Table of Contents
Advertisement
Setting up remote support with a VPN
Guidelines for the Remote Support VPN at the
customer's premises
When creating your VPN for remote support, follow these guidelines:
Create a dedicated subnet for Nortel voice application servers (the Nortel
Server subnet), and treat this subnet as mission-critical. (It is a good
network engineering practice, even in a non-VPN environment, to optimize
network traffic by grouping servers that need to communicate with each
other on a subnet.)
Install, at a minimum, Nortel's Contivity 1100, version 4.8 or later, with the
modem option. Configure the modem as a user tunnel to listen on the
PSTN.
Connect the Contivity VPN Switch to the Nortel Server subnet.
Configure Contivity, as well as any network routers and firewalls, to give
inbound remote support users unrestricted access to the Nortel application
servers.
Optionally, restrict remote support users' access to other subnets of your
LAN/WAN. As usual, make sure that the Nortel application servers have
unrestricted access to the enterprise LAN/WAN.
If you must connect the ELAN subnet to the Nortel Server subnet (for
example, if you are using a networked OTM environment), take the
additional precaution of configuring the network router to allow only OTM-
related traffic, ftp traffic, rlogin traffic, and SNMP traffic through into the
ELAN subnet.
Activate Split Tunneling on the Contivity VPN Switch. Concerns over
access into the corporate network may be alleviated by restricting access of
remote support staff from other subnets upon logon.
108
Standard 5.01
Communication Control Toolkit
Hide quick links:
Advertisement
Table of Contents
