User Services - Nortel Contivity Secure IP Services Gateway 4600 Owner's Manual

direction. The administrator may use any of the pre-defined Rules or create
custom Rules to be included in each Filter.
Status Functions: to view the switch configuration, routing tables, active
sessions, use Gets to view Simple Network Management Protocol (SNMP)
Management Information Base (MIB) II statistics, usage graphs, health,
temperature, memory status, voltage, packet statistics, and review accounting
logs.
Manage the Switch: to log off users, shut down or reset the switch, disable
or enable audible alarms, manually back up switch configurations, restore
switch configurations, create a recovery diskette, etc.
A complete description of all the management and configuration capabilities of the
Contivity Extranet switch can be found in the Contivity Extranet Switch Administrator's
Guide and in the online help for the switch.
2.4.2

User Services

An administrator (who has manage users rights) assigns each User a name and a User
Group. The User Group defines access limitations and services that the User may
exercise, including access hours, call admission priority, forwarding priority, number of
simultaneous logins, maximum password age, minimum password length, whether
passwords may contain only alphabetic characters, whether static Internet Protocol (IP)
addresses are assigned, idle timeout, forced logoff for timeout, filters, whether
Internetwork Packet Exchange (IPX) is allowed.
The administrator also assigns each User separate User IDs and passwords for the
following services: IPSec, PPTP, L2TP, and L2F tunnels. (A fifth ID and password may
be assigned for Administration of the switch as described in 2.4.1.) The User may then
authenticate as necessary to initiate secure tunnels using any of these services.
IPSec: Requires authentication through User Name and Password
(checked against a Lightweight Directory Access Protocol (LDAP)
directory or using AXENT or a SecureID token). This authenticates
the User to the switch and is protected using Internet Security
Association and Key Management Protocol (ISAKMP). The Switch
may be configured to additionally require authentication through
RADIUS with a Group Name and Password. Security options for
IPSec include using an Encapsulated Security Payload (ESP) with
Triple-DES, Data Encryption Standard (DES), or "40-bit DES", and an
Authentication Header (AH) with Message Authentication Code
Secure Hash Algorithm (HMAC-SHA) or HMAC-MD5. When
operating the device in a FIPS 140-1 compliant manner, only the
Triple DES ESP, DES ESP, and HMAC-SHA AH may be enabled.
PPTP: Requires authentication using the Microsoft Challenge
Handshake Authentication Protocol (MS-CHAP), Challenge
Handshake Authentication Protocol (CHAP), or Password
12