Nortel Contivity 1100 Configuration Manual page 76

Vpn router basic features

Hide thumbs Also See for Contivity 1100:

Connecting manual (6 pages)

Install manual (218 pages)

Installing (158 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

page of 178

/ 178
Contents
Table of Contents
Bookmarks

Table of Contents

76 Chapter 4 Configuring user tunnels

The Nortel VPN Router associates all remote users with a group, which dictates

the attributes that are assigned to a remote user session. A group can even consist

of a single user, thereby creating a personal connection.

The Nortel VPN Router organizes groups in a hierarchical manner. At the top of

the hierarchy is the base group. The base group \Base contains the default

characteristics that each new group inherits. You add additional groups to the

hierarchy as children of the base group.

The Nortel VPN Router takes precautions against unauthorized users potentially

hacking tunneled information when the Nortel VPN Router is operating in split

tunnel mode. The primary precaution is to drop packets that do not have the IP

address that is assigned to the tunnel connection as its source address. For

example, you establish a PPP dial-up connection to the Internet with an IP address

of 192.168.21.3. When you start the tunneled connection to a Nortel VPN Router,

you are assigned a tunnel IP address of 192.192.192.192. Now, any packets that

attempt to pass through the tunnel connection with a source IP address of

192.168.21.3 (or any address other than 192.192.192.192) are dropped.

Furthermore, you can enable filters on the Nortel VPN Router to limit the protocol

types that can pass through a tunneled connection.

Password aging does not work for administrator accounts. Also, the following are

client-specific password management symptoms:

•

NN46110-500

Note: PPP multilink is not supported with branch office tunnels. It is

only supported with end user tunnels.

If you are using the IPsec client, you are warned three times that there will be

an impending password expiration. You should change the password

immediately. IPsec clients using versions earlier than 1.5.2 do not receive a

password expiration warning.

If you are using the PPTP client with the Connection Manager, the

Connection Manager generates an impending password expiration warning.

Other clients (L2TP and L2F) and PPTP client users who are not using the

Connection Manager have no warning and no longer can log on. You must

contact your system administrator if this happens. In this case, the Nortel

VPN Router is unable to notify the client because it has no actual control over

the client. With PPTP, use the Connection Manager to establish a connection.

With L2TP or L2F, set the Password Maximum Age to zero (never expires).

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Contivity 1010 Contivity 1050

Nortel Contivity 1100 Configuration Manual page 76

Hide quick links:

Related Manuals for Nortel Contivity 1100

Related Products for Nortel Contivity 1100

This manual is also suitable for:

Table of Contents