Avaya VSU 7500 User Manual
  1. Manuals
  2. Brands
  3. Avaya Manuals
  4. Gateway
  5. VSU 7500
  6. User manual
Avaya VSU 7500 User Manual

Avaya VSU 7500 User Manual

Vpnware service unit
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
VSU-7500
VPNware Service Unit

User Guide

VPNet Technologies, Inc.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VSU 7500 and is the answer not in the manual?

Questions and answers

Related Manuals for Avaya VSU 7500

Summary of Contents for Avaya VSU 7500

  • Page 1: User Guide

    VSU-7500 VPNware Service Unit User Guide VPNet Technologies, Inc.
  • Page 2 VSU-7500 User Guide Licenses, Warranties, Copyrights, and Trademarks THE SPECIFICATIONS REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

  • Page 3: Limited Warranty

    VSU-7500 User Guide Limited Warranty Hardware VPNet Technologies, Inc. (“VPNet”) warrants that for a period of one (1) year from the date of shipment from VPNet that the Hardware will be free from defects in material and workmanship under normal use. This limited warranty extends only to Customer as the original purchaser. Customer’s exclusive remedy and the entire liability of VPNet and its suppliers under this limited warranty will be, at VPNet or its service center's option, repair or replacement within ten (10) business days or refund of the Hardware if returned to the party supplying the Hardware to Customer, freight and...
  • Page 4 VSU-7500 User Guide LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE PRODUCT EVEN IF VPNET OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall VPNet’s or its suppliers’ liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by the Customer.

  • Page 5: Table Of Contents

    Table of Contents Preface How This Guide Is Organized ......... i Change History.
  • Page 6 APPENDIX A Specifications APPENDIX B 10/100BASE-T UTP Crossover Cable Pinouts Glossary VSU Acronyms VSU-7500 User Guide...

  • Page 7: How This Guide Is Organized

    Preface This user guide provides installation and configuration information for the VSU-7500 VPN Service Unit (VSU). How This Guide Is Organized Chapter 1, Introduction, includes a functional overview of the VSU-7500 and its major components along with site requirements for safe installation and operation of the VSU-7500.

  • Page 8: Change History

    Change History Product Registration To register the VSU-7500, navigate to Wide Web. Contacting Technical Support Technical support is available to registered users of the VSU-7500. • • • • Version Date Changes 09-0045-01 August 2000 Initial Release 09-0045-02 January 2001 Chapter 3 - Modified VSU Quick Setup section, Added FIPS Mode and General Firmware Upgrade Imformation...

  • Page 9: Introduction

    Chapter 1 Introduction Functional Overview The VSU-7500 is a high-availability VPN gateway for large-scale, business- critical virtual private networks (VPNs). Designed to provide the high capacity, high availability, and fail-over protection required by enterprise and service provider networks, the VSU-7500 offers extensive fail-over and switch-over support of redundant Ethernet interfaces, encryption processors, power supplies, and cooling fans.

  • Page 10: Plug-And-Play Installation

    VSU-7500 User Guide and SKIP key management, Network Address Translation (NAT), routing, and packet filtering. Security The VSU-7500 provides data stream privacy by employing cryptographic algorithms and keys powerful enough for the most sensitive business communications. It supports DES and Triple DES encryption, as well as the ISAKMP and SKIP key management standards.

  • Page 11: Vsu-7500 Components

    VSU-7500 User Guide VSU-7500 Components Each of the major VSU-7500 components are shown in Figures 1-1 and 1-2 and described in Table 1-1. Figure 1-1 Figure 1-2 Introduction VSU-7500 Front Panel VSU-7500 Back Panel...

  • Page 12: Redundant Power Supplies

    Table 1-1 Redundant Power Supplies The VSU-7500 includes redundant power supply modules. If one fails, the second power supply instantly takes over, without disrupting the operation of the unit. Concurrently, an audible alarm sounds, the green status LED indicator on the power supply subsystem goes off, and an error message is sent to the console port.
  • Page 13 VSU-7500 User Guide Both cooling fans are hot-swappable and can be replaced without powering down the VSU-7500. Refer to Chapter 4, Troubleshooting, for instructions on replacing a defective cooling fan. Redundant Ethernet Ports The VSU-7500 includes two dual-port 10/100BASE-T Ethernet cards, with one card designated as the primary interface module and the second card designated as the secondary interface module.

  • Page 14: General Site Requirements

    General Site Requirements This section describes the requirements your site must meet for safe installation and operation of your system. Ensure that your site is properly prepared before beginning installation. Environmental Requirements The VSU-7500 is intended for use in a normal office environment. For more extreme conditions, verify that temperature, humidity, and power conditions meet the specifications indicated in Table 1-2.

  • Page 15: Required Equipment

    VSU-7500 User Guide Required Equipment The VSU-7500 shipping carton should contain: To install and use the VSU-7500 in a typical network, the customer must supply: • • • • • Configuring Equipment Racks The VSU-7500 can be placed on a desktop or shelf or mounted in a standard 19-inch equipment rack.
  • Page 16 The following information will help you plan an acceptable equipment rack configuration. • • • Instructions for rack mounting are provided in the section “Rackmount Installation” on page 2-2. Enclosed racks must have adequate ventilation. Ensure that the rack is not overly congested because each unit generates heat.

  • Page 17: Chapter 2 Installing The

    Chapter 2 Installing the VSU-7500 This chapter provides instructions for the following: • • • Installing the Power Supply Modules The VSU-7500 power supply modules are shipped outside the unit. To install the power supply modules, refer to Figure 2-1 and perform the following steps: Installing the VSU-7500 Installing the Power Supply Modules (page 2-1) Rackmount Installation (page 2-2)

  • Page 18: Rackmount Installation

    Figure 2-1 Rackmount Installation The VSU-7500 ships with a VSU rackmount bracket kit, which includes two L-shaped brackets that attach to the sides of the VSU-7500 and to the front of a standard 19-inch equipment rack. Referring to Figure 2-2, perform the following procedure to install the VSU-7500 to a standard 19-inch equipment rack: Spring-loaded retaining locks Slide the power supply into its slot and press...
  • Page 19 VSU-7500 User Guide Figure 2-2 Installing the Rackmount Brackets Installing the VSU-7500...

  • Page 20: Connecting The Vsu-7500 To The Network

    Connecting the VSU-7500 to the Network Figure 2-3 shows a typical network using the VSU-7500. Primary Private Port Figure 2-3 Private LAN Hub, Switch, Router VSU-7500 Primary Public Port Router Public Network Typical VSU-7500 Hardware Installation VSU-7500 User Guide Secondary Private Port Secondary Public Port Installing the VSU-7500...
  • Page 21 VSU-7500 User Guide The VSU-7500 frontpanel is shown in Figure 2-4. Connect UTP Crossover Cables between the VSU-7500 Public Ports and the Router Connect Standard UTP Cables between the VSU-7500 Private Ports and the Private LAN Figure 2-4 The auxiliary port on the VSU-7500 is used for factory testing only and has no function in normal operation.
  • Page 22 All interface Ethernet ports are 10/100BASE-T compliant host ports. They accept category 3, 4, or 5 UTP cabling terminated in an RJ-45 connector per IEEE 802.3 requirements for 10/100BASE-T. The Ethernet ports do not provide a cross-over function; therefore cross-over cables (provided with the unit) are required when connecting the VSU-7500 public ports to a router, switch or hub on the public side of the LAN.

  • Page 23: Preparing The Vsu-7500 For Configuration

    Chapter 3 Preparing the VSU-7500 for Configuration Preparation Before the VSU-7500 can be incorporated into a Virtual Private Network (VPN), it must be configured through the VPNmanager. However, to enable communication between the VPNmanager and the VSU-7500, you must first assign an IP address, subnet mask, and default route to the VSU-7500.
  • Page 24 • • • • • When the VSU-7500 is powered on for the first time, the terminal screen should display the initial power on bootup screen shown in Figure 3-1. The SuperUser name. This is the name that is authorized to perform any kind of configuration request on a VSU.
  • Page 25 VSU-7500 User Guide Figure 3-1 Preparing the VSU-7500 for Configuration VPNet Service Unit Model XXXX 3DES ENCRYPTION Runtime System version x.x.xx, x/xx/2000 Copyright (C) 1996-2000 VPNet Technologies, Inc. All Rights Reserved. -- Month Day 2000, 17:06:01 --ethernet0: MAC Address 00:60:a1:00:23:f9 ethernet1: MAC Address 00:60:a1:00:23:fa ethernet2: MAC Address 00:60:a1:00:16:9a ethernet3: MAC Address 00:60:a1:00:16:9b...
  • Page 26 Preconfigure the VSU-7500 to communicate with the VPNmanager using the Quick Setup menu selection as described below: From the Main Menu, select 5) Quick Setup. VPNet Technologies - VSU XXXX- Main Menu 1) Configuration 2) Statistics 3) Utilities 4) Logout 5) Quick Setup Your choice [1-5]: 5 You will be prompted for the information required to set up the VSU.
  • Page 27 VSU-7500 User Guide Preparing the VSU-7500 for Configuration To prevent unauthorized users from accessing the VSU-7500 through the console port, enter and confirm the new VSU console password. VSU Console password may be up to 31 characters. Enter new VSU console password: ****** Confirm new VSU console password: ****** CAUTION: Do not forget this password.
  • Page 28 Non-VPN traffic mode: non-VPN traffic is currently forwarded. Non-VPN Traffic Configuration Menu 1) Permit all non-VPN traffic 2) Deny IP non-VPN traffic only 3) Deny all non-VPN traffic P) Previous menu Your choice [1-3]: Select a traffic mode from the Traffic Configuration Menu. Permit all non-VPN traffic - When checked (default), all non VPN traffic is allowed to pass through the VSU.
  • Page 29 VSU-7500 User Guide Preparing the VSU-7500 for Configuration Enter the current date and time. Date: 3-9-2000 Enter date [MM-DD-YYYY]: Time: 13:51:53 Enter time [HH:MM:SS]: This date and time setting are primarily used to ensure accurate timestamps when logging events. When changing either the date or time, all three parts of the date (MM-DD-YYYY) or time (HH:MM:SS) must be entered.

  • Page 30: Fips Mode

    FIPS Mode FIPS (Federal Information Processing Standards) Mode forces the VSU to operate in a FIPS 140-1 Level 2 compliant mode. It is recommended that this mode only be used if your organization’s policy requires FIPS 140-1 Level 2 certification for cryptographic devices. Note that in the FIPS mode (as dictated by the FIPS 140-1 requirements specification), the following are NOT supported: •...

  • Page 31: Troubleshooting

    Chapter 4 Troubleshooting This chapter includes troubleshooting and replacement procedures for the VSU-7500 power supply modules, cooling fans, and dual-port Ethernet modules. Power Supply The VSU-7500 includes redundant power supply modules. If one fails, the second power supply instantly takes over, without disrupting the operation of the unit.

  • Page 32: Power Supply Removal And Replacement

    Power Supply Removal and Replacement Referring to Figure 4-1, perform the following steps to replace the defective power supply module: WARNING: Do not insert any object into the power supply slot, such as fingers, tools, etc., as dangerous voltages exist on the connectors. Figure 4-1 Locate the defective power supply module.
  • Page 33 VSU-7500 User Guide Alternate Power Supply Removal and Replacement Referring to Figure 4-2, perform the following steps to replace the defective power supply module: Figure 4-2 WARNING: Do not insert any object into the power supply slot, such as fingers, tools, etc., as dangerous voltages exist on the connectors.

  • Page 34: Cooling Fans

    Cooling Fans The VSU-7500 includes two cooling fans on the rear panel. If one fails, the second fan will continued to provide sufficient air circulation to the VSU-7500, until the defective fan can be replaced. Each of the two cooling fans are hot-swappable and can be replaced without powering down the VSU-7500.

  • Page 35: Ethernet Interface Modules

    VSU-7500 User Guide Ethernet Interface Modules The VSU-7500 includes two dual-port 10/100BASE-T Ethernet cards, with one card designated as the primary interface module and the second card designated as the secondary interface module. The public and private interface ports are paired on a single card.

  • Page 36: Fault Indication

    VSU-7500 User Guide Fault Indication If either of the primary interface ports fail, an error message is sent to the console port. In addition, SNMP trap and syslog error messages are sent to the management workstation. Removal and Replacement The dual-port 10/100BASE-T Ethernet modules are enclosed in the tamper- evident case and may be replaced only by an authorized service technician.

  • Page 37: Appendix A Specifications

    APPENDIX A Specifications Specifications Packet Encryption • DES encryption (56-bit key) • Triple DES (EDE-CBC) encryption (168-bit key) • Weak and semi-weak keys are automatically discarded Packet Authentication • Keyed MD5™ AH Message Digest Algorithm (RFC 1321) • HMAC-MD5 and HMAC SHA-1 (RFC 2104) User Authentication •...
  • Page 38 Network Address Translation (NAT) • Supports static, dynamic, and port mapping • Reverse address translation for dynamic IP clients Protocol Support • IEEE 802.3, Ethernet • Full IPSec compliance: RFC 2401, 2402, 2403, 2404, 2405, 2406, 2407, 2408, 2409, 2410, 2412, 2451, IPSec Key Management using SKIP or IKE. (Tunnel and transport modes supported.) Digital Certificates •...
  • Page 39 VSU-7500 User Guide Specifications Physical Security • Tamper-evident enclosure (FIPS 140-1 Level 2) LAN Interface • Four 10/100BASE-T Ethernet ports Management Interfaces • RS-232 and Ethernet Software Upgrade • Via built-in flash RAM Redundancy • Redundant, hot-swappable power supplies • Redundant, hot-swappable fans Power Requirements •...
  • Page 40 VSU-7500 User Guide Specifications...

  • Page 41: Crossover Cable

    APPENDIX B The 10/100BASE-T UTP Crossover Cable defined below is provided with the VSU-1200. 10/100BASE-T UTP Crossover Cable Pinouts 10/100BASE-T UTP Crossover Cable Pinouts Signal Name Male RJ-45 Male RJ-45...
  • Page 42 VSU-7500 User Guide 10/100BASE-T UTP Crossover Cable Pinouts...

  • Page 43: Vsu Acronyms

    VSU Acronyms GLOSSARY CBC – Cipher Block Chaining encryption DES – Data Encryption Standard encryption DNS – Domain Name Server (a distributed database system used to map host names to IP addresses and vice versa) DCE – Data Communication Equipment DSU/CSU –...
  • Page 44 PPP – Point to Point Protocol RADIUS – Remote Authentication Dial-In User Server RFC – Request For Comment SHA – Secure Hash Algorithm SKIP – Simple Key Management for Internet Protocol SNMP – Simple Network Management Protocol SSL – Secure Socket Layer TCP/IP –...
  • Page 45 Index bootup screen 3-2 configuration preparation 3-1 configuring using quick setup menu 3-4 connections Ethernet LAN 2-6 router 2-6 console password 3-5 contacting VPNet 1-ii date and time 3-7 default route 3-4 DES 1-2 email support 1-ii environmental requirements 1-6 equipment provided by customer 1-7 provided by VPNnet 1-7...

Table of Contents