Nortel BSR222 Configuration page 235
Business secure router
Hide thumbs
Also See for BSR222:
- Fundamentals (42 pages) ,
- Overview (72 pages) ,
- User manual (349 pages)
Table of Contents
Advertisement
Table 57 VPN Branch Office — IP Policy
Label
Protocol
Port
Remote
Address Type
Starting IP Address
Description
Enter a number to specify what type of traffic is allowed to go
through the VPN tunnel that is built using this IP policy. Use 1 for
ICMP, 6 for TCP, 17 for UDP, and so on. 0 is the default and
signifies any protocol. For example, if you select 1 (ICMP), only
ICMP packets can go through the tunnel.
If you specify a protocol other than 1 (ICMP) or 0 (any protocol),
you cannot use the control ping feature.
If you set this field to 6 (TCP) or 17 (UDP), you can use the Port
field to specify the port number of the allowed traffic.
This field is available when you set the Protocol field to 6 (TCP) or
17 (UDP). Use this field to specify the port number of the traffic
that is allowed to go through the VPN tunnel that is built using this
IP policy.
The default is 0 and it signifies any port. Type a port number from
0 to 65535. Some of the most common IP ports are: 21, FTP; 53,
DNS; 23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Do this if you want to allow only traffic of a particular port number
to go through the VPN tunnel. For example, if you only wanted to
allow FTP traffic to go through the VPN tunnel, specify 6 (TCP) in
the Protocol field and 21 (FTP) in the Port field.
Remote IP addresses must be static and correspond to the remote
VPN switch's configured local IP addresses. The remote fields do
not apply when the Secure Gateway Address field is configured
to 0.0.0.0. In this case, only the remote VPN switch can initiate the
VPN.
Two active SAs cannot have the local and remote IP addresses
both the same. You can configure multiple SAs between the same
local and remote IP addresses, as long as only one is active at any
time.
Two IP policies can have the same local or remote IP address, but
not both.
Use the drop-down menu to choose Single Address, Range
Address, or Subnet Address. Select Single Address for a single
IP address. Select Range Address for a specific range of IP
addresses. Select Subnet Address to specify IP addresses on a
network by their subnet mask.
When the Address Type field is configured to Single Address,
enter a (static) IP address on the LAN behind your Business
Secure Router. When the Address Type field is configured to
Range Address, enter the beginning (static) IP address, in a
range of computers on your LAN behind your Business Secure
Router. When the Address Type field is configured to Subnet
Address, this is a (static) IP address on the LAN behind your
Business Secure Router.
Nortel Business Secure Router 222 Configuration — Basics
Chapter 13 VPN 235
Advertisement
Table of Contents
Troubleshooting
