Configuring Control Tunnels - Nortel Contivity 1100 Configuration Manual

Chapter 7

Configuring control tunnels

Control tunnels are special tunnels that allow you to securely manage a Nortel
VPN Router over the Internet. The primary reasons for creating control tunnels
are secure management and network data integrity. Control tunnels provide secure
access to a customer's remote Nortel VPN Router so that you can manage it over a
network. Control tunnels also guarantee that no data from the network behind that
customer's Nortel VPN Router could be accessed by anyone on the network who
manages the Nortel VPN Router.
You can allow access to FTP, DHCP, RADIUS, and DNS servers from the Nortel
VPN Router through the control tunnel. Control tunnels allow you to easily
configure secure tunnels to any Nortel VPN Router that you want to manage. This
allows you to set up an encrypted tunnel to a customer's Nortel VPN Router.
Through that tunnel you can perform all the necessary management tasks, such as
HTTP, FTP, SNMP, and Telnet.
Figure 27 on page 138
where a central VPN server can control several VPN devices and configure
services, such as RADIUS, FTP backup, SNMP Traps through Web client
management, or Telnet.
Note: To establish a control tunnel over a NAT connection, use
IPSec-capable NAT. Control tunnels cannot establish a connection while
the Nortel VPN Router Stateful Firewall is enabled when you use the
Autodetect IPSec-capable NAT feature.
shows a sample branch office control tunnel environment
Nortel VPN Router Configuration — Basic Features
137