Lucent Technologies AP-1 manual

. . . . . CCESS OINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UILDER SER UIDE This manual describes how to use the Access Point QVPN Builder™ applica- tion with Access Point™ IP Services routers. Product: Access Point QVPN Builder V ersion: V ersion 2.4[...]

[...]

. . . . . Import ant - Please Read Access Point QVPN Builder User Guide III . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I MPORT ANT - P LEASE R EAD NOTICE The info rmatio n in this manual is provided without wa rranty of a ny kind and is subject to cha[...]

Impo rtant - Plea se Re ad IV Access Point QVPN Builder User Guide Shie lded c ables m ust b e used with this un it to en sure compl iance with th e FCC Class A li mits.[...]

QVPN Builder User Guide V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONT ENTS Preface ... .................. ................... ................... ......... ......... .......... ................. XI 1 Product Overvi ew ..... .......... ......... ......... .............. ................... ................... ... [...]

CONTENT S VI QVPN Builder User Guide 3 Getti ng Started With Builder .............. .................. ..... ................... .... ..... ..... 2 1 About the Builder Window ........................................................................................ 21 The Tree Frame ................... ...................... ....................... .[...]

. . . . . CONTENT S QVPN Builder User Guide VII Removing the VPN Definition With the Client/Server Version .................... ...................... ...... 49 Using VPN Definitions ...............................................................................................49 Exportin g Data ................ ...................... .............[...]

CONTENT S VIII QVPN Builder User Guide Using Rule Sets .......................................................................................................... 85 Exportin g Rule Sets ............. ........... ........... ........... ................. ....................... ...................... ........ 85 Importin g Rule Set Files ...........[...]

. . . . . CONTENT S QVPN Builder User Guide IX Exportin g the Log Table To a Fil e ........ ........... ............ ........... ........... ............ ........... ........... ...... 1 30 Managing User Profiles ..............................................................................................130 Adding User Profiles ............ .....[...]

CONTENT S X QVPN Builder User Guide[...]

Access Point QVPN Builder User Guide XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P REFACE The A cces s P oint ™ IP Servi ces family c omprises a set of bridging rou t- ers wit h advanced bandwidth management and VPN serve r capabiliti es. The Access Point QVPN Builder ™ app l ication lets you manage and moni[...]

PREFACE XII Access Point QV PN Builder User Guide requir es considerable experience wi th rou ters, hubs, bridg es, and other n et- working de vices. In par ticular , Lucent T echnologi es assumes tha t persons instal ling, configuri ng, and managing t he Acce ss Poin t product have several years of networking ex perience . The Access Point QVPN Bu[...]

. . . . . PREFACE Access Point QVPN Builder User Guide XIII Contac ting Luc ent Support For questi ons or problems wit h th e Access Point QVPN Builder appli cati on or the Acces s Point route r , refer to this man ual or to the Luce nt T echnologies Luce nt W orl dwid e Servi ce s W eb s ite at: http ://w ww . lucen t.co m/netw ork care If you are[...]

PREFACE XIV Access Poin t QVPN Builde r User Guide[...]

Access Point QVP N Builder User Gu ide 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P RODU CT O VER VI EW The Access Poi nt QVPN B uil der ™ applicat ion (Builder) let s you manage and monito r a virtual private network consis ting of Access Poi nt ™ sys- tems (APs). This ap plica tion le ts you : • Config[...]

PRODUCT OVERVIEW Integra ted App lic a tions 2 Access Po int QVPN Bui lder User Gui de 1 sets of host s (Access Point sys te ms ) wi th out net work d isruptions. Buil der also lets y ou inc o rpora te fire w all an d Qual ity of S ervi ce (QoS) param e ters a s part of a VPN def inition, allowi ng you to rate -limit a nd shape traf fic flowing ov [...]

. . . . . PRODUCT OVERVIEW Access Po in t Operating Syst em Support Ma trix Access Poin t QVPN Builder User Guide 3 • 256 MB RAM • Java Runt ime Environment v ersion 1.2.2 sof tware S OLARIS 2.6 R EQUI REME NTS • S tandalon e • 100 MB dis k (and additiona l space for the use r -creat ed databases) • 256 MB RAM • Java Runt ime Environmen[...]

PRODUCT OVERVIEW Access Po int Operating S ystem Support Matrix 4 Access Po int QVPN Bui lder User Gui de 1[...]

Access Point QVP N Builder User Gu ide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NSTALLING THE QVPN B UILDER This sec tion provides ge neral informa tion about installing t he Access Point QVPN Bui l der applicati on (Builder) an d performing init ial s tartup tasks. Re ad through the installatio n and init[...]

INST A LLING THE QVPN BUILDER Installin g Bui lde r 6 Access Po int QVPN Bui lder User Gui de 2 This sec tion describes how to instal l either the standal one or the client/se rver version of the Builde r on Solar is or W indows NT systems. Y ou will find instru ctions for i nstalling Bui lder from both a CD- ROM and an execut able file. Refe r to [...]

. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 7 pkgadd - d /cdrom/bu ilder -R < des ired-install-path > LUxavs 3 The in stallat ion asks if you wa nt to creat e the inst allation d irector y if it doesn ’ t alr ea dy ex is t. 4 Next , the i nstal latio n a sks if you w a nt to ru n the in[...]

INST A LLING THE QVPN BUILDER Installin g Bui lde r 8 Access Po int QVPN Bui lder User Gui de 2 2 Copy th e xavs2 _4_R001.bin pr ogram to the appr opriate director y . 3 Use th e chmod +x command (s pecifyin g your program f ile) to change the privil eges so you can execute t he program. 4 Use th e ./xavs2_ 4_R001.bin command t o install the p rogr[...]

. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 9 Do you want the QVPNRequestConfigDaemon configured to start at system boot ? [yes] Successfully created /etc/rc2.d/S90rcd. Successfully created link from /etc/rc2.d/K90rcd to / etc/rc2.d/ S90rcd. Do you want to st art the QVPNRequestConfigDaemon now[...]

INST A LLING THE QVPN BUILDER Installin g Bui lde r 10 Access Po int QVPN Builder User G uide 2 • The JDK patc hes for Solaris SP ARC 2.6 (5.6) wit h these patch IDs : - 105490 -05 (Li nker Patch ) - 105568 -13 (Li bth re ad Patc h) - 105210 -17 (Li bC Patch ) - 105181 -1 1 (Kernel Up date Patch — sock et close/ha ng) - 105669-04 (CDE 1.2: libD[...]

. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Point QVPN Builder User Guide 11 6 Yo u ’ ll be asked additional ques tions about h ow you want to configure Builder , including whet her you want to in sta ll as a client or a ser ver . After you ’ ve answ ered all the ques tions , the i nstal lation begi ns. 7 Afte r the in s[...]

INST A LLING THE QVPN BUILDER Installin g Bui lde r 12 Access Po int QVPN Builder User G uide 2 4 Use t he ./xavd2_4_R00 1.bin command to in stall the applicat ion as a serve r or as a c l ient. T o instal l the applic ation as a se rver , use t he -s option. T o instal l the applic ation as a clie nt, use the -c opti on. If you i nst all the app l[...]

. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 13 cuta ble file is located in the direc tory where you install ed the appl ication. After i nstalling Buil der , you can start up the applicat ion with this command: > Q VPNBuilde r NOTE Y ou must not b e logged on as the superus er when starting[...]

INST A LLING THE QVPN BUILDER Installin g Bui lde r 14 Access Po int QVPN Builder User G uide 2 I NST ALLING THE S T ANDALONE V ERS ION ON W INDOWS NT FROM AN E XECUT ABLE F ILE T o instal l Builder from an exec utable f ile, complete the followin g step s: 1 Close down a l l W indows programs. 2 In W indows Expl orer , double-cl ick on t he self- [...]

. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 15 I NST ALLING THE C LIENT /S ERVER V ERSION ON W INDOWS NT FROM A CD-ROM Builder is distribute d on a CD-ROM. The followin g procedure de scribes h ow to ins tall B u ilder . 1 Insert the CD into your CD-ROM dr ive. 2 Double cl ick on the CD-ROM dr[...]

INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 16 Access Po int QVPN Builder User G uide 2 Instal lation. The de fault i nstallation de stination pat h is C:ODI. By defaul t, Builder is in stalled in C:Program Files LucentAccessV iew direct ory . The C:Progra m Fil esLucent AccessV iewdb direct ory is the default database des tinat[...]

. . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 17 Before a nyone else can use Builder: • The user roo t mus t log in wi th the init ial account inform ation. • The user roo t shoul d modify the root account ’ s passwo rd. The user r oot can al so cr eate othe r user profile s. L OGGING I[...]

INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 18 Access Po int QVPN Builder User G uide 2 file us ing t he naming conv ention of the se rver to which you a re connect- ing. For a PC with the ap plica t ion in stalle d in th e defa u lt dire ctory : c:P rogram Fil e sLucent Acces sView db A ccessV iewMaster .db For a PC using the c:A[...]

. . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 19 direct ory where you i nstalled Builder usin g this command: cd <di r>/AccessV iew/db 3 Manually r un the evolve pro cess on all o f the copied dat abases using thi s comm and: For a Solaris s ystem: ../bin/ EvolveDatabas e <database n[...]

INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 20 Access Po int QVPN Builder User G uide 2 S ETTI NG U P THE QVPN R EQUE ST C ONFIG D AEMON TO A CCES S UNIX D AT ABAS ES T o set up th e QVPN Request Config daemon servic e o n W indo ws NT systems to acces s UNIX databases, follow t hese steps: 1 W ith User Mana ger , cre ate a local NT ac [...]

Access Point QVP N Builder User Gu ide 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING S TARTED W ITH B UI LDE R This sec tion describes the Access Poi nt QVPN Builder applicatio n (Builde r) graphical us er interface. It also prov ides informatio n about applica tion-wide tasks and associat ed appl icati[...]

GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 22 Access Po int QVPN Builder User G uide 3 Figure 2 QVPN Builder Definition V iew Window Note that if you make any changes t o the prop erties, a n asteri sk appears next to the m odifi ed ite m in the tree fr ame. O nce y o u save the V P N def in ition , the aste ri sk dis app ears. Exp[...]

. . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 23 T HE T REE F RAM E The T ree fr ame shows the rel ationshi p betw een th e VPN and Access Poin t in a tree format. Y ou can expa nd o r collapse the t ree at any t i me. The root of th e tree (the glo bal VPN) contai ns fou r childr en: VP[...]

GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 24 Access Po int QVPN Builder User G uide 3 T HE D EPLOY MENT TAB The Deployme nt tab provid es detail s about the tunn els that will b e generated. As wi th the Con figur ation ta b, the Deploy men t tab refle cts th e item select ed in the tr ee fra me. T he De ploym ent tab sho ws wh at[...]

. . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 25 Ta b l e 1 describe s the tool bar bu ttons in the Definiti on V iew wind ow . T able 1. De finition V iew T ool Bar Buttons Button Descript ion Create a new VPN Creates a new VPN def inition. Same as File → New . Open an exist ing V P N[...]

GETTING STARTED WITH BUIL DER Getting Detailed Help Information 26 Access Po int QVPN Builder User G uide 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING D ET AILED H ELP I NFORMATI ON Builder provid es Help when you s elect Hel p T opic s from [...]

. . . . . GETT ING S TAR TED WITH BUILDER Configuring SNM P Access Settings Access P oint QVPN Build er User Guide 27 For th e AP , se lect Edit → SNMP Propertie s to make cha nges to the SNMP acces s info rmat io n. The SNMP Prop erties Dial og lets y ou co nfigur e SNMP para meters for ea ch of the fol l owing SNMP operations : • Config — u[...]

GETTING STARTED WITH BUIL DER Managi ng Access Po i nt System s 28 Access Po int QVPN Builder User G uide 3 secure S N MP acce ss). If y ou are using either SNM Pv2 or SNM Pv3, yo u should s pecify the Community/ user name. If you are usin g SNMPv3, you can speci fy the authenticat ion prot ocol (NONE, MD5, or SHA) and i t s password. Y ou can also[...]

. . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE T RAFFIC S TA T U S AND T UNNEL S TA T U S A PPLICA[...]

GETTING STARTED WITH BUIL DER Using the T raf fic S tatus and T unn el S tatus Applicatio ns 30 Access Po int QVPN Builder User G uide 3 T RAF FIC S TATUS A PPLI CATION The T raf fic Stat us applicat ion displ ays: • A graphic al representat ion of the CBQ tree runni ng on the AP • A pie char t showing the bandwidt h allocat ed to each cl ass a[...]

. . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 31 • Bar char ts showing the actual ba ndwidth usage b y selected clas ses (when you ha ve select ed the Equali zer tab) The T raf fic S t atus ap plica tion als o lets you chang e the bandwi dth for a par[...]

GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 32 Access Po int QVPN Builder User G uide 3 have sel ected the Summary ta b) • Bar char ts showing the traf fic rates on selected tun nels (when you h ave sel ec ted th e T r affic Rat es tab ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

. . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 33 If you ar e using the sta ndalone version, the Config daemon ru ns on the same machin e as Builde r . If you a re using t he client/se rver version , the Config da e- mon runs on the same machine as the ObjectS tore serv er or c[...]

GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 34 Access Po int QVPN Builder User G uide 3 NOTE Y ou must c lose the VP N definiti on before us ing the da emon from the A P to reques t a confi guration. 2 Using the CLI, issue the following command from th e AP to request th e configur ation: qvpn_Bu ilderCon figReques t <IP[...]

. . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 35 C HANG ING THE SNMP C OMMUNITY N AME FOR THE D AEM ON Y ou can cha nge the SNMP Community na me for the Config d aemon as f ol- lows : 1 S top the da emon with the f ollowing command: /etc/rc2.d/ S90 rcd sto p 2 Edit the followi[...]

GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 36 Access Po int QVPN Builder User G uide 3 The fo llowing t able lists the daemon commands a nd provides a des cription: Comma nd Descripti on show ver sio n Shows the cu rrent versi on of the daem on show deb ug Shows the deb ug mo de show data base Shows the databa se path whe [...]

Access Point QVP N Builder User Gu ide 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG VPN S The A cces s P oint QVPN B uilde r appl ic ation (Bui ld er) re duces the co m - plexit y of deploying lar ge-scale vi rtual private networks (VPNs) by enablin g you to centr ally define tun nel configurat ions[...]

MANA GING VPNS Cr eating or Modifying VPN Definitions 38 Access Po int QVPN Builder User G uide 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C REATING OR M ODIFYING VPN D EFINITIONS This sec tion describes how to create or c hange VPN settings for the[...]

. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 39 Config Daemo n ” on Page 32 . • Mixed — The config uration method must be selected for each AP . If you ha ve chosen the Mixed c onfigura tion method for t he VPN, you must select the config ura tion metho d for each AP (unle ss you acc[...]

MANA GING VPNS Cr eating or Modifying VPN Definitions 40 Access Po int QVPN Builder User G uide 4 On th e T r ee fram e, cli ck on V PN to displ ay the VPN P roper ties fr ame. The f ollow i ng tab le des c ribes the fie lds in the VPN Prope rties frame : Field Descripti on Poller ID A user-def inable option fo r future exp ansion. Secur ity Profil[...]

. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 41 C HANG ING VPN S ETTIN GS FOR THE A CCE S S P OINT S YSTEMS For the AP , click on t he VPN folder to display the Access Point Prope rties frame. When defi ning the V PN settings fo r the APs, you must specify the fo l- lowin g fields : C ONFI[...]

MANA GING VPNS Cr eating or Modifying VPN Definitions 42 Access Po int QVPN Builder User G uide 4 Propert ies frame. 2 Select Primary or Seco ndary from the HUB T ype drop-d own list. Primary se ts the AP as the pr ima ry hub . Route s to the primary hub are cre - ated wit h a cost of 50. Second ar y se ts the AP as the backup hub. Ro ute s to the [...]

. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 43 subinte rface in a do wn and then a te sting state, and at tempts to reestablis h a tunnel c onnection. Y ou can specify how often Keepalive update messages a re sent. By defaul t, Keepaliv e update messag es are se nt every 10 sec onds as sh[...]

MANA GING VPNS Cr eating or Modifying VPN Definitions 44 Access Po int QVPN Builder User G uide 4 the APs th at you add to VPN defi nitions. The fo llowing t able explain s the i nteract ion of the che ckboxes in th e Probes Propert ies frame: In order to delete a ll pro bes from th e devic e using Buil der , unc heck t he Device Manages Pr obes an[...]

. . . . . MANAGI NG VPNS Saving the VPN Defin ition Access P oint QVPN Build er User Guide 45 If you cl ick on the Sele cted AP(s) but ton, the Access- Points Di alog appears whic h allows you to se lect the APs to which you wa nt to apply the probe se ttings. For the AP y ou want, expand VPN and se lect Probe to make changes to the Probe set tings[...]

MANA GING VPNS Opening VPN Defi niti ons 46 Access Po int QVPN Builder User G uide 4 S AVING THE VPN D EFINIT ION W ITH THE S TAND ALONE V ERSI ON When using the standalone version, the Sav e VPN As... dialog windo w sho wn here app ears. Ente r the n ame of t he file to wh ich yo u want to sav e the VP N de fi niti on and click o n the Save butt o[...]

. . . . . MANAGI NG VPNS Opening VPN Definition s Access P oint QVPN Build er User Guide 47 O PENIN G THE VPN D EFINITI ON W ITH THE S TAND ALONE V ERSI ON When using t he standalon e version , the Choose the VPN to be opened dial og window shown h ere appears. Select the VPN definition you want to open and cl ick Open to open the VPN defini tion. [...]

MANA GING VPNS Removing VPN Defin itions 48 Access Po int QVPN Builder User G uide 4 A CCESS ING L OCKE D F ILE S If the application was not shut down pr operly or if ano ther user is activel y usin g the same VPN definit ion, the S teal the lock? pop-up win dow shown here appe ars. NOTE Y ou sh ould steal th e lock o nly if the ap plicatio n was n[...]

. . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 49 R EMOVIN G THE VPN D EFINI TION W ITH THE C LIEN T /S ERVE R V ERSI ON When using t he client/ server ve rsion, to re m ove VPN de finitions: 1 Sele ct File → Remove to dis play the VPN Open dial og box. 2 Select the VPN name you want t o remove and click Rem[...]

MANA GING VPNS Using VPN Definit ions 50 Access Po int QVPN Builder User G uide 4 I MPORTING VPN D ATA F ILES Y ou c an im p ort VP N data text fi le s for V PN de finiti ons. T o imp o rt this data , sel ect T ools → Import → VPN T ext File . Y ou create t hese t ext fi les usi ng the format de scribed in the next section . F ORMATTING VPN D A[...]

. . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 51 2 The n ext li ne mu st start w ith th e SNMP or ACCESSPOINT keywor d. If the next line is n ot the SNMP l ine, th en the V PN us es th e defa ult SN MP access p arameters. Oth erwise, th ese ru les ap ply to the fiel ds in the SNMP line : - The S NMP V e rs io[...]

MANA GING VPNS Using VPN Definit ions 52 Access Po int QVPN Builder User G uide 4 S AMPLE VPN D ATA F ILE This samp le file de fines a VP N with t hree A Ps. # ****** ****** V PN defini tion bloc k begins! * ******* ******** ***** # VPN,Q VPN mame, VPN ID, Use Wildca rd T unnels VPN,Xedi a VPN,ID001,tr ue # SNMP ,SNMP V er sion,Commu nity/User ,Au [...]

. . . . . MANAGI NG VPNS V erifying th e Configu r ation Access P oint QVPN Build er User Guide 53 I MPORTING VPN D EFINITI ONS F ROM V ERSI ON 1.1 T o use VPN defi nitions creat ed with V ersion 1.1, you m ust import the VPN defini tions. 1 Sele ct T ools → Impor t → AV 1 . 1 V P N to dis play all VPN file s in the Choose the VPN to be importe[...]

MANA GING VPNS Using the VPN Deployment T a bles 54 Access Po int QVPN Builder User G uide 4 Y ou also h ave the optio n of app lying all con figurations to all APs by sel ect- ing All Co nfi gur at ion s . Click on the St a r t button when yo u are finished. If you have n ot saved the VPN definit i on yet, th e appl ic at ion prompt s you to do so[...]

. . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 55 Y ou ca n sort t he VPN Deploymen t table in ascen ding or de scendi ng order for a specif ic field by sel ecting the hea der for the field you want. The sort ing toggles between a scending and de scending o rder each ti me you cl ick on the fiel d [...]

MANA GING VPNS Using the VPN Deployment T a bles 56 Access Po int QVPN Builder User G uide 4 The window r esembles the f ollowing displa y: T UNNE L , R OUTE , AND IPS EC I NTERF ACE I NFORMA T ION Selecti ng VPN for an AP and the n clic king on the Deployment tab provid es three v iews — T unnels, Rout es, and IPSec I nterf aces: The Tunne l s t[...]

. . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 57 The Tunne ls tab re semble s the f ollowi ng dis play : The Routes tab displays the foll owing informat ion: • State — th e rout e ’ s cur rent c onfigu ration s tate (Add — to be added, Current — deployed, Remove — to be removed) • C [...]

MANA GING VPNS Mana ging Securi ty Pr ofiles 58 Access Po int QVPN Builder User G uide 4 • Remote Gate way — IP address of th e remote gateway The I PSec In terfa ces tab rese m bles t he foll o wing d ispla y: Y ou can sort VPN Depl oyment tables in a scending or desc ending order for a specif ic field by cli cking on the heade r for the fiel [...]

. . . . . MANAGI NG VPNS Managi ng Secu rity Pr ofiles Access P oint QVPN Build er User Guide 59 A DDING S ECURI TY P ROFI LES T o add se curity pr ofiles: 1 Sele ct Edit → Security Profile s to di splay the Secu rity P r o file D ialog window . 2 Click Add to add the new s ecuri ty prof ile. 3 Select <New Secur it y Profil e> from the Prof[...]

MANA GING VPNS Mana ging Securi ty Pr ofiles 60 Access Po int QVPN Builder User G uide 4 D ELETING S ECUR ITY P ROFI LES T o delete s ecurity pro files: 1 Sele ct Ed it → Security Pr ofiles to display the Security P rofile Dialog window . 2 Click on t he profile in the Profile Lis t that yo u want to delete a nd click Remove to d elete the pr ofi[...]

Access Point QVP N Builder User Gu ide 61 M ANAG I NG Q O S/F IREW ALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P OLICIES The A cces s Poin t syst em (AP ) uses CBQ to provi de fi rewall and Qo S ser - vices by classifying an d scheduling h ow traffic flows throug h the AP . T raffic is c lassi fied by m atch [...]

MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 62 Access Po int QVPN Builder User G uide 5 • Supp lies v a lues fo r the p a rame ters fr om the rule se t or the A cces s Point propert ies. The more specificity provided by th e rule, the mor e secure the rul e. Y ou can create , modify , save , and delete rul e sets. [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 63 The Q oS/Fi rewa ll Rul e S et Ed it or fi el ds are desc ribed in the fo llow ing ta bl e: Save the active rule set Saves th e open rule set. Same as File → Save . Set sele cted rule as a peer t o current p arent Chang e[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 64 Access Po int QVPN Builder User G uide 5 D EFAULT T EMPL ATE R ULE S ET D EFIN ITION AND M ODIFICATI ON When you sel ect File → New in th e R ule S et Edit or , th e cur rent d efaul t tem- plate r ule set is d uplicate d as the curr ent rule set de finition. Th e defa[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 65 Remember t hat the “ -defa ult ” suffix has special meani ng when applied to a CBQ cl as s on t he AP ( For mo re in form ation about defaul t cl asses , see th e Access Point Confi gur ation Guide ). NOTE These rul es [...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 66 Access Po int QVPN Builder User G uide 5 2 Add the foll owing ru le: AP Allow Shapi ng-d efau lt . Conf igure this rul e before s etting up addit ional rules , so you don ’ t i nadvertentl y prevent acces s to th e AP . Gi ve the ru le the follo w ing fl ow sh ape ac t ion: • Bandwid th [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 67 NOTE If you ar e modifying a rule set for an AP , m ake sure y ou set parameter val ues so you can pro vide the corr ect values for a specific AP . Refer to “ Settin g Paramete r V alues ” on Page 80 for more in formation. 4 Save the ru le s[...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 68 Access Po int QVPN Builder User G uide 5 • Edit... t o add or cha nge a parameter For Apply p arameters (I nterfac e or Action), choos e one of thes e options: • A valu e as th e parame ter • Edit... t o add or cha nge a parameter NOTE If a parameter d oesn ’ t exist, first you n eed[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 69 E DITING S OURC E OR D ESTINATION P ARAMETERS When you choos e Edit... from the po p-up menu for sourc e or destinati on parame ters, th e Rule Source Defin ition Dialog or Ru le Destinati on Defi nition Dialog ap pears. The Rule Source Definiti[...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 70 Access Po int QVPN Builder User G uide 5 E DITING S ER VICE P ARAMETERS When you choos e Edit... from th e pop-u p menu for se r- vice p arame ters, th e Rule Classi ficati on Dialog ap pears. Add a new ser vice classi fication by speci fyin g the na me and the c las sifi cati on type (S tat[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 71 For th e S tatef ul cl assif icati on type , in addi tion t o making i t easy t o creat e a sin - gle cla ss for aggre gating all po ssible p ort pairing s for a well-known service, you can st atefully cla ssify TCP and UDP appli cations. T o do[...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 72 Access Po int QVPN Builder User G uide 5 For the Datalink classif icati on type, add the datal ink ind ex (range list of 16-bit TCI value exp ressed in hex) by fil li ng i n the Add Data link Indices s ect io n and clicki ng Add In dices . A d d the datal ink mas k (ma sk th at is app lied t[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 73 For the S tatele ss classific ation typ e, add a type by selecting the a ppropriate protocol s and ports a nd clicki ng Add as shown he re. Remove a classif i cation typ e by selec ting the item in the list an d clickin g Remove in the Clas sifi[...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 74 Access Po int QVPN Builder User G uide 5 For in terfa ce para meters , select the In ter- face fi el d yo u want to change , cl ic k on t he right mou se button, and select the appr o- priate value from th e pop-up menu. If you sel ect Edit... , then t he Ru le Set In te rface Associat ion D[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 75 ify a f orwarding policy for statef ul cla sses, the forwarding pol icy is applie d to the From int erfa ce speci fied in the Rule Set Inter face Dialog box when edit ing the In terfa ce fiel d. T abl e 2 Default Action Profiles and Associat ed [...]

MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 76 Access Po int QVPN Builder User G uide 5 2 Click on t he right mouse but ton and se lect Rename.. . from the pop-u p menu (sa me as se lecti ng Rule → Rename... ). Fill in the new name when p rompted. 3 Click OK to change the name. 4 Save the ru le set by selec t i ng File → Save As. .. [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Modi fying a Rule Set Access P oint QVPN Build er User Guide 77 R EMOVIN G A R ULE T o remove a rule: 1 Select the rule you wa nt to d elete. 2 Sele ct Rule → De lete (or clic k on the ri ght mouse button and s elect Delete from the pop-up menu) to remove the se lected r ule from the rul e set. 3 Save th[...]

MANA GING QOS/ FIREW ALL P OLICIES Modif ying the Default New Ru le Set 78 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open in the QoS/Firewa ll Rule Set Edit or to bring up the Open Rule Set Dia- log box. Select the rule set you want to modify and click Open Rule Set . 3 Modify the rules i n your r ule se t. NOTE If you ar e modify[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Remo ving a Rule Set Access P oint QVPN Build er User Guide 79 3 Make an y changes t o the rul e set an d select File → Save to use this rul e set as the defau lt new r ule se t. NOTE If yo u decide you want t o us e the ori ginal de fa ul t new ru le set, then sel ect File → Reset T emplate . . . . . [...]

MANA GING QOS/ FIREW ALL P OLICIES Setting Para me ter V alues 80 Access Po int QVPN Builder User G uide 5 box is ch ecked by default as shown below . Make su re the Us e VPN Firewa ll Rulese t box is not chec ked if y ou want to use a dif fere nt rule set from the one specifi ed in the VP N Propertie s frame. 3 Click Sel ect Rule Set... to choo s [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Setting Parameter V alues Access P oint QVPN Build er User Guide 81 the corr ect one, asso ciate the co rrect r ule set with this AP as d escribed in “ Ass ociat ing a R u le Se t ” on Page 79 . 3 A list o f parameters for this rule set app ears in the drop -down list be low the Set AP Parameter b utto[...]

MANA GING QOS/ FIREW ALL P OLICIES V erifying the QoS/Fir ewall Polic ies 82 Access Po int QVPN Builder User G uide 5 list a nd clicki ng Edit Over ride or Remove Override . 5 Apply your ch anges t o the QoS/Firewal l Pro perti es and sa ve the defin ition so t ha t thes e QoS / Firew all po licie s are in clud ed as part of your VPN de fi- nition.[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using t he QoS/F ir ewa ll De ployment T able Access P oint QVPN Build er User Guide 83 Deployme nt table . • Creates or modifies all CBQ classes in the class list. T o apply the QoS/fi rewall poli cies to a ll the APs, sel ect Devic e → Apply and in the App ly Configurat ion pop up that app ears, adju[...]

MANA GING QOS/ FIREW ALL P OLICIES Using t he QoS/F ir ewa ll De ployment T able 84 Access Po int QVPN Builder User G uide 5 ures th e class but s ets it to not i n service. • Defi niti on — the d efini tion f o r this c lass • Comment — the c o mment assoc iated with this cl a ss T o display the Def initi on V iew , click on the QoS/Fir ew[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using Rule S e ts Access P oint QVPN Build er User Guide 85 • Name — the cl as s nam e • Mess age Stat us — the mess age status f or this c lass • State — the c urren t stat e for th is cla ss (Mod ify , Add, Curren t, or Remov e) • C — configur ation • Q — query T o display the Apply/Q[...]

MANA GING QOS/ FIREW ALL P OLICIES Using Ru le Sets 86 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open to open t he rule set tha t you want to expor t to a file. 3 Sele ct To o l s → Export to speci fy th e expor t pat h for the expo rt fil e in the followi ng dialog box and cl ick Export . By defaul t, the export fi le is named [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Specifyin g a Rule Set fo r a VPN Access P oint QVPN Build er User Guide 87 set fi le that you wan t to im port. NOTE Importin g the file ov erwrites the e xisting ru le set or temp late, so make sure you a re overwr iting the cor rect one. 4 Choose the file name and click Import . . . . . . . . . . . . . [...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 88 Access Po int QVPN Builder User G uide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U SING THE Q O S/ F IREWALL : E XAMPLES The fol lowing secti ons p rovide ex amples of r eal[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 89 the conf iguration ensur es that onl y limited s ervices are al lowed onto the LAN and o nly if these se rvice s mat ch a flow p revio usly in itiate d by a n i ntern al cli - ent. This arrangement b oth sec ures the internal LAN,[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 90 Access Po int QVPN Builder User G uide 5 log box sh own here, and cl ick OK . Change the Src parameter fr om Any to LANHosts by s electing th e Src fiel d, clicki ng on the right mous e button, and sele cting Sele ct... f rom the pop-up men u. Select the LANHosts para m ete [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 91 in the d ialog box. Add th e http to the Applicat ion List, a nd click OK . Change the Servi ce parameter f rom Any to allo wW eb Acce s s by se lecting the S er - vice fi eld, clicking on the right mouse button, a nd selectin g S[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 92 Access Po int QVPN Builder User G uide 5 Spec ifying the A ct ion P a ramete r Change the Action parameter from Undefined to P ermit by selecti ng the Action f ield, clicking on the rig ht mouse button , and selecting Pe rmit from the pop-up menu. After sp ecifying th e acti[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 93 5 Setti ng Pa ramete r V a lues Next , set p a rame te r valu es by s e lectin g the parame ter fo r which you wa nt to spe cify a value from th e dro p-dow n lis t belo w the Set AP Parameter button. Selec t APMg mtSe rvice s fro[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 94 Access Po int QVPN Builder User G uide 5 of the I nterface Dialo g screens aft er checking the boxes. Once yo u set p aramete r values, the parameter is listed in the Paramet er Override s list. Y ou can edit or re m ove a n override by selecti ng the param- ete r in the P a[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 95 After maki ng all your changes, cl ick Apply in the upper l eft-hand c orner of the Acces s Point Properti es frame. Save the VPN definition by s electing File → Save or File → Save As... to include these QoS/fire wall poli ci[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 96 Access Po int QVPN Builder User G uide 5 C ONFIGURING I NTERVENE M ODE Interv ene mode works by r esponding t o the SYN+ACK with an immediate ACK that moves t he connection ou t of the ser ver ’ s backlog qu eue a nd st ar ting a timer . If an ACK d oes not return i n a sp[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 97 7 Save the ru le set by selec t i ng File → Save As. .. or File → Save . 8 Next, if nece ssary , chan ge the SYN Protect Ti meout value. For the AP you want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 98 Access Po int QVPN Builder User G uide 5 3 Select the Ser- vice fi eld for the rule you want to change, cl ick on the ri ght m ouse button, an d select Edit... from th e pop-up menu. The Rule Cl assi- ficati on Dial og appe ars. 4 Add a new ser - vice cl assifica- tion by sp[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 99 want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure t hat the specif ied SYN Prote ct T imeout value is appropriate. The d efaul t inte rval is 30 seco nds. 10 Apply your changes to th e QoS/Firewall Pro per[...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 100 Access Point QVPN Bu ilder User Guide 5 cation Dial og appe ars . 4 For s tateful classificat ion, add a new servi ce classif ication by specifying the name a nd the St ateful classi fication type from the drop-down l ist and clicki ng Add in the New Cl assific ation se cti[...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 101 5 For stat eful classif i cation, clic k ICM P Filt ering in the Appl icati on sectio n t o bring up the ICMP Fi lter - ing dial og box. St atefu l classi fica- tion al lows only replie s (for the Establi shed traf fic class) and [...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 102 Access Point QVPN Bu ilder User Guide 5 3 Click New to add f orwarding policy to the forwar ding pr ofile. Enter t he name of the forwa rding policy and click Apply . 4 Select the policy fr om the Fo rwarding Po licy List for whi ch you want to set for warding acti ons (up [...]

. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 103 • Forward pac kets to next hop — Packets are forwarded to a next hop I P address that must b e reachabl e through a l ocal interfac e. Y ou can ov erride the IP address in the Fo rwarding Policy Actions list or in th e Access [...]

MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 104 Access Point QVPN Bu ilder User Guide 5[...]

Access Point QVPN Bu ilder User Guide 105 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG NAT The A cces s Point s ystem (AP) has a N etwo rk Addr ess Transla tor th at pro - vides gl obally-uniq ue, regist ered IP address es for domains using pri vate IP ad dress es to c onnect to the Intern et. Pri vate[...]

MANA GING NA T Configur ing General NA T Paramete rs 106 Access Point QVPN Bu ilder User Guide 6 W ith the Bui lder , you can co nfigure NA T by: 1 Configur ing general NA T param eters. 2 Adding the NA T layer . 3 Enabling NA T . 4 Addi ng st a tic bi ndi n gs. 5 Creatin g address tr anslation pools . 6 Configur ing private net works and assoc i a[...]

. . . . . MANAGI NG NA T Configu ring Gen eral NA T Parameters Access Point QVPN Bu ilder User Guide 107 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. S PECI FYING M AXIM UM N UMBE R OF S ESSION S T o prevent the AP from being flooded by too many sessio n requests, you ca n configur e the maximum number of sessions that[...]

MANA GING NA T Configur ing General NA T Paramete rs 108 Access Point QVPN Bu ilder User Guide 6 A PPLYIN G P ARAM ETERS W ith NA T select ed for the VPN root, y ou can apply t he changes t o either all APs or to s elected APs by selecti ng the appropria te button for Apply Para m e- ters T o... as shown below . If you cl ick on the Sele cted AP(s)[...]

. . . . . MANAGI NG NA T Adding the NA T La yer Access Point QVPN Bu ilder User Guide 109 S AVING THE NAT C ONFIGU RATION Save the N A T configuration b y selecting File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DDING THE NA T L AY ER T [...]

MANA GING NA T Adding the NAT Layer 11 0 Access Po int QVPN Bu ilder User Gu ide 6 When you cli ck on the Insert NA T ... butto n, the Int erface Dialog box shown belo w appears so you can select t he desire d IP layers. Select the IP layers and click Apply . NOTE Y ou ca n add the NA T layer under an IP Sec ins tance by sele cting an IP i nstance [...]

. . . . . MANAGI NG NA T Configurin g S tatic Binding s Access Point QVPN Builder User Guide 111 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. 4 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 2 Access Po int QVPN Bu ilder User Gu ide 6 3 If you want to remove a stat ic bin din g, selec t the r ow and the n clic k on the - butto n. 4 Click Appl y . 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . . . . . . . . . . . . . . . . . . . . . [...]

. . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 3 C ONFI GU RING B ASIC NAT P OOLS T o configur e pools for Ba sic NA T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Poo[...]

MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 4 Access Po int QVPN Bu ilder User Gu ide 6 C ONFI GU RING NAPT P OOLS T o configur e pools for NAP T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Enter a p ool name in the fi eld above the Add b utton. Pool names ca n c[...]

. . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 5 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . Once a NAP T pool is d eployed, its paramet ers cannot be modifi ed. T o modify the pool ’ s parameters, yo u must delete the NAP T pool and add anoth[...]

MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 6 Access Po int QVPN Bu ilder User Gu ide 6 4 Y ou can add pri vate IP a ddresses at any time by clicki ng on the Add IP Ranges butto n. Add the IP addr ess range by clicking on th e + button. Select the field t hat you want to change by dou ble-clicking o n the field. Y ou can modify[...]

. . . . . MANAGI NG NA T Configurin g Private Network s Access Poin t QVPN Builder User Gu ide 11 7 R EMOVIN G P OOLS T o remove pool s: 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Select the pool that you want to delete f rom the Created Pool s list. NOTE Y ou ca nnot remove pools tha[...]

MANA GING NA T Configu ring P rivate Netwo rks 11 8 Access Po int QVPN Bu ilder User Gu ide 6 pools. A sample ent ry is shown her e: 4 If you want t o remov e a pri va te ne twor k, se lect the private net wo rk on the left an d the n clic k Remove . NOTE Removing a private n etwork wi ll only di sassocia te all its po ols. These p ools are no t re[...]

. . . . . MANAGI NG NA T Checkin g t he Con figurat i on Access Poin t QVPN Builder User Gu ide 11 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C HECKING THE C ONFIGURATION When you h ave confi gured the stati c bindings , address trans lation pools, [...]

MANA GING NA T Deployin g the NA T Configuratio n to All APs 120 Access Point QVPN Bu ilder User Guide 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D EPL OYIN G THE NA T C ONFIGURATION TO A LL AP S When yo u apply t he NA T configur ation to t he VPN [...]

. . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 121 Y ou c an vie w the IP laye rs sele cted for NA T in serti on by click ing on t he NA T folder for an AP and selec ting the Deployment tab as shown below: The Deployme nt tab for S tatic Bindings, T ranslat ion Pools, and Private Ne t- works dis plays [...]

MANA GING NA T Using the NA T Dep loyment T ab 122 Access Point QVPN Bu ilder User Guide 6 The Deployme nt tab for bindi ngs resembles the fo llowing di splay: For th e transl ation pools configuration: • Pool Name — t he name of t he pool • Range S tart — th e starti ng value for the range • Range En d — the en ding v alue for the ra n[...]

. . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 123 • Private Net Addr — the IP address of the private network • Mask — the net work mask for the priv ate network • Associat ed Pool — the pool associat ed with t he private ne twork Note that each private n etwork can have up t o three a ssoc[...]

MANA GING NA T Using the NA T Dep loyment T ab 124 Access Point QVPN Bu ilder User Guide 6[...]

QVPN Builder User Guide 125 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DVAN CED F EATUR ES OF B UI LDE R This sec tion provides ge neral informati on about mana ging the Access Point QVPN Bui l der applicati on (Bui lder), i ncluding: • Spec ifyin g Pr efere nces • Configur ing Logging • Managing Use r P[...]

ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 126 QVPN Builde r User Guide 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S PECIFYING P REFERENCES T o set th e prefe rences for di splaying in formation, sel ect Edit → P references to disp[...]

. . . . . ADVAN CED FE ATURES OF BUILDE R Specifyi ng Prefer ences QVPN Builder User Guide 127 set the log displ ay and log fi le st ora ge limi ts . T o display events in cer tain col ors, modify the Log Filte rs section by cl icking Sele ct next to t he color . By def ault, the se verity l evels have these color indic a- tors. By defaul t, all me[...]

ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 128 QVPN Builde r User Guide 7 D IRECTORY P REFE RENCE S Y ou n eed s uperu ser pr ivile ge (ro ot) to set dir ect or y pref ere n ces. Set the directory pr eference s to specif y the default path fo r the da tabase/log (standa lone version s ) and export directo ries. T o modify th e path,[...]

. . . . . ADVAN CED FE ATURES OF BUILDE R Conf igurin g L ogging QVPN Builder User Guide 129 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONFIGURING L OGGING The Log fr ame (bottom frame of main window) displa ys the time st amp, the severi t y level,[...]

ADVA NCED FE ATURE S OF BUILD ER Mana ging User P rofiles 130 QVPN Builde r User Guide 7 E XPOR TING THE L OG T ABLE T O A F ILE Y ou c an ex port th e Log t able to a text fi le by s elect in g T ools → Export → Database Log File to di splay the Choo se the expo rt log fil e name win dow . Enter t he export pat h for t he log file and click Sa[...]

. . . . . ADVAN CED FE ATURES OF BUILDE R Managi ng User Profiles QVPN Builder User Guide 131 A DDING U SER P ROFILE S T o add us er profil es: 1 Sele ct Ed it → Users to di splay the User Profiles wi ndow shown here : 2 Click Add to add the user profil e. 3 Repl ace N ew user (in t h e Nam e field ) with the us er name in the User Parame te rs s[...]

ADVA NCED FE ATURE S OF BUILD ER Restori ng VPN Dat a bases 132 QVPN Builde r User Guide 7 5 Repeat st eps 2 through 4 for e ach add itional user . 6 Click Done when y ou have finis hed modif ying profiles . D ELETING U SER P ROFIL ES T o delete u ser profiles: 1 Sele ct Ed it → Users... to di splay the Use r Profil es window . 2 Select the user [...]

. . . . . ADVAN CED FE ATURES OF BUILDE R Find ing a VPN Name QVPN Builder User Guide 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F INDING A VPN N AME On a S olari s syst em or a P C, yo u can e n ter the finddbna m e comman d at the command lin e [...]

ADVA NCED FE ATURE S OF BUILD ER T r oublesh ooting 134 QVPN Builde r User Guide 7[...]

QVPN Builder User Guide 135 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NDEX A Acce ss Po int Pr op ertie s HUB Type 41 IKE Keep Alive Update 41 Route Cos t 41 Router Address 41 Security Profile 41 Subnets 41 Acce ss Po in t syst ems adding 28 applying NAT configurat ion to w ith Build er 120 applying QoS/Fir e[...]

136 QVPN Builde r User Guide E Evolv ing databa ses 18 F Firew a ll rul es associating a rule set 79 , 92 configuring 66 creating a rule set 66 defini ng a rule set 66 ICMP packets, classifying 99 modify ing a rul e set 66 , 77 removin g a rule set 79 saving a rule set 92 setting 61 setting parameter valu es 80 , 93 SYN floo d protection configurin[...]

. . . . . QVPN Builder User Guide 137 specifyi ng number of sess ions 107 specif yin g sessio n tim ers 107 layers adding 109 inserting under all IP Sec in stances 10 9 numb er of sessi ons, sp ecifyi ng 107 priv ate n e twork s, conf igur i n g 117 session timers, specif ying 107 stati c bin dings, co nfigur ing 111 verifying the configuratio n 11[...]

138 QVPN Builde r User Guide configuring 95 configuring intervene mode 96 SYN floo d protection, configur i ng monitor mode 97 QVPN Builder adding APs to 28 configu rati on method s 38 data list, exporting to text file 49 Dep loyme nt V iew 53 desc ripti on of f rames Log tabl e 129 QoS/Firewall Dep loyme nt t able 83 VPN Dep loyme nt t able 54 des[...]

. . . . . QVPN Builder User Guide 139 operation, verifying 34 shut ting dow n 34 starting 33 usin g 33 rule sets, exporting to a file 85 rule sets, importing 86 security profiles adding 59 deleting 60 managing 58 modify i ng 59 Solaris requirem ents 2 specifying prefer ences 126 directory 128 gene ral 126 logging 12 6 specifying SNMP access 26 star[...]

140 QVPN Builde r User Guide installing on (standal one) 6 runnin g online h el p 133 Sola ris req u iremen ts 2 Startu p tasks 16 T Traffi c Status applic ation accessing from QVPN Builder 29 changin g bandwidth al locat ion 31 displaying band w id th allocation 30 displaying band w id th utilization 30 disp laying CBQ tr ee struc ture 30 installi[...]

. . . . . QVPN Builder User Guide 141 desc ripti on of 21 Windows NT installing (client/ server) 14 Windows NT, install ing (sta ndalone) 13[...]

142 QVPN Builde r User Guide[...]