Lucent Technologies AP-1 manuel d'utilisation

Aller à la page of 156

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Lucent Technologies AP-1. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Lucent Technologies AP-1 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Lucent Technologies AP-1 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Lucent Technologies AP-1 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Lucent Technologies AP-1
- nom du fabricant et année de fabrication Lucent Technologies AP-1
- instructions d'utilisation, de réglage et d’entretien de l'équipement Lucent Technologies AP-1
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Lucent Technologies AP-1 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Lucent Technologies AP-1 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Lucent Technologies en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Lucent Technologies AP-1, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Lucent Technologies AP-1, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Lucent Technologies AP-1. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    . . . . . CCESS OINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UILDER SER UIDE This manual describes how to use the Access Point QVPN Builder™ applica- tion with Access Point™ IP Services routers. Product: Access Point QVPN Builder V ersion: V ersion 2.4[...]

  • Page 2

    [...]

  • Page 3

    . . . . . Import ant - Please Read Access Point QVPN Builder User Guide III . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I MPORT ANT - P LEASE R EAD NOTICE The info rmatio n in this manual is provided without wa rranty of a ny kind and is subject to cha[...]

  • Page 4

    Impo rtant - Plea se Re ad IV Access Point QVPN Builder User Guide Shie lded c ables m ust b e used with this un it to en sure compl iance with th e FCC Class A li mits.[...]

  • Page 5

    QVPN Builder User Guide V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONT ENTS Preface ... .................. ................... ................... ......... ......... .......... ................. XI 1 Product Overvi ew ..... .......... ......... ......... .............. ................... ................... ... [...]

  • Page 6

    CONTENT S VI QVPN Builder User Guide 3 Getti ng Started With Builder .............. .................. ..... ................... .... ..... ..... 2 1 About the Builder Window ........................................................................................ 21 The Tree Frame ................... ...................... ....................... .[...]

  • Page 7

    . . . . . CONTENT S QVPN Builder User Guide VII Removing the VPN Definition With the Client/Server Version .................... ...................... ...... 49 Using VPN Definitions ...............................................................................................49 Exportin g Data ................ ...................... .............[...]

  • Page 8

    CONTENT S VIII QVPN Builder User Guide Using Rule Sets .......................................................................................................... 85 Exportin g Rule Sets ............. ........... ........... ........... ................. ....................... ...................... ........ 85 Importin g Rule Set Files ...........[...]

  • Page 9

    . . . . . CONTENT S QVPN Builder User Guide IX Exportin g the Log Table To a Fil e ........ ........... ............ ........... ........... ............ ........... ........... ...... 1 30 Managing User Profiles ..............................................................................................130 Adding User Profiles ............ .....[...]

  • Page 10

    CONTENT S X QVPN Builder User Guide[...]

  • Page 11

    Access Point QVPN Builder User Guide XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P REFACE The A cces s P oint ™ IP Servi ces family c omprises a set of bridging rou t- ers wit h advanced bandwidth management and VPN serve r capabiliti es. The Access Point QVPN Builder ™ app l ication lets you manage and moni[...]

  • Page 12

    PREFACE XII Access Point QV PN Builder User Guide requir es considerable experience wi th rou ters, hubs, bridg es, and other n et- working de vices. In par ticular , Lucent T echnologi es assumes tha t persons instal ling, configuri ng, and managing t he Acce ss Poin t product have several years of networking ex perience . The Access Point QVPN Bu[...]

  • Page 13

    . . . . . PREFACE Access Point QVPN Builder User Guide XIII Contac ting Luc ent Support For questi ons or problems wit h th e Access Point QVPN Builder appli cati on or the Acces s Point route r , refer to this man ual or to the Luce nt T echnologies Luce nt W orl dwid e Servi ce s W eb s ite at: http ://w ww . lucen t.co m/netw ork care If you are[...]

  • Page 14

    PREFACE XIV Access Poin t QVPN Builde r User Guide[...]

  • Page 15

    Access Point QVP N Builder User Gu ide 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P RODU CT O VER VI EW The Access Poi nt QVPN B uil der ™ applicat ion (Builder) let s you manage and monito r a virtual private network consis ting of Access Poi nt ™ sys- tems (APs). This ap plica tion le ts you : • Config[...]

  • Page 16

    PRODUCT OVERVIEW Integra ted App lic a tions 2 Access Po int QVPN Bui lder User Gui de 1 sets of host s (Access Point sys te ms ) wi th out net work d isruptions. Buil der also lets y ou inc o rpora te fire w all an d Qual ity of S ervi ce (QoS) param e ters a s part of a VPN def inition, allowi ng you to rate -limit a nd shape traf fic flowing ov [...]

  • Page 17

    . . . . . PRODUCT OVERVIEW Access Po in t Operating Syst em Support Ma trix Access Poin t QVPN Builder User Guide 3 • 256 MB RAM • Java Runt ime Environment v ersion 1.2.2 sof tware S OLARIS 2.6 R EQUI REME NTS • S tandalon e • 100 MB dis k (and additiona l space for the use r -creat ed databases) • 256 MB RAM • Java Runt ime Environmen[...]

  • Page 18

    PRODUCT OVERVIEW Access Po int Operating S ystem Support Matrix 4 Access Po int QVPN Bui lder User Gui de 1[...]

  • Page 19

    Access Point QVP N Builder User Gu ide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NSTALLING THE QVPN B UILDER This sec tion provides ge neral informa tion about installing t he Access Point QVPN Bui l der applicati on (Builder) an d performing init ial s tartup tasks. Re ad through the installatio n and init[...]

  • Page 20

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 6 Access Po int QVPN Bui lder User Gui de 2 This sec tion describes how to instal l either the standal one or the client/se rver version of the Builde r on Solar is or W indows NT systems. Y ou will find instru ctions for i nstalling Bui lder from both a CD- ROM and an execut able file. Refe r to [...]

  • Page 21

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 7 pkgadd - d /cdrom/bu ilder -R < des ired-install-path > LUxavs 3 The in stallat ion asks if you wa nt to creat e the inst allation d irector y if it doesn ’ t alr ea dy ex is t. 4 Next , the i nstal latio n a sks if you w a nt to ru n the in[...]

  • Page 22

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 8 Access Po int QVPN Bui lder User Gui de 2 2 Copy th e xavs2 _4_R001.bin pr ogram to the appr opriate director y . 3 Use th e chmod +x command (s pecifyin g your program f ile) to change the privil eges so you can execute t he program. 4 Use th e ./xavs2_ 4_R001.bin command t o install the p rogr[...]

  • Page 23

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 9 Do you want the QVPNRequestConfigDaemon configured to start at system boot ? [yes] Successfully created /etc/rc2.d/S90rcd. Successfully created link from /etc/rc2.d/K90rcd to / etc/rc2.d/ S90rcd. Do you want to st art the QVPNRequestConfigDaemon now[...]

  • Page 24

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 10 Access Po int QVPN Builder User G uide 2 • The JDK patc hes for Solaris SP ARC 2.6 (5.6) wit h these patch IDs : - 105490 -05 (Li nker Patch ) - 105568 -13 (Li bth re ad Patc h) - 105210 -17 (Li bC Patch ) - 105181 -1 1 (Kernel Up date Patch — sock et close/ha ng) - 105669-04 (CDE 1.2: libD[...]

  • Page 25

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Point QVPN Builder User Guide 11 6 Yo u ’ ll be asked additional ques tions about h ow you want to configure Builder , including whet her you want to in sta ll as a client or a ser ver . After you ’ ve answ ered all the ques tions , the i nstal lation begi ns. 7 Afte r the in s[...]

  • Page 26

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 12 Access Po int QVPN Builder User G uide 2 4 Use t he ./xavd2_4_R00 1.bin command to in stall the applicat ion as a serve r or as a c l ient. T o instal l the applic ation as a se rver , use t he -s option. T o instal l the applic ation as a clie nt, use the -c opti on. If you i nst all the app l[...]

  • Page 27

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 13 cuta ble file is located in the direc tory where you install ed the appl ication. After i nstalling Buil der , you can start up the applicat ion with this command: > Q VPNBuilde r NOTE Y ou must not b e logged on as the superus er when starting[...]

  • Page 28

    INST A LLING THE QVPN BUILDER Installin g Bui lde r 14 Access Po int QVPN Builder User G uide 2 I NST ALLING THE S T ANDALONE V ERS ION ON W INDOWS NT FROM AN E XECUT ABLE F ILE T o instal l Builder from an exec utable f ile, complete the followin g step s: 1 Close down a l l W indows programs. 2 In W indows Expl orer , double-cl ick on t he self- [...]

  • Page 29

    . . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 15 I NST ALLING THE C LIENT /S ERVER V ERSION ON W INDOWS NT FROM A CD-ROM Builder is distribute d on a CD-ROM. The followin g procedure de scribes h ow to ins tall B u ilder . 1 Insert the CD into your CD-ROM dr ive. 2 Double cl ick on the CD-ROM dr[...]

  • Page 30

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 16 Access Po int QVPN Builder User G uide 2 Instal lation. The de fault i nstallation de stination pat h is C:ODI. By defaul t, Builder is in stalled in C:Program Files LucentAccessV iew direct ory . The C:Progra m Fil esLucent AccessV iewdb direct ory is the default database des tinat[...]

  • Page 31

    . . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 17 Before a nyone else can use Builder: • The user roo t mus t log in wi th the init ial account inform ation. • The user roo t shoul d modify the root account ’ s passwo rd. The user r oot can al so cr eate othe r user profile s. L OGGING I[...]

  • Page 32

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 18 Access Po int QVPN Builder User G uide 2 file us ing t he naming conv ention of the se rver to which you a re connect- ing. For a PC with the ap plica t ion in stalle d in th e defa u lt dire ctory : c:P rogram Fil e sLucent Acces sView db A ccessV iewMaster .db For a PC using the c:A[...]

  • Page 33

    . . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 19 direct ory where you i nstalled Builder usin g this command: cd <di r>/AccessV iew/db 3 Manually r un the evolve pro cess on all o f the copied dat abases using thi s comm and: For a Solaris s ystem: ../bin/ EvolveDatabas e <database n[...]

  • Page 34

    INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 20 Access Po int QVPN Builder User G uide 2 S ETTI NG U P THE QVPN R EQUE ST C ONFIG D AEMON TO A CCES S UNIX D AT ABAS ES T o set up th e QVPN Request Config daemon servic e o n W indo ws NT systems to acces s UNIX databases, follow t hese steps: 1 W ith User Mana ger , cre ate a local NT ac [...]

  • Page 35

    Access Point QVP N Builder User Gu ide 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING S TARTED W ITH B UI LDE R This sec tion describes the Access Poi nt QVPN Builder applicatio n (Builde r) graphical us er interface. It also prov ides informatio n about applica tion-wide tasks and associat ed appl icati[...]

  • Page 36

    GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 22 Access Po int QVPN Builder User G uide 3 Figure 2 QVPN Builder Definition V iew Window Note that if you make any changes t o the prop erties, a n asteri sk appears next to the m odifi ed ite m in the tree fr ame. O nce y o u save the V P N def in ition , the aste ri sk dis app ears. Exp[...]

  • Page 37

    . . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 23 T HE T REE F RAM E The T ree fr ame shows the rel ationshi p betw een th e VPN and Access Poin t in a tree format. Y ou can expa nd o r collapse the t ree at any t i me. The root of th e tree (the glo bal VPN) contai ns fou r childr en: VP[...]

  • Page 38

    GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 24 Access Po int QVPN Builder User G uide 3 T HE D EPLOY MENT TAB The Deployme nt tab provid es detail s about the tunn els that will b e generated. As wi th the Con figur ation ta b, the Deploy men t tab refle cts th e item select ed in the tr ee fra me. T he De ploym ent tab sho ws wh at[...]

  • Page 39

    . . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 25 Ta b l e 1 describe s the tool bar bu ttons in the Definiti on V iew wind ow . T able 1. De finition V iew T ool Bar Buttons Button Descript ion Create a new VPN Creates a new VPN def inition. Same as File → New . Open an exist ing V P N[...]

  • Page 40

    GETTING STARTED WITH BUIL DER Getting Detailed Help Information 26 Access Po int QVPN Builder User G uide 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING D ET AILED H ELP I NFORMATI ON Builder provid es Help when you s elect Hel p T opic s from [...]

  • Page 41

    . . . . . GETT ING S TAR TED WITH BUILDER Configuring SNM P Access Settings Access P oint QVPN Build er User Guide 27 For th e AP , se lect Edit → SNMP Propertie s to make cha nges to the SNMP acces s info rmat io n. The SNMP Prop erties Dial og lets y ou co nfigur e SNMP para meters for ea ch of the fol l owing SNMP operations : • Config — u[...]

  • Page 42

    GETTING STARTED WITH BUIL DER Managi ng Access Po i nt System s 28 Access Po int QVPN Builder User G uide 3 secure S N MP acce ss). If y ou are using either SNM Pv2 or SNM Pv3, yo u should s pecify the Community/ user name. If you are usin g SNMPv3, you can speci fy the authenticat ion prot ocol (NONE, MD5, or SHA) and i t s password. Y ou can also[...]

  • Page 43

    . . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE T RAFFIC S TA T U S AND T UNNEL S TA T U S A PPLICA[...]

  • Page 44

    GETTING STARTED WITH BUIL DER Using the T raf fic S tatus and T unn el S tatus Applicatio ns 30 Access Po int QVPN Builder User G uide 3 T RAF FIC S TATUS A PPLI CATION The T raf fic Stat us applicat ion displ ays: • A graphic al representat ion of the CBQ tree runni ng on the AP • A pie char t showing the bandwidt h allocat ed to each cl ass a[...]

  • Page 45

    . . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 31 • Bar char ts showing the actual ba ndwidth usage b y selected clas ses (when you ha ve select ed the Equali zer tab) The T raf fic S t atus ap plica tion als o lets you chang e the bandwi dth for a par[...]

  • Page 46

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 32 Access Po int QVPN Builder User G uide 3 have sel ected the Summary ta b) • Bar char ts showing the traf fic rates on selected tun nels (when you h ave sel ec ted th e T r affic Rat es tab ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 47

    . . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 33 If you ar e using the sta ndalone version, the Config daemon ru ns on the same machin e as Builde r . If you a re using t he client/se rver version , the Config da e- mon runs on the same machine as the ObjectS tore serv er or c[...]

  • Page 48

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 34 Access Po int QVPN Builder User G uide 3 NOTE Y ou must c lose the VP N definiti on before us ing the da emon from the A P to reques t a confi guration. 2 Using the CLI, issue the following command from th e AP to request th e configur ation: qvpn_Bu ilderCon figReques t <IP[...]

  • Page 49

    . . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 35 C HANG ING THE SNMP C OMMUNITY N AME FOR THE D AEM ON Y ou can cha nge the SNMP Community na me for the Config d aemon as f ol- lows : 1 S top the da emon with the f ollowing command: /etc/rc2.d/ S90 rcd sto p 2 Edit the followi[...]

  • Page 50

    GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 36 Access Po int QVPN Builder User G uide 3 The fo llowing t able lists the daemon commands a nd provides a des cription: Comma nd Descripti on show ver sio n Shows the cu rrent versi on of the daem on show deb ug Shows the deb ug mo de show data base Shows the databa se path whe [...]

  • Page 51

    Access Point QVP N Builder User Gu ide 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG VPN S The A cces s P oint QVPN B uilde r appl ic ation (Bui ld er) re duces the co m - plexit y of deploying lar ge-scale vi rtual private networks (VPNs) by enablin g you to centr ally define tun nel configurat ions[...]

  • Page 52

    MANA GING VPNS Cr eating or Modifying VPN Definitions 38 Access Po int QVPN Builder User G uide 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C REATING OR M ODIFYING VPN D EFINITIONS This sec tion describes how to create or c hange VPN settings for the[...]

  • Page 53

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 39 Config Daemo n ” on Page 32 . • Mixed — The config uration method must be selected for each AP . If you ha ve chosen the Mixed c onfigura tion method for t he VPN, you must select the config ura tion metho d for each AP (unle ss you acc[...]

  • Page 54

    MANA GING VPNS Cr eating or Modifying VPN Definitions 40 Access Po int QVPN Builder User G uide 4 On th e T r ee fram e, cli ck on V PN to displ ay the VPN P roper ties fr ame. The f ollow i ng tab le des c ribes the fie lds in the VPN Prope rties frame : Field Descripti on Poller ID A user-def inable option fo r future exp ansion. Secur ity Profil[...]

  • Page 55

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 41 C HANG ING VPN S ETTIN GS FOR THE A CCE S S P OINT S YSTEMS For the AP , click on t he VPN folder to display the Access Point Prope rties frame. When defi ning the V PN settings fo r the APs, you must specify the fo l- lowin g fields : C ONFI[...]

  • Page 56

    MANA GING VPNS Cr eating or Modifying VPN Definitions 42 Access Po int QVPN Builder User G uide 4 Propert ies frame. 2 Select Primary or Seco ndary from the HUB T ype drop-d own list. Primary se ts the AP as the pr ima ry hub . Route s to the primary hub are cre - ated wit h a cost of 50. Second ar y se ts the AP as the backup hub. Ro ute s to the [...]

  • Page 57

    . . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 43 subinte rface in a do wn and then a te sting state, and at tempts to reestablis h a tunnel c onnection. Y ou can specify how often Keepalive update messages a re sent. By defaul t, Keepaliv e update messag es are se nt every 10 sec onds as sh[...]

  • Page 58

    MANA GING VPNS Cr eating or Modifying VPN Definitions 44 Access Po int QVPN Builder User G uide 4 the APs th at you add to VPN defi nitions. The fo llowing t able explain s the i nteract ion of the che ckboxes in th e Probes Propert ies frame: In order to delete a ll pro bes from th e devic e using Buil der , unc heck t he Device Manages Pr obes an[...]

  • Page 59

    . . . . . MANAGI NG VPNS Saving the VPN Defin ition Access P oint QVPN Build er User Guide 45 If you cl ick on the Sele cted AP(s) but ton, the Access- Points Di alog appears whic h allows you to se lect the APs to which you wa nt to apply the probe se ttings. For the AP y ou want, expand VPN and se lect Probe to make changes to the Probe set tings[...]

  • Page 60

    MANA GING VPNS Opening VPN Defi niti ons 46 Access Po int QVPN Builder User G uide 4 S AVING THE VPN D EFINIT ION W ITH THE S TAND ALONE V ERSI ON When using the standalone version, the Sav e VPN As... dialog windo w sho wn here app ears. Ente r the n ame of t he file to wh ich yo u want to sav e the VP N de fi niti on and click o n the Save butt o[...]

  • Page 61

    . . . . . MANAGI NG VPNS Opening VPN Definition s Access P oint QVPN Build er User Guide 47 O PENIN G THE VPN D EFINITI ON W ITH THE S TAND ALONE V ERSI ON When using t he standalon e version , the Choose the VPN to be opened dial og window shown h ere appears. Select the VPN definition you want to open and cl ick Open to open the VPN defini tion. [...]

  • Page 62

    MANA GING VPNS Removing VPN Defin itions 48 Access Po int QVPN Builder User G uide 4 A CCESS ING L OCKE D F ILE S If the application was not shut down pr operly or if ano ther user is activel y usin g the same VPN definit ion, the S teal the lock? pop-up win dow shown here appe ars. NOTE Y ou sh ould steal th e lock o nly if the ap plicatio n was n[...]

  • Page 63

    . . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 49 R EMOVIN G THE VPN D EFINI TION W ITH THE C LIEN T /S ERVE R V ERSI ON When using t he client/ server ve rsion, to re m ove VPN de finitions: 1 Sele ct File → Remove to dis play the VPN Open dial og box. 2 Select the VPN name you want t o remove and click Rem[...]

  • Page 64

    MANA GING VPNS Using VPN Definit ions 50 Access Po int QVPN Builder User G uide 4 I MPORTING VPN D ATA F ILES Y ou c an im p ort VP N data text fi le s for V PN de finiti ons. T o imp o rt this data , sel ect T ools → Import → VPN T ext File . Y ou create t hese t ext fi les usi ng the format de scribed in the next section . F ORMATTING VPN D A[...]

  • Page 65

    . . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 51 2 The n ext li ne mu st start w ith th e SNMP or ACCESSPOINT keywor d. If the next line is n ot the SNMP l ine, th en the V PN us es th e defa ult SN MP access p arameters. Oth erwise, th ese ru les ap ply to the fiel ds in the SNMP line : - The S NMP V e rs io[...]

  • Page 66

    MANA GING VPNS Using VPN Definit ions 52 Access Po int QVPN Builder User G uide 4 S AMPLE VPN D ATA F ILE This samp le file de fines a VP N with t hree A Ps. # ****** ****** V PN defini tion bloc k begins! * ******* ******** ***** # VPN,Q VPN mame, VPN ID, Use Wildca rd T unnels VPN,Xedi a VPN,ID001,tr ue # SNMP ,SNMP V er sion,Commu nity/User ,Au [...]

  • Page 67

    . . . . . MANAGI NG VPNS V erifying th e Configu r ation Access P oint QVPN Build er User Guide 53 I MPORTING VPN D EFINITI ONS F ROM V ERSI ON 1.1 T o use VPN defi nitions creat ed with V ersion 1.1, you m ust import the VPN defini tions. 1 Sele ct T ools → Impor t → AV 1 . 1 V P N to dis play all VPN file s in the Choose the VPN to be importe[...]

  • Page 68

    MANA GING VPNS Using the VPN Deployment T a bles 54 Access Po int QVPN Builder User G uide 4 Y ou also h ave the optio n of app lying all con figurations to all APs by sel ect- ing All Co nfi gur at ion s . Click on the St a r t button when yo u are finished. If you have n ot saved the VPN definit i on yet, th e appl ic at ion prompt s you to do so[...]

  • Page 69

    . . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 55 Y ou ca n sort t he VPN Deploymen t table in ascen ding or de scendi ng order for a specif ic field by sel ecting the hea der for the field you want. The sort ing toggles between a scending and de scending o rder each ti me you cl ick on the fiel d [...]

  • Page 70

    MANA GING VPNS Using the VPN Deployment T a bles 56 Access Po int QVPN Builder User G uide 4 The window r esembles the f ollowing displa y: T UNNE L , R OUTE , AND IPS EC I NTERF ACE I NFORMA T ION Selecti ng VPN for an AP and the n clic king on the Deployment tab provid es three v iews — T unnels, Rout es, and IPSec I nterf aces: The Tunne l s t[...]

  • Page 71

    . . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 57 The Tunne ls tab re semble s the f ollowi ng dis play : The Routes tab displays the foll owing informat ion: • State — th e rout e ’ s cur rent c onfigu ration s tate (Add — to be added, Current — deployed, Remove — to be removed) • C [...]

  • Page 72

    MANA GING VPNS Mana ging Securi ty Pr ofiles 58 Access Po int QVPN Builder User G uide 4 • Remote Gate way — IP address of th e remote gateway The I PSec In terfa ces tab rese m bles t he foll o wing d ispla y: Y ou can sort VPN Depl oyment tables in a scending or desc ending order for a specif ic field by cli cking on the heade r for the fiel [...]

  • Page 73

    . . . . . MANAGI NG VPNS Managi ng Secu rity Pr ofiles Access P oint QVPN Build er User Guide 59 A DDING S ECURI TY P ROFI LES T o add se curity pr ofiles: 1 Sele ct Edit → Security Profile s to di splay the Secu rity P r o file D ialog window . 2 Click Add to add the new s ecuri ty prof ile. 3 Select <New Secur it y Profil e> from the Prof[...]

  • Page 74

    MANA GING VPNS Mana ging Securi ty Pr ofiles 60 Access Po int QVPN Builder User G uide 4 D ELETING S ECUR ITY P ROFI LES T o delete s ecurity pro files: 1 Sele ct Ed it → Security Pr ofiles to display the Security P rofile Dialog window . 2 Click on t he profile in the Profile Lis t that yo u want to delete a nd click Remove to d elete the pr ofi[...]

  • Page 75

    Access Point QVP N Builder User Gu ide 61 M ANAG I NG Q O S/F IREW ALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P OLICIES The A cces s Poin t syst em (AP ) uses CBQ to provi de fi rewall and Qo S ser - vices by classifying an d scheduling h ow traffic flows throug h the AP . T raffic is c lassi fied by m atch [...]

  • Page 76

    MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 62 Access Po int QVPN Builder User G uide 5 • Supp lies v a lues fo r the p a rame ters fr om the rule se t or the A cces s Point propert ies. The more specificity provided by th e rule, the mor e secure the rul e. Y ou can create , modify , save , and delete rul e sets. [...]

  • Page 77

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 63 The Q oS/Fi rewa ll Rul e S et Ed it or fi el ds are desc ribed in the fo llow ing ta bl e: Save the active rule set Saves th e open rule set. Same as File → Save . Set sele cted rule as a peer t o current p arent Chang e[...]

  • Page 78

    MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 64 Access Po int QVPN Builder User G uide 5 D EFAULT T EMPL ATE R ULE S ET D EFIN ITION AND M ODIFICATI ON When you sel ect File → New in th e R ule S et Edit or , th e cur rent d efaul t tem- plate r ule set is d uplicate d as the curr ent rule set de finition. Th e defa[...]

  • Page 79

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 65 Remember t hat the “ -defa ult ” suffix has special meani ng when applied to a CBQ cl as s on t he AP ( For mo re in form ation about defaul t cl asses , see th e Access Point Confi gur ation Guide ). NOTE These rul es [...]

  • Page 80

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 66 Access Po int QVPN Builder User G uide 5 2 Add the foll owing ru le: AP Allow Shapi ng-d efau lt . Conf igure this rul e before s etting up addit ional rules , so you don ’ t i nadvertentl y prevent acces s to th e AP . Gi ve the ru le the follo w ing fl ow sh ape ac t ion: • Bandwid th [...]

  • Page 81

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 67 NOTE If you ar e modifying a rule set for an AP , m ake sure y ou set parameter val ues so you can pro vide the corr ect values for a specific AP . Refer to “ Settin g Paramete r V alues ” on Page 80 for more in formation. 4 Save the ru le s[...]

  • Page 82

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 68 Access Po int QVPN Builder User G uide 5 • Edit... t o add or cha nge a parameter For Apply p arameters (I nterfac e or Action), choos e one of thes e options: • A valu e as th e parame ter • Edit... t o add or cha nge a parameter NOTE If a parameter d oesn ’ t exist, first you n eed[...]

  • Page 83

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 69 E DITING S OURC E OR D ESTINATION P ARAMETERS When you choos e Edit... from the po p-up menu for sourc e or destinati on parame ters, th e Rule Source Defin ition Dialog or Ru le Destinati on Defi nition Dialog ap pears. The Rule Source Definiti[...]

  • Page 84

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 70 Access Po int QVPN Builder User G uide 5 E DITING S ER VICE P ARAMETERS When you choos e Edit... from th e pop-u p menu for se r- vice p arame ters, th e Rule Classi ficati on Dialog ap pears. Add a new ser vice classi fication by speci fyin g the na me and the c las sifi cati on type (S tat[...]

  • Page 85

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 71 For th e S tatef ul cl assif icati on type , in addi tion t o making i t easy t o creat e a sin - gle cla ss for aggre gating all po ssible p ort pairing s for a well-known service, you can st atefully cla ssify TCP and UDP appli cations. T o do[...]

  • Page 86

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 72 Access Po int QVPN Builder User G uide 5 For the Datalink classif icati on type, add the datal ink ind ex (range list of 16-bit TCI value exp ressed in hex) by fil li ng i n the Add Data link Indices s ect io n and clicki ng Add In dices . A d d the datal ink mas k (ma sk th at is app lied t[...]

  • Page 87

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 73 For the S tatele ss classific ation typ e, add a type by selecting the a ppropriate protocol s and ports a nd clicki ng Add as shown he re. Remove a classif i cation typ e by selec ting the item in the list an d clickin g Remove in the Clas sifi[...]

  • Page 88

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 74 Access Po int QVPN Builder User G uide 5 For in terfa ce para meters , select the In ter- face fi el d yo u want to change , cl ic k on t he right mou se button, and select the appr o- priate value from th e pop-up menu. If you sel ect Edit... , then t he Ru le Set In te rface Associat ion D[...]

  • Page 89

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 75 ify a f orwarding policy for statef ul cla sses, the forwarding pol icy is applie d to the From int erfa ce speci fied in the Rule Set Inter face Dialog box when edit ing the In terfa ce fiel d. T abl e 2 Default Action Profiles and Associat ed [...]

  • Page 90

    MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 76 Access Po int QVPN Builder User G uide 5 2 Click on t he right mouse but ton and se lect Rename.. . from the pop-u p menu (sa me as se lecti ng Rule → Rename... ). Fill in the new name when p rompted. 3 Click OK to change the name. 4 Save the ru le set by selec t i ng File → Save As. .. [...]

  • Page 91

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Modi fying a Rule Set Access P oint QVPN Build er User Guide 77 R EMOVIN G A R ULE T o remove a rule: 1 Select the rule you wa nt to d elete. 2 Sele ct Rule → De lete (or clic k on the ri ght mouse button and s elect Delete from the pop-up menu) to remove the se lected r ule from the rul e set. 3 Save th[...]

  • Page 92

    MANA GING QOS/ FIREW ALL P OLICIES Modif ying the Default New Ru le Set 78 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open in the QoS/Firewa ll Rule Set Edit or to bring up the Open Rule Set Dia- log box. Select the rule set you want to modify and click Open Rule Set . 3 Modify the rules i n your r ule se t. NOTE If you ar e modify[...]

  • Page 93

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Remo ving a Rule Set Access P oint QVPN Build er User Guide 79 3 Make an y changes t o the rul e set an d select File → Save to use this rul e set as the defau lt new r ule se t. NOTE If yo u decide you want t o us e the ori ginal de fa ul t new ru le set, then sel ect File → Reset T emplate . . . . . [...]

  • Page 94

    MANA GING QOS/ FIREW ALL P OLICIES Setting Para me ter V alues 80 Access Po int QVPN Builder User G uide 5 box is ch ecked by default as shown below . Make su re the Us e VPN Firewa ll Rulese t box is not chec ked if y ou want to use a dif fere nt rule set from the one specifi ed in the VP N Propertie s frame. 3 Click Sel ect Rule Set... to choo s [...]

  • Page 95

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Setting Parameter V alues Access P oint QVPN Build er User Guide 81 the corr ect one, asso ciate the co rrect r ule set with this AP as d escribed in “ Ass ociat ing a R u le Se t ” on Page 79 . 3 A list o f parameters for this rule set app ears in the drop -down list be low the Set AP Parameter b utto[...]

  • Page 96

    MANA GING QOS/ FIREW ALL P OLICIES V erifying the QoS/Fir ewall Polic ies 82 Access Po int QVPN Builder User G uide 5 list a nd clicki ng Edit Over ride or Remove Override . 5 Apply your ch anges t o the QoS/Firewal l Pro perti es and sa ve the defin ition so t ha t thes e QoS / Firew all po licie s are in clud ed as part of your VPN de fi- nition.[...]

  • Page 97

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using t he QoS/F ir ewa ll De ployment T able Access P oint QVPN Build er User Guide 83 Deployme nt table . • Creates or modifies all CBQ classes in the class list. T o apply the QoS/fi rewall poli cies to a ll the APs, sel ect Devic e → Apply and in the App ly Configurat ion pop up that app ears, adju[...]

  • Page 98

    MANA GING QOS/ FIREW ALL P OLICIES Using t he QoS/F ir ewa ll De ployment T able 84 Access Po int QVPN Builder User G uide 5 ures th e class but s ets it to not i n service. • Defi niti on — the d efini tion f o r this c lass • Comment — the c o mment assoc iated with this cl a ss T o display the Def initi on V iew , click on the QoS/Fir ew[...]

  • Page 99

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using Rule S e ts Access P oint QVPN Build er User Guide 85 • Name — the cl as s nam e • Mess age Stat us — the mess age status f or this c lass • State — the c urren t stat e for th is cla ss (Mod ify , Add, Curren t, or Remov e) • C — configur ation • Q — query T o display the Apply/Q[...]

  • Page 100

    MANA GING QOS/ FIREW ALL P OLICIES Using Ru le Sets 86 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open to open t he rule set tha t you want to expor t to a file. 3 Sele ct To o l s → Export to speci fy th e expor t pat h for the expo rt fil e in the followi ng dialog box and cl ick Export . By defaul t, the export fi le is named [...]

  • Page 101

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Specifyin g a Rule Set fo r a VPN Access P oint QVPN Build er User Guide 87 set fi le that you wan t to im port. NOTE Importin g the file ov erwrites the e xisting ru le set or temp late, so make sure you a re overwr iting the cor rect one. 4 Choose the file name and click Import . . . . . . . . . . . . . [...]

  • Page 102

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 88 Access Po int QVPN Builder User G uide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE Q O S/ F IREWALL : E XAMPLES The fol lowing secti ons p rovide ex amples of r eal[...]

  • Page 103

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 89 the conf iguration ensur es that onl y limited s ervices are al lowed onto the LAN and o nly if these se rvice s mat ch a flow p revio usly in itiate d by a n i ntern al cli - ent. This arrangement b oth sec ures the internal LAN,[...]

  • Page 104

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 90 Access Po int QVPN Builder User G uide 5 log box sh own here, and cl ick OK . Change the Src parameter fr om Any to LANHosts by s electing th e Src fiel d, clicki ng on the right mous e button, and sele cting Sele ct... f rom the pop-up men u. Select the LANHosts para m ete [...]

  • Page 105

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 91 in the d ialog box. Add th e http to the Applicat ion List, a nd click OK . Change the Servi ce parameter f rom Any to allo wW eb Acce s s by se lecting the S er - vice fi eld, clicking on the right mouse button, a nd selectin g S[...]

  • Page 106

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 92 Access Po int QVPN Builder User G uide 5 Spec ifying the A ct ion P a ramete r Change the Action parameter from Undefined to P ermit by selecti ng the Action f ield, clicking on the rig ht mouse button , and selecting Pe rmit from the pop-up menu. After sp ecifying th e acti[...]

  • Page 107

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 93 5 Setti ng Pa ramete r V a lues Next , set p a rame te r valu es by s e lectin g the parame ter fo r which you wa nt to spe cify a value from th e dro p-dow n lis t belo w the Set AP Parameter button. Selec t APMg mtSe rvice s fro[...]

  • Page 108

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 94 Access Po int QVPN Builder User G uide 5 of the I nterface Dialo g screens aft er checking the boxes. Once yo u set p aramete r values, the parameter is listed in the Paramet er Override s list. Y ou can edit or re m ove a n override by selecti ng the param- ete r in the P a[...]

  • Page 109

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 95 After maki ng all your changes, cl ick Apply in the upper l eft-hand c orner of the Acces s Point Properti es frame. Save the VPN definition by s electing File → Save or File → Save As... to include these QoS/fire wall poli ci[...]

  • Page 110

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 96 Access Po int QVPN Builder User G uide 5 C ONFIGURING I NTERVENE M ODE Interv ene mode works by r esponding t o the SYN+ACK with an immediate ACK that moves t he connection ou t of the ser ver ’ s backlog qu eue a nd st ar ting a timer . If an ACK d oes not return i n a sp[...]

  • Page 111

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 97 7 Save the ru le set by selec t i ng File → Save As. .. or File → Save . 8 Next, if nece ssary , chan ge the SYN Protect Ti meout value. For the AP you want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure[...]

  • Page 112

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 98 Access Po int QVPN Builder User G uide 5 3 Select the Ser- vice fi eld for the rule you want to change, cl ick on the ri ght m ouse button, an d select Edit... from th e pop-up menu. The Rule Cl assi- ficati on Dial og appe ars. 4 Add a new ser - vice cl assifica- tion by sp[...]

  • Page 113

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 99 want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure t hat the specif ied SYN Prote ct T imeout value is appropriate. The d efaul t inte rval is 30 seco nds. 10 Apply your changes to th e QoS/Firewall Pro per[...]

  • Page 114

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 100 Access Point QVPN Bu ilder User Guide 5 cation Dial og appe ars . 4 For s tateful classificat ion, add a new servi ce classif ication by specifying the name a nd the St ateful classi fication type from the drop-down l ist and clicki ng Add in the New Cl assific ation se cti[...]

  • Page 115

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 101 5 For stat eful classif i cation, clic k ICM P Filt ering in the Appl icati on sectio n t o bring up the ICMP Fi lter - ing dial og box. St atefu l classi fica- tion al lows only replie s (for the Establi shed traf fic class) and [...]

  • Page 116

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 102 Access Point QVPN Bu ilder User Guide 5 3 Click New to add f orwarding policy to the forwar ding pr ofile. Enter t he name of the forwa rding policy and click Apply . 4 Select the policy fr om the Fo rwarding Po licy List for whi ch you want to set for warding acti ons (up [...]

  • Page 117

    . . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 103 • Forward pac kets to next hop — Packets are forwarded to a next hop I P address that must b e reachabl e through a l ocal interfac e. Y ou can ov erride the IP address in the Fo rwarding Policy Actions list or in th e Access [...]

  • Page 118

    MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 104 Access Point QVPN Bu ilder User Guide 5[...]

  • Page 119

    Access Point QVPN Bu ilder User Guide 105 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG NAT The A cces s Point s ystem (AP) has a N etwo rk Addr ess Transla tor th at pro - vides gl obally-uniq ue, regist ered IP address es for domains using pri vate IP ad dress es to c onnect to the Intern et. Pri vate[...]

  • Page 120

    MANA GING NA T Configur ing General NA T Paramete rs 106 Access Point QVPN Bu ilder User Guide 6 W ith the Bui lder , you can co nfigure NA T by: 1 Configur ing general NA T param eters. 2 Adding the NA T layer . 3 Enabling NA T . 4 Addi ng st a tic bi ndi n gs. 5 Creatin g address tr anslation pools . 6 Configur ing private net works and assoc i a[...]

  • Page 121

    . . . . . MANAGI NG NA T Configu ring Gen eral NA T Parameters Access Point QVPN Bu ilder User Guide 107 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. S PECI FYING M AXIM UM N UMBE R OF S ESSION S T o prevent the AP from being flooded by too many sessio n requests, you ca n configur e the maximum number of sessions that[...]

  • Page 122

    MANA GING NA T Configur ing General NA T Paramete rs 108 Access Point QVPN Bu ilder User Guide 6 A PPLYIN G P ARAM ETERS W ith NA T select ed for the VPN root, y ou can apply t he changes t o either all APs or to s elected APs by selecti ng the appropria te button for Apply Para m e- ters T o... as shown below . If you cl ick on the Sele cted AP(s)[...]

  • Page 123

    . . . . . MANAGI NG NA T Adding the NA T La yer Access Point QVPN Bu ilder User Guide 109 S AVING THE NAT C ONFIGU RATION Save the N A T configuration b y selecting File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DDING THE NA T L AY ER T [...]

  • Page 124

    MANA GING NA T Adding the NAT Layer 11 0 Access Po int QVPN Bu ilder User Gu ide 6 When you cli ck on the Insert NA T ... butto n, the Int erface Dialog box shown belo w appears so you can select t he desire d IP layers. Select the IP layers and click Apply . NOTE Y ou ca n add the NA T layer under an IP Sec ins tance by sele cting an IP i nstance [...]

  • Page 125

    . . . . . MANAGI NG NA T Configurin g S tatic Binding s Access Point QVPN Builder User Guide 111 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. 4 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 126

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 2 Access Po int QVPN Bu ilder User Gu ide 6 3 If you want to remove a stat ic bin din g, selec t the r ow and the n clic k on the - butto n. 4 Click Appl y . 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 127

    . . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 3 C ONFI GU RING B ASIC NAT P OOLS T o configur e pools for Ba sic NA T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Poo[...]

  • Page 128

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 4 Access Po int QVPN Bu ilder User Gu ide 6 C ONFI GU RING NAPT P OOLS T o configur e pools for NAP T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Pool names ca n c[...]

  • Page 129

    . . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 5 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . Once a NAP T pool is d eployed, its paramet ers cannot be modifi ed. T o modify the pool ’ s parameters, yo u must delete the NAP T pool and add anoth[...]

  • Page 130

    MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 6 Access Po int QVPN Bu ilder User Gu ide 6 4 Y ou can add pri vate IP a ddresses at any time by clicki ng on the Add IP Ranges butto n. Add the IP addr ess range by clicking on th e + button. Select the field t hat you want to change by dou ble-clicking o n the field. Y ou can modify[...]

  • Page 131

    . . . . . MANAGI NG NA T Configurin g Private Network s Access Poin t QVPN Builder User Gu ide 11 7 R EMOVIN G P OOLS T o remove pool s: 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Select the pool that you want to delete f rom the Created Pool s list. NOTE Y ou ca nnot remove pools tha[...]

  • Page 132

    MANA GING NA T Configu ring P rivate Netwo rks 11 8 Access Po int QVPN Bu ilder User Gu ide 6 pools. A sample ent ry is shown her e: 4 If you want t o remov e a pri va te ne twor k, se lect the private net wo rk on the left an d the n clic k Remove . NOTE Removing a private n etwork wi ll only di sassocia te all its po ols. These p ools are no t re[...]

  • Page 133

    . . . . . MANAGI NG NA T Checkin g t he Con figurat i on Access Poin t QVPN Builder User Gu ide 11 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C HECKING THE C ONFIGURATION When you h ave confi gured the stati c bindings , address trans lation pools, [...]

  • Page 134

    MANA GING NA T Deployin g the NA T Configuratio n to All APs 120 Access Point QVPN Bu ilder User Guide 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D EPL OYIN G THE NA T C ONFIGURATION TO A LL AP S When yo u apply t he NA T configur ation to t he VPN [...]

  • Page 135

    . . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 121 Y ou c an vie w the IP laye rs sele cted for NA T in serti on by click ing on t he NA T folder for an AP and selec ting the Deployment tab as shown below: The Deployme nt tab for S tatic Bindings, T ranslat ion Pools, and Private Ne t- works dis plays [...]

  • Page 136

    MANA GING NA T Using the NA T Dep loyment T ab 122 Access Point QVPN Bu ilder User Guide 6 The Deployme nt tab for bindi ngs resembles the fo llowing di splay: For th e transl ation pools configuration: • Pool Name — t he name of t he pool • Range S tart — th e starti ng value for the range • Range En d — the en ding v alue for the ra n[...]

  • Page 137

    . . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 123 • Private Net Addr — the IP address of the private network • Mask — the net work mask for the priv ate network • Associat ed Pool — the pool associat ed with t he private ne twork Note that each private n etwork can have up t o three a ssoc[...]

  • Page 138

    MANA GING NA T Using the NA T Dep loyment T ab 124 Access Point QVPN Bu ilder User Guide 6[...]

  • Page 139

    QVPN Builder User Guide 125 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DVAN CED F EATUR ES OF B UI LDE R This sec tion provides ge neral informati on about mana ging the Access Point QVPN Bui l der applicati on (Bui lder), i ncluding: • Spec ifyin g Pr efere nces • Configur ing Logging • Managing Use r P[...]

  • Page 140

    ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 126 QVPN Builde r User Guide 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S PECIFYING P REFERENCES T o set th e prefe rences for di splaying in formation, sel ect Edit → P references to disp[...]

  • Page 141

    . . . . . ADVAN CED FE ATURES OF BUILDE R Specifyi ng Prefer ences QVPN Builder User Guide 127 set the log displ ay and log fi le st ora ge limi ts . T o display events in cer tain col ors, modify the Log Filte rs section by cl icking Sele ct next to t he color . By def ault, the se verity l evels have these color indic a- tors. By defaul t, all me[...]

  • Page 142

    ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 128 QVPN Builde r User Guide 7 D IRECTORY P REFE RENCE S Y ou n eed s uperu ser pr ivile ge (ro ot) to set dir ect or y pref ere n ces. Set the directory pr eference s to specif y the default path fo r the da tabase/log (standa lone version s ) and export directo ries. T o modify th e path,[...]

  • Page 143

    . . . . . ADVAN CED FE ATURES OF BUILDE R Conf igurin g L ogging QVPN Builder User Guide 129 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONFIGURING L OGGING The Log fr ame (bottom frame of main window) displa ys the time st amp, the severi t y level,[...]

  • Page 144

    ADVA NCED FE ATURE S OF BUILD ER Mana ging User P rofiles 130 QVPN Builde r User Guide 7 E XPOR TING THE L OG T ABLE T O A F ILE Y ou c an ex port th e Log t able to a text fi le by s elect in g T ools → Export → Database Log File to di splay the Choo se the expo rt log fil e name win dow . Enter t he export pat h for t he log file and click Sa[...]

  • Page 145

    . . . . . ADVAN CED FE ATURES OF BUILDE R Managi ng User Profiles QVPN Builder User Guide 131 A DDING U SER P ROFILE S T o add us er profil es: 1 Sele ct Ed it → Users to di splay the User Profiles wi ndow shown here : 2 Click Add to add the user profil e. 3 Repl ace N ew user (in t h e Nam e field ) with the us er name in the User Parame te rs s[...]

  • Page 146

    ADVA NCED FE ATURE S OF BUILD ER Restori ng VPN Dat a bases 132 QVPN Builde r User Guide 7 5 Repeat st eps 2 through 4 for e ach add itional user . 6 Click Done when y ou have finis hed modif ying profiles . D ELETING U SER P ROFIL ES T o delete u ser profiles: 1 Sele ct Ed it → Users... to di splay the Use r Profil es window . 2 Select the user [...]

  • Page 147

    . . . . . ADVAN CED FE ATURES OF BUILDE R Find ing a VPN Name QVPN Builder User Guide 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F INDING A VPN N AME On a S olari s syst em or a P C, yo u can e n ter the finddbna m e comman d at the command lin e [...]

  • Page 148

    ADVA NCED FE ATURE S OF BUILD ER T r oublesh ooting 134 QVPN Builde r User Guide 7[...]

  • Page 149

    QVPN Builder User Guide 135 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NDEX A Acce ss Po int Pr op ertie s HUB Type 41 IKE Keep Alive Update 41 Route Cos t 41 Router Address 41 Security Profile 41 Subnets 41 Acce ss Po in t syst ems adding 28 applying NAT configurat ion to w ith Build er 120 applying QoS/Fir e[...]

  • Page 150

    136 QVPN Builde r User Guide E Evolv ing databa ses 18 F Firew a ll rul es associating a rule set 79 , 92 configuring 66 creating a rule set 66 defini ng a rule set 66 ICMP packets, classifying 99 modify ing a rul e set 66 , 77 removin g a rule set 79 saving a rule set 92 setting 61 setting parameter valu es 80 , 93 SYN floo d protection configurin[...]

  • Page 151

    . . . . . QVPN Builder User Guide 137 specifyi ng number of sess ions 107 specif yin g sessio n tim ers 107 layers adding 109 inserting under all IP Sec in stances 10 9 numb er of sessi ons, sp ecifyi ng 107 priv ate n e twork s, conf igur i n g 117 session timers, specif ying 107 stati c bin dings, co nfigur ing 111 verifying the configuratio n 11[...]

  • Page 152

    138 QVPN Builde r User Guide configuring 95 configuring intervene mode 96 SYN floo d protection, configur i ng monitor mode 97 QVPN Builder adding APs to 28 configu rati on method s 38 data list, exporting to text file 49 Dep loyme nt V iew 53 desc ripti on of f rames Log tabl e 129 QoS/Firewall Dep loyme nt t able 83 VPN Dep loyme nt t able 54 des[...]

  • Page 153

    . . . . . QVPN Builder User Guide 139 operation, verifying 34 shut ting dow n 34 starting 33 usin g 33 rule sets, exporting to a file 85 rule sets, importing 86 security profiles adding 59 deleting 60 managing 58 modify i ng 59 Solaris requirem ents 2 specifying prefer ences 126 directory 128 gene ral 126 logging 12 6 specifying SNMP access 26 star[...]

  • Page 154

    140 QVPN Builde r User Guide installing on (standal one) 6 runnin g online h el p 133 Sola ris req u iremen ts 2 Startu p tasks 16 T Traffi c Status applic ation accessing from QVPN Builder 29 changin g bandwidth al locat ion 31 displaying band w id th allocation 30 displaying band w id th utilization 30 disp laying CBQ tr ee struc ture 30 installi[...]

  • Page 155

    . . . . . QVPN Builder User Guide 141 desc ripti on of 21 Windows NT installing (client/ server) 14 Windows NT, install ing (sta ndalone) 13[...]

  • Page 156

    142 QVPN Builde r User Guide[...]