Manuale d’uso / di manutenzione del prodotto AP-1 del fabbricante Lucent Technologies
Vai alla pagina of 156
. . . . . CCESS OINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . UILDER SER UIDE This manual describes how to use the Access Point QVPN Builder™ applica- tion with Access Point™ IP Services routers.
.
. . . . . Import ant - Please Read Access Point QVPN Builder User Guide III . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Impo rtant - Plea se Re ad IV Access Point QVPN Builder User Guide Shie lded c ables m ust b e used with this un it to en sure compl iance with th e FCC Class A li mits.
QVPN Builder User Guide V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C ONT ENTS Preface ... .................. ................... ................... ......... ......... .......... ................. XI 1 Product Overvi ew .
CONTENT S VI QVPN Builder User Guide 3 Getti ng Started With Builder .............. .................. ..... ................... .... ..... ..... 2 1 About the Builder Window ............................................................................
. . . . . CONTENT S QVPN Builder User Guide VII Removing the VPN Definition With the Client/Server Version .................... ...................... ...... 49 Using VPN Definitions ....................................................................
CONTENT S VIII QVPN Builder User Guide Using Rule Sets .......................................................................................................... 85 Exportin g Rule Sets ............. ........... ........... ........... ...............
. . . . . CONTENT S QVPN Builder User Guide IX Exportin g the Log Table To a Fil e ........ ........... ............ ........... ........... ............ ........... ........... ...... 1 30 Managing User Profiles ......................................
CONTENT S X QVPN Builder User Guide.
Access Point QVPN Builder User Guide XI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P REFACE The A cces s P oint ™ IP Servi ces family c omprises a set of bridging rou t- ers wit h advanced bandwidth management and VPN serve r capabiliti es.
PREFACE XII Access Point QV PN Builder User Guide requir es considerable experience wi th rou ters, hubs, bridg es, and other n et- working de vices. In par ticular , Lucent T echnologi es assumes tha t persons instal ling, configuri ng, and managing t he Acce ss Poin t product have several years of networking ex perience .
. . . . . PREFACE Access Point QVPN Builder User Guide XIII Contac ting Luc ent Support For questi ons or problems wit h th e Access Point QVPN Builder appli cati on or the Acces s Point route r , refer to this man ual or to the Luce nt T echnologies Luce nt W orl dwid e Servi ce s W eb s ite at: http ://w ww .
PREFACE XIV Access Poin t QVPN Builde r User Guide.
Access Point QVP N Builder User Gu ide 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P RODU CT O VER VI EW The Access Poi nt QVPN B uil der ™ applicat ion (Builder) let s you manage and monito r a virtual private network consis ting of Access Poi nt ™ sys- tems (APs).
PRODUCT OVERVIEW Integra ted App lic a tions 2 Access Po int QVPN Bui lder User Gui de 1 sets of host s (Access Point sys te ms ) wi th out net work d isruptions.
. . . . . PRODUCT OVERVIEW Access Po in t Operating Syst em Support Ma trix Access Poin t QVPN Builder User Guide 3 • 256 MB RAM • Java Runt ime Environment v ersion 1.
PRODUCT OVERVIEW Access Po int Operating S ystem Support Matrix 4 Access Po int QVPN Bui lder User Gui de 1.
Access Point QVP N Builder User Gu ide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NSTALLING THE QVPN B UILDER This sec tion provides ge neral informa tion about installing t he Access Point QVPN Bui l der applicati on (Builder) an d performing init ial s tartup tasks.
INST A LLING THE QVPN BUILDER Installin g Bui lde r 6 Access Po int QVPN Bui lder User Gui de 2 This sec tion describes how to instal l either the standal one or the client/se rver version of the Builde r on Solar is or W indows NT systems. Y ou will find instru ctions for i nstalling Bui lder from both a CD- ROM and an execut able file.
. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 7 pkgadd - d /cdrom/bu ilder -R < des ired-install-path > LUxavs 3 The in stallat ion asks if you wa nt to creat e the inst allation d irector y if it doesn ’ t alr ea dy ex is t.
INST A LLING THE QVPN BUILDER Installin g Bui lde r 8 Access Po int QVPN Bui lder User Gui de 2 2 Copy th e xavs2 _4_R001.bin pr ogram to the appr opriate director y . 3 Use th e chmod +x command (s pecifyin g your program f ile) to change the privil eges so you can execute t he program.
. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Poin t QVPN Builder User Guide 9 Do you want the QVPNRequestConfigDaemon configured to start at system boot ? [yes] Successfully created /etc/rc2.d/S90rcd. Successfully created link from /etc/rc2.
INST A LLING THE QVPN BUILDER Installin g Bui lde r 10 Access Po int QVPN Builder User G uide 2 • The JDK patc hes for Solaris SP ARC 2.6 (5.6) wit h these patch IDs : - 105490 -05 (Li nker Patch ) - 105568 -13 (Li bth re ad Patc h) - 105210 -17 (Li bC Patch ) - 105181 -1 1 (Kernel Up date Patch — sock et close/ha ng) - 105669-04 (CDE 1.
. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access Point QVPN Builder User Guide 11 6 Yo u ’ ll be asked additional ques tions about h ow you want to configure Builder , including whet her you want to in sta ll as a client or a ser ver .
INST A LLING THE QVPN BUILDER Installin g Bui lde r 12 Access Po int QVPN Builder User G uide 2 4 Use t he ./xavd2_4_R00 1.bin command to in stall the applicat ion as a serve r or as a c l ient. T o instal l the applic ation as a se rver , use t he -s option.
. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 13 cuta ble file is located in the direc tory where you install ed the appl ication.
INST A LLING THE QVPN BUILDER Installin g Bui lde r 14 Access Po int QVPN Builder User G uide 2 I NST ALLING THE S T ANDALONE V ERS ION ON W INDOWS NT FROM AN E XECUT ABLE F ILE T o instal l Builder from an exec utable f ile, complete the followin g step s: 1 Close down a l l W indows programs.
. . . . . INSTA L LING THE QVPN BUILDER Inst alling Build er Access P oint QVPN Build er User Guide 15 I NST ALLING THE C LIENT /S ERVER V ERSION ON W INDOWS NT FROM A CD-ROM Builder is distribute d on a CD-ROM. The followin g procedure de scribes h ow to ins tall B u ilder .
INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 16 Access Po int QVPN Builder User G uide 2 Instal lation. The de fault i nstallation de stination pat h is C:ODI. By defaul t, Builder is in stalled in C:Program Files LucentAccessV iew direct ory .
. . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 17 Before a nyone else can use Builder: • The user roo t mus t log in wi th the init ial account inform ation. • The user roo t shoul d modify the root account ’ s passwo rd.
INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 18 Access Po int QVPN Builder User G uide 2 file us ing t he naming conv ention of the se rver to which you a re connect- ing. For a PC with the ap plica t ion in stalle d in th e defa u lt dire ctory : c:P rogram Fil e sLucent Acces sView db A ccessV iewMaster .
. . . . . INSTA L LING THE QVPN BUILDER Initial S tartup T asks Access P oint QVPN Build er User Guide 19 direct ory where you i nstalled Builder usin g this command: cd <di r>/AccessV iew/db 3 Manually r un the evolve pro cess on all o f the copied dat abases using thi s comm and: For a Solaris s ystem: .
INST A LLING THE QVPN BUILDER Initi al S tartu p T asks 20 Access Po int QVPN Builder User G uide 2 S ETTI NG U P THE QVPN R EQUE ST C ONFIG D AEMON TO A CCES S UNIX D AT ABAS ES T o set up th e QVPN .
Access Point QVP N Builder User Gu ide 21 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . G ETTING S TARTED W ITH B UI LDE R This sec tion describes the Access Poi nt QVPN Builder applicatio n (Builde r) graphical us er interface.
GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 22 Access Po int QVPN Builder User G uide 3 Figure 2 QVPN Builder Definition V iew Window Note that if you make any changes t o the prop erties, a n asteri sk appears next to the m odifi ed ite m in the tree fr ame.
. . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 23 T HE T REE F RAM E The T ree fr ame shows the rel ationshi p betw een th e VPN and Access Poin t in a tree format. Y ou can expa nd o r collapse the t ree at any t i me.
GETTING STARTED WITH BUIL DER Abou t t he Bui lder W ind ow 24 Access Po int QVPN Builder User G uide 3 T HE D EPLOY MENT TAB The Deployme nt tab provid es detail s about the tunn els that will b e generated. As wi th the Con figur ation ta b, the Deploy men t tab refle cts th e item select ed in the tr ee fra me.
. . . . . GETT ING S TAR TED WITH BUILDER About t he Builder W indow Access P oint QVPN Build er User Guide 25 Ta b l e 1 describe s the tool bar bu ttons in the Definiti on V iew wind ow . T able 1. De finition V iew T ool Bar Buttons Button Descript ion Create a new VPN Creates a new VPN def inition.
GETTING STARTED WITH BUIL DER Getting Detailed Help Information 26 Access Po int QVPN Builder User G uide 3 . . . . . . . . . . . . . . . . . . . . . .
. . . . . GETT ING S TAR TED WITH BUILDER Configuring SNM P Access Settings Access P oint QVPN Build er User Guide 27 For th e AP , se lect Edit → SNMP Propertie s to make cha nges to the SNMP acces s info rmat io n.
GETTING STARTED WITH BUIL DER Managi ng Access Po i nt System s 28 Access Po int QVPN Builder User G uide 3 secure S N MP acce ss). If y ou are using either SNM Pv2 or SNM Pv3, yo u should s pecify the Community/ user name. If you are usin g SNMPv3, you can speci fy the authenticat ion prot ocol (NONE, MD5, or SHA) and i t s password.
. . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
GETTING STARTED WITH BUIL DER Using the T raf fic S tatus and T unn el S tatus Applicatio ns 30 Access Po int QVPN Builder User G uide 3 T RAF FIC S TATUS A PPLI CATION The T raf fic Stat us applicat .
. . . . . GETT ING S TAR TED WITH BUILDER Using the T raffic S tatus and T unnel S tatus Appl ication s Access P oint QVPN Build er User Guide 31 • Bar char ts showing the actual ba ndwidth usage b .
GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 32 Access Po int QVPN Builder User G uide 3 have sel ected the Summary ta b) • Bar char ts showing the traf fic rates on selected tun nels (when you h ave sel ec ted th e T r affic Rat es tab ) .
. . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 33 If you ar e using the sta ndalone version, the Config daemon ru ns on the same machin e as Builde r .
GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 34 Access Po int QVPN Builder User G uide 3 NOTE Y ou must c lose the VP N definiti on before us ing the da emon from the A P to reques t a confi guration.
. . . . . GETT ING S TAR TED WITH BUILDER Using the QVPN Request Config Da emon Access P oint QVPN Build er User Guide 35 C HANG ING THE SNMP C OMMUNITY N AME FOR THE D AEM ON Y ou can cha nge the SNMP Community na me for the Config d aemon as f ol- lows : 1 S top the da emon with the f ollowing command: /etc/rc2.
GETTING STARTED WITH BUIL DER Using th e QVPN Reque st Config Daemon 36 Access Po int QVPN Builder User G uide 3 The fo llowing t able lists the daemon commands a nd provides a des cription: Comma nd .
Access Point QVP N Builder User Gu ide 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG VPN S The A cces s P oint QVPN B uilde r appl ic ation (Bui ld er).
MANA GING VPNS Cr eating or Modifying VPN Definitions 38 Access Po int QVPN Builder User G uide 4 . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 39 Config Daemo n ” on Page 32 . • Mixed — The config uration method must be selected for each AP .
MANA GING VPNS Cr eating or Modifying VPN Definitions 40 Access Po int QVPN Builder User G uide 4 On th e T r ee fram e, cli ck on V PN to displ ay the VPN P roper ties fr ame. The f ollow i ng tab le des c ribes the fie lds in the VPN Prope rties frame : Field Descripti on Poller ID A user-def inable option fo r future exp ansion.
. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 41 C HANG ING VPN S ETTIN GS FOR THE A CCE S S P OINT S YSTEMS For the AP , click on t he VPN folder to display the Access Point Prope rties frame.
MANA GING VPNS Cr eating or Modifying VPN Definitions 42 Access Po int QVPN Builder User G uide 4 Propert ies frame. 2 Select Primary or Seco ndary from the HUB T ype drop-d own list. Primary se ts the AP as the pr ima ry hub . Route s to the primary hub are cre - ated wit h a cost of 50.
. . . . . MANAGI NG VPNS Cr eating or Modify ing VPN Definition s Access P oint QVPN Build er User Guide 43 subinte rface in a do wn and then a te sting state, and at tempts to reestablis h a tunnel c onnection. Y ou can specify how often Keepalive update messages a re sent.
MANA GING VPNS Cr eating or Modifying VPN Definitions 44 Access Po int QVPN Builder User G uide 4 the APs th at you add to VPN defi nitions. The fo llowing t able explain s the i nteract ion of the ch.
. . . . . MANAGI NG VPNS Saving the VPN Defin ition Access P oint QVPN Build er User Guide 45 If you cl ick on the Sele cted AP(s) but ton, the Access- Points Di alog appears whic h allows you to se lect the APs to which you wa nt to apply the probe se ttings.
MANA GING VPNS Opening VPN Defi niti ons 46 Access Po int QVPN Builder User G uide 4 S AVING THE VPN D EFINIT ION W ITH THE S TAND ALONE V ERSI ON When using the standalone version, the Sav e VPN As.
. . . . . MANAGI NG VPNS Opening VPN Definition s Access P oint QVPN Build er User Guide 47 O PENIN G THE VPN D EFINITI ON W ITH THE S TAND ALONE V ERSI ON When using t he standalon e version , the Choose the VPN to be opened dial og window shown h ere appears.
MANA GING VPNS Removing VPN Defin itions 48 Access Po int QVPN Builder User G uide 4 A CCESS ING L OCKE D F ILE S If the application was not shut down pr operly or if ano ther user is activel y usin g the same VPN definit ion, the S teal the lock? pop-up win dow shown here appe ars.
. . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 49 R EMOVIN G THE VPN D EFINI TION W ITH THE C LIEN T /S ERVE R V ERSI ON When using t he client/ server ve rsion, to re m ove VPN de finitions: 1 Sele ct File → Remove to dis play the VPN Open dial og box.
MANA GING VPNS Using VPN Definit ions 50 Access Po int QVPN Builder User G uide 4 I MPORTING VPN D ATA F ILES Y ou c an im p ort VP N data text fi le s for V PN de finiti ons. T o imp o rt this data , sel ect T ools → Import → VPN T ext File . Y ou create t hese t ext fi les usi ng the format de scribed in the next section .
. . . . . MANAGI NG VPNS Using VPN Definitions Access P oint QVPN Build er User Guide 51 2 The n ext li ne mu st start w ith th e SNMP or ACCESSPOINT keywor d. If the next line is n ot the SNMP l ine, th en the V PN us es th e defa ult SN MP access p arameters.
MANA GING VPNS Using VPN Definit ions 52 Access Po int QVPN Builder User G uide 4 S AMPLE VPN D ATA F ILE This samp le file de fines a VP N with t hree A Ps.
. . . . . MANAGI NG VPNS V erifying th e Configu r ation Access P oint QVPN Build er User Guide 53 I MPORTING VPN D EFINITI ONS F ROM V ERSI ON 1.1 T o use VPN defi nitions creat ed with V ersion 1.1, you m ust import the VPN defini tions. 1 Sele ct T ools → Impor t → AV 1 .
MANA GING VPNS Using the VPN Deployment T a bles 54 Access Po int QVPN Builder User G uide 4 Y ou also h ave the optio n of app lying all con figurations to all APs by sel ect- ing All Co nfi gur at ion s . Click on the St a r t button when yo u are finished.
. . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 55 Y ou ca n sort t he VPN Deploymen t table in ascen ding or de scendi ng order for a specif ic field by sel ecting the hea der for the field you want.
MANA GING VPNS Using the VPN Deployment T a bles 56 Access Po int QVPN Builder User G uide 4 The window r esembles the f ollowing displa y: T UNNE L , R OUTE , AND IPS EC I NTERF ACE I NFORMA T ION Se.
. . . . . MANAGI NG VPNS Using the VPN Deployment T a bles Access P oint QVPN Build er User Guide 57 The Tunne ls tab re semble s the f ollowi ng dis play : The Routes tab displays the foll owing info.
MANA GING VPNS Mana ging Securi ty Pr ofiles 58 Access Po int QVPN Builder User G uide 4 • Remote Gate way — IP address of th e remote gateway The I PSec In terfa ces tab rese m bles t he foll o w.
. . . . . MANAGI NG VPNS Managi ng Secu rity Pr ofiles Access P oint QVPN Build er User Guide 59 A DDING S ECURI TY P ROFI LES T o add se curity pr ofiles: 1 Sele ct Edit → Security Profile s to di splay the Secu rity P r o file D ialog window . 2 Click Add to add the new s ecuri ty prof ile.
MANA GING VPNS Mana ging Securi ty Pr ofiles 60 Access Po int QVPN Builder User G uide 4 D ELETING S ECUR ITY P ROFI LES T o delete s ecurity pro files: 1 Sele ct Ed it → Security Pr ofiles to display the Security P rofile Dialog window .
Access Point QVP N Builder User Gu ide 61 M ANAG I NG Q O S/F IREW ALL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P OLICIES The A cces s Poin t syst em (AP ) uses CBQ to provi de fi rewall and Qo S ser - vices by classifying an d scheduling h ow traffic flows throug h the AP .
MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 62 Access Po int QVPN Builder User G uide 5 • Supp lies v a lues fo r the p a rame ters fr om the rule se t or the A cces s Point propert ies. The more specificity provided by th e rule, the mor e secure the rul e.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 63 The Q oS/Fi rewa ll Rul e S et Ed it or fi el ds are desc ribed in the fo llow ing ta bl e: Save the active rule set Saves th e open rule set.
MANA GING QOS/ FIREW ALL P OLICIES Using the QoS/Fir ewall Rule Set Edit or 64 Access Po int QVPN Builder User G uide 5 D EFAULT T EMPL ATE R ULE S ET D EFIN ITION AND M ODIFICATI ON When you sel ect File → New in th e R ule S et Edit or , th e cur rent d efaul t tem- plate r ule set is d uplicate d as the curr ent rule set de finition.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS /Fire wall Rule Set Ed itor Access P oint QVPN Build er User Guide 65 Remember t hat the “ -defa ult ” suffix has special meani ng when applied to a CBQ cl as s on t he AP ( For mo re in form ation about defaul t cl asses , see th e Access Point Confi gur ation Guide ).
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 66 Access Po int QVPN Builder User G uide 5 2 Add the foll owing ru le: AP Allow Shapi ng-d efau lt . Conf igure this rul e before s etting up addit ional rules , so you don ’ t i nadvertentl y prevent acces s to th e AP .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 67 NOTE If you ar e modifying a rule set for an AP , m ake sure y ou set parameter val ues so you can pro vide the corr ect values for a specific AP .
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 68 Access Po int QVPN Builder User G uide 5 • Edit... t o add or cha nge a parameter For Apply p arameters (I nterfac e or Action), choos e one of thes e options: • A valu e as th e parame ter • Edit.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 69 E DITING S OURC E OR D ESTINATION P ARAMETERS When you choos e Edit... from the po p-up menu for sourc e or destinati on parame ters, th e Rule Source Defin ition Dialog or Ru le Destinati on Defi nition Dialog ap pears.
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 70 Access Po int QVPN Builder User G uide 5 E DITING S ER VICE P ARAMETERS When you choos e Edit.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 71 For th e S tatef ul cl assif icati on type , in addi tion t o making i t easy t o creat e a sin - gle cla ss for aggre gating all po ssible p ort pairing s for a well-known service, you can st atefully cla ssify TCP and UDP appli cations.
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 72 Access Po int QVPN Builder User G uide 5 For the Datalink classif icati on type, add the datal ink ind ex (range list of 16-bit TCI value exp ressed in hex) by fil li ng i n the Add Data link Indices s ect io n and clicki ng Add In dices .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 73 For the S tatele ss classific ation typ e, add a type by selecting the a ppropriate protocol s and ports a nd clicki ng Add as shown he re.
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 74 Access Po int QVPN Builder User G uide 5 For in terfa ce para meters , select the In ter- face fi el d yo u want to change , cl ic k on t he right mou se button, and select the appr o- priate value from th e pop-up menu.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Defining a Rule Set Access P oint QVPN Build er User Guide 75 ify a f orwarding policy for statef ul cla sses, the forwarding pol icy is applie d to the From int erfa ce speci fied in the Rule Set Inter face Dialog box when edit ing the In terfa ce fiel d.
MANA GING QOS/ FIREW ALL P OLICIES Defining a Rule Set 76 Access Po int QVPN Builder User G uide 5 2 Click on t he right mouse but ton and se lect Rename.. . from the pop-u p menu (sa me as se lecti ng Rule → Rename... ). Fill in the new name when p rompted.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Modi fying a Rule Set Access P oint QVPN Build er User Guide 77 R EMOVIN G A R ULE T o remove a rule: 1 Select the rule you wa nt to d elete. 2 Sele ct Rule → De lete (or clic k on the ri ght mouse button and s elect Delete from the pop-up menu) to remove the se lected r ule from the rul e set.
MANA GING QOS/ FIREW ALL P OLICIES Modif ying the Default New Ru le Set 78 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open in the QoS/Firewa ll Rule Set Edit or to bring up the Open Rule Set Dia- log box. Select the rule set you want to modify and click Open Rule Set .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Remo ving a Rule Set Access P oint QVPN Build er User Guide 79 3 Make an y changes t o the rul e set an d select File → Save to use this rul e set as the defau lt new r ule se t. NOTE If yo u decide you want t o us e the ori ginal de fa ul t new ru le set, then sel ect File → Reset T emplate .
MANA GING QOS/ FIREW ALL P OLICIES Setting Para me ter V alues 80 Access Po int QVPN Builder User G uide 5 box is ch ecked by default as shown below . Make su re the Us e VPN Firewa ll Rulese t box is not chec ked if y ou want to use a dif fere nt rule set from the one specifi ed in the VP N Propertie s frame.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Setting Parameter V alues Access P oint QVPN Build er User Guide 81 the corr ect one, asso ciate the co rrect r ule set with this AP as d escribed in “ Ass ociat ing a R u le Se t ” on Page 79 .
MANA GING QOS/ FIREW ALL P OLICIES V erifying the QoS/Fir ewall Polic ies 82 Access Po int QVPN Builder User G uide 5 list a nd clicki ng Edit Over ride or Remove Override . 5 Apply your ch anges t o the QoS/Firewal l Pro perti es and sa ve the defin ition so t ha t thes e QoS / Firew all po licie s are in clud ed as part of your VPN de fi- nition.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using t he QoS/F ir ewa ll De ployment T able Access P oint QVPN Build er User Guide 83 Deployme nt table . • Creates or modifies all CBQ classes in the class list.
MANA GING QOS/ FIREW ALL P OLICIES Using t he QoS/F ir ewa ll De ployment T able 84 Access Po int QVPN Builder User G uide 5 ures th e class but s ets it to not i n service.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using Rule S e ts Access P oint QVPN Build er User Guide 85 • Name — the cl as s nam e • Mess age Stat us — the mess age status f or this c lass • .
MANA GING QOS/ FIREW ALL P OLICIES Using Ru le Sets 86 Access Po int QVPN Builder User G uide 5 2 Sele ct File → Open to open t he rule set tha t you want to expor t to a file. 3 Sele ct To o l s → Export to speci fy th e expor t pat h for the expo rt fil e in the followi ng dialog box and cl ick Export .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Specifyin g a Rule Set fo r a VPN Access P oint QVPN Build er User Guide 87 set fi le that you wan t to im port. NOTE Importin g the file ov erwrites the e xisting ru le set or temp late, so make sure you a re overwr iting the cor rect one.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 88 Access Po int QVPN Builder User G uide 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 89 the conf iguration ensur es that onl y limited s ervices are al lowed onto the LAN and o nly if these se rvice s mat ch a flow p revio usly in itiate d by a n i ntern al cli - ent.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 90 Access Po int QVPN Builder User G uide 5 log box sh own here, and cl ick OK . Change the Src parameter fr om Any to LANHosts by s electing th e Src fiel d, clicki ng on the right mous e button, and sele cting Sele ct.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 91 in the d ialog box. Add th e http to the Applicat ion List, a nd click OK .
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 92 Access Po int QVPN Builder User G uide 5 Spec ifying the A ct ion P a ramete r Change the Action parameter from Undefined to P ermit by selecti ng the Action f ield, clicking on the rig ht mouse button , and selecting Pe rmit from the pop-up menu.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 93 5 Setti ng Pa ramete r V a lues Next , set p a rame te r valu es by s e lectin g the parame ter fo r which you wa nt to spe cify a value from th e dro p-dow n lis t belo w the Set AP Parameter button.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 94 Access Po int QVPN Builder User G uide 5 of the I nterface Dialo g screens aft er checking the boxes. Once yo u set p aramete r values, the parameter is listed in the Paramet er Override s list.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 95 After maki ng all your changes, cl ick Apply in the upper l eft-hand c orner of the Acces s Point Properti es frame. Save the VPN definition by s electing File → Save or File → Save As.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 96 Access Po int QVPN Builder User G uide 5 C ONFIGURING I NTERVENE M ODE Interv ene mode works by r esponding t o the SYN+ACK with an immediate ACK that moves t he connection ou t of the ser ver ’ s backlog qu eue a nd st ar ting a timer .
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 97 7 Save the ru le set by selec t i ng File → Save As. .. or File → Save . 8 Next, if nece ssary , chan ge the SYN Protect Ti meout value.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 98 Access Po int QVPN Builder User G uide 5 3 Select the Ser- vice fi eld for the rule you want to change, cl ick on the ri ght m ouse button, an d select Edit... from th e pop-up menu.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access P oint QVPN Build er User Guide 99 want , in Bu ilder ’ s T ree fr ame, click on QoS/Firewall . 9 Make sure t hat the specif ied SYN Prote ct T imeout value is appropriate.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 100 Access Point QVPN Bu ilder User Guide 5 cation Dial og appe ars . 4 For s tateful classificat ion, add a new servi ce classi.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 101 5 For stat eful classif i cation, clic k ICM P Filt ering in the Appl icati on sectio n t o bring up the ICMP Fi lter - ing dial og box.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 102 Access Point QVPN Bu ilder User Guide 5 3 Click New to add f orwarding policy to the forwar ding pr ofile.
. . . . . MANAGI NG QOS/FIREWAL L POLICIES Using the QoS/Fir ewall: Examp les Access Point QVPN Bu ilder User Guide 103 • Forward pac kets to next hop — Packets are forwarded to a next hop I P address that must b e reachabl e through a l ocal interfac e.
MANA GING QOS/ FIREW ALL P OLICIES Using the Q oS/ Fir ewall : Examples 104 Access Point QVPN Bu ilder User Guide 5.
Access Point QVPN Bu ilder User Guide 105 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M ANAG I NG NAT The A cces s Point s ystem (AP) has a N etwo rk Addr ess Transla tor th at pro - vides gl obally-uniq ue, regist ered IP address es for domains using pri vate IP ad dress es to c onnect to the Intern et.
MANA GING NA T Configur ing General NA T Paramete rs 106 Access Point QVPN Bu ilder User Guide 6 W ith the Bui lder , you can co nfigure NA T by: 1 Configur ing general NA T param eters. 2 Adding the NA T layer . 3 Enabling NA T . 4 Addi ng st a tic bi ndi n gs.
. . . . . MANAGI NG NA T Configu ring Gen eral NA T Parameters Access Point QVPN Bu ilder User Guide 107 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame.
MANA GING NA T Configur ing General NA T Paramete rs 108 Access Point QVPN Bu ilder User Guide 6 A PPLYIN G P ARAM ETERS W ith NA T select ed for the VPN root, y ou can apply t he changes t o either all APs or to s elected APs by selecti ng the appropria te button for Apply Para m e- ters T o.
. . . . . MANAGI NG NA T Adding the NA T La yer Access Point QVPN Bu ilder User Guide 109 S AVING THE NAT C ONFIGU RATION Save the N A T configuration b y selecting File → Save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MANA GING NA T Adding the NAT Layer 11 0 Access Po int QVPN Bu ilder User Gu ide 6 When you cli ck on the Insert NA T ... butto n, the Int erface Dialog box shown belo w appears so you can select t he desire d IP layers. Select the IP layers and click Apply .
. . . . . MANAGI NG NA T Configurin g S tatic Binding s Access Point QVPN Builder User Guide 111 3 Click Appl y in the uppe r left- hand cor ner of th e Properties fr ame. 4 Save the N A T confi guration for th is VPN definition by select ing File → Save .
MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 2 Access Po int QVPN Bu ilder User Gu ide 6 3 If you want to remove a stat ic bin din g, selec t the r ow and the n clic k on the - butto n. 4 Click Appl y . 5 Save the N A T confi guration for th is VPN definition by select ing File → Save .
. . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 3 C ONFI GU RING B ASIC NAT P OOLS T o configur e pools for Ba sic NA T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame.
MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 4 Access Po int QVPN Bu ilder User Gu ide 6 C ONFI GU RING NAPT P OOLS T o configur e pools for NAP T : 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame.
. . . . . MANAGI NG NA T Configur ing Addr ess T ranslati on Pools Access Poin t QVPN Builder User Gu ide 11 5 5 Save the N A T confi guration for th is VPN definition by select ing File → Save . Once a NAP T pool is d eployed, its paramet ers cannot be modifi ed.
MANA GING NA T Config uring Ad dr ess T r ansla t ion Poo l s 11 6 Access Po int QVPN Bu ilder User Gu ide 6 4 Y ou can add pri vate IP a ddresses at any time by clicki ng on the Add IP Ranges butto n. Add the IP addr ess range by clicking on th e + button.
. . . . . MANAGI NG NA T Configurin g Private Network s Access Poin t QVPN Builder User Gu ide 11 7 R EMOVIN G P OOLS T o remove pool s: 1 For the AP , expand NA T and select Tr anslati on Pools to displ ay the NA T T ranslati on Pools frame. 2 Select the pool that you want to delete f rom the Created Pool s list.
MANA GING NA T Configu ring P rivate Netwo rks 11 8 Access Po int QVPN Bu ilder User Gu ide 6 pools. A sample ent ry is shown her e: 4 If you want t o remov e a pri va te ne twor k, se lect the private net wo rk on the left an d the n clic k Remove . NOTE Removing a private n etwork wi ll only di sassocia te all its po ols.
. . . . . MANAGI NG NA T Checkin g t he Con figurat i on Access Poin t QVPN Builder User Gu ide 11 9 . . . . . . . . . . . . . . . . . . . . . . . . . .
MANA GING NA T Deployin g the NA T Configuratio n to All APs 120 Access Point QVPN Bu ilder User Guide 6 . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 121 Y ou c an vie w the IP laye rs sele cted for NA T in serti on by click ing on t he NA T folder for an .
MANA GING NA T Using the NA T Dep loyment T ab 122 Access Point QVPN Bu ilder User Guide 6 The Deployme nt tab for bindi ngs resembles the fo llowing di splay: For th e transl ation pools configuratio.
. . . . . MANAGI NG NA T Using the N AT Deployment T ab Access Point QVPN Bu ilder User Guide 123 • Private Net Addr — the IP address of the private network • Mask — the net work mask for the .
MANA GING NA T Using the NA T Dep loyment T ab 124 Access Point QVPN Bu ilder User Guide 6.
QVPN Builder User Guide 125 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A DVAN CED F EATUR ES OF B UI LDE R This sec tion provides ge neral informati on about mana .
ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 126 QVPN Builde r User Guide 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . ADVAN CED FE ATURES OF BUILDE R Specifyi ng Prefer ences QVPN Builder User Guide 127 set the log displ ay and log fi le st ora ge limi ts . T o display events in cer tain col ors, modify the Log Filte rs section by cl icking Sele ct next to t he color .
ADVA NCED FE ATURE S OF BUILD ER Specif ying Pr efer ences 128 QVPN Builde r User Guide 7 D IRECTORY P REFE RENCE S Y ou n eed s uperu ser pr ivile ge (ro ot) to set dir ect or y pref ere n ces. Set the directory pr eference s to specif y the default path fo r the da tabase/log (standa lone version s ) and export directo ries.
. . . . . ADVAN CED FE ATURES OF BUILDE R Conf igurin g L ogging QVPN Builder User Guide 129 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADVA NCED FE ATURE S OF BUILD ER Mana ging User P rofiles 130 QVPN Builde r User Guide 7 E XPOR TING THE L OG T ABLE T O A F ILE Y ou c an ex port th e Log t able to a text fi le by s elect in g T ools → Export → Database Log File to di splay the Choo se the expo rt log fil e name win dow .
. . . . . ADVAN CED FE ATURES OF BUILDE R Managi ng User Profiles QVPN Builder User Guide 131 A DDING U SER P ROFILE S T o add us er profil es: 1 Sele ct Ed it → Users to di splay the User Profiles wi ndow shown here : 2 Click Add to add the user profil e.
ADVA NCED FE ATURE S OF BUILD ER Restori ng VPN Dat a bases 132 QVPN Builde r User Guide 7 5 Repeat st eps 2 through 4 for e ach add itional user . 6 Click Done when y ou have finis hed modif ying profiles . D ELETING U SER P ROFIL ES T o delete u ser profiles: 1 Sele ct Ed it → Users.
. . . . . ADVAN CED FE ATURES OF BUILDE R Find ing a VPN Name QVPN Builder User Guide 133 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADVA NCED FE ATURE S OF BUILD ER T r oublesh ooting 134 QVPN Builde r User Guide 7.
QVPN Builder User Guide 135 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I NDEX A Acce ss Po int Pr op ertie s HUB Type 41 IKE Keep Alive Update 41 Route Cos t 41 Ro.
136 QVPN Builde r User Guide E Evolv ing databa ses 18 F Firew a ll rul es associating a rule set 79 , 92 configuring 66 creating a rule set 66 defini ng a rule set 66 ICMP packets, classifying 99 mod.
. . . . . QVPN Builder User Guide 137 specifyi ng number of sess ions 107 specif yin g sessio n tim ers 107 layers adding 109 inserting under all IP Sec in stances 10 9 numb er of sessi ons, sp ecifyi.
138 QVPN Builde r User Guide configuring 95 configuring intervene mode 96 SYN floo d protection, configur i ng monitor mode 97 QVPN Builder adding APs to 28 configu rati on method s 38 data list, expo.
. . . . . QVPN Builder User Guide 139 operation, verifying 34 shut ting dow n 34 starting 33 usin g 33 rule sets, exporting to a file 85 rule sets, importing 86 security profiles adding 59 deleting 60.
140 QVPN Builde r User Guide installing on (standal one) 6 runnin g online h el p 133 Sola ris req u iremen ts 2 Startu p tasks 16 T Traffi c Status applic ation accessing from QVPN Builder 29 changin.
. . . . . QVPN Builder User Guide 141 desc ripti on of 21 Windows NT installing (client/ server) 14 Windows NT, install ing (sta ndalone) 13.
142 QVPN Builde r User Guide.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Lucent Technologies AP-1 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Lucent Technologies AP-1 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Lucent Technologies AP-1 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Lucent Technologies AP-1 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Lucent Technologies AP-1, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Lucent Technologies AP-1.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Lucent Technologies AP-1. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Lucent Technologies AP-1 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.