Summary of Contents for ADTRAN NetVanta 2000 Series
Page 1
A PC with an internet browser (IE 5.5 or greater) for configuring the unit In this document, the term "NetVanta 2000” means any router in the NetVanta 2000 series (e.g., NetVanta 2100, NetVanta 2300, etc). If a statement only applies to one particular router, the text refers to the router individually.
(one for the PC and one for the NetVanta). Using a PC with an installed browser (Internet Explorer 5.5 for optimal viewing), the NetVanta can be configured using the web GUI. WAN connections are made in the same manner and with the same cabling considerations as LAN connections. Netvanta 2000 Series COM 1 POWER...
Page 3
Changing the IP Address to Your PC If you wish to obtain a new IP address from the NetVanta 2000 DHCP server, you must release and renew your sys- tem’s captured IP addresses. Refer to your specific operating system’s documentation for details on that process if it differs from the procedure provided below.
Page 4
Configuring the LAN and WAN IP Parameters The NetVanta 2000 comes factory-programmed with a LAN IP address of 10.10.10.1 (24-bit subnet mask) and no pre-programmed WAN IP address. The procedures outlined in this step include changing both the LAN and WAN IP parameters.
Configuring the DHCP Server IP Parameters - Optional The NetVanta 2000 automatically populates the DHCP IP Address Range 1 with ten addresses based on your assigned LAN network address. Select CONFIG. Select DHCP server. Enter an IP address range that is on the same subnet as the assigned LAN IP address of the unit. Enter the assigned LAN IP address of the unit.
Adding a Default Route (continued) Select WAN to associate this default route with the WAN interface. Select Yes to configure this as the default. Enter all zeros. Enter the next hop IP address for the Gateway IP Address. The Gateway IP Address is supplied by your provider. Click Add Route to submit this route to the route table.
Page 7
Defining a VPN Policy IKE Policy Configuration Select POLICIES. Select VPN. Select IKE. Click the Add button. This example assumes the NetVanta 2300 is already similarly configured for a VPN connection to this NetVanta 2100.
Page 8
This key MUST be the same for both the local and remote units. Set the Life time of key to 86400 seconds (this is the ADTRAN suggested value). When determining the appropriate value for your application, typical usage contains a 3:1 ratio between the IKE and IPSec key lifetime values.
Page 9
IPSec Policy Configuration Select POLICIES. Select VPN. Click the auto button.
Page 10
Select SHA1 to invoke secure hash algorithm #1. Select 3DES to use Triple-DES encryption algorithm. Set the key lifetime value to 28800 seconds (this is the ADTRAN suggested value). When determining the value for your application, typical usage contains a 3:1 ratio between the IKE and IPSec key lifetime values.
Page 11
Defining LAN Access Policies To LAN Access Policy Configuration (Inbound Traffic) Select POLICIES. Select Access Policies: To LAN (incoming traffic). Select Beginning to place the new access policy at the beginning of the table. Click Submit to begin the policy configuration.
Page 12
To LAN Access Policy Configuration (continued) Select OTHER and enter the remote unit's assigned LAN IP network address and associated mask bits. Select OTHER and enter the local NetVanta 2000's assigned LAN IP network address and associated mask bits. Select ANY to forward all TCP/UDP ports, or select OTHER and enter the port (or port range) in the field below it.
Page 13
From LAN Access Policy Configuration (Outbound Traffic) Select POLICIES. Select Access Policies: From LAN. Select Beginning to place the new access policy at the beginning of the table. Click Submit to begin the policy configuration.
Page 14
From LAN Access Policy Configuration (continued) Select OTHER and enter the local NetVanta 2000's assigned LAN IP network address and associated mask bits. Select OTHER and enter the remote NetVanta 2000's assigned LAN IP network address and associated mask bits. Select ANY to forward all TCP/UDP ports, or select OTHER and enter the port (or port range) in the field below it.
Page 15
Saving the Settings Select ADMIN. Select Save Settings. Select Yes to confirm. Testing the New Tunnel Ping the LAN IP address of the corporate NetVanta 2300 (10.10.10.1) to test the new tunnel. If the ping is not successful, have the administrator recheck the values and key configured on the NetVanta 2300 for this tunnel (as well as all the policies).