Nortel BayStack Instant Internet 100-S Using Manual
Nortel baystack 100-s: user guide
Hide thumbs
Also See for BayStack Instant Internet 100-S:
- Install manual (104 pages) ,
- Reference (98 pages) ,
- User manual (80 pages)
Subscribe to Our Youtube Channel
Related Manuals for Nortel BayStack Instant Internet 100-S
Summary of Contents for Nortel BayStack Instant Internet 100-S
- Page 1 Part No. 300868-G November 2000 4401 Great America Parkway Santa Clara, CA 95054 Using the BayStack Instant Internet Management Software Version 7.11...
-
Page 2: Restricted Rights Legend
Nortel Networks NA Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein. - Page 3 Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee. Nortel Networks will replace defective media at no charge if it is returned to Nortel Networks during the warranty period along with proof of the date of shipment.
- Page 4 7. Term and termination. This license is effective until terminated; however, all of the restrictions with respect to Nortel Networks’ copyright in the Software and user manuals will cease being effective at the date of expiration of the Nortel Networks copyright; those restrictions relating to use and disclosure of Nortel Networks’ confidential information shall continue in effect.
-
Page 5: Table Of Contents
Contents Preface ............25 Before you begin . - Page 6 Contents Migrating your database to use unique users and groups by server ... 41 Managing Windows 95, Windows 98, Windows NT, and Windows 2000 domain users and groups ......... . 41 Viewing Windows 95, Windows 98, Windows NT, or Windows 2000 Users and Groups .
- Page 7 Contents Managing incoming port access ......... . 76 Adding incoming port access .
- Page 8 Contents Chapter 4 Proxy services ..........115 Understanding proxy servers .
- Page 9 Contents Publishing a private server ......... 135 Using Dynamic DNS .
- Page 10 Contents Using Pings ........... . . 173 Understanding how an Instant Internet-to-Instant Internet VPN works .
- Page 11 Contents Increasing efficiency ..........207 Fine-tuning cache settings .
- Page 12 Contents Managing Web site access ..........228 Blocking Web site access .
- Page 13 Contents Configuring advanced communication settings for a dial-up connection ..245 Adding a backup phone number ........246 Setting the inactivity timeout .
- Page 14 Contents Windows NT 4.0 ..........266 16-bit and 32-bit .
- Page 15 Contents Testing connections ..........289 Testing the connection to the Internet .
- Page 16 Contents 300868-G...
- Page 17 Figures Figure 1 Default User icon ......... . . 37 Figure 2 Set Domain dialog box .
- Page 18 Figures Figure 30 Change Settings of User dialog box ......75 Figure 31 Change News Groups dialog box .
- Page 19 Figures Figure 65 Server Publication dialog box ....... . . 137 Figure 66 Server Publication Configuration dialog box .
- Page 20 Figures Figure 100 Web Cache page ......... . 206 Figure 101 ISDN Configuration dialog box .
- Page 21 Figures Figure 131 Time Zone dialog box ........287 Figure 132 Services dialog box .
- Page 22 Figures 300868-G...
- Page 23 Tables Table 1 Services that Instant Internet provides ......33 Table 2 Admin user icons ......... . . 36 Table 3 Designating Internet access –...
- Page 24 Tables 300868-G...
-
Page 25: Preface
Preface The BayStack Instant Internet hardware and software solution is a managed ™ ™ and secure gateway that connects any type of LAN to the Internet through a single IP address. It connects directly to a network and lets all LAN users access the Internet simultaneously. - Page 26 Instant Internet unit. This information will be required if you need to call Nortel Networks Technical Support. These numbers are located on the back of the Instant Internet unit. You can also view the serial number using the Setup utility.
-
Page 27: Text Conventions
Preface Text conventions This manual uses the following text conventions: angle brackets (< >) Indicate that you choose the text to enter based on the description inside the brackets. Do not type the brackets when entering the command. Example: If the command syntax is: , you enter: ping <ip_address>... -
Page 28: Related Publications
Preface Related publications For more information about using Instant Internet, refer to the following publications: For more information about using Instant Internet, refer to the following publications: • Important Notice for the BayStack Instant Internet Version 7.11 (Part number 307603-E) Provides instructions for viewing documentation and installing the Instant Internet software and third-party applications (Adobe Acrobat Reader, Netscape Communicator, and AniTa Terminal Emulator). -
Page 29: Hard-Copy Technical Manuals
Go to Adobe Systems at the www.adobe.com URL to download a free copy of the Adobe Acrobat Reader. You can purchase selected documentation sets, CDs, and technical publications through the Internet at the www1.fatbrain.com/documentation/nortel/ URL. Using the BayStack Instant Internet Management Software Version 7.11... -
Page 30: How To Get Help
Preface How to get help If you purchased a service contract for your Nortel Networks product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased a Nortel Networks service program, contact one of the following... -
Page 31: Chapter 1 Introduction
Chapter 1 Introduction The BayStack Instant Internet unit is a network gateway system that enables you to access the Internet safely and efficiently, providing management tools that allow you to track and block user activities. The Instant Internet unit connects any type of LAN to the Internet using only a single IP address, thereby saving you time and money. -
Page 32: Ip Networks
Chapter 1 Introduction IP networks For security purposes, on an IP network, you may want to isolate your network from the Internet. You can isolate your network from the Internet by configuring the network workstations to go through a router before accessing the Internet. However, using a router to isolate the LAN can be very time-consuming to set up and maintain because each LAN user must have a “legal”... -
Page 33: Services Instant Internet Provides
Chapter 1 Introduction Services Instant Internet provides Table 1 describes the services that Instant Internet provides for IP and IPX networks. Table 1 Services that Instant Internet provides Service Features Address Translation The Address Translation service enables Instant Internet to act like a standard router by routing IP information from one location to another. -
Page 34: Deciding What To Do Next
Chapter 1 Introduction Table 1 Services that Instant Internet provides (continued) Service Features Web Configuration This feature allows you to access and edit the Instant Internet configuration files using a Web browser. Web (HTTP) Proxy Enabling the Instant Internet as a Web (HTTP) proxy server provides: Server •... -
Page 35: User Access Administration
Chapter 2 User access administration This chapter introduces Instant Internet’s Administration (Admin) program and provides instructions on how to use Admin to set Internet access rights for users and groups. Administration program overview Admin is the utility you use to establish and set Internet access rights for users and groups within Instant Internet. -
Page 36: Starting Admin
Chapter 2 User access administration Starting Admin To start Admin: From the Instant Internet program group or menu (depending on your operating system), select Admin. If you have an IP network or a network with more than one Instant Internet unit, the Instant Internet Units dialog box opens. -
Page 37: Default User And Everyone Group
Chapter 2 User access administration Table 2 Admin user icons (continued) Icon Meaning User has specific Internet access. User’s Internet access Ignore Group Settings option is activated and the user has no access to the user’s group settings. Default user and everyone group When you install Instant Internet, a Default User and the Everyone group are automatically set up for you. -
Page 38: Restoring The Everyone Group
Chapter 2 User access administration Restoring the everyone group When you first set up the Instant Internet unit, the Everyone group is automatically set up for you. All users automatically belong to the Everyone group. You can then create new groups and move users into those groups so that you can administer a group of people with little effort and you can assign different access rights for different groups. -
Page 39: Setting The Domain
Chapter 2 User access administration Adopting existing users and groups is convenient because you do not have to create each new user or group or manage a duplicate database. Instead, Instant Internet finds the users and groups for you and maintains their Internet access settings. -
Page 40: Setting User Name Order
Chapter 2 User access administration Setting user name order If you are using multiple networks in your environment, you can specify the order that Instant Internet uses to identify users and groups. The order is determined by user type (NT, NDS, or Bindery). For example, if Jane has a logon of JANE under the NT domain and another logon for a Novell server with NDS as JDOE, you can use this option to determine which user identification Instant Internet will use to identify Jane. -
Page 41: Migrating Your Database To Use Unique Users And Groups By Server
Chapter 2 User access administration Migrating your database to use unique users and groups by server You can migrate your database to use unique users and groups by server. This feature is useful if you currently have bindery users and groups configured and then select the Unique users and groups by server check box. -
Page 42: Viewing Windows 95, Windows 98, Windows Nt, Or Windows 2000 Users And Groups
Chapter 2 User access administration Viewing Windows 95, Windows 98, Windows NT, or Windows 2000 Users and Groups To view or not view NT users and groups: Choose View > View NT Users and Groups. Managing NetWare NDS users and groups Instant Internet displays NDS users as red figure icons and groups as red folders in the Instant Internet Admin window. -
Page 43: Setting The Context For Nds
Chapter 2 User access administration Setting the context for NDS In NetWare Directory Services (NDS), context refers to the location of an object in the directory tree. The context is necessary for NDS to locate specific network resources. Note: You must use the Novell NetWare workstation to set context. To edit the context for the selected user or group: Choose View >... -
Page 44: Setting The Netware Preferred Server
Chapter 2 User access administration Setting the NetWare preferred server Instant Internet provides the ability to set the NetWare server of the users and groups you want to view. When a preferred server is set it becomes the one that is displayed first. -
Page 45: Creating And Removing Users And Groups
Chapter 2 User access administration For example, you may assign the IP addresses: 192.0.0.130, 192.0.0.131, and 192.0.0.132 to guest workstations. Using the IP address 102.0.0.* (* is the wildcard character) for your wildcard users will allow you to control these accesses as a group. -
Page 46: Creating A User
Chapter 2 User access administration Creating a user To create a new user: Do one of the following: • On the toolbar, click Users. • Choose Users > View User List. Select the icon of the user you want to use as a template. If you do not want to use a template, you do not need to select a user. -
Page 47: Creating A Group
Chapter 2 User access administration Creating a group To create a new group: Do one of the following: • On the toolbar, click Groups. • Choose Groups > View Group List. Select the icon of the group you want to use as a template. If you do not want to use a template, you do not have to select a group. -
Page 48: Adding A User To A Group
Chapter 2 User access administration Adding a user to a group When you add a user to a group, the user inherits the group’s characteristics. You can add a user to or remove it from a group. To add a user to a group by dragging: On the toolbar, click Users. -
Page 49: Deleting Users And Groups
Chapter 2 User access administration To remove a user from a group using the Move toolbar button: On the toolbar, click Users. Select the group folder from which you want to remove the user. Select the user you want to move. On the toolbar, click Move. -
Page 50: Deleting A Group
Chapter 2 User access administration Deleting a group To delete a group: From the List of Groups, select the group folder. On the toolbar, click Delete. A confirmation message box opens (Figure Figure 9 Delete group confirmation message box Click Yes to confirm the deletion. Managing users and groups You can view a list of all users and groups in the Instant Internet Admin window. -
Page 51: Copying User And Group Internet Access Settings
Chapter 2 User access administration When you select a user, all groups to which the user belongs display as folders in the Groups the User Is In area. All groups to which the user does not belong display as folders in the Groups the User Is Not In area. To display all groups, either click the Groups toolbar button or choose Groups >... -
Page 52: Figure 10 Copy User Confirmation Message Box
Chapter 2 User access administration On the toolbar, click Paste. A confirmation message box opens (Figure 10). Figure 10 Copy user confirmation message box Click Yes to copy the user. To copy the Internet access settings of one group to another group: On the toolbar, click Groups. -
Page 53: Viewing Effective User Access
Chapter 2 User access administration Viewing effective user access Because Instant Internet lets you configure the Internet access of individual users as well as groups, a particular user may have Internet access designated through several groups, and access might vary from group to group. Instant Internet provides the View Effective User Access option so that you can view the user’s effective (actual) Internet access. -
Page 54: Defining User And Group Access
Chapter 2 User access administration You can view User Access (time and days a user may access the Internet), Internet Access (IP addresses and ports to which a user has access), News Groups (news groups to which a user has access), and Incoming Ports (the incoming ports that users may access). - Page 55 Chapter 2 User access administration When a user accesses Instant Internet, Instant Internet searches the user database in this sequence: Instant Internet determines if the user has an Instant Internet user profile. Instant Internet determines if the user’s groups are configured as Instant Internet groups.
-
Page 56: Disabling User Or Group Access
Chapter 2 User access administration Figure 13 Change Settings of User dialog box The options and buttons on this dialog box are explained in more detail in the following sections. Disabling user or group access The disable option has a different meaning for users than it does for groups. If you disable access for a user, that user is denied access to the Internet. -
Page 57: Ignoring Group Settings Option
Chapter 2 User access administration Ignoring group settings option The ignore group settings option is available only for users. When you choose this option, Instant Internet ignores the group Internet access settings of the groups that this user belongs to. Instead, Instant Internet uses only the user’s specific Internet access. -
Page 58: Configuring Internet Access
Chapter 2 User access administration To enable logging for a user: In the Change Settings of User dialog box (Figure 13), select the Enable logging check box. Configuring Internet access The User Access button in the Change Settings of User dialog box lets you specify days of the week and times during the day when users may access the Internet. -
Page 59: Defining Controlled Internet Access
Chapter 2 User access administration • Not Set – (For advanced administration only.) When a user is a member of one or more groups, this option allows you to control the access of the user during specified times and leave the remaining time “not set” so that other group settings will take effect. -
Page 60: Three Kinds Of Internet Addressing
Chapter 2 User access administration Before you continue, familiarize yourself with the basic concepts of Internet addressing protocols. Three kinds of Internet addressing There are three kinds of Internet addressing: • IP addresses are direct communications over the Internet to the appropriate destinations. -
Page 61: Overview Of Configuring Internet Access
Chapter 2 User access administration Overview of configuring Internet access When a user attempts Internet access, Instant Internet checks the access list for that user and determines whether or not to permit access to that address. Instant Internet sorts all access controls by: •... -
Page 62: Table 4 Designating Internet Access - Checkmark
Chapter 2 User access administration Table 4 Designating Internet access – checkmark Address Type Explanation √ Allow both TCP & UDP Specifies access to all ports at all IP 198.* addresses beginning with 198. √ Allow TCP only Specifies IP access only to port 80 *:80 at all connection-oriented IP addresses. -
Page 63: Adding Internet Access
Chapter 2 User access administration You can redefine a group’s or user’s access control list from the Internet Access dialog box. You can add, delete, or change IP addresses, host names, and port numbers to which the specified group or user has access. If a user or group access is set to “Full”... -
Page 64: Figure 15 Change Settings Of User Dialog Box
Chapter 2 User access administration Figure 15 Change Settings of User dialog box Click Internet Access. The Change Internet Access dialog box opens (Figure 16) and displays the current access control list for the group or user. Figure 16 Change Internet Access dialog box 300868-G... -
Page 65: Figure 17 Add Internet Access Dialog Box
Chapter 2 User access administration Click Add. The Add Internet Access dialog box opens (Figure 17). Figure 17 Add Internet Access dialog box Table 7 describes the items in the Add Internet Access dialog box Table 7 Add Internet Access dialog box items Item Description Allow... -
Page 66: Removing Internet Access
Chapter 2 User access administration Note: You can define access to a host name without specifying its corresponding IP address (or addresses). Some sites change their IP addresses regularly, so to avoid editing the access list often, you can specify the host name without the IP address. Remember, however, that you must also allow host names for any IP addresses that you allow. -
Page 67: Figure 18 Change Settings Of User Dialog Box
Chapter 2 User access administration Figure 18 Change Settings of User dialog box Click Internet Access. The Change Internet Access dialog box opens (Figure 19) and displays the current access control list for the group or user. Figure 19 Change Internet Access dialog box Select the Internet address for which the group (or user) is to be denied access. -
Page 68: Changing Internet Access
Chapter 2 User access administration Click Delete. A confirmation message box opens (Figure 20). Figure 20 Delete access confirmation message box Click Yes to confirm the deletion. The IP address is deleted from the group’s (or user’s) access control list, and the user no longer has access to that Internet address. -
Page 69: Figure 21 Change Settings Of User Dialog Box
Chapter 2 User access administration Figure 21 Change Settings of User dialog box Click Internet Access. The Change Internet Access dialog box opens (Figure 22) and displays the current access control list for the group or user. Figure 22 Change Internet Access dialog box Select the Internet address for which the group (or user) access is to be changed. -
Page 70: Managing News Group Access
Chapter 2 User access administration Click Change. The Change Internet Access dialog box opens (Figure 23). Figure 23 Change Internet Access dialog box Change the information. Click OK. Managing news group access The News Group button on the Change Settings of User dialog box (Figure 24) enables you to designate specific news groups to which each user or group may gain or be denied access. -
Page 71: Adding News Group Access
Chapter 2 User access administration Adding news group access To add a news group to group or user access: In the Admin window, select a group folder or user icon. On the toolbar, click Change. The Change Settings of User dialog box opens (Figure 24). -
Page 72: Figure 25 Change News Groups Dialog Box
Chapter 2 User access administration Figure 25 Change News Groups dialog box Click Add. The Add News Group dialog box opens (Figure 26). Figure 26 Add News Group dialog box The following information is displayed: • Allow – Allows access. •... -
Page 73: Removing News Group Access
Chapter 2 User access administration Enter the name of the news group for which you are defining access. Note: You can also add or remove an entire section of news groups by placing an asterisk after the news group address. For example, alt.binaries.pictures.* selects all the sub-news groups within the alt.binaries.pictures news group. -
Page 74: Changing News Group Access
Chapter 2 User access administration Figure 28 Change News Groups dialog box Select the news group to which the group (or user) is to be denied access. Click Delete. A confirmation message box opens (Figure 29). Figure 29 Delete news group confirmation message box Click Yes to confirm the deletion. -
Page 75: Figure 30 Change Settings Of User Dialog Box
Chapter 2 User access administration On the toolbar, click Change. The Change Settings of User dialog box opens (Figure 30). Figure 30 Change Settings of User dialog box Click News Groups. The Change News Groups dialog box opens (Figure 31). Figure 31 Change News Groups dialog box Using the BayStack Instant Internet Management Software Version 7.11... -
Page 76: Managing Incoming Port Access
Chapter 2 User access administration Select the news group for which the group (or user) access is to be changed. Click Change. The Change News Group dialog box opens (Figure 32). Figure 32 Change News Group dialog box Change the information. Click OK. -
Page 77: Adding Incoming Port Access
Chapter 2 User access administration You can add, delete, or change incoming ports to which the selected user has access. Port numbers 0, 25, 50, 79, 106, 109, 110 and the range 5001-65535 are open by default. You can have total control of port access by configuring incoming ports individually for any particular group or user. -
Page 78: Figure 34 Change Incoming Ports Dialog Box
Chapter 2 User access administration Figure 34 Change Incoming Ports dialog box Click Add. The Add Incoming Port dialog box opens (Figure 35). Figure 35 Add Incoming Port dialog box Table 8 describes the items in the Add Incoming Port dialog box. 300868-G... -
Page 79: Removing Incoming Port Access
Chapter 2 User access administration Table 8 Add Incoming Port dialog box items Item Description Allow Allows access. Do not allow Denies access. Type • TCP – connection oriented • UDP – connectionless • Both – TCP and UDP IP Address Enter the IP address of the host name. -
Page 80: Figure 36 Change Settings Of User Dialog Box
Chapter 2 User access administration Figure 36 Change Settings of User dialog box Click Incoming Ports. The Change Incoming Ports dialog box opens (Figure 37). Figure 37 Change Incoming Ports dialog box Select the incoming port to which the group (or user) is to be denied access. 300868-G... -
Page 81: Changing Incoming Port Access
Chapter 2 User access administration Click Delete. A confirmation message box opens (Figure 38). Figure 38 Delete incoming port confirmation message box Confirm the deletion when prompted. The incoming port is deleted from the group’s (or user’s) access list, and the user no longer has access to that incoming port. -
Page 82: Figure 39 Change Settings Of User Dialog Box
Chapter 2 User access administration Figure 39 Change Settings of User dialog box Click Incoming Ports. The Change Incoming Ports dialog box opens (Figure 40). Figure 40 Change Incoming Ports dialog box Select the incoming port for which the group (or user) access is to be changed. 300868-G... -
Page 83: Managing Raw Sockets
Chapter 2 User access administration Click Change. The Change Incoming Port dialog box opens (Figure 41). Figure 41 Change Incoming Port dialog box Change the information. Click OK. When you make changes to an incoming port’s access, an asterisk (*) appears to the left of the option, indicating that specific incoming ports access control settings have been defined. -
Page 84: Figure 42 Change Settings Of User Dialog Box
Chapter 2 User access administration To prohibit the use of RAW sockets: In the Admin window, select a group folder or user icon. On the toolbar, click Change. The Change Settings of User dialog box opens (Figure 42). Figure 42 Change Settings of User dialog box Select the No RAW Sockets check box. -
Page 85: Specifying The Message A User Sees Upon An Error
Chapter 2 User access administration Specifying the message a user sees upon an error The No Messages option in the Change Settings for User dialog box allows you to control what users see when they attempt to access restricted Instant Internet sites. When messages are enabled, a message is displayed with an explanation of why the user’s attempted access failed. -
Page 86: Common User And Group Access Examples
Chapter 2 User access administration Use the information in Table 9 to choose the report options you want. Table 9 Report options Item Description Selected If you choose this option, you can choose the reports you want. When you choose this option, the Users area becomes active. Users •... -
Page 87: Figure 44 Change User Access Dialog Box
Chapter 2 User access administration Figure 44 Change User Access dialog box Configure News Group access to allow access to all news groups. Refer to “Managing news group access” on page 70 for more information. Configure Incoming Ports to allow access to all ports and Both TCP and UDP. Refer to “Managing incoming port access”... -
Page 88: Restricting Access To A Few Sites For Everyone
Chapter 2 User access administration Restricting access to a few sites for everyone To restrict a few sites for everyone: Set the Everyone Group’s access to Controlled access. Refer to “Configuring Internet access” on page 58 for more information. Configure Internet Access for the Everyone Group by restricting access to a site. -
Page 89: Figure 46 Restrict Internet Access Example
Chapter 2 User access administration Figure 46 Restrict Internet access example Configure Incoming Ports to allow access to all ports and Both TCP and UDP. Refer to “Managing incoming port access” on page 76 for more information. After you have completed these steps, all users follow the Everyone Group access settings. -
Page 90: Allowing Access To A Few Sites
Chapter 2 User access administration Allowing access to a few sites Some major Web sites such as www.microsoft.com and www.cnn.com have more than one IP address. For very large sites, you must allow access to all IP addresses for the site. To allow a few sites for everyone in a group: Set the Everyone Group’s access to Controlled access. -
Page 91: Managing A Remote Instant Internet Unit
Chapter 2 User access administration Configure Incoming Ports to allow access to all ports and Both TCP and UDP. Refer to “Managing incoming port access” on page 76 for more information. All users now have access to only the sites on the list. Note: If a user’s individual access settings are more restrictive than the Everyone Group settings, then Instant Internet uses the more restrictive access settings. - Page 92 Chapter 2 User access administration 300868-G...
-
Page 93: Internet Activity Logging
Chapter 3 Internet activity logging This chapter offers information on advanced Instant Internet features that allow experienced network supervisors to monitor and log Internet activity. Activity logging overview Instant Internet’s Monitor program is a utility that monitors individual Instant Internet units in real time. It provides a dynamic display of the performance and load of a specific Instant Internet unit (or multiple units) on bar graphs and histograms. -
Page 94: Figure 48 Monitor Main Window
Chapter 3 Internet activity logging Figure 48 Monitor main window Table 10 describes the toolbar buttons in the Monitor main window. Table 10 Monitor main window toolbar buttons Button Description Opens a window that shows you statistics about the Instant Internet unit. -
Page 95: Monitoring An Instant Internet Unit
Chapter 3 Internet activity logging The toolbar on the Monitor main window changes depending on the type of information you are monitoring. For example, the buttons available for Stats are different from the buttons available for Users. To see this, practice clicking the Stats, Users, Log, and Diag buttons to see what happens to the toolbar. -
Page 96: Figure 49 Sample Stats Window
Chapter 3 Internet activity logging Figure 49 Sample Stats window Table 11 lists the statistics displayed in the Stats window. Table 11 Stats window statistics Item Description Server The name of the Instant Internet unit selected for monitoring. IP Add The IP address of the selected interface or the destination IP address of the selected VPN tunnel. -
Page 97: Table 12 Stats Window Statistics For A Dial-Up Or Isdn Interface Or A Vpn
Chapter 3 Internet activity logging Table 11 Stats window statistics (continued) Item Description Speed The speed (in kilobits) at which data is being sent and received. To calculate the speed in kilobytes, divide by 8. Interface If you have more than one interface, you can choose the interface you want to monitor. - Page 98 Chapter 3 Internet activity logging Table 12 Stats window statistics for a dial-up or ISDN interface or a VPN tunnel (continued) Item Description Connects The number of successful connections, number of connection attempts, and percentage of successful connections. Disconnects The number of lines dropped from the user’s end of the connection, number of total line drops, and percentage of connections dropped from the user’s end.
-
Page 99: Viewing Users
Chapter 3 Internet activity logging • Forget password – If you select the Remember Password option when you are prompted for a password for a specific Instant Internet unit, this option cancels that selection. • Forget all passwords – If you select the Remember Password option when you are prompted for a password for an Instant Internet unit, this option cancels that selection for all Instant Internet units. -
Page 100: Table 13 Users Window Statistics
Chapter 3 Internet activity logging Table 13 lists the information shown in the Users window. Table 13 Users window statistics Item Description User The user names. Sent The amount of data the user sent. Received The amount of data the user received. Time on The amount of time the user has been logged onto the Instant Internet unit. -
Page 101: Viewing Web Site Access
Chapter 3 Internet activity logging Note: The Log Off toolbar buttons log off IPX users only. The Users menu contains options for the above buttons, and it also contains the following options: • Forget password – If you select the Remember Password option when you are prompted for a password for a specific Instant Internet unit, this option cancels that selection. -
Page 102: Figure 51 Sample Log Window
Chapter 3 Internet activity logging To view a list of Web sites the user accessed: Click the Log toolbar button. The Log window opens. Figure 51 shows a sample Log window. Figure 51 Sample Log window Table 16 describes the information available in the Log window for each selected Instant Internet unit: Table 16 Log statistics Item... -
Page 103: Table 17 Log Window Toolbar Buttons
Chapter 3 Internet activity logging When the Log window is active, you can select any of the toolbar buttons in Table Table 17 Log window toolbar buttons Button Description Refreshes the display to view up-to-the-minute information for the selected Instant Internet unit. Clears all data from the log. -
Page 104: Viewing Diagnostic Information
Chapter 3 Internet activity logging Viewing diagnostic information You can view diagnostic information for a particular Instant Internet unit. To view diagnostic information: Click the Diag toolbar button. The Diag window opens. Figure 52 shows a sample Diag window. Figure 52 Sample Diag window Note: The information in the Diag window is not automatically refreshed. -
Page 105: Table 19 Diag Window Statistics
This trouble shooting option shows what options you have selected on a trace. The following options are available for trace status: In (Input), Out (Output), NonIP (Non IP messages), and NoBC (Suppress broadcasts). This information is used by Nortel Networks technical support personnel for troubleshooting. Bundle wanted In multiple dial-out interfaces (such as, ISDN bundled into one interface), this shows the bundle wanted. -
Page 106: Performing A Trace
In the Diag window, select an interface. For an ISDN interface, select one of the channels, such as ISDN-B1. Click Trace. Select the appropriate options for running the trace based on what the Nortel Networks Technical Support representative tells you. Click Start to begin the trace. -
Page 107: Monitoring Multiple Instant Internet Units
Chapter 3 Internet activity logging Figure 53 Sample Trace results file To close the trace results file, choose File > Exit. Monitoring multiple Instant Internet units Monitor lets you view multiple units by selecting the units to view and then specifying Tile or Cascade. -
Page 108: Figure 54 Multiple Instant Internet Units Window
Chapter 3 Internet activity logging Repeat steps for each unit you want to monitor. To arrange the windows, do one of the following: • Choose Window > Tile. • Choose Window > Cascade. Manually size each window to suit your needs. Figure 54 shows a sample Monitor window with multiple Instant Internet units. -
Page 109: Activating Automatic Logging
Chapter 3 Internet activity logging Activating automatic logging The Instant Internet Automatic Logging (AutoLog) feature lets you save selected connection and user log files from the Instant Internet unit to a disk file at specified intervals. To use the automatic logging feature, enable the feature at a PC on your LAN. The AutoLog program must then remain running for the duration of the log. -
Page 110: Enabling Auto Run
Chapter 3 Internet activity logging Enabling Auto Run When you activate Auto Run, the AutoLog program automatically activates when the Event Activity Information log runs. To enable the Auto Run option: In the AutoLog window, choose Options > Auto Run. Configuring automatic logging The AutoLog window displays the following information: •... -
Page 111: Figure 55 Event Information Dialog Box
Chapter 3 Internet activity logging Figure 55 Event Information dialog box In the Server to log list, select an Instant Internet unit for automatic logging. In the Log Type area, select whether the log is a User log or a Connection log. To have Instant Internet look up addresses, select the Lookup Addresses check box. -
Page 112: Editing An Automatic Logging Configuration
Chapter 3 Internet activity logging Select a Logging interval. You can enter and select increments of a number of minutes, hours, or days. In the Create new log file area, select how often Instant Internet is to create a new log file. Each time a new file is saved, automatic logging assigns a new count number to the log file name to keep each file unique. -
Page 113: Exporting Log Files
Chapter 3 Internet activity logging Exporting log files When a User Log file or Connection Log file is exported to a spreadsheet file, you will see additional information that is not shown when you view the files in Monitor. All information is exported with each field separated by a comma (comma-delimited format) so that any spreadsheet can easily read the file. - Page 114 Chapter 3 Internet activity logging 300868-G...
-
Page 115: Proxy Services
Chapter 4 Proxy services This chapter describes how to use Setup to configure the Instant Internet unit as a Web, DNS, or SOCKS proxy server and provides additional information on SOCKS configuration. Understanding proxy servers A proxy server makes a connection to the application server for the client. The proxy server relays data between the client and the applications server. -
Page 116: Configuring Instant Internet As A Web Proxy Server
Chapter 4 Proxy services To start Setup: From the Instant Internet program group or menu (depending on your operating system), select Setup. The next step varies depending on your individual configuration. Select the option that best fits your configuration: • If you have an IP network or a network with more than one Instant Internet unit, the Instant Internet Units dialog box opens. -
Page 117: Figure 56 Services Dialog Box, Web Proxy Option
Chapter 4 Proxy services Before you can use the Instant Internet unit as a Web proxy server, you must enable both the Web Proxy and Web Configuration options. When you first install Instant Internet, these features are enabled by default. If you disabled these options, you must re-enable them. -
Page 118: Using A Commercial Proxy Server
Chapter 4 Proxy services Figure 57 WEB Proxy Configuration dialog box Do any of the following: • If you want the Web proxy to run transparently, select the Run transparently check box and then choose the interface on which you want the Web proxy to run transparently. -
Page 119: Enabling Web Configuration
Chapter 4 Proxy services Enabling Web configuration If you want to configure Web cache settings or view and edit Instant Internet system and log files, you must enable Web configuration. To enable Web configuration: In the Services dialog box (Figure 56), select the WEB Configuration check box. -
Page 120: Configuring Instant Internet As A Dns Proxy Server
Chapter 4 Proxy services In the Category area, select Advanced. Select Proxies. Select the Manual Proxy Configuration option. To see the current proxy configuration, click View. In the HTTP host box, add the IP address of the Instant Internet unit’s LAN interface. -
Page 121: Configuring Instant Internet As A Socks Proxy Server
Chapter 4 Proxy services To disable or re-enable the DNS Proxy option: Start Setup, and if prompted, select a unit to configure. Choose Support > Services. The Services dialog box opens (Figure 59). Figure 59 Services dialog box, DNS Proxy option Select or clear the DNS Proxy check box. -
Page 122: Using Socks Workstations With The Administration Program
Chapter 4 Proxy services To configure the Instant Internet as a SOCKS proxy server: Start Setup, and if prompted, select a unit to configure. Choose Support > Services. The Services dialog box opens (Figure 60). Figure 60 Services dialog box, SOCKS Proxy option Select the SOCKS check box. -
Page 123: Administration Options That Do Not Apply To Socks Workstations
Chapter 4 Proxy services Administration options that do not apply to SOCKS workstations When you configure the Instant Internet unit as a SOCK proxy server, the following Administration options do not apply to SOCKS workstations: • Incoming ports access control – SOCKS does not allow any incoming connections except after an outgoing connection is made to an allowed host. -
Page 124: Configuring Socksified Applications
Chapter 4 Proxy services • Indirectly – Indirect host name access control requires that the Instant Internet DNS proxy server be used by all SOCKS workstations. In this case, requests to resolve restricted host names are refused, preventing the workstation from making the connection. Since the DNS proxy is typically used in conjunction with the SOCKS server to provide complete isolation of the local network from the Internet, few problems should occur. -
Page 125: Configuring Common Socks-Enabled Software
Chapter 4 Proxy services • Remote or local address resolution – If SOCKS Version 5 is supported, you may have the option of selecting remote or local address resolution. Remote resolution is preferred because it reduces traffic between the Instant Internet unit and the SOCKS workstation. -
Page 126: Third-Party Socksifying Software
Chapter 4 Proxy services Select the Connect through a proxy server check box. Complete the SOCKS host name or IP address and the Server Port boxes. Local network connections can be via the SOCKS server or direct. The Do not use proxy server for local (intranet) addresses check box controls this action. -
Page 127: Advanced Ip Configuration
Chapter 5 Advanced IP configuration When you initially install and configure Instant Internet, it uses a set of default services that most network administrators will prefer to use. If you want Instant Internet to use IP services that are different than the defaults, you need to use Setup to configure the IP services that you want it to use. -
Page 128: Configuring A Static Route
Chapter 5 Advanced IP configuration Note: Before you begin, back up the Instant Internet unit’s configuration. For details, refer to “Backing up a unit configuration to disk” on page 277. Configuring a static route In its role as a conventional IP router, Instant Internet maintains a routing table to determine where to transmit packets. -
Page 129: Figure 61 Static Routes Dialog Box
Chapter 5 Advanced IP configuration Figure 61 Static Routes dialog box Click Add. The Static Route Configuration dialog box opens (Figure 62). Figure 62 Static Route Configuration dialog box In the Destination Address field, enter the IP address of the network to which you are routing. -
Page 130: Configuring Ip Forwarding
Chapter 5 Advanced IP configuration In the Interface list, select the name of the IP interface on which to transmit packets intended for this destination. In the Gateway Address field, enter the IP address of another router (reachable on the specified interface) to which packets to the destination should be forwarded. -
Page 131: Enabling Ip Forwarding For A Unit
Chapter 5 Advanced IP configuration Smurf. In order to block Smurf, you must deny any packet containing the broadcast address for any inside network. Before you enable IP forwarding, check with your ISP to ensure that you have a LAN account that provides you with a range of IP addresses. -
Page 132: Enabling Ip Forwarding For Two Interfaces
Chapter 5 Advanced IP configuration Enabling IP forwarding for two interfaces To enable IP forwarding for a dial-up, ISDN or leased-line interface and a LAN interface: Enable IP forwarding for the unit. Refer to “Enabling IP forwarding for a unit” on page 131. -
Page 133: Using Network Address Translation
Chapter 5 Advanced IP configuration Enable IP Forwarding. Refer to “Enabling IP forwarding for a unit” on page 131. In the main Setup window, click Save and Exit. You must allow the changes to take effect immediately before IP forwarding is enabled. -
Page 134: Configuring Address Translation
Chapter 5 Advanced IP configuration Configuring address translation Address translation allows the Instant Internet unit to route traffic that has private or reserved IP addresses to and from the Internet. Instant Internet can isolate your LAN from the Internet by performing address translation on routed packets, which enables it to translate workstation addresses into legal IP addresses. -
Page 135: Publishing A Private Server
Chapter 5 Advanced IP configuration Figure 64 Interface Configuration dialog box Clear the Address Translation check box. Click OK. Publishing a private server Server publications (static network address translation) allows you to publish privately addressed servers to the Internet, while keeping the firewall intact. Even if you do not have a static IP address, Instant Internet provides you with the ability to publish a server as a fully qualified domain name (FQDN). -
Page 136: Configuring Instant Internet To Publish A Private Server
Chapter 5 Advanced IP configuration • The host name can be non-obvious because the host name itself becomes a form of a password. • In a private environment, you can configure the Dynamic DNS to accept updates only from certain ISP address ranges. •... -
Page 137: Figure 65 Server Publication Dialog Box
Chapter 5 Advanced IP configuration To configure Instant Internet to publish a private server: Start Setup, and if prompted, select a unit to configure. Choose Support > Server Publication. The Server Publication dialog box opens (Figure 65). Figure 65 Server Publication dialog box Click Add. -
Page 138: Example: Publishing An Smtp Server When You Have A Static
Chapter 5 Advanced IP configuration Figure 66 Server Publication Configuration dialog box Enter the public IP address (or interface) and private address. For examples, refer to “Example: Publishing an SMTP server when you have a static IP address” on page 138, “Example: Publishing a Web server when you have a dynamic IP address”... -
Page 139: Example: Publishing A Web Server When You Have A Dynamic
Chapter 5 Advanced IP configuration Figure 67 Publishing an SMTP server when you have a static IP address Example: Publishing a Web server when you have a dynamic IP address In this example, you are setting up a Web server when your ISP provides you with a dynamic IP address. -
Page 140: Figure 68 Other Settings Dialog Box
Chapter 5 Advanced IP configuration Click OK. The Server Publication configuration dialog box closes and returns you to the Server Publication dialog box (Figure 65). Click OK. Choose Support > Other Settings (Figure 68). The Other Settings dialog box opens. Figure 68 Other Settings dialog box Enter the name under “Notify DNS Server of dial-up interface address change. -
Page 141: Example: Publishing A Server For Netmeeting
Chapter 5 Advanced IP configuration Now, the reference to the Fully Qualified Domain Name (FQDN) reflects the current address of the dial-up interface. Note: The time-to-live, or the amount of time that the result of the DNS query can be cached before a new lookup is performed, is kept very small so that changes to the interface’s address are reflected in the DNS relatively quickly. -
Page 142: Configuring An Ip Filter
Chapter 5 Advanced IP configuration Figure 69 Publishing a server for NetMeeting After the workstation has been set up to accept incoming NetMeeting calls, people can call you by using the IP address or the FQDN of the Instant Internet unit. Note: If your Instant Internet unit uses a dynamic IP address, you can use the Dynamic DNS facility so that all that all you have to do is type in the FQDN of the Instant Internet unit that you have registered in the... -
Page 143: Processing A Packet Through An Ip Filter
Chapter 5 Advanced IP configuration You can create filters that form templates for performing a particular type of filtering. The reason for creating filters and then applying them to an interface, instead of just applying them directly to an interface, is that this method provides inherent consistency and allows you to apply the same list of rules to multiple interfaces without having to ensure consistency each time. -
Page 144: Figure 70 Interface Filter Configuration Dialog Box
Chapter 5 Advanced IP configuration To configure an IP filter: Start Setup, and if prompted, select a unit to configure. In the Interfaces area, select an interface and then click Filters. The <interface name> Filter Configuration dialog box opens (Figure 70). -
Page 145: Figure 71 Filter Configuration Dialog Box
Chapter 5 Advanced IP configuration Click Add. The Filter Configuration dialog box opens (Figure 71). Figure 71 Filter Configuration dialog box In the Filter Name box, enter a name for the filter. Click Add. The Rule Configuration dialog box opens (Figure 72). -
Page 146: Figure 72 Rule Configuration Dialog Box
Chapter 5 Advanced IP configuration Figure 72 Rule Configuration dialog box Select the Action for any packet matching the filter rule: • Allow – Allows the packet. • Deny – Denies the packet. • L4switch – Sends the packet to the Web (HTTP) proxy. •... - Page 147 Chapter 5 Advanced IP configuration • Port – If you are specifying a range of ports, this is the beginning port number. This is meaningful only for TCP or UDP filter rules and specifies the port of the data packet. •...
-
Page 148: Applying A Filter To An Interface
Chapter 5 Advanced IP configuration Applying a filter to an interface After you create a filter, you can apply it to the interface as an input filter or an output filter. A common question is “When do you use an input filter versus an output filter?”... -
Page 149: Enabling Instant Internet As A Dhcp Server
Chapter 5 Advanced IP configuration Select the filters you want to apply to the interface. Choose from: • In filter – Applies the filter to incoming packets as they are received. • Out filter – Applies the filter to packets just before they are transmitted by the interface. -
Page 150: Using The Dhcp/Bootp Relay Agent Feature
Chapter 5 Advanced IP configuration In fairly static network environments, where computers are not frequently moved in and out of the network, long-term leases (days, or even weeks or months) are sometimes used. The advantage of long leases is that the DHCP server may be down for maintenance or repairs for a long period of time before DHCP workstations lose their leases on their addresses, and must stop using the network. -
Page 151: Figure 74 Services Dialog Box
Chapter 5 Advanced IP configuration Figure 74 Services dialog box Select the DHCP check box. Click Configure. The DHCP Configuration dialog box opens (Figure 75). Figure 75 DHCP Configuration dialog box Using the BayStack Instant Internet Management Software Version 7.11... -
Page 152: Configuring Instant Internet As A Dhcp Server
Chapter 5 Advanced IP configuration In the Relay Agent area, click in the checkbox to enable. Specify the address of the DHCP server to be used by the Instant Internet unit. Click OK. Configuring Instant Internet as a DHCP server If you already had a DHCP server running when you first set up the Instant Internet unit, the Instant Internet unit did not set itself up to run as a DHCP server. -
Page 153: Figure 77 Dhcp Configuration Dialog Box
Chapter 5 Advanced IP configuration Select the DHCP check box. Click Configure. The DHCP Configuration dialog box opens (Figure 77). Figure 77 DHCP Configuration dialog box In the Scopes area, click Add. The Scope Configuration dialog box opens (Figure 78), where can you add a range of addresses for the Instant Internet unit to use. -
Page 154: Figure 78 Scope Configuration Dialog Box
Chapter 5 Advanced IP configuration Figure 78 Scope Configuration dialog box In the IP Addresses area, specify the following: • Start Address – The first address of the range of addresses you want the Instant Internet unit to use. • End Address –... -
Page 155: Figure 79 Enter Excluded Addresses Dialog Box
Chapter 5 Advanced IP configuration Figure 79 Enter Excluded Addresses dialog box This feature allows you to have more control over how IP addresses are assigned to groups and users. b Specify the following: Start Address – The first address of the range of addresses you want to exclude. -
Page 156: Figure 80 Enter Server Address Dialog Box
Chapter 5 Advanced IP configuration Figure 80 Enter Server Address dialog box Specify the DNS servers for the workstations to use. You should enter the IP address of the Instant Internet unit. 10 Click OK. You return to the DHCP Configuration dialog box (Figure 77 on page 153). -
Page 157: Using Instant Internet As A Dhcp Workstation
Chapter 5 Advanced IP configuration Using Instant Internet as a DHCP workstation You can also configure Instant Internet to be used as a DHCP workstation. However, this functionality is intended to support modems that use the DHCP protocol to assign dynamic IP addresses. Do not allow the Instant Internet unit to receive an IP address from an existing DHCP server on the network interface because the client workstations must be configured to use the Instant Internet unit as a gateway and DNS server. -
Page 158: Figure 81 Rip's Dialog Box
Chapter 5 Advanced IP configuration To configure Instant Internet to use the RIP feature: Start Setup, and if prompted, select a unit to configure. Choose Support > RIP’s. The RIP’s dialog box opens (Figure 81). Figure 81 RIP’s dialog box Decide whether or not to accept announcements from other routers. -
Page 159: Configuring An Alias For An Interface
Chapter 5 Advanced IP configuration Select the Version of RIP that you would like to use. — None. When you select none, you do not send RIP messages. — V1. When you select V1, you send RIP messages to all known routers without subnet information. -
Page 160: Using A Dmz
Chapter 5 Advanced IP configuration To add an alias to an Instant Internet unit: Start Setup, and if prompted, select a unit to configure. Click Add. Click Alias. Enter a unique name for the interface. Select the interface to which the alias will be added. Enter the desired new IP address and subnet mask for the interface. -
Page 161: Configuring Instant Internet To Support A Dmz
Chapter 5 Advanced IP configuration To add a server to the DMZ: Determine an appropriate IP address range for the DMZ subnet and assign the server an IP address in the DMZ subnet. Connect the server to the DMZ. Use a cross-over cable to connect an Ethernet connector on the rear of the Instant Internet unit directly to a single machine on the DMZ. -
Page 162: Publishing The Server(S)
Chapter 5 Advanced IP configuration Figure 82 Enter IP Information for Interface dialog box Assign the Instant Internet interface an IP address within the DMZ subnet. Enter a subnet mask. If left blank, the default is 255.255.255.0. Click OK. Publishing the server(s) To make the server(s) in the DMZ publicly accessible, use server publication: Start Setup, and if prompted, select a unit to configure. -
Page 163: Example: Using A Dmz To Publish A Web Server
Chapter 5 Advanced IP configuration Example: Using a DMZ to publish a Web server This section provides an example for publishing a server. In this example, you are publishing a server with a public IP address of 134.177.3.28. Your LAN uses private addresses, and you are using the seven-port switch for your LAN and Eth2 for your DMZ. -
Page 164: Figure 84 Server Publication Dialog Box
Chapter 5 Advanced IP configuration To publish the server: Start Setup, and if prompted, select a unit to configure. Choose Support > Server Publication. Click Add. In the following fields, enter this information: • Protocol: TCP • Public IP address: 134.177.3.28 •... - Page 165 Chapter 5 Advanced IP configuration Click OK. You now have a Web server that can be accessed from the Internet but you also have a secure LAN. Your own LAN clients can also access the Web server through this server publication, but if IP forwarding is disabled, only in the same way that external clients can access it from the Internet.
- Page 166 Chapter 5 Advanced IP configuration 300868-G...
-
Page 167: Ip Security And Vpn
Chapter 6 IP security and VPN This chapter explains how to configure IP security to use the Instant Internet unit and a Contivity Extranet Switch (CES) or two Instant Internet units in a virtual private network (VPN). Understanding virtual private networking Instant Internet includes IP security (IPsec) virtual private networking (VPN) capabilities designed to establish a tunnel with a Contivity Extranet Switch (CES), another Instant Internet unit at different location, or other IPsec-compliant... -
Page 168: Understanding Modes
Note: The export of 3DES encryption outside North America is regulated by the U.S. Government. If you require 3DES encryption, you must purchase the 3DES Encryption Module (part number CQ1010005). Contact your Nortel Networks sales representative for more information. For authentication, Instant Internet supports: •... -
Page 169: Using Perfect Forward Secrecy
Chapter 6 IP security and VPN Contivity version 2.6 has also implemented aggressive mode for non-contivity clients, in order to support more client implementations. Instant Internet leverages this new capability to act as a single-user client on behalf of the network (many-to-one NAT). Using perfect forward secrecy Perfect forward secrecy (PFS) means that the compromise of a single key only permits access to data protected by that key. -
Page 170: Using The Default Network Specification
Chapter 6 IP security and VPN Figure 85 IPsec Configuration dialog box Select the PFS check box to enable perfect forward secrecy. • To disable PFS, clear the check box. Using the default network specification Instant Internet has an IPsec form of “default network.” This default network is used to select Instant Internet’s source address for a packet whose destination is at the other end of an IPsec tunnel. -
Page 171: Figure 86 Ipsec Configuration Dialog Box
Chapter 6 IP security and VPN To modify your default network setting: Start Setup, and if prompted, select a unit to configure. Select the IPsec interface for which you want to modify the default network setting. Click Configure. The IPsec Configuration dialog box opens (Figure 86). -
Page 172: Managing Local And Remote Ip Addresses
Chapter 6 IP security and VPN Managing local and remote IP addresses You can add or remove local and remote IP addresses for a VPN tunnel. Adding a remote address of 0.0.0.0/0 designates non-split tunneling while specifying the actual remote subnet designates split tunneling. •... -
Page 173: Removing A Local Or Remote Ip Address
Chapter 6 IP security and VPN Removing a local or remote IP address To remove a local or remote IP address: In the IPsec Configuration dialog box, in the Local Addresses or Remote Addresses area, select the address and then click Remove. In the confirmation dialog box, click Yes. - Page 174 Chapter 6 IP security and VPN • Monitor Mode – The monitor mode does not initiate a connection and is not considered to be activity against a dial-up interface’s idle timeout. This mode does not keep a connection active. Note: A monitor ping is considered to be activity on the CES but is not considered to be activity against Instant Internet’s dial-up timeout.
-
Page 175: Figure 88 Pings Dialog Box
Chapter 6 IP security and VPN • Background Mode – Standard background mode is a standard ping with no other special provisions. This mode sends a ping to the specified destination, which initiates a connection if required, and counts as activity. The receipt of a response (or the lack of one) has no effect on system operation. -
Page 176: Figure 89 Ping Configuration Dialog Box
Chapter 6 IP security and VPN Figure 89 Ping Configuration dialog box Enter the IP address or host name of the remote computer you want to ping. When using ping from Instant Internet-to-Instant Internet, it is best to select the private address of the remote Instant Internet to ping to. When using ping from Instant Internet to a CES, it is best to select the private address of the Contivity to ping. -
Page 177: Understanding How An Instant Internet-To-Instant Internet Vpn Works
Chapter 6 IP security and VPN 10 Select the interface used to initiate the ping. The default source is the IP address of the interface that is closest to the destination. 11 Click OK to close the Ping configuration dialog box. 12 Click OK to close the Pings dialog box. -
Page 178: Allowing Only Outgoing Connections
Chapter 6 IP security and VPN Figure 90 IPsec Configuration dialog box In the Name box, enter a name for the tunnel. This name must match the one used on the other end of the tunnel. In the Key box, enter a key for the tunnel. The key is the password for the tunnel and must be mutually agreed upon by both Instant Internet units. -
Page 179: Figure 91 Ipsec Configuration Dialog Box
Chapter 6 IP security and VPN To allow only outgoing traffic to flow through your end of a tunnel: Start Setup, and if prompted, select a unit to configure. Click Add. In the Select Connection Type dialog box, click IPsec. In the Select Connection Device dialog box, click BayStack II. -
Page 180: Figure 92 Enter Monitor / Control Connection Information Dialog Box
Chapter 6 IP security and VPN 10 In the Remote Addresses area, click Add to enter the IP addresses of the remote site that is accessed through the tunnel. For more information, refer to “Adding a local or remote IP address” on page 172. -
Page 181: Allowing Both Outgoing And Incoming Connections
Chapter 6 IP security and VPN 16 In the main Setup window, click Save and Exit. 17 Click Yes to have the changes take effect immediately (optional). 18 Click Yes to test the connection (optional). Allowing both outgoing and incoming connections You select this option to allow both incoming and outgoing connections to establish a tunnel. -
Page 182: Figure 94 Enter Monitor / Control Connection Information Dialog Box
Chapter 6 IP security and VPN In the Key box, enter a key for the tunnel. The key is the password for the tunnel and must be mutually agreed upon by both Instant Internet units. In the Destination box, enter the remote Instant Internet unit’s public address or FQDN. -
Page 183: Understanding How An Instant Internet-To-Ces Vpn Works
Chapter 6 IP security and VPN 13 Choose whether you want to monitor or control the connection by clicking the option. For more information, refer to “Using Pings” on page 173. 14 Enter the IP address of the device that is reachable through the tunnel and representative of the desired connectivity (usually the private address of the remote unit). - Page 184 Chapter 6 IP security and VPN • For branch-to-branch mode, at least one public, static IP address must be available at both the location of the CES and of the Instant Internet unit. Only the CES branch office routing type of “static” is supported; RIP mode works only between CESs.
-
Page 185: Other Issues
Chapter 6 IP security and VPN Instant Internet supports Perfect Forward Secrecy (PFS) for easy compatibility with Contivity because Contivity, by default, has PFS enabled. When you use Setup to configure a connection to Contivity, PFS is enabled on the Instant Internet unit by default. -
Page 186: How A Tunnel Is Initiated
Chapter 6 IP security and VPN How a tunnel is initiated Neither the Instant Internet unit nor the CES can manually initiate a branch office connection. To initiate a VPN tunnel, some activity must be performed to initiate a tunnel connection. Some ways that a tunnel may be initiated include: using a ping or browsing to a site that uses the tunnel. -
Page 187: Tunnel Timeouts
Chapter 6 IP security and VPN This situation occurs due to a limitation of the IPsec protocol; however, there are two ways you can work around this limitation: • Maintain traffic in the tunnel in both directions on a relatively constant basis. This option is possible only when the dial-up connection can exist at all times. -
Page 188: Tunneling To Ces When Instant Internet Has A Static Ip Address
Chapter 6 IP security and VPN It is important to understand that there is a separate SA for each possible combination of subnets. For example, if the Instant Internet unit’s IPsec configuration has two local subnets and four remote subnets, then a total of eight separate SAs exists if all subnets are communicating with each other. -
Page 189: Example For Configuring A Branch Office Connection In The Ces
Chapter 6 IP security and VPN Configuring a VPN between Instant Internet and a CES is a two-step process: • Configure the branch office connection in the CES, (next). • Configure Instant Internet as a main-mode tunnel (page 190). Example for configuring a branch office connection in the CES This procedure provides an example for configuring a branch office connection on the CES for tunneling. -
Page 190: Configuring Instant Internet As A Main-Mode Vpn Tunnel
Chapter 6 IP security and VPN Configuring Instant Internet as a main-mode VPN tunnel To configure Instant Internet when your ISP provides you with a static IP address: Start Setup, and if prompted, select a unit to configure. In the main Setup window, click Add. In the Select Connection Type dialog box, click IPsec. -
Page 191: Figure 96 Enter Monitor / Control Connection Information Dialog Box
Chapter 6 IP security and VPN In the Local Addresses area, click Add to enter the local IP addresses allowed to participate in the tunnel. For more information, refer to “Adding a local or remote IP address” on page 172. The information in this box should coincide with the Network setup in step 2 of the configuration of the CES. -
Page 192: Tunneling To The Ces When Instant Internet Has A Dynamic Ip Address
Chapter 6 IP security and VPN 13 Click OK. 14 In the main Setup window, select the VPN tunnel and then click Configure. 15 Specify the default network to be equal to the connection to the router. 16 Clear the PFS check box. NAT is optional. 17 Click OK. -
Page 193: Example For Configuring The Non-Contivity Client Connection
Chapter 6 IP security and VPN Example for configuring the non-Contivity client connection on the This procedure provides an example for configuring a non-Contivity client connection on the CES for tunneling. For detailed information, refer to your product documentation. To configure the non-Contivity client connection on the CES: From Profiles >... -
Page 194: On The Ces
Chapter 6 IP security and VPN Configuring Instant Internet as an aggressive-mode VPN tunnel To configure Instant Internet when your ISP provides you with a dynamic IP address: Start Setup, and if prompted, select a unit to configure. In the main Setup window, click Add. In the Select Connection Type dialog box, click IPsec. -
Page 195: Figure 98 Enter Monitor / Control Connection Information Dialog Box
Chapter 6 IP security and VPN The static address is often the same as Instant Internet’s private LAN address, but this is not necessary. If the address is not the same, Setup creates an alias interface on Instant Internet and assign it the static address. This address is the same as the Remote user that was set up in Contivity. -
Page 196: Troubleshooting A Vpn Tunnel Connection
Chapter 6 IP security and VPN 15 Click OK. 16 In the main Setup window, click Save and Exit. 17 Click Yes to have the changes take effect immediately. 18 Click Yes to test the connection (optional). The tunnel is configured. For more information on how to initiate a tunnel after it has been configured, refer to “How a tunnel is initiated”... -
Page 197: Viewing A Unit's Ipsec Log
Chapter 6 IP security and VPN For details on using Monitor, refer to Chapter 3, “Internet activity logging,” on page • Use CES session statistics to view VPN connection information. For more information, refer to your Contivity External Switch documentation. You can diagnose most IPsec connectivity problems using a combination of Instant Internet’s IPsec log and the CES Session Statistics of the CES. -
Page 198: Table 21 Phase 1 Main Mode States
Chapter 6 IP security and VPN Table 21 Phase 1 main mode states Meaning Reason Waiting for Security Association. • Phase 1 did not receive main or aggressive mode. • Instant Internet did not choose any of the other end’s proposals. •... -
Page 199: Table 23 Phase 2 Main Mode States
Chapter 6 IP security and VPN Table 23 Phase 2 main mode states Meaning Reason Waiting for phase 1 completion to initiate phase 2. Phase 1 did not complete because of error. Waiting for Security Association, Inform, or Delete. • Phase 2 did not receive quick mode or inform mode. - Page 200 Chapter 6 IP security and VPN 300868-G...
-
Page 201: Web Cache Configuration
Chapter 7 Web cache configuration This chapter introduces Web caching and describes how to administer the Instant Internet unit’s Web cache. Introduction to Web caching When you configure the Instant Internet unit as a Web proxy server, it functions as a proxy server for Web requests and a repository for Web content. -
Page 202: How The Instant Internet Unit Functions As A Caching Proxy Server
Chapter 7 Web cache configuration How the Instant Internet unit functions as a caching proxy server In its capacity as a downstream caching proxy server that stores copies of Internet content (Web entries), the Instant Internet unit manages traffic to and from the Internet. -
Page 203: How Web Caching Works With A User's Local Cache
Chapter 7 Web cache configuration Before the Instant Internet unit sends requested Web content to the user, it evaluates each Web entry and then does one of two things: • If the entry is not already in the cache, the cache server retrieves the entry from the originating Web server, caches it, and then sends the entry to the user. -
Page 204: Connecting To The Instant Internet Unit With A Web Browser
Chapter 7 Web cache configuration • Decreases the amount of inappropriate or unauthorized content on a user’s workstation. When you block access to a Web site, a message appears notifying the user that access has been blocked (refer to “Blocking Web site access”... -
Page 205: Viewing The Instant Internet Unit System Status
Chapter 7 Web cache configuration Figure 99 Instant Internet Web home page To browse to the Home page: On any page, click Home. Viewing the Instant Internet unit system status On the Web Cache page (Figure 100), you can view a brief status of the cache server, including whether caching is enabled, the current cache level, whether active refresh is enabled, the hit rate, and proxy information. -
Page 206: Getting Started With The Web Cache
Chapter 7 Web cache configuration To view the Web Cache page: On the Home page, click Web Cache. The Web Cache page opens (Figure 100). Figure 100 Web Cache page Getting started with the Web cache The Instant Internet unit is easy to install and easy to use. In fact, after you configure the Instant Internet unit as a Web proxy server, it immediately begins caching Web entries. -
Page 207: Increasing Efficiency
Chapter 7 Web cache configuration • To increase cache performance and efficiency: — Change the cache level from Moderate to Aggressive. For details, refer to “Increasing efficiency” on page 207. — Set how the Instant Internet unit responds to CGI, query, and ‘no-cache’ requests. -
Page 208: Fine-Tuning Cache Settings
Chapter 7 Web cache configuration Fine-tuning cache settings The Instant Internet unit is designed to save bandwidth and speed access times for shared Web content. To get the best performance from the cache server, you can fine-tune individual cache settings to meet the needs of your Internet users. If you decide you want to fine-tune the Instant Internet unit’s cache settings, consider the following. -
Page 209: Deciding How Long To Run An Experiment
Chapter 7 Web cache configuration When you first install the Instant Internet unit, you should run it with the default settings until the cache entries fill up to 100% (Cache entries % full statistic on the Web Cache Statistics page) to establish a benchmark against which you can measure future changes. -
Page 210: How Cache Levels Are Defined
Chapter 7 Web cache configuration Changing the cache level is the first and easiest change you can make when you want to increase bandwidth savings. How cache levels are defined Each predefined cache level sets: • Default settings for an expiration percent and minimum expiration time for text and non-text entries. -
Page 211: Example One
Chapter 7 Web cache configuration If you use the Aggressive level with a text expiration of 100%, the Instant Internet unit subtracts the text entry’s last modified date and time (which is always stamped on the entry) from the current date and time. If a request for that entry comes within 100% of the time before the calculated expiration time, the cached entry is sent to the user. -
Page 212: Example One
Chapter 7 Web cache configuration Example one You request a Web page of stock quotes called quotes.html at noon on 7/4/2000. The page contains a picture of the most-requested stock of the hour called hotstock.gif that has a last modified date and time of five minutes ago at 11:55 AM on 7/4/2000. -
Page 213: Predefined Cache Levels Default Values
Chapter 7 Web cache configuration Predefined cache levels default values You can choose from the following predefined cache levels: • Conservative – This level reduces Internet traffic and decreases the possibility of the cache returning stale information, but it also minimizes the effectiveness of the cache. -
Page 214: Creating A Custom Cache Level
Chapter 7 Web cache configuration Creating a custom cache level If one of the predefined cache levels does not meet your needs, you can create a Custom cache level and enter your own expiration and custom Web content request settings. Before you begin tuning these settings, be sure you understand how they work. -
Page 215: Interpreting Statistics
Chapter 7 Web cache configuration Interpreting statistics On the Web Cache Statistics page, you can view statistical information about the Instant Internet unit’s Web cache. The data available on this page can help you understand how your organization uses the cache. You can use these statistics to assess the effectiveness of the Web cache and to fine-tune options to enjoy the greatest bandwidth savings. -
Page 216: Viewing Why Requests Are Not Sent From The Cache
Chapter 7 Web cache configuration When you evaluate the cache statistics, consider the following: • Hit Rate Statistics – The hit rate displays the number of times the Instant Internet unit returned information from the cache rather than a Web server. Expect a hit rate of between 25% to 45%. -
Page 217: Limiting The Size Of A Cached Entry
Chapter 7 Web cache configuration • If the statistics show that requests are not returned from the cache because the entry exceeded the maximum size, adjust the maximum entry size. For details, refer to “Limiting the size of a cached entry” on page 217. - Page 218 Chapter 7 Web cache configuration You need to adjust the maximum size of a Web entry and then look at two statistics to help determine the new value: • To determine whether you need to adjust the maximum size of a Web entry, look at the statistic for “Data exceeded max size”...
-
Page 219: Setting Options For Special Web Requests
Chapter 7 Web cache configuration Setting options for special Web requests Special Web requests contain more than HTML-based Web content. These special requests usually require user interaction or input and could contain private or personalized information. The Instant Internet unit has several options for maximizing Web content cacheability while minimizing the return of sensitive information. -
Page 220: No-Cache" Requests
Chapter 7 Web cache configuration To determine whether you need to enable query requests, look at the statistic for “Query request” in the “Why requests are not served from the cache” area. If this number is high (over 10%), you should enable the option to retrieve query requests from the cache. - Page 221 “‘no-cache’ request” in the “Why requests are not served from the cache” area. When you enable the option to retrieve “no-cache” requests from the cache, you increase the possibility of stale data. Nortel Networks recommends that you do not enable this option.
-
Page 222: Setting The Action The Cache Performs When A Web Server Error Occurs
Chapter 7 Web cache configuration Setting the action the cache performs when a Web server error occurs Originating Web servers sometimes send errors to users. Typically, this happens when a user requests Web content from an originating Web server that is down or is not responding. -
Page 223: Managing Cookies
Chapter 7 Web cache configuration To reset cache statistics: On the Home page, click Web Cache. The Web Cache page opens. On the Web Cache page, click Statistics. The Web Cache Statistics page opens. Click Reset Statistics. When you reset cache statistics, all calculated values are reset to zero. Managing cookies Web sites can collect and store information about the users who browse their site with a function known as a “cookie.”... -
Page 224: Establishing A Cookie Management Policy
Instant Internet unit caches Web entries it may not ordinarily cache if they contained cookies. To take full advantage of the Instant Internet unit, Nortel Networks recommends that you block all cookies for all unconfigured Web sites and permit cookies only for individual Web sites that require them. -
Page 225: Managing Cookies For All Unconfigured Web Sites
Chapter 7 Web cache configuration If a Web site requires cookies, but they are blocked, any of the following may occur: • The originating Web server returns a message indicating that cookies are required. • When a Web site requires a user ID and password, the Web site prompts the user to sign on again after the user signs on the first time. -
Page 226: Managing Cookies For A Particular Web Site
Chapter 7 Web cache configuration In the Options For All (unconfigured) Web Sites area, configure the settings. Click Help for more information about each field on any page. Managing cookies for a particular Web site After you determine that the user does need access to the Web site, you must first determine which Web site requires cookies and then enable cookies for that Web site. -
Page 227: Sorting The Web Sites List
Chapter 7 Web cache configuration To enable cookies for a particular Web site: On the Home page, click Web Cache. The Web Cache page opens. On the Web Cache page, click Web Sites. The Web Sites page opens. Click the IP address or host name for the individual Web site. The individual Web site’s access information and settings page opens. -
Page 228: Managing Web Site Access
Chapter 7 Web cache configuration Tracking active Web entries is especially useful if there is a problem with a particular site. For example, if cookies are turned off and the site requires cookies, you have a record of the request. The most efficient way to determine which site requires cookies is to sort the Web site list by most recent access and look for Web servers that are serving cookies and have a Web site name related to the problem site. -
Page 229: Blocking Web Site Access
Chapter 7 Web cache configuration Blocking Web site access You can block access to particular Web sites on an individual basis or for all unconfigured Web sites (for a definition of “unconfigured Web site,” refer to the note on page 224). -
Page 230: Blocking Access To A Particular Web Site
Chapter 7 Web cache configuration In the Options For All (unconfigured) Web Sites area, select the Block access to server check box. Click Help for more information about each field on any page. Blocking access to a particular Web site To block access to a particular Web site, it must be in the list of Web sites. -
Page 231: Configuring Web Site Display Options
Chapter 7 Web cache configuration Configuring Web site display options On the Default Web Site Options page, you can choose not to view the access activity details on the Web sites list. You can also specify the number of Web site records that are displayed on a single page of Web sites. - Page 232 Chapter 7 Web cache configuration The reasons why you would bypass the cache are very similar to the reasons why you need to enable cookies. The reasons are: • When a Web site requires a user ID and password, the Web site prompts the user to sign on again after the user signs on the first time or the initial login fails.
-
Page 233: Saving And Restoring Web Site Configuration
Chapter 7 Web cache configuration Saving and Restoring Web site configuration Instant Internet provides you with a way to save and restore your Web site configuration. This tool is useful when you need to return the unit for repair. However, the tool is also useful for sharing cookie lists with other Instant Internet users. -
Page 234: Refreshing Cache Entries
Web content. Setting active refresh options Nortel Networks recommends that you set active refresh to operate during your company’s normal business hours. For example, if your company’s business hours are Monday through Friday, from 8 AM to 5 PM, select each week day and set the start time to 8:00 AM and the duration to 9 hours and 00 minutes. -
Page 235: Interpreting Active Refresh Statistics
Chapter 7 Web cache configuration Interpreting active refresh statistics The active refresh statistics display the number of Web entries the cache server actively retrieved from originating Web servers so that the entries were available in the cache when a user requested them. The percent displays the percentage of active refresh entries that have been accessed by users since the entries were refreshed. -
Page 236: I Requested A Web Site, But There Was No Response
Chapter 7 Web cache configuration I requested a Web site, but there was no response. Problem: The Web site requires cookies, and cookies are blocked. Solution: Enable cookies for the problem Web site. For details, refer to “Managing cookies for a particular Web site” on page 226. -
Page 237: To Respond
Chapter 7 Web cache configuration Solution 1: Purge the user’s local cache. For details, refer to your Web browser’s documentation. Solution 2: Force the Web entries to bypass the cache. In Netscape Navigator press the [Shift] key while clicking the Reload toolbar button. Problem: The expiration settings for the cache level are set too aggressively. -
Page 238: I Am Not Able To Configure A Personalized Web Page
Chapter 7 Web cache configuration I am not able to configure a personalized Web page. Problem: The Web site requires cookies and cookies are blocked. Solution: Enable cookies for the problem Web site. For details, refer to “Managing cookies for a particular Web site” on page 226. -
Page 239: Advanced Communications Configuration
Chapter 8 Advanced communications configuration This chapter describes how to configure advanced communication settings for a dial-up, ISDN, T1, E1, or PPPoE connection. Both the T1 and E1 interfaces allow you to configure a backup ISDN connection to the internet in case your primary connection fails. -
Page 240: Adding A Backup Phone Number
Chapter 8 Advanced communications configuration Figure 101 ISDN Configuration dialog box If you have an ISDN connection, and your interface is disabled by an ISP that uses multiple devices on the same phone number but does not support Multilink across the devices, select the Do not disable second channel on PPP negotiation failure check box. -
Page 241: Setting The Inactivity Timeout
Chapter 8 Advanced communications configuration To add or change a backup phone number for an ISDN connection: In the Backup box, enter the backup phone number. If your second channel (B channel) dials a different phone number, you can enter a secondary phone number. Use a slash (/) to separate the two numbers. If the exchange (first three digits) is the same for both numbers, you may enter only the last digits of the secondary phone number. -
Page 242: Figure 102 Isdn Configuration (Advanced) Dialog Box For The 100-S
Chapter 8 Advanced communications configuration To configure advanced ISDN features: Click Advanced. The ISDN Configuration (advanced) dialog box opens. This dialog box differs depending on the type of hardware that you have. Figure 102 is for the Instant Internet 100-S and Instant Internet 400-S units and Figure 103 is for the Instant Internet 100 and Instant Internet 400 units. -
Page 243: Enabling Bandwidth On Demand
Chapter 8 Advanced communications configuration Figure 103 ISDN Configuration (advanced) dialog box for the 100 and 400 units Enabling bandwidth on demand You can set the dial and hang-up thresholds and the demand timeout for the ISDN interface. To enable bandwidth on demand: Click Advanced. -
Page 244: Configuring Voice Call Options
Chapter 8 Advanced communications configuration Configuring voice call options If you have an Instant Internet 100-S or 400-S unit, you can set the way the ISDN interface handles incoming and outgoing ISDN voice calls. To configure voice call options: Click Advanced. The ISDN Configuration (advanced) dialog box opens (Figure 102). -
Page 245: Configuring Advanced Communication Settings For A Dial-Up Connection
Chapter 8 Advanced communications configuration In the Incoming Calls area, select one of the following. • No incoming calls allowed – The Instant Internet unit rejects all incoming calls. This is the system default. • Call ISP after receiving incoming call – When the Instant Internet unit detects an incoming call, it rejects the call and then initiates a call to the ISP. -
Page 246: Adding A Backup Phone Number
Chapter 8 Advanced communications configuration To open the Dialup Configuration dialog box: Start Setup, and if prompted, select a unit to configure. In the Interfaces area, select the dial-up interface and then click Configure. The Dialup Configuration dialog box opens (Figure 104). -
Page 247: Setting The Inactivity Timeout
Chapter 8 Advanced communications configuration Setting the inactivity timeout The inactivity timeout saves connect-time charges during times when no one is requesting Internet access. It specifies the number of minutes or seconds of inactivity over the dial-up connection after which Instant Internet terminates the connection. -
Page 248: Configuring The Modem Speaker
Chapter 8 Advanced communications configuration Make any changes to the following information: • Dial threshold – Enter the percentage of bandwidth that must be in use before an additional interface can dial. • Hangup threshold – Enter the percentage of bandwidth below which an interface hangs up. -
Page 249: Setting The Number Of Lines
Chapter 8 Advanced communications configuration Setting the number of lines If you have a dual-analog modem configuration, you can select the number of lines that the Instant Internet unit uses to dial out. To select the number of lines: In the Number of lines box, select the number of lines and then click OK. Configuring advanced communication settings for a T1 connection If you have T1 interface on the Instant Internet unit, you can configure the starting... -
Page 250: Figure 107 T1 Configuration Dialog Box
Chapter 8 Advanced communications configuration Figure 107 T1 Configuration dialog box Click Advanced. The T1 Advanced Configuration dialog box opens (Figure 108). T1 Advanced Configuration dialog box Figure 108 300868-G... -
Page 251: Configuring Advanced Communication Settings For An E1 Connection
Chapter 8 Advanced communications configuration Configure any of the following: • Starting Channel – A T1 line has 24 channels (1to 24). When you order a fractional T1 service, only part of the channels are available for data transmission. In some cases the Instant Internet unit may need to send data on a block of channels that do not start on Channel 1, so you must change the starting channel. -
Page 252: Figure 109 E1 Configuration Dialog Box
Chapter 8 Advanced communications configuration In the Interfaces area, select the E1 interface and then click Configure. The E1 Configuration dialog box opens (Figure 109). Figure 109 E1 Configuration dialog box Click Advanced. The E1 Advanced Configuration dialog box opens (Figure 110). - Page 253 Chapter 8 Advanced communications configuration Configure any of the following: • Starting Channel – An E1 line has 32 channels (1 to 32). When you order a fractional E1 service, only part of the channels are available for data transmission. In some cases the Instant Internet unit may need to send data on a block of channels that do not start on Channel 1, so you must change the starting channel.
-
Page 254: Configuring Advanced Communication Settings For A Pppoe Connection
Chapter 8 Advanced communications configuration Configuring advanced communication settings for a PPPoE connection If you have a PPP over Ethernet (PPPoE) connection, you can configure dial on-demand settings to establish a connection to the Internet as needed. To configure dial on-demand settings: Start Setup, and if prompted, select a unit to configure. -
Page 255: Figure 112 Pppoe Configuration (Advanced) Dialog Box
Chapter 8 Advanced communications configuration Click Advanced. The PPPoE Configuration (advanced) dialog box opens (Figure 112). Figure 112 PPPoE Configuration (advanced) dialog box Select the Demand mode check box. When you clear this check box, the Instant Internet unit establishes and maintains a connection indefinitely. - Page 256 Chapter 8 Advanced communications configuration 300868-G...
-
Page 257: Ipx Configuration And Support
Chapter 9 IPX configuration and support This chapter describes how to use the Instant Internet unit in an IPX environment. Using Instant Internet as an IPX-to-IP gateway Instant Internet supports IPX networks by serving as an IPX-to-IP gateway. In an IPX network, you do not need to load TCP/IP on every workstation because there is no IP traffic. -
Page 258: Performance Considerations
Chapter 9 IPX configuration and support Performance considerations The Internet is a world-wide network in which millions of participating members, including host computers and users, change constantly. Because there are many factors, both single and combined, that influence your Internet access, it is impossible to discuss performance in terms of precise numbers. -
Page 259: When To Consider A Higher-Speed Connection
Demand for Internet access is heavy. • Internet access is critical to your business. Contact your Nortel Networks sales representative to discuss your environment and possible upgrade solutions. Configuring IPX workstations to use a new unit name When you change the name of the Instant Internet unit, you must individually configure each IPX workstations to use the new name. -
Page 260: Figure 113 Windows 95 Run Dialog Box
Chapter 9 IPX configuration and support Figure 113 Windows 95 Run dialog box Enter: d:\instinet\install.exe /select where d:\ is the letter of the network drive or the CD-ROM drive. Click OK. The update process begins. If you have only one unit, the update process completes and the name is updated. -
Page 261: Configuring Ipx Frame Types
Chapter 9 IPX configuration and support Configuring IPX frame types By default, Instant Internet enables support for all IPX frame types. You can, however, enhance performance slightly by turning off certain frame types if you know that they are not used. To select the frame types you want the Instant Internet unit to support: Start Setup, and if prompted, select a unit to configure. -
Page 262: Resolving Winsock Conflicts
Chapter 9 IPX configuration and support Resolving Winsock conflicts When you install the IPX version of the Instant Internet workstation software, some of the Winsocks on the workstation are replaced with the Instant Internet version. These Winsocks enable Instant Internet to use the IPX protocol for Internet access. -
Page 263: 32-Bit Winsocks
Chapter 9 IPX configuration and support 32-bit Winsocks All 32-bit Winsock applications (those specifically designed for Windows 95, Windows 98, Windows NT, and Windows 2000) use the wsock32.dll file. When you start a 32-bit application, it searches for the .dll file in the following order: •... -
Page 264: Using Multiple 16-Bit Winsocks
Chapter 9 IPX configuration and support Using multiple 16-bit Winsocks Using multiple versions of Winsock in a 16-bit environment can be frustrating because an application looks for the Winsock in memory first, which requires the user to close each application before opening another. If you decide to use a 16-bit Winsock, do the following: Place the appropriate winsock.dll in each application directory. -
Page 265: Winsock Files Installed
Chapter 9 IPX configuration and support Winsock files installed The following sections describe the Winsock files that are installed for Instant Internet. Windows 3.x The following files are copied on a Windows 3.x workstation. 16-bit only c:\windows\winsock.ini c:\windows\winsock.dll (renames existing file and replaces) c:\windows\ptnetwrk.dll Windows 95 and Windows 98 The following files are copied on a Windows 95 or Windows 98 workstation for... -
Page 266: Windows 95
Chapter 9 IPX configuration and support Windows 95 The following files are copied on a Windows 95 workstation for Winsock 2.0 when you use the install.exe /ws2 installation switch. 16-bit and 32-bit c:\windows\winsock.ini c:\windows\winsock.dll (renames existing file and replaces) c:\windows\ptnetwrk.dll c:\windows\ptnetwrk.vxd c:\windows\system\ws2pt.dll c:\windows\system\ptnet32.dll... -
Page 267: Ip Filters And Winsock Compatibility
Chapter 9 IPX configuration and support To run Internet applications properly, Instant Internet requires the Winsock that comes with this product. If it finds another Winsock, you must either delete the preexisting Winsock file or rename it. Caution: If you choose to continue installing Instant Internet while allowing multiple versions of winsock.dll to run, you risk improper operation of Instant Internet with Internet applications. -
Page 268: Configuring Fault Tolerance And Automatic User Load Balancing
Chapter 9 IPX configuration and support For details on using the install.cfg file, refer to Installing the BayStack Instant Internet Management Software Version 7.11. Note: When you install multiple Instant Internet units, be sure to install each unit individually (that is, plug in one unit, configure the unit, and complete the installation before plugging in the next unit). -
Page 269: Configuring Multiple Default Sets
Chapter 9 IPX configuration and support In the next example, the user connects randomly to iia or iib. If the connection to one of these units fails, the other is not tried; iibackup is tried instead. unit=*{iia,iib},iibackup Configuring multiple default sets •... -
Page 270: Example: Sales
Chapter 9 IPX configuration and support Example: Sales In this example, this set of defaults is called “Sales. ” [SALES] description=Sales type=private directory=*c:\instinet unit=iibox1,iibox2,backupii choice=*-admin The software installs to a private directory, c:\instinet, but the user is not prompted to supply the directory name (refer to Installing the BayStack Instant Internet Management Software Version 7.11). -
Page 271: Example: Marketing
Chapter 9 IPX configuration and support Example: Marketing In this example, this set of defaults is called “Marketing.” [MARKETING] description=Marketing type=private directory=*c:\instinet unit={iibox1,iibox2,backupii} choice=*-admin The software installs to a private directory, c:\instinet, but you are not prompted to supply the directory name (refer to Installing the BayStack Instant Internet Management Software Version 7.11). -
Page 272: Example: Normal
Chapter 9 IPX configuration and support Example: normal In this example, this set of defaults is called “Normal.” [NORMAL] description=Normal ; No defaults here. All questions asked. The “;” in front of the last line indicates that it is a comment line only. For the Normal workgroup, there are no defaults and all installations prompts are displayed. -
Page 273: Instant Internet Unit Configuration, Support, And Diagnostics
Chapter 10 Instant Internet unit configuration, support, and diagnostics This chapter describes how to view and change the Instant Internet unit configuration. Restarting the Instant Internet unit To restart the Instant Internet: Start Setup, and if prompted, select a unit to restart. Choose File >... -
Page 274: Identifying The Login Workstation
Chapter 10 Instant Internet unit configuration, support, and diagnostics Identifying the login workstation When Instant Internet is installed on an IP workstation running Windows 95, Windows 98, Windows NT, or Windows 2000, the iiLogin icon (Figure 117) appears in the system tray. Figure 117 iiLogin icon You can view the user name, user type, unit IP address, and the name order of directory services. -
Page 275: Adding A Unit To The Selection List
Chapter 10 Instant Internet unit configuration, support, and diagnostics Adding a unit to the selection list In a multi-unit installation, you are prompted to choose a unit to administer when you start any of the administration utilities. Because of the nature of IP, all available Instant Internet units may not appear in the selection list. -
Page 276: Understanding The Name Server List Order
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 120 Enter Unit’s IP Address dialog box Enter the IP address of the Instant Internet unit you want to add to the selection list and then click OK. The Instant Internet unit is now displayed in the selection list. To remove a unit from the selection list: Click Remove. -
Page 277: Saving And Restoring Unit Configurations
Chapter 10 Instant Internet unit configuration, support, and diagnostics Saving and restoring unit configurations Using Setup, you can back up configuration settings to a disk file so that you can restore the configuration when you exchange or upgrade the unit or when you make extensive changes to the unit’s configuration. -
Page 278: Restoring A Unit Configuration From Disk
Chapter 10 Instant Internet unit configuration, support, and diagnostics In the Save File as Type box, select .iis. Click OK. Restoring a unit configuration from disk When you restore an Instant Internet unit’s configuration, you restore and overwrite all configuration settings. Note: Configuration changes do not take place until you click Save and Exit. -
Page 279: Changing The Unit Configuration
Refer to the appropriate sections that follow for instructions on changing the Instant Internet unit’s configuration. Change the information as your ISP or as a Nortel Networks support representative advises. After each change, click Save and Exit. You are then asked:... -
Page 280: Changing Your Isp
Internet Service Provider Hotline at 800-2LANWAN, Express Routing Code #169, and supply the new provider’s contact phone number and your account information so that the name can be added to the Nortel Networks list of ISPs. 300868-G... -
Page 281: Figure 124 Dialup Configuration Dialog Box
Chapter 10 Instant Internet unit configuration, support, and diagnostics To change your ISP information: Start Setup, and if prompted, select a unit to configure. In the Interfaces area, select the dial-up or ISDN interface. Click Configure. One of two things happens: •... -
Page 282: Figure 125 Isdn Configuration Dialog Box
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 125 ISDN Configuration dialog box In the Provider box, select the new ISP’s name from the list. If you do not see your ISP in the list, select ! Default In the Phone box, enter the new phone number. -
Page 283: Changing Registration Information
You should review and update your registration information periodically so that you can receive the latest product news and information on upgrades through e-mail from Nortel Networks. To review or update your registration information: Start Setup, and if prompted, select a unit to configure. -
Page 284: Changing A Unit's Configuration Password
Chapter 10 Instant Internet unit configuration, support, and diagnostics Changing a unit’s configuration password Be sure to remember your configuration password. You must enter it to make any configuration changes to the unit. Note: If you forget your password and need to configure the Instant Internet unit, you can do so by resetting the DIP switches on the back of the unit. -
Page 285: Changing A Unit's Name
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 128 Re-enter Password dialog box Enter the new password again and then click OK. In the main Setup window, click Save and Exit. Changing a unit’s name If you have more than one Instant Internet unit, it is very important that you give each unit a unique name. -
Page 286: Changing A Unit's Time, Date, Or Time Zone
Chapter 10 Instant Internet unit configuration, support, and diagnostics Click OK. Click Save and Exit. Changing a unit’s time, date, or time zone To change the time, date, or time zone for a selected Instant Internet unit: Start Setup, and if prompted, select a unit to configure. Choose Setup >... -
Page 287: Figure 131 Time Zone Dialog Box
Chapter 10 Instant Internet unit configuration, support, and diagnostics To use an NTP server for the date and time, select the Enable NTP check box and then do one of the following: • To set the time using an NTP server, click Add. Enter the domain name or IP address of the NTP server, and then click OK. -
Page 288: Selecting Additional Support Options
Chapter 10 Instant Internet unit configuration, support, and diagnostics Selecting additional support options To view and select additional support options: Start Setup, and if prompted, select a unit to configure. Choose Support > Other Settings. Select or clear any of the following check boxes: —... -
Page 289: Testing Connections
Chapter 10 Instant Internet unit configuration, support, and diagnostics • Telnet – A service that provides terminal-emulation capabilities for logging in to the Instant Internet unit from a remote location. The default is to leave this option turned on. For more information about how to use this service with the Instant Internet unit refer to Reference for the BayStack Instant Internet Remote Access Commands Version 7.11. -
Page 290: Testing The Connection To The Internet
Chapter 10 Instant Internet unit configuration, support, and diagnostics Testing the connection to the Internet You can run a test sequence to verify that Instant Internet can connect to the Internet. The connection test calls each of the domain name servers listed to confirm that the server exists and is, in fact, a domain name server. -
Page 291: Figure 133 Tools Main Window
Chapter 10 Instant Internet unit configuration, support, and diagnostics To start Tools: In the Instant Internet program group or menu (depending on your operating system), select Tools. The Tools main window opens (Figure 133). Figure 133 Tools main window The troubleshooting tools include: •... -
Page 292: Testing The Response Time Of A Host
Chapter 10 Instant Internet unit configuration, support, and diagnostics Testing the response time of a host The ping tool finds a host and determines the response time for that host. Ping tests the connection to a specified host by sending data to the specified host and waiting for the packet to be returned. -
Page 293: Figure 134 Ping Test Started
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 134 Ping test started In the figure above, a ping test was started on the host name www.nortelnetworks.com. As you can see, the window is divided into two areas. The top area shows a graphic representation of how long it took each ping trial to complete. -
Page 294: Tracing The Route To A Host
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 135 Ping test finished Tracing the route to a host You can use the trace tool to find the route used to get to a specific host. This troubleshooting tool allows you to view all sites in the route for a specific trace to pinpoint any problems in data communication. - Page 295 Chapter 10 Instant Internet unit configuration, support, and diagnostics To perform a trace test: Select the Host you want to trace. If the host you want to trace is not in the list, type the host name or IP address in the Host box.
-
Page 296: Figure 136 Trace Test Started
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 136 Trace test started In the figure above, a trace was started on the host name www.baynetworks.com. As you can see, the window is divided into two areas. The top area shows a graphic representation of how long it took each trace trial to complete. -
Page 297: Testing The Echo Port Of A Host
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 137 Trace test finished Testing the echo port of a host You can use the stress tool to test the echo port of a selected host. An echo port is a well-known port that returns any data sent to it. -
Page 298: Figure 138 Stress Test Started
Chapter 10 Instant Internet unit configuration, support, and diagnostics Click Stress. The stress test begins, and you can watch its progress. If you want to stop the stress test before it is complete, click Stop. This can be useful if you see the problem before the test completes. You can set options for the stress test, such as the number of times the test is performed. -
Page 299: Figure 139 Stress Test Finished
Chapter 10 Instant Internet unit configuration, support, and diagnostics Figure 138, a stress test was started on the host name www.baynetworks.com. The window is divided into two areas. The top area shows a graphic representation of how long it took each stress trial to complete. The bottom area shows the statistics of the stress test. -
Page 300: Setting Host Connection Test Options
Chapter 10 Instant Internet unit configuration, support, and diagnostics Setting host connection test options You can customize how Tools performs a Ping, a Trace, and a Stress. To set options for a test: Click Options. The Options dialog box opens (Figure 140). - Page 301 Chapter 10 Instant Internet unit configuration, support, and diagnostics • Trace — Maximum hops – The maximum number of hops per trace. — Lookup names – If selected, this option looks up and displays host names. — Timeout in seconds – The number of seconds allowed before a hop is considered unreachable.
- Page 302 Chapter 10 Instant Internet unit configuration, support, and diagnostics 300868-G...
-
Page 303: Troubleshooting And Error Messages
Appendix A Troubleshooting and error messages This appendix describes some methods for troubleshooting the Instant Internet unit and describes error messages. Viewing the Instant Internet serial number To view the serial number through the Instant Internet Setup program: Start the Instant Internet Setup program. For details see “Using Setup”... -
Page 304: Viewing System Files
Appendix A Troubleshooting and error messages Viewing system files System files and log settings and entries are typically used by technical support representatives for troubleshooting. You can view these files using the Instant Internet Setup program or through your Web browser. to view the following information, you can also view most of it through your Web browser. -
Page 305: Viewing A Unit's Update History
Appendix A Troubleshooting and error messages Viewing a unit’s update history Each Instant Internet unit keeps a record of the versions that have been installed and upgraded. This is the update history log. To view an update history log for a unit: Choose View >... -
Page 306: Viewing A Unit's Support Hosts
Appendix A Troubleshooting and error messages Viewing a unit’s support hosts To view the support hosts for a unit: Choose Support > Hosts from the menu bar. A window opens that contains a Host List. Caution: Do not edit this list unless you have experience with static hosts. -
Page 307: Viewing Log Files
Appendix A Troubleshooting and error messages Figure 142 Instant Internet Web home page On the Home page, click Admin. The System Administration page opens. Viewing log files Several log files are generated to help troubleshoot a connection. The log files generated depend on your configuration. -
Page 308: Viewing The System Settings File
Appendix A Troubleshooting and error messages Viewing the system settings file To view the system settings file: On the System Administration page, click Config. The System Settings page opens. Viewing a unit’s port mappings To view the unit’s port mappings: On the System Administration page, click Port Mappings. -
Page 309: Ipx Workstation Error Messages
“User access administration” on page Any other error number indicates a problem with the actual user access file. Make note of the error number and contact Nortel Networks Technical Support. Access denied to server [106] Server access error 106 indicates that version 3.0 workstations are running with a version 3.1 or 4.0 user/group database. - Page 310 The user must wait until the configured access time before using the selected Instant Internet unit. Error initializing access An internal winsock.dll problem exists. Note the error number and contact Nortel Networks Technical Support. Unable to locate server [#] Error 1 indicates that the Instant Internet unit specified in the winsock.ini file is...
-
Page 311: Server Name Errors
Appendix A Troubleshooting and error messages In this case, the most typical problem is hardware-related. Be sure to check all cables to ensure that they are connected properly. IP address restricted Incoming port restricted News group restricted RAW sockets restricted Host name restricted These errors indicate that the user does not have access to the item or area indicated. -
Page 312: Version Errors
The following errors might occur when Instant Internet tests the network connection. These messages indicate that the network might not be properly installed to the local workstation. Note the error number and contact Nortel Networks Technical Support. Error determining name... -
Page 313: Common Questions And Answers
Appendix A Troubleshooting and error messages Common questions and answers Question: I moved an Instant Internet unit from a Windows NT domain to a peer-to-peer Windows 95 (or Windows 98 or Windows 2000) network. Now the Admin utility will not let me delete the old domain users. How can I delete the old users? Answer: You must set the access for the old users to the default user. - Page 314 Appendix A Troubleshooting and error messages 300868-G...
-
Page 315: Glossary
Glossary 3DES triple Data Encryption Standard. A 168-bit encryption standard used for VPN tunneling in Instant Internet. The export of 3DES encryption outside the U.S. is regulated by the U.S. Government. If you require 3DES encryption, you must purchase the 3DES Encryption Module (part number CQ1010005). Access Control List. - Page 316 Glossary authentication The process of identifying an individual (usually by username and password) or system (by an authentication algorithm). When you configure IPsec for a VPN, you can choose from MD5, SHA, and null. B8ZS Bipolar with B-Zero Substitution. baud The signaling rate of a line;...
- Page 317 Glossary Chargen A service used for troubleshooting that generates a test pattern (characters) at the maximum possible rate. client A computer system or process that requests a service of another computer system or process. A workstation requesting the contents of a file from a file server is a client of the file server.
- Page 318 Glossary dial-up connection A temporary, as opposed to dedicated, connection between computers established over an analog or digital phone line. Dual In-line Pins. Directory Service A network service that maintains user account information such as user information, security, access rights, and group membership. Examples of directory services include NetWare NDS and NT Domain User and Groups.
- Page 319 Glossary Digital Service Unit. A device connecting data terminal equipment (DTE) to digital communication lines, which ensures that data to be transmitted across the network is formatted correctly. Echo A service used for troubleshooting that sends back any message or packet sent to it.
- Page 320 Glossary frame relay A high-speed, packet switching WAN protocol designed to provide efficient, high-speed frame or packet transmission with minimum delay. Frame relay uses minimal error detection and relies on higher level protocols for error control. File Transfer Protocol. Protocol that allows a user on one host to access and transfer files to and from another host over a network.
- Page 321 Glossary Internet Access Control. icon A graphic symbol on a user interface. Ident A service used for troubleshooting validates the sender of a message or packet. indirect host name access control When IP requests are subjected to host name access controls when the DNS Proxy forwards the query.
- Page 322 Glossary Internet Packet Exchange. The Novell NetWare protocol that provides datagram delivery of messages. IPX facilitates communications between end stations on geographically dispersed LANs supporting a large range of applications and provides the network layer functions of addressing and routing to facilitate communications between a client and a NetWare server. IPsec IP security.
- Page 323 Glossary Local Area Network. Lease (DHCP) When DHCP allocates an IP address, it “rents” the address to the requesting client for a period of time called a lease. The lease may be as short as a few minutes or as long as “forever”. The client can renew the lease or let it expire. leased-line A private transmission line (T1, DDS, V.35, or X.21) reserved for the leasing customer’s sole use.
- Page 324 Glossary modem (from modulation-demodulation) A device that transmits signals over telephone lines. It converts binary electrical signals into acoustic signals, and vice versa. multilink PPP An extension to the PPP protocol that enables you to group a set of links into a bundle for more bandwidth.
- Page 325 Glossary Network User Identification. Open Datalink Interface. Operating System. packet A group of bits, including data and control signals, arranged in a specific format and transmitted as a whole. Password Authentication Protocol. A method of establishing security on PPP links where the caller must provide a password in order to establish the link. Private Branch Exchange.
- Page 326 Glossary port A 16-bit identifier that transport protocols use to distinguish between multiple destinations within a given host computer endpoint. POTS Plain Old Telephone Service. The standard phone service that most homes use. Point-to-Point Protocol. Protocol between the terminal and the router. A communications protocol that provides dial-up access to the Internet.
- Page 327 Glossary relaying The process of moving data along a path determined by a routing process. The data is relayed between a source and a destination. remote (device) Any network device that is accessible only by means of communication over a digital or analog (dial-up) network. Request for Comment.
- Page 328 Glossary SNMP Simple Network Management Protocol. A standard for network management that uses a common software agent to manage local and wide area network equipment from different vendors. SOCKS An Internet protocol that lets IP client applications connect to the Internet through a firewall.
- Page 329 Glossary Transmission Control Protocol. The major transport protocol in the Internet suite of protocols providing reliable, connection-oriented, full-duplex streams. TCP/IP Transmission Control Protocol/Internet Protocol. A set of networking protocols designed to link computers from multiple vendors. Telnet A service that provides terminal-emulation capabilities for logging into the Instant Internet unit from a remote location.
- Page 330 Glossary Unshielded Twisted Pair. virtual private network. A special type of network connection that permits remote users or LANs to communicate with another LAN over a public network, such as the Internet. Wide Area Network. Web cache A server (or collection of servers) that stores copies of Internet content. The Web cache server can be either located on the LAN on which the clients it will serve are also located, or it can be embedded within the enterprise WAN or at the client’s Internet service provider.
-
Page 331: Index
Index Numbers address translation basic information 33 16-bit winsocks configuring 134 description 262 server publications 135 using multiple 264 addressing, types of 60 32-bit winsocks Admin description 263 icons 36 using multiple 264 overview 35 3DES encryption 168 starting 36, 116, 127 administration program activating 36, 116, 127 icons 36... - Page 332 Index cache level Aggressive 213 back up unit configuration 277 and bandwidth savings 208 backup phone number Conservative 213 adding 245 default values 213 changing 245 defined 210 Moderate 213 bandwidth predefined 209 about 207 selecting 209 and active refresh 234 settings 213 saving 202 saving with Web cache 207...
- Page 333 Index cookie management policy directory services benefits 225 adopt users and groups from 38 establishing 224 Bindery 43 recommended 224 NDS 42 NT domain 41 cookies set user name order 40 and bandwidth savings 208 and online shopping cart 225 discard 288, 301 and prompt to log on again 225 blocking for unconfigured Web sites 225...
- Page 334 Index entry expiration percent active refresh 234 about 210 CGI in request 217 automatically expiring 214 cookie in request 217 example 211 defined 202 setting to zero 214 degree of staleness 210 expiration time evaluated by cache server 203 about 211 exceeded maximum size 217 calculating 211 expiration percent 210...
- Page 335 Index RIP 157 static routes 128 hang-up threshold 243, 244, 247, 249 using additional 127 hit rate IPX 261 active refresh 235 multiple-unit environments 267 increasing 216 name server list order 276 statistics 216 PFS 169 Proxy Servers home page 204, 306 DNS 120 host connections, troubleshoot 290 SOCKS 121...
- Page 336 Index configuration system tray addition 44 backup 277 using RAW sockets 83 changing 167, 273 IP filtering restore 278 function 142 date, changing 286 winsocks compatibility 267 hosts 306 IP forwarding ISP, changing 280 basic information 130 missing from selection list 275 dial-up, ISDN, and Leased-line 132 name server list, changing 276 Ethernet interfaces 132...
- Page 337 Index ISDN connection modem backup phone number 240 analog 245 bandwidth on demand 243, 244, 247, 249 dual analog 245 inactivity timeout 241 modem speaker, configuring 248 incoming calls 244 modes secondary phone number 241 aggressive 168 statistics 97 determining 168 ISP, changing 280 main 168 Monitor utility...
- Page 338 Index network port connection errors 312 control access to 61, 62 how Instant Internet functions in 31 in IP address 60 IP 32, 36, 116, 127 incoming, control access to 76, 77, 79, 81 IPX 32, 36, 116, 127 numbers 60 Web proxy 118 Network address translation (NAT) 133 well-known numbers 60...
- Page 339 Index serial number recording 26 raw sockets viewing 303 access control 123 server publication, Web server 139 error messages 309, 311 server, SMTP 138, 139 in ping and trace 290 where used 83 services, IP address translation registration information, changing 283 configuring 134 relay agent, DHCP 150 function 33...
- Page 340 300 trace using 297 host echo port 297 support options 288 host route 294 support, Nortel Networks 29 trace in tools setting options 300 using 295 transparent cache server 201 T1 interface, advanced communications 249 transparent proxy server 201...
- Page 341 Index tunnel registration 283 dial-up environment 186 time 286 IKE 187 time zone 286 initiating 186 unit log 304 non-split 172 update history 305, 307 phase 1 negotiation 187 users 304 phase 2 negotiation 187 UNIX 33, 44 SA 187 update history 305 split 172 user name, not required 306...
- Page 342 Index Web caching 202 Web configuration version error messages 312 basic information 34 Virtual Private Network (VPN) enabling 119 about 167 Web entry, defined 202 and CES 177, 183 Web page and Contivity Extranet Switch 177, 183 content, troubleshooting 236 and DNS proxy server 185 personalized, troubleshooting 238 configuration guidelines 183...
- Page 343 Index wildcard user 44 Winsock files 265 winsock.dll, error messages 311 winsocks 16-bit dll requirements 262 multiple 264 32-bit dll requirements 263 multiple 264 conflicts 262 installation error 266 IP filtering compatibility 267 Using the BayStack Instant Internet Management Software Version 7.11...
Need help?
Do you have a question about the BayStack Instant Internet 100-S and is the answer not in the manual?
Questions and answers