3Com C36460T, 86-0621-000 software manual VPN Protocols and Services Notes

Page 61

VPN Protocols and Services Notes 61

was unavailable. To determine the required version, refer to the online version of these release notes available on the 3Com website:

http://infodeli.3com.com/infodeli/tools/bridrout/index.htm

Microsoft MPPE Patches Microsoft has acknowledged performance problems with their original

and Updates implementation of MPPE. You should use MSDUN1.2c or later for Windows 95 and apply Hot Fixes in article Q162230 for Windows NT. Contact your Microsoft service provider for additional information and updates when they become available.

PKI: Entrust CA A Certificate Authority (CA) product can be purchased separately from Entrust. Installation Notes This packaged CA server must be installed and configured on a Windows NT 4.0

system. This package actually consists of two Entrust products:

Entrust/PKI 4.0 Authority/Admin/Directory is installed on a Windows NT 4.0 server. This product provides the CA server, a facility to administer the CA, and an optional local LDAP-compliant directory that can serve as a repository for certificates and CRLs. This product should be installed first.

Entrust/PKI 4.0 VPN Connector can be installed with Entrust PKI 4.0 Authority/Admin/Directory on a Windows NT 4.0 server, or installed separately on a Windows NT 4.0 workstation with network connectivity to the Entrust CA server. This product provides a front-end to the Entrust CA server for enrolling VPN devices such as routers with the Entrust CA in order to obtain certificates for those devices. This product must be installed after the Entrust/PKI 4.0 Authority/Admin/Directory product is installed.

The following are some guidelines for installing the Entrust/PKI 4.0

Authority/Admin/Directory product:

The Entrust installation guide gives instructions for installing the Entrust/PKI 4.0 Authority/Admin/Directory product. It is recommended that the Entrust directory be installed with the CA server. The installation guide specifies the exact system requirements. It is strongly recommended that the installation guide be reviewed carefully before attempting the installation.

The Entrust CA environment assumes a hierarchy of security personnel that manage various aspects of operation of the CA, although all of the various management roles can be assumed by a single person. It is recommended that the various passwords for the various personnel be carefully recorded, and the records placed in a secure location. The installation provides various worksheets, and the information requested in these must be determined prior to the installation.

A Windows NT server administrator password must be set prior to the installation. Do not use an empty password consisting only of a carriage return.

After installation, if the Entrust directory was installed with the Entrust CA software, by default, the directory records for certificates and CRLs will be stored internally in an ASCII format. The directory records should be stored in a binary format. To change the format, edit the Entrust ENTMGR.INI file and Bridge/Router PKI Configuration search for the line “serverType = Entrustslapd”. Change this line to read “serverType = External”. See Appendix D of the Entrust/PKI 4.0 Administration Guide for more information. After editing this file, run the Master Control application and invoke the Restore to

Page 60 Page 62
Image 61
Page 60 Page 62
Contents Enterprise OS Software Version 11.4 Release Notes Bayfront Plaza 3Com CorporationSanta Clara, California 95052-8145Contents Maximum BSC Line Speed Shdlc Half-Duplex Mode IBM-Related Services in Token RingDial Idle Timer Appn Connections to 3174 through Token RingMicrosoft Mppe Patches and Updates Firmware Configuration Firmware UpdatePM-SM Not Supported Over Nbma Media RouteDiscovery Total Control Security and Accounting Server AvailabilityRequirements Approved Dram SIMMs Windows NT MS-CHAP Authentication Platform NotesToken Ring+ Modules Token Ring Auto Start-up Enterprise OS Software Version 11.4 Release Notes IP/IPX Router with 56-bit Encryption JE SuperStack II NETBuilder SIOfficeConnect NETBuilder IP/IPX Router JW OfficeConnect FeaturesNETBuilder SuperStackPublic-Key Infrastructure PKI Implementation Non-Broadcast, Multi-Access Nhrp for VPN TunnelsIP Payload Compression Protocol IPComp or Ippcp Protocol Independent Multicast-Sparse Mode PIM-SM Tunnel Switching Between Different Tunnel TypesOspf External Route Aggregation IGMPv2 Enhancements Multicast Border Router MBRPPP over Ethernet PPPoE Many-to-One NAT Enhancement Virtual Router Redundancy Protocol Vrrp for Virtual LAN VlanBandwidth on Demand with Incoming Traffic IP Quality of Service IPQoSNew Features and Feature Enhancements Class-Based Queuing CBQ Management Voice Over Frame Relay VoFR Voice Over VPN VoVPN Upgrade Utilities & Upgrade LinkWeb Link Enhancements Performance Management Currently available statistics are Autotargeting for SLA Monitoring/Remote PollingAudit Log Messaging Enhancements Console Output in Telnet SessionsSecure VPN Manager version Domain Name Use in FTP and Tftp CommandsPKI Manager version Features of PKI Manager version Feature NETBuilder II Software FeaturesVersion 11.4 for the NETBuilder and PathBuilder platforms Bridge/RouterBritss Appn LNM LAA NETBuilder II Firmware Requirements NETBuilder II Firmware RequirementsMemory Requirements ModulePackages AX-APPN/Connection ServicesBF- Boundary Router NW-IP/IPX/AT RouterDlsw 16 MB 24 MB Software Package Feature PathBuilder S5xx Series Switches Software FeaturesLNM LAA Switch PPTP/L2TP R2R, VLL PathBuilder S400 Series Switches Software Features Britss Appn LNM LAA 16 MB For Dual Images Bridge/RoutersIsdn BRI Isdn PRI Isdn T1/E1 Isdn CT1/CE1 Isdn T3/E3 OfficeConnect NETBuilder Bridge/Router Software FeaturesVirtual Ports Restricted Number of Dhcp 256 Addresses RE-Multiprotocol Router with 56-bit Encryption RW-Multiprotocol RouterRS-Multiprotocol Router with 128-bit Encryption and 3DES 10/ST bridge/routerSwitching/Tunneling WANExtender MP6E Module Fast Ethernet 100Base ATM Module/ Lane Software Package CF for TE for Feature Model SuperStack II NETBuilder Token Ring Software FeaturesSmds Memory Requirements Ruuhp114.Z Solaris 2.5 platformsHP-UX 10.x platforms Ruuaix114.ZUpgrade Manager Version 11.4 UpgradeExecuting Profile.batEtc/passwd. You must add an entry can be ignored EncryptionLicenseRead Environment VariableDLSw Bridge Static RoutesResizing Upgrade Link WindowAppn Connections to ThroughLeaf Node Sessions Support DLSw CONNectUsage Parameter Default ChangeNumber of DLSw Circuits Front-End Number of TCP ConnectionsRelay port is HPR and ISRIBM-Related Feature Settings for Token Ring Ports Frame Copy Errors under LAN Net Manager Token Ring Frame Copy Errors3Com Bridge/Routers and Supported Features Mode Service PointATM LAN Emulation ATM Emulated LANsClients and Large FramesValue Ports in DCE ModeHistory, the PPP link does not come up Disaster Recovery on Dial Idle TimerPorts Without Leased LinesSupported Synchronous Modem Supported Asynchronous ModemsModems ModemNotation Boot Cycle Ascii BootBootP Server Bootptab FileThan 8k to the policy These messages do not indicate a problem and can be ignoredRunOnBootFail Remote Access25bis Modem Setup SchedulerVPN Protocols and Services Notes Page Order Numbers for Memory Upgrade Kits Adequate Dram and Flash memory installed prior to shipmentPlatforms. The topics are presented in alphabetical order Memory RequirementsSnmp Management T3 Bandwidth LimitationBAud value to 16,000 or 4,000 to avoid this situation 3Com-approved 20 MB Flash Memory Cards
Top Page Image Contents