3Com Version 4.3 IP Address Selection, Protocol/Port Selection

Chapter11. Logging

youcan select allowed, un-NAT:ed packets only.

IP Address Selection

Youcan limit the selection by specifying certain IP addresses.

Inthese ﬁelds, enter a single IP address (e. g., 10.3.27.3), a range of IP addresses (e. g., 10.3.27.1-10.3.28.254), an

IPaddress followed by a netmask (e. g.,10.3.27.0/24), a combination of these, or nothing at all. If a ﬁeld is empty,

allIP addresses are selected.

Ifyou want to study all trafﬁc except the one to or from a speciﬁc computer or group of computers, enter the IP

address(es)here and mark the "not this address" box.

Theselection can be modiﬁed by the control boxes under the ﬁelds A and B:

Asrc Packetsfrom the IP address in ﬁeld A matches. Field B is ignored.

Adst Packetsto the IP address in ﬁeld A matches. Field B is ignored.

Aany Packetsto or from the IP address in ﬁeld A matches. Field B is ignored.

Ato B Packetsfrom A to B matches.

Bto A Packetsfrom B to A matches.

BetweenA&B Packetsfrom A to B, or from B to A, matches.

notthis combination Packetsthat do not match the given combination of A and B are shown in

thelog.

Ifyou, for example, want to study all packets to or from 10.3.27.18, except those to the ﬁle server 10.3.27.2, you

shouldﬁll in the form like this:

Protocol/Port Selection

Youcan limit the selection by specifying certain protocols.

All IP protocols

Norestriction regarding protocols.

TCP/UDP

Whenselecting TCP or UDP, you can choose all packets or packets to certain ports only.

Inthese ﬁelds, you can enter a single port number (32), a range of port numbers (1-1023), alist of port numbers and

rangesseparated by commas (53, 1024-65535) or nothing at all. If the ﬁeld is empty, any port will match. See

appendixG, Lists of ports, ICMP and protocols, for more information on port numbers.

Ifyou want to study all trafﬁc except the one to or from a speciﬁc port or group of ports, enter the port number(s)

hereand mark the "not this port" box.

Theselection can be modiﬁed by the control boxes under the ﬁelds A and B:

Asrc Packetsfrom the port number in ﬁeld A matches. Field B is ignored.

Adst Packetsto the port number in ﬁeld A matches. Field B is ignored.

Aany Packetsto or from the port number in ﬁeld A matches. Field B is ignored.

99

Contents

Main 3Com TelecommutingModule User Manual: Version 4.3 Table of Contents Page Chapter 1. Introduction to 3Com VCX IP What is a Telecommuting Module? Conguration alternatives DMZ Conguration DMZ/LAN Conguration Quick guide to 3Com VCX IP Telecommuting Module installation Page Before you start About settings in 3Com VCX IP Telecommuting Module Chapter 2. Installing 3Com VCX IP Installation Installation with magic ping Installation with a serial cable Page Page Installation with a diskette Page Turning off a Telecommuting Module Remember to lock up the Telecommuting Module Chapter 3. Conguring 3Com VCX IP Logging on Log on again Log out Navigation Site Map Overview of conguration Preliminary and permanent conguration Conguring IP addresses and masks in 3Com VCX IP Telecommuting Module IP address Mask/Bits Name queries in 3Com VCX IP Telecommuting Module Page Chapter 4. How To Congure SIP DMZ Telecommuting Module, SIP server on the outside Networks and Computers Page DMZ Telecommuting Module, SIP server inside Networks and Computers Surroundings Page Basic Conguration Save/Load Conguration Standalone Telecommuting Module, SIP server on the outside Page Standalone Telecommuting Module, SIP server inside Page DMZ/LAN Telecommuting Module, SIP server on the outside Page DMZ/LAN Telecommuting Module, SIP server inside Routing Interoperability Page Page Chapter 5. The Serial Console Connecting to the serial console Main Menu 1. Basic conguration 2. Save/Load conguration Basic conguration IP address Physical device name IP address Netmask/bits Conguration computers Congure from a single computer Congure from multiple computers Password Save/Load conguration Load preliminary conguration Load both congurations and apply Save preliminary conguration Save permanent conguration Become a failover team member Leave failover team and become standalone Wipe email logs Set password Exit admin Chapter 6. Basic Conguration Basic Conguration Name of this TelecommutingModule Default domain IP policy Default Gateways DNS name or IP address IP address Gateway Reference Hosts DNS name or IP address Access Control Conguration Allowed Via Interface User Authentication Conguration Transport Conguration via HTTP Conguration via HTTPS Conguration Computers DNS Name Or Network Address Network Address Netmask/Bits Range RADIUS RADIUS Servers Identier Contact IP Address Status for RADIUS servers Conguration of a RADIUS server SNMP SNMP v1 and v2c SNMP v3 SNMP Traps Download the 3Com MIB Certicates Private Certicates Create certicate or certicate request Page CA Certicates Information Telecommuting Module Type The DMZ Conguration The DMZ/LAN Conguration The Standalone Conguration Telecommuting Module Typeconguration Current TelecommutingModule Type Page Chapter 7. Network Conguration Networks and Computers Name Subgroup Lower Limit DNS Name Or IP Address IP Address Upper Limit Interface (Network Interface 1 and 2) Physical device name Status Interface name Directly Connected Networks Alias Static routing Routed network Router VLAN Interface Status Surroundings Page Chapter 8. SIP Services Administration of SIP Basic SIP media port range SIP Servers To Monitor Logging Log class for SIP signaling Log class for SIP packets Log class for SIP debug messages Interoperability Loose routing Relaxed Refer-To Remove VIA headers Translation exceptions Preserve username Loose username check SIP URL encryption Page Force Record-Route For All Requests Force remote TLS connection reuse Page Sessions and Media Session Conguration Requests Maximum number of retransmissions for non-INVITE requests Remote SIP Connectivity STUN Server STUN server function STUN server IP addresses STUN ports Remote NAT Traversal Remote NATtraversal Re-REGISTER period for clients Use OPTIONS for registered clients OPTIONS interval Chapter 9. SIP Trafc SIP Methods Routing Domain or IP address Port Class 3xx message processing Forward class 3xx messages DNS Override For SIP Requests Domain Relay to Session Status Registered Users Active Sessions Chapter 10. Administration Save/Load Conguration Test Preliminary Conguration Duration of limited test mode Apply conguration Backup Save to diskette Load from diskette Save to local le Load from local le Show conguration User Administration Password For the admin Account Other Accounts Currently Logged In Administrators Log out Upgrade Upgrade Step 1 Step 2 Step 3 Table Look Edit Column Always have an Edit column Sometimes have an Edit column Never have an Edit column Date and Time Change Time Zone Change Date and Time Manually Date Time Set date and time manually Change Date and Time With NTP Restart Page Chapter 11. Logging Display Log Packet TypeSelection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP Beside the boxes Show newest at top Time Limits Periodical search Show This The log Display Load Time Period Interface Page Resource Monitoring Logging Conguration Inbound trafc Warnings VPN events SIP events Log Classes Log Sending Page Chapter 12. Failover Specication of failover Requirements Features Failover Telecommuting Module setup Failover Settings Dedicated interface The dedicated interface to use Dedicated network Failover type Reference Hosts Failover Status Failover Status Failover team Leaving a failover team Page Chapter 13. Tools Packet Capture Network Interface Selection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP ESP Collect data Chapter 14. Firewall and Client Conguration The DMZ type The Firewall The SIP clients The DMZ/LAN type The Firewall The Standalone type Page Appendix A. More About SIP The SIP protocol Why use SIP? SIP and rewalls SIP sessions Establishing a SIP session Appendix B. Troubleshooting Network troubleshooting No trafc shown in the log Trafc discarded as spoofed SIP troubleshooting VPN troubleshooting No IPsec tunnel established IPsec tunnel established, no trafc IPsec tunnel established, no trafc after some time Administration troubleshooting The Telecommuting Module is unaccessible forsome time when trying to apply a conguration Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols List of the most important reserved ports Page Page List of ICMP types ICMP codes Page Internet protocols and their numbers IP intervals Page Reserved IP addresses Appendix D. Denitions of terms Page Page Page Page Page Page Appendix E. License Conditions GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Preamble GNU GENERAL PUBLIC LICENSE Page Page GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Preamble GNU LESSER GENERAL PUBLIC LICENSE Page Page Page The Python license Terms and conditions for accessing or otherwise using Python CWI PERMISSIONS STATEMENT AND DISCLAIMER Python Imaging Library The BSD license The MIT license The DHCP license The OpenSSL license The bzip2 license The lilo license The Vovida license The VovidaSoftware License , Version1.0 The Cavium license The Cavium License The zlib license Appendix F. Obtaining Support for Your 3Com Products Register Your Product to Gain Service Benets Solve Problems Online Purchase Extended Warranty and Professional Services Access Software Downloads Telephone TechnicalSupport and Repair Asia, Pacic Rim - TelephoneTechnical Support and Repair Europe, Middle East, and Africa - TelephoneTechnical Support and Repair Latin America - Telephone TechnicalSupport and Repair US and Canada - Telephone TechnicalSupport and Repair Index