3Com 86-0621-000, C36460T software manual

Page 62

62

Directory operation to reinitialize the directory in binary mode. See Chapter 2 of the Entrust/PKI 4.0 Administration Guide.

The following are guidelines for installing the Entrust/PKI 4.0 VPN Connector product: n The Entrust installation guide provides instructions for installing the Entrust/PKI 4.0 VPN Connector product. The installation guide specifies the exact system requirements. It is strongly recommended that the installation guide be reviewed carefully before attempting the installation. n The installation provides various worksheets, and the information requested in these must be determined prior to the installation.

The CEP features of VPN Connector are not required in a 3Com bridge/router PKI environment. Skip those steps relating to the CEP installation and configuration.

PPTP Tunnel Security Authentication problems may occur when connecting a Windows 95 or NT client Validation via a Total Control™ hub to a NETBuilder II bridge/router where the Total Control

hub is setting up a PPTP tunnel to the bridge/router.

This problem is a combination of the security protocol between the client and the LS (in this case the Total Control Hub) and the time it takes to validate a Radius request on the Radius server. In addition, the setting of the DefaultAptCtl parameter needs to be considered because this determines which security protocol the NETBuilder bridge/router will use.

If the client and the LS negotiate to use PAP, the client will send PAP configure requests but at that time the LS is busy setting up the PPTP tunnel and will forward the PAP requests to the NETBuilder bridge/router. The bridge/router by default sends CHAP challenge to the client and normally the client responds immediately. Then the NETBuilder bridge/router sends a request to the Radius server for validation.

If there is another PAP request from the client to the bridge/router while the bridge/router is waiting for validation from the Radius server, the bridge/router will send a PAP NAK to the client and the session is terminated. If the CHAP success message is received before the next PAP message, the PAP message is discarded and the connection is established.

Solutions include disabling CHAP on the NETBuilder DAC or disabling PAP between the client and the LS.

This situation does not arise when the NETBuilder bridge/router is using internal security because it is fast enough to check the CHAP response before the next PAP message is generated.

RSA Signature for Phase When using RSA Signature for phase 1 authentication, and an IP address is used 1 Authentication for Distinguished Name Common Name or Subject Alternate Name, the only port

on the device that will perform IPSec is the one that corresponds to that IP address. Using a domain name for the Distinguished Name Common Name or Subject Alternate Name does not impose this limitation.

Windows NT MS-CHAPAlthough the 11.4 RAS service supports 64 character user names and passwords, Authentication any Windows NT user with a password greater than 14 characters long will fail

MS-CHAP authentication. Per the IETF MS-CHAP v2 draft current versions of Windows NT limit passwords to 14 characters.

Page 61 Page 63
Image 62
Page 61 Page 63
Contents Enterprise OS Software Version 11.4 Release Notes Santa Clara, California 3Com CorporationBayfront Plaza 95052-8145Contents Dial Idle Timer IBM-Related Services in Token RingMaximum BSC Line Speed Shdlc Half-Duplex Mode Appn Connections to 3174 through Token RingPM-SM Not Supported Over Nbma Media RouteDiscovery Firmware Configuration Firmware UpdateMicrosoft Mppe Patches and Updates Total Control Security and Accounting Server AvailabilityToken Ring+ Modules Token Ring Auto Start-up Windows NT MS-CHAP Authentication Platform NotesRequirements Approved Dram SIMMs Enterprise OS Software Version 11.4 Release Notes OfficeConnect NETBuilder IP/IPX Router JW SuperStack II NETBuilder SIIP/IPX Router with 56-bit Encryption JE NETBuilder FeaturesOfficeConnect SuperStackIP Payload Compression Protocol IPComp or Ippcp Non-Broadcast, Multi-Access Nhrp for VPN TunnelsPublic-Key Infrastructure PKI Implementation Ospf External Route Aggregation Tunnel Switching Between Different Tunnel TypesProtocol Independent Multicast-Sparse Mode PIM-SM PPP over Ethernet PPPoE Multicast Border Router MBRIGMPv2 Enhancements Virtual Router Redundancy Protocol Vrrp for Virtual LAN Vlan Many-to-One NAT EnhancementIP Quality of Service IPQoS Bandwidth on Demand with Incoming TrafficNew Features and Feature Enhancements Class-Based Queuing CBQ Management Voice Over Frame Relay VoFR Web Link Enhancements Upgrade Utilities & Upgrade LinkVoice Over VPN VoVPN Autotargeting for SLA Monitoring/Remote Polling Performance Management Currently available statistics areConsole Output in Telnet Sessions Audit Log Messaging EnhancementsPKI Manager version Domain Name Use in FTP and Tftp CommandsSecure VPN Manager version Features of PKI Manager version Version 11.4 for the NETBuilder and PathBuilder platforms NETBuilder II Software FeaturesFeature Bridge/RouterBritss Appn LNM LAA Memory Requirements NETBuilder II Firmware RequirementsNETBuilder II Firmware Requirements ModuleBF- Boundary Router AX-APPN/Connection ServicesPackages NW-IP/IPX/AT RouterDlsw 16 MB 24 MB PathBuilder S5xx Series Switches Software Features Software Package FeatureLNM LAA Switch PPTP/L2TP R2R, VLL PathBuilder S400 Series Switches Software Features Britss Appn LNM LAA Bridge/Routers 16 MB For Dual ImagesOfficeConnect NETBuilder Bridge/Router Software Features Isdn BRI Isdn PRI Isdn T1/E1 Isdn CT1/CE1 Isdn T3/E3Virtual Ports Restricted Number of Dhcp 256 Addresses RS-Multiprotocol Router with 128-bit Encryption and 3DES RW-Multiprotocol RouterRE-Multiprotocol Router with 56-bit Encryption 10/ST bridge/routerSwitching/Tunneling WANExtender MP6E Module Fast Ethernet 100Base ATM Module/ Lane SuperStack II NETBuilder Token Ring Software Features Software Package CF for TE for Feature ModelSmds Memory Requirements HP-UX 10.x platforms Solaris 2.5 platformsRuuhp114.Z Ruuaix114.ZExecuting Version 11.4 UpgradeUpgrade Manager Profile.batEncryptionLicenseRead Environment Variable Etc/passwd. You must add an entry can be ignoredBridge Static Routes DLSwAppn Connections to Upgrade Link WindowResizing ThroughNumber of DLSw Circuits DLSw CONNectUsage Parameter Default ChangeLeaf Node Sessions Support Relay port is Number of TCP ConnectionsFront-End HPR and ISRIBM-Related Feature Settings for Token Ring Ports 3Com Bridge/Routers and Supported Features Token Ring Frame Copy ErrorsFrame Copy Errors under LAN Net Manager Service Point ModeClients and Large ATM Emulated LANsATM LAN Emulation FramesHistory, the PPP link does not come up Ports in DCE ModeValue Ports Without Leased Dial Idle TimerDisaster Recovery on LinesModems Supported Asynchronous ModemsSupported Synchronous Modem ModemNotation BootP Server Ascii BootBoot Cycle Bootptab FileThese messages do not indicate a problem and can be ignored Than 8k to the policy25bis Modem Setup Remote AccessRunOnBootFail SchedulerVPN Protocols and Services Notes Page Platforms. The topics are presented in alphabetical order Adequate Dram and Flash memory installed prior to shipmentOrder Numbers for Memory Upgrade Kits Memory RequirementsBAud value to 16,000 or 4,000 to avoid this situation T3 Bandwidth LimitationSnmp Management 3Com-approved 20 MB Flash Memory Cards
Top Page Image Contents