Networks
.
Dynamic NAT
Port Restricted Cone NAT
21). For configuration information, see
37). For configuration information, see
107).
Site-to-Site VPN
Remote access VPN
43). For configuration information, see
117).
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600 01.02 Standard
10.0 3 August 2007
79).
"IPsec VPN configuration"
"Firewall and NAT
"Firewall and
"Packet filter fundamentals
"Packet filter configuration"
"IPsec VPN fundamentals"