3Com Version 4.3 Telecommuting Module Type

Chapter6. Basic Conﬁguration

Information

Informationabout this certiﬁcate, such as the signing CA and expiration date.

Delete Row

Ifyou select this box, the row is deleted when you click on Add new rows or Save.

Create

Enterthe number of new rows you want to add to the table, and then click on Create.

Save

Savesall Certiﬁcates conﬁguration to the preliminary conﬁguration.

Cancel

Clearsand resets all ﬁelds in new rows and resets changes in old rows.

Telecommuting Module Type

TheTelecommuting Module can be connected to your network in different ways, depending on your needs. On this

page,you state what conﬁguration you have.

The DMZ Conﬁguration

Usingthis conﬁguration, the Telecommuting Module is located on the DMZ of your ﬁrewall, and connected to it

withonly one interface.

Thisis the safest conﬁguration, since all trafﬁc goes through both your ﬁrewall and your Telecommuting Module. It

isalso the most ﬂexible, since all networks connected to any of your ﬁrewall’s interfaces can be SIP-enabled.

Onyour ﬁrewall, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for RTP trafﬁc

betweenthe Telecommuting Module and the Internet as well as between the Telecommuting Module and your

internalnetworks. The SIP trafﬁc ﬁnds its way to the Telecommuting Module using DNS or by setting the

TelecommutingModule as an outbound proxy on the clients.

Theﬁrewall mustn’t use NAT for the trafﬁc between the TelecommutingModule and your internal networks or for

thetrafﬁc between the Telecommuting Module and the Internet. However, the TelecommutingModule can itself use

NATfor trafﬁc to the Internet.

Youneed to declare your internal network topology on the Surroundings page.

The DMZ/LAN Conﬁguration

Usingthis conﬁguration, the Telecommuting Module is located on the DMZ of your ﬁrewall, and connected to it

withone of the interfaces.

Thisconﬁguration is used to enhance the data throughput, since the trafﬁc only needs to pass your ﬁrewall once.

57

Contents

Main 3Com TelecommutingModule User Manual: Version 4.3 Table of Contents Page Chapter 1. Introduction to 3Com VCX IP What is a Telecommuting Module? Conguration alternatives DMZ Conguration DMZ/LAN Conguration Quick guide to 3Com VCX IP Telecommuting Module installation Page Before you start About settings in 3Com VCX IP Telecommuting Module Chapter 2. Installing 3Com VCX IP Installation Installation with magic ping Installation with a serial cable Page Page Installation with a diskette Page Turning off a Telecommuting Module Remember to lock up the Telecommuting Module Chapter 3. Conguring 3Com VCX IP Logging on Log on again Log out Navigation Site Map Overview of conguration Preliminary and permanent conguration Conguring IP addresses and masks in 3Com VCX IP Telecommuting Module IP address Mask/Bits Name queries in 3Com VCX IP Telecommuting Module Page Chapter 4. How To Congure SIP DMZ Telecommuting Module, SIP server on the outside Networks and Computers Page DMZ Telecommuting Module, SIP server inside Networks and Computers Surroundings Page Basic Conguration Save/Load Conguration Standalone Telecommuting Module, SIP server on the outside Page Standalone Telecommuting Module, SIP server inside Page DMZ/LAN Telecommuting Module, SIP server on the outside Page DMZ/LAN Telecommuting Module, SIP server inside Routing Interoperability Page Page Chapter 5. The Serial Console Connecting to the serial console Main Menu 1. Basic conguration 2. Save/Load conguration Basic conguration IP address Physical device name IP address Netmask/bits Conguration computers Congure from a single computer Congure from multiple computers Password Save/Load conguration Load preliminary conguration Load both congurations and apply Save preliminary conguration Save permanent conguration Become a failover team member Leave failover team and become standalone Wipe email logs Set password Exit admin Chapter 6. Basic Conguration Basic Conguration Name of this TelecommutingModule Default domain IP policy Default Gateways DNS name or IP address IP address Gateway Reference Hosts DNS name or IP address Access Control Conguration Allowed Via Interface User Authentication Conguration Transport Conguration via HTTP Conguration via HTTPS Conguration Computers DNS Name Or Network Address Network Address Netmask/Bits Range RADIUS RADIUS Servers Identier Contact IP Address Status for RADIUS servers Conguration of a RADIUS server SNMP SNMP v1 and v2c SNMP v3 SNMP Traps Download the 3Com MIB Certicates Private Certicates Create certicate or certicate request Page CA Certicates Information Telecommuting Module Type The DMZ Conguration The DMZ/LAN Conguration The Standalone Conguration Telecommuting Module Typeconguration Current TelecommutingModule Type Page Chapter 7. Network Conguration Networks and Computers Name Subgroup Lower Limit DNS Name Or IP Address IP Address Upper Limit Interface (Network Interface 1 and 2) Physical device name Status Interface name Directly Connected Networks Alias Static routing Routed network Router VLAN Interface Status Surroundings Page Chapter 8. SIP Services Administration of SIP Basic SIP media port range SIP Servers To Monitor Logging Log class for SIP signaling Log class for SIP packets Log class for SIP debug messages Interoperability Loose routing Relaxed Refer-To Remove VIA headers Translation exceptions Preserve username Loose username check SIP URL encryption Page Force Record-Route For All Requests Force remote TLS connection reuse Page Sessions and Media Session Conguration Requests Maximum number of retransmissions for non-INVITE requests Remote SIP Connectivity STUN Server STUN server function STUN server IP addresses STUN ports Remote NAT Traversal Remote NATtraversal Re-REGISTER period for clients Use OPTIONS for registered clients OPTIONS interval Chapter 9. SIP Trafc SIP Methods Routing Domain or IP address Port Class 3xx message processing Forward class 3xx messages DNS Override For SIP Requests Domain Relay to Session Status Registered Users Active Sessions Chapter 10. Administration Save/Load Conguration Test Preliminary Conguration Duration of limited test mode Apply conguration Backup Save to diskette Load from diskette Save to local le Load from local le Show conguration User Administration Password For the admin Account Other Accounts Currently Logged In Administrators Log out Upgrade Upgrade Step 1 Step 2 Step 3 Table Look Edit Column Always have an Edit column Sometimes have an Edit column Never have an Edit column Date and Time Change Time Zone Change Date and Time Manually Date Time Set date and time manually Change Date and Time With NTP Restart Page Chapter 11. Logging Display Log Packet TypeSelection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP Beside the boxes Show newest at top Time Limits Periodical search Show This The log Display Load Time Period Interface Page Resource Monitoring Logging Conguration Inbound trafc Warnings VPN events SIP events Log Classes Log Sending Page Chapter 12. Failover Specication of failover Requirements Features Failover Telecommuting Module setup Failover Settings Dedicated interface The dedicated interface to use Dedicated network Failover type Reference Hosts Failover Status Failover Status Failover team Leaving a failover team Page Chapter 13. Tools Packet Capture Network Interface Selection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP ESP Collect data Chapter 14. Firewall and Client Conguration The DMZ type The Firewall The SIP clients The DMZ/LAN type The Firewall The Standalone type Page Appendix A. More About SIP The SIP protocol Why use SIP? SIP and rewalls SIP sessions Establishing a SIP session Appendix B. Troubleshooting Network troubleshooting No trafc shown in the log Trafc discarded as spoofed SIP troubleshooting VPN troubleshooting No IPsec tunnel established IPsec tunnel established, no trafc IPsec tunnel established, no trafc after some time Administration troubleshooting The Telecommuting Module is unaccessible forsome time when trying to apply a conguration Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols List of the most important reserved ports Page Page List of ICMP types ICMP codes Page Internet protocols and their numbers IP intervals Page Reserved IP addresses Appendix D. Denitions of terms Page Page Page Page Page Page Appendix E. License Conditions GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Preamble GNU GENERAL PUBLIC LICENSE Page Page GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Preamble GNU LESSER GENERAL PUBLIC LICENSE Page Page Page The Python license Terms and conditions for accessing or otherwise using Python CWI PERMISSIONS STATEMENT AND DISCLAIMER Python Imaging Library The BSD license The MIT license The DHCP license The OpenSSL license The bzip2 license The lilo license The Vovida license The VovidaSoftware License , Version1.0 The Cavium license The Cavium License The zlib license Appendix F. Obtaining Support for Your 3Com Products Register Your Product to Gain Service Benets Solve Problems Online Purchase Extended Warranty and Professional Services Access Software Downloads Telephone TechnicalSupport and Repair Asia, Pacic Rim - TelephoneTechnical Support and Repair Europe, Middle East, and Africa - TelephoneTechnical Support and Repair Latin America - Telephone TechnicalSupport and Repair US and Canada - Telephone TechnicalSupport and Repair Index