Table of Contents
Advertisement
Public Interface
A public interface is one that is used to connect IP Office directly to an xDSL or Internet
router and thereby provide Internet access. (A public LAN is sometimes referred to as a
demilitarized zone.) It is the function of the public interface to secure the Internal LAN
from the Internet. IP Office uses a firewall and NAT functionality to afford the necessary
protection on a public interface. A public interface connection is facilitated by the
following IP Office interface types:
• LAN2
• Logical LAN
• WAN (PPP numbered)
The IP Office product family includes both single and dual interface systems as follows:
Single interface -
Dual interface -
The following table summarizes the feature support for these public interface types:
Feature
Firewall
Logical LAN
LAN2
NAT
NAT
Reverse
Translation
DHCP
Client Mode
H323
IPSec
L2TP
Guidelines
1. DHCP client mode is not supported on the Logical LAN interface
2. DHCP client mode automatically adds a default route for Internet operation
3. RIP is not supported for IP Office secure VPN networking
4. For a PPP numbered WAN link:
a. QOS is applied to VOIP traffic destined for VPN tunnel traffic before the
b. A minimum bandwidth of between 1-2 Mbps is required for the link between the
c. Do not run Multilink / QOS or IPHC on a WAN link that is passing VPN traffic.
d. The QoS characteristics of IPO VoIP implementation is shown below:
IP Office (R3.0) Virtual Private Networking
40DHB0002UKER Issue 3 (4th February 2005)
IP403 and IP406: For single LAN systems a Logical LAN must be
used for the configuration of the public interface.
IP 412 and IP Office Small Office Edition (IPSOE): For dual LAN
systems the physical LAN2 interface is available and should be
used as the public (external) LAN interface.
√
√
√
X
√
√
√
X
X
√
√
√
√
x
x
√
x
x
√
√
√
√
√
√
√
√
√
encryption stage.
two systems is recommended.
Description
Voice UDP port numbers range
Signalling TCP port number
DSCP (TOS/Diffserv) value
Overview of Secure VPN Implementation - Page 17
Description
√
IP Office Integral Firewall
For single LAN systems a Logical LAN is a secondary
X
interface which is created on the physical LAN1
interface.
√
The LAN2 is a second physical Ethernet interface.
NAT allows multiple devices to communicate using a
√
single IP address.
The function that allows an unknown incoming IP
√
session to be mapped to a local internal LAN IP address.
IP Office can automatically obtain an IP address from a
DHCP server and add the IP address to the interface.
√
This function is not supported on a Logical LAN
interface.
√
Originate or terminate H323.
√
Originate or terminate IPSec.
√
Originate or terminate L2TP.
Overview of Secure VPN Implementation - Page 17
Value
OxC000 to 0xCFFF
1720
OXB8
Typical VPN Deployment
Advertisement
Chapters
Table of Contents
