Avaya VPNmanager Manuals

Manuals and User Guides for Avaya VPNmanager. We have 1 Avaya VPNmanager manual available for free PDF download: Configuration Manual

Avaya VPNmanager Configuration Manual (326 pages)

Release 3.7

Brand: Avaya | Category: Software | Size: 3.14 MB

Table of Contents
5
Issue
15
Preface
15
Vpnmanager Overview
15
What Products Are Covered
15
Intranet and Extranet Support
16
Network-Wide Visibility and Control
16
No Special Consoles Required
16
Secure VPN Configuration
16
Complementary to SNMP Management Tools
17
How this Book Is Organized
17
Related Documentation
17
Using Vpnmanager Help
17
Contacting Technical Support
19
Chapter 1: Overview of Implementation

21
- Components of the Avaya Security Solution
  21
- Security Gateways
  21
- Vpnremote Client Software
  22
- Vpnmanager Software
  22
- Overview of the VPN Management Hierarchy
  23
- Preparing to Configure Your Network
  24
- Security Gateway
  24
- Static Routes
  26
- IP Groups
  26
- Remote Users and User Groups
  26
- Vpn
  26
- Security Policies
  27
- Firewall Policies
  27
- Denial of Service
  27
- Qos
  28
- Voip
  28
- Additional Features
  29
- Nat
  29
- Snmp
  29
- Syslog
  30
- Client IP Address Pooling
  30
- SSL for Directory Server
  30
- Sequence to Configure Your VPN
  30
Chapter 2: Using Vpnmanager

33
- About Vpnmanager Administrators
  33
- Role Based Management
  33
- Log into the Vpnmanager Console
  35
- Add a Policy Server
  35
- Open Domain
  36
- Navigating the Main Window
  36
- File Menu
  37
- Edit Menu
  39
- View Menu
  39
- Tools Menu
  40
- Help Menu
  40
- Toolbar
  40
- VPN View Pane
  42
- Network Diagram View
  42
- Tiled View
  43
- Tree View
  43
- Alarm Monitoring Pane
  44
- Configuration Console Window
  44
- Configuration Console Menu Bar
  45
- File Menu
  45
- Edit Menu
  45
- View Menu
  46
- Tools Menu
  46
- Toolbar
  47
- Contents Pane
  47
- Details Pane
  47
- Update Devices
  47
- Preferences
  48
- General Tab
  48
- Dyna Policy Defaults (User)
  49
- Dyna Policy Defaults (Global)
  49
- Dyna Policy Authentication
  50
- Advanced
  51
- Remote Client
  51
- Alarm/Monitoring
  52
- TEP Policy
  52
Chapter 3: Setting up the Network

55
- New VPN Domain
  55
- Configuring a Security Gateway
  57
- Creating a New Security Gateway
  57
- Using Device Tabs to Configure the Security Gateway
  59
- General Tab
  60
- Memo Tab
  62
- DNS Tab
  63
- Configuring the DNS Tab for Security Gateways at 4.3 or Later
  63
- Configuring the DNS Tab for VSU at Vpnos 4.2 or Earlier
  65
- Interfaces Tab
  66
- Options for IP Addressing for Interface Zones
  70
- Static Addressing
  70
- DHCP Addressing
  70
- Point-To-Point Protocol over Ethernet (Pppoe) Client
  71
- Local DHCP Server
  71
- DHCP Relay
  73
- Static
  73
- Changing Network Interfaces
  73
- Private Port Tab
  76
- Adding an IP Device Configuration
  77
- DHCP Relay
  78
- None
  79
- Device Users Tab
  79
- Network Object Tab
  80
- Routing
  81
- Default Gateway for VPN Traffic (Vpnos 3.X)
  83
- Policies Tab, NAT Services
  85
- About NAT Types for Vpnos 4.31
  85
- Configuring NAT (Vpnos 4.31)
  86
- About NAT Types for Vpnos 3.X
  88
- NAT Applications
  88
- Accessing the Internet from Private Networks
  89
- Setting up VPN with Overlapping Private Addresses
  90
- Using NAT to Support Multiple Gateway Configurations
  92
- Interface for Vpnos 4.2
  93
- Add NAT Rule (Vpnos 4.2 or Earlier)
  94
- Original
  94
- Tunnel NAT Rules
  95
Chapter 4: Configuring IP Groups

97
- About IP Groups
  97
- Creating a New IP Group
  97
- New IP Group
  98
- IP Group - General Tab
  98
- Add IP Group Member
  100
- Configuring an IP Group
  101
- Configuring an IP Group that Connects to an Extranet
  102
- Delete
  103
- Memo
  104
Chapter 5: Configuring Remote Access Users

105
- Default Client Configuration
  105
- Using Dyna-Policy
  106
- Configuring a Global Dyna-Policy
  107
- Dyna-Policy Defaults (User) Tab
  107
- VPN Configuration Files on Remote User's Computer
  108
- Disable Split Tunneling
  108
- Dyna-Policy Defaults (Global) Tab
  108
- Dyna-Policy Authentication Tab
  109
- Local Authentication
  110
- RADIUS Authentication
  110
- LDAP Authentication
  110
- Dynamic Vpns (Vpnos 3.X)
  110
- Remote Client Tab
  111
- Client DNS Resolution Redirection
  111
- Client DNS Resolution Redirection
  112
- Remote Client Inactivity Connection Time-Out (Vpnos 3.X)
  112
- Send Syslog Messages
  112
- Configure a Default CCD with Global Dyna-Policy
  113
- Creating New User Object
  114
- Default User
  115
- About Creating Individual Dynamic-Policy
  115
- User - General Tab
  115
- Memo Tab
  116
- Dyna-Policy Tab
  116
- Actions Tab
  117
- Configuring a Remote User Object
  118
- Information for Vpnremote Client Users
  119
- Using Local Authentication
  120
- Using RADIUS Authentication (Vpnos 3.X and Vpnos 4.31)
  120
- Using LDAP Authentication (Vpnos 3.X Only)
  120
- Using Policy Manager for User Configuration
  120
- Client IP Address Pool Configuration
  120
- Add Client IP Address Pool
  121
- Add Client DNS
  121
- Add Client WINS
  122
- To Configure the Client IP Configuration
  122
- Configuring Client Attributes
  122
- Creating a Message
  122
- Enforce Brand Name
  123
- RADIUS/ACE Services
  124
- Enable RADIUS/ACE
  124
- Settings
  125
- RADIUS Concepts
  125
- The RADIUS Protocol
  126
- Add (RADIUS/ACE Server)
  126
- Authenticating (Secret) Password
  126
- RADIUS Server Data
  126
- To Add a RADIUS Server
  127
Chapter 6: Configuring User Groups

129
- New User Group
  129
- User Group - General Tab
  130
- User Group - Memo Tab
  130
- User Group - Actions Tab
  131
- Configuring a User Group
  131
Chapter 7: Configuring VPN Objects

133
- Types of VPN Objects
  133
- SKIP Vpns
  133
- IKE Vpns
  134
- VPN Packet Processing Modes
  134
- Default VPN Policy
  135
- Creating a New VPN Object
  136
- Creating a Default VPN
  136
- Creating a Designated VPN
  137
- Using the VPN Tabs
  138
- General Tab
  138
- General Tab with IKE
  138
- General Tab with SKIP
  139
- Memo Tab
  139
- Members-Users Tab
  140
- Members-IP Groups Tab
  140
- Security (IKE) Tab
  141
- Pre-Shared Secret
  144
- Security (Ipsec)
  144
- Ipsec Proposals
  145
- Add Ipsec Proposal
  146
- Actions Tab
  148
- VPN Configuration
  148
- Export
  148
- Rekey Site-To-Site VPN
  149
- Rekey
  149
- Advanced VPN Tab
  149
- Configuring a SKIP VPN
  150
- Configuring an IKE VPN
  152
- Enabling CRL Checking
  156
- Exporting a VPN Object to an Extranet
  158
- VPN Object Export Checklist
  159
- Export Procedure
  160
- Importing a VPN Object from an Extranet
  161
- Rekeying a VPN Object
  162
Chapter 8: Establishing Security

163
- Firewall Rules Set up
  163
- Levels of Firewall Policy Management
  163
- Firewall Rules
  164
- Domain Level Firewall Rules
  164
- Device Level Firewall Rules
  166
- Priority of Firewall Rules Versus NAT Rules
  167
- Setting up Firewall Rules for FTP
  167
- FTP and Firewall/Nat Operation
  167
- Security Gateways and FTP
  168
- Firewall Templates
  169
- Predefined Templates
  170
- User Defined Templates
  170
- Services
  172
- Device Group
  173
- Denial of Service
  173
- Voice over IP
  175
- Using the IP Trunking Call Model
  175
- Using the LRQ Required Checkbox of the IP Trunking Call Model
  176
- Using the Gatekeeper Routed Call Model
  178
- Add Gatekeeper Settings
  179
- Qos Policy and Qos Mapping
  180
- Qos Policy
  180
- Qos Mapping
  184
- Packet Filtering
  184
- What Can be Filtered
  185
- Packet Filtering and NAT
  185
- Advanced
  186
- Permit/Deny Non-VPN Traffic Radio Buttons
  186
- Add Packet Filtering Policy
  187
- From/Where
  188
- To Where
  189
- The Filtering Policy in Progress
  189
- Locating this Filtering Policy
  189
- Running the Packet Filtering Policy Wizard
  189
- Running the Policy Manager for Packet Filtering
  190
- Starting and Stopping Filtering Services
  190
- Managing the ACL
  190
- Configuring Advanced Filtering Options
  191
- Marking Packets for Differentiated Services (Qos)
  192
- About Differentiated Services
  193
- How a VSU Marks Packets
  193
- Types of Marking Rules
  194
- How to Create a Packet Marking Rule
  194
- Packet Filtering Firewall
  196
- Add Firewall Policy
  197
Chapter 9: Using Advanced Features

199
- Device Advanced
  199
- Arp
  200
- Path MTU Discovery
  201
- NAT Traversal
  203
- Port for Dyna-Policy Download
  204
- Port for Secure Authentication
  204
- Private IP Address (Vpnos 3.X)
  204
- Send Device Names
  205
- Superuser Password (Vpnos 3.X)
  206
- Tunnel Persistence
  207
- TEP Policy
  209
- Servers
  210
- Add Servers
  210
- Managing the Server List
  211
- Resilient Tunnel
  212
- Tunnel Switching
  213
- Creating a Resilient Tunnel
  214
- Add Resilient Tunnel
  215
- Prerequisites
  215
- Managing the Resilient Tunnel List
  216
- Stopping and Starting Resilient Tunnel Services
  217
- Primary End-Point Service
  217
- Secondary End-Point Service
  217
- Failover TEP
  218
- Configuring Failover TEP
  219
- Advanced Action
  219
- Switch Flash
  220
- Reset Password
  220
- Disable FIPS
  220
- High Availability
  221
- Virtual Addresses
  222
- Advanced Parameters
  222
- Members
  223
- Configuring High Availability
  224
- Creating a High Availability Group
  224
- Updating a High Availability Group Using Update Device
  225
- Deleting a High Availability Group
  225
- Failover
  226
- Failover Reconnect
  229
- Converged Network Analyzer Test Plug
  230
- Keep Alive
  232
- Policy Manager - My Certificates
  234
- About VSU Certificates
  234
- Creating and Installing a Signed Certificate
  235
- Switching Certificates Used by Vpnmanager Console
  237
- Issuer Certificates
  238
- About Issuer Certificates
  238
- Installing an Issuer Certificate
  239
- IKE Certificate Usage
  240
- About Certificate Usage (Exchange)
  241
- Assigning a Target for a Certificate
  241
Chapter 10: Monitoring Your Network

245
- Using SNMP to Monitor the Device
  245
- Adding Admin Users for Snmpv3
  247
- VPN Active Sessions
  247
- Syslog Services
  248
- Add Syslog Policy
  249
- Using Monitor
  250
- Enterprise MIB
  250
- Monitoring Wizard
  250
- Define Custom
  267
- Monitoring Wizard (Presentation)
  268
- Presentation
  268
- Monitoring Alarms
  268
- Alarm Types
  269
- Report Wizard
  270
- Generating the Report
  272
- Device Diagnostics
  273
Chapter 11: Device Management

275
- Using the Management Tab
  275
- Setting up SSH and Telnet
  275
- Changing Device Administrator's Passwords
  276
- Using the Connectivity Tab
  277
- Check Connectivity by Ping
  278
- Check Connectivity by Proxy Ping
  279
- Using the Device Actions Tab
  279
- Update Configuration
  280
- Reset Device Time
  280
- Reboot Device
  280
- Re-Setup Device
  281
- Import Device Configuration
  281
- Ethernet Speed
  282
- Redundancy
  283
- Network Interface Status
  283
- Switching
  284
- Importing and Exporting VPN Configurations to a Device
  284
- Export VPN
  284
- Exporting RADIUS
  285
Chapter 12: Upgrading Firmware and Licenses

287
- Centralized Firmware Management
  287
- Device - Upgrade Tab
  288
- Upgrading a Security Gateway's Firmware
  289
- License
  290
- Encryption Strength
  291
- Remote Access (VSU-100 Only)
  291
Appendix A: Using SSL with Directory Server

293
Appendix B: Firewall Rules Template

297
- General
  297
- Public Zone Firewall Templates
  298
- Private Zone Firewall Templates
  303
- Semi-Private Zone Firewall Templates
  305
- DMZ Zone Firewall Templates
  309
- Management Zone Security
  311
- Converged Network Anaylyzer Template
  311
- Glossary
  313
- Index
  319

Avaya Categories

IP Phone

Telephone Server

Switch Gateway

More Avaya Manuals

Avaya VPNmanager Manuals

Avaya VPNmanager Configuration Manual (326 pages)

Table of Contents

Chapter 1: Overview of Implementation

Chapter 2: Using Vpnmanager

Chapter 3: Setting up the Network

Chapter 4: Configuring IP Groups

Chapter 5: Configuring Remote Access Users

Chapter 6: Configuring User Groups

Chapter 7: Configuring VPN Objects

Chapter 8: Establishing Security

Chapter 9: Using Advanced Features

Chapter 10: Monitoring Your Network

Chapter 11: Device Management

Chapter 12: Upgrading Firmware and Licenses

Appendix A: Using SSL with Directory Server

Appendix B: Firewall Rules Template

Related Products

Avaya Categories