Setting Up User Tunnels - Nortel Contivity 1100 Configuration Manual

20 You can configure the TunnelGuard settings by refering to Nortel VPN Router
A group inherits attributes from its parent group. For example, if the Research and
Development group attributes include All Access Hours and Allow Static
Addresses but deny Client-Supplied addresses, PPTP and IPsec tunneling, then
the New Products (child) group would inherit these attributes.

Setting up user tunnels

To implement user tunnels, you must configure the following:
•
•
•
•
•
All tunneling protocols are enabled on the public and private networks by default.
Since data in tunnels is encrypted, the default setting guarantees that all
interactions with the Nortel VPN Router are private. To prevent tunnel
connections of a particular type (for all users, including administrators), you can
simply disable the tunnel type.
For example, if you want to use IPsec as your only public tunneling protocol, then
disable the Public selection for PPTP, L2TP, and L2F. By leaving IPsec, PPTP,
L2TP, and L2F enabled on the private side, you can establish tunneled connections
to the Nortel VPN Router using any of the tunnel types from within your
corporation.
To configure tunnel access to the Nortel VPN Router:
c
Choose an Excess Action for traffic handling, either Drop or Mark.
You can also choose Define new bandwidth rate to select a new bandwidth
rate.
Configuration —TunnelGuard .
Allowed tunnel access to the Nortel VPN Router
Tunneling protocol settings
A user group
Add users to the group
A means, such as DHCP or pool, for assigning IP addresses to the client to
allow user access
Chapter 4 Configuring user tunnels 81
Nortel VPN Router Configuration — Basic Features