Manuals / Nokia / Cell Phone / Cell Phone

Nokia IPSO 4.0 manual Monitoring Transparent Mode Groups, Transparent Mode and Check Point NGX

Models: IPSO 4.0

1 510

Page 139

Enabling or Disabling VRRP for a Transparent Mode Group

If you are enabling VRRP on a VRRP master, the node will perform transparent mode operations as described in the section, “Transparent Mode” on page 132. As a VRRP standby, it will drop all packets except those with local destinations.

For more information on configuring VRRP, see “Configuring VRRP” on page 186

To enable or disable VRRP for a transparent mode group

1.Click Transparent Mode under Configuration > Interface Configuration in the tree view.

2.Click the link of the transparent mode group to which you would like to enable VRRP.

3.Select the Yes or No radio button in the VRRP Enabled table.

4.Click Apply.

5.Click Save to make your changes permanent.

Monitoring Transparent Mode Groups

To monitor transparent mode groups

1.Click Transparent Mode under Monitor in the tree view.

2.Click a transparent mode group under XMODE Group Id.

Transparent Mode and Check Point NGX

This section explains some details about configuring a firewall to work with transparent mode.

Configuring Antispoofing

The proper configuration for antispoofing depends on how the interfaces in the transparent mode group are configured.

All Interfaces Are Internal

If all the interfaces in the group are internal, you should configure antispoofing normally. You treat the interfaces as being on the same subnet and, any other nested networks must be properly defined so that antispoofing to be aware of them and traffic is not dropped.

One Interface Is External

If one interface is external, do not use antispoofing. If antispoofing is applied, the firewall drops reply packets because they are sourced from the same subnet.

Configuring VRRP

When you use the Check Point NGX SmartDashboard to configure the Gateway Cluster properties of a VRRP pair that uses IPSO transparent mode, you must follow this procedure.

Nokia Network Voyager for IPSO 4.0 Reference Guide

139

Page 139

Image 139

Nokia IPSO 4.0 manual Monitoring Transparent Mode Groups, Transparent Mode and Check Point NGX, Configuring Antispoofing

Contents

Nokia Network Voyager For Ipso Reference Guide Restricted Rights Legend Nokia Network Voyager for Ipso 4.0 Reference GuideHttps//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Virtual Router Redundancy Protocol Vrrp Configuring ClusteringNokia Network Voyager Ipso 4.0 Reference Guide Configuring IPv6 Configuring SnmpManaging Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Monitoring System Configuration and Hardware Configuring Router ServicesIndex About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Convention Description Conventions This Guide UsesText Conventions Text ConventionsMenu Items Related DocumentationNokia Network Voyager for Ipso 4.0 Reference Guide Software OverviewLogging Off Logging In to Network VoyagerTo open Nokia Network Voyager To override a configuration lock Obtaining a Configuration LockTo log in with exclusive configuration lock To log in without exclusive configuration lockTo clear the memory and disk cache Accessing Documentation and HelpNavigating in Network Voyager Reloading PagesTo open a new window to view help „ Nokia support site https//support.nokia.comTo view the asset management summary Viewing Hardware and Software Information for Your SystemInterface Overview Configuring InterfacesIP2250 Management Ports Configuring Network DevicesType Prefix Physical Interface Logical Interface Configuring IP AddressesInterface Status Interface Status Indicators Configuring Tunnel InterfacesIndicator Description Parameter Description Configuring Ethernet InterfacesPhysical Interface Configuration Parameters Ethernet InterfacesLink Aggregation To configure an Ethernet interfaceConfiguring Switches for Link Aggregation Managing Link Aggregation Using SnmpLink Aggregation on the IP2250 Static Link AggregationFirewall Synchronization Traffic Production Traffic ADP I/O Ports Only Configuring the Remaining Management PortsTo physically configure the interfaces you will aggregate Configuring Link AggregationPhysical Interface Configuration To set up link aggregation in Network VoyagerTo configure link aggregation groups Group ConfigurationGigabit Ethernet Interface Parameters Logical ConfigurationGigabit Ethernet Interfaces Deleting Aggregation GroupsMTU To configure a Gigabit Ethernet interfaceTo configure PPPoE Configuring PPPoEPoint-to-Point Over Ethernet Nokia Network Voyager for Ipso 4.0 Reference Guide To delete PPPoE logical interfaces To change configuration profilesTo delete configuration profiles To create PPPoE logical interfacesVirtual LAN Interfaces Configuring MSS ClampingTo delete a Vlan Interface To configure a Vlan InterfaceTo define the maximum number of VLANs Vlan Example TopologyFddi Interfaces To configure an Fddi InterfaceTo change the IP address of an Fddi interface To change the duplex setting of an Fddi interfaceIsdn Interfaces To configure an Isdn physical interfaceTo configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls To add an incoming number Configuring Calling Line-Identification ScreeningTo remove an incoming number To configure an interface to place and receive callsDial-on-Demand Routing DDR Lists To delete a DDR list To create a DDR listTo add a new rule to a DDR list To modify a rule Example DDR ListTo apply or remove a DDR list to/from an interface Isdn Network Configuration Example To configure the IP650 to handle an incoming call To configure the IP330 to place an outgoing callSample Call Traces Trace for connecting a call from the Nokia IP330 is To view the message log Isdn TroubleshootingLogging To set level of messages loggedIsdn Cause Code Fields Troubleshooting Cause CodesTo trace Isdn traffic using tcpdump TracingIsdn Cause Values Cause Cause Description DiagnosticsCause Values See Isdn Cause Values table Information-element identifiers is missing Value Description Isdn Bearer-Capable ValuesToken Ring Interfaces To configure a Token Ring interfaceTo change a Token Ring interface To deactivate a Token Ring interfaceToken Ring Example Fddi Point-to-Point Link over ATM To configure an ATM interfaceTo change the VPI/VCI of an ATM interface To change the IP MTU of an ATM interface To change the IP Address of an ATM interfaceFddi ATM ExampleTo configure an ATM logical IP subnet LIS interface To configure the ATM interface on Nokia Platform aIP over ATM IPoA To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface ATM IPoA ExampleSerial V.35 and X.21 Interfaces To configure a serial interface for Cisco HdlcTo configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example To configure a T1 Interface for Cisco Hdlc To configure the serial interface on Nokia Platform aT1with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a E1 with Built-In CSU/DSU Interfaces To configure an E1 interface for Cisco HdlcNokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 100 To configure an E1 interface for frame relayNokia Network Voyager for Ipso 4.0 Reference Guide 101 102 Hssi Interfaces To configure an Hssi interface for Cisco HdlcNokia Network Voyager for Ipso 4.0 Reference Guide 103 104 To configure an Hssi interface for PPPNokia Network Voyager for Ipso 4.0 Reference Guide 105 To configure an Hssi interface for frame relay106 Nokia Network Voyager for Ipso 4.0 Reference Guide 107 Configuring Unnumbered InterfacesTo configure an unnumbered interface Unnumbered Interfaces108 To change an unnumbered interface to a numbered interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 109 To configure a static route over an unnumbered interfaceOspf over Unnumbered Interfaces Using Virtual Links Configuring Ospf over Unnumbered Interface110 To change the keepalive interval for Cisco Hdlc Cisco Hdlc ProtocolNokia Network Voyager for Ipso 4.0 Reference Guide 111 112 Point-to-Point ProtocolTo change the IP address in Cisco Hdlc To change the keepalive interval in PPPTo change the IP address in PPP To change the keepalive maximum failures in PPPNokia Network Voyager for Ipso 4.0 Reference Guide 113 114 Frame Relay ProtocolTo change the keepalive interval in frame relay To change the Dlci in frame relayTo change the interface type in frame relay To change the LMI parameters in frame relayNokia Network Voyager for Ipso 4.0 Reference Guide 115 116 To change the active status monitor setting in frame relayTo change the IP address in frame relay To remove a frame relay interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 117 Loopback InterfacesTo add an IP Address to a Loopback Interface To change the IP Address of a loopback interface118 Configuring GRE TunnelsGRE Tunnels To create a GRE tunnelNokia Network Voyager for Ipso 4.0 Reference Guide 119 120 To change IP TOS value of a GRE tunnelNokia Network Voyager for Ipso 4.0 Reference Guide 121 GRE Tunnel ExampleHA GRE Tunnel Example High Availability GRE Tunnels122 Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 To create a Dvmrp tunnel Dvmrp TunnelsNokia Network Voyager for Ipso 4.0 Reference Guide 125 To change the local or remote addresses of a Dvmrp tunnel Dvmrp Tunnel Example126 Nokia Network Voyager for Ipso 4.0 Reference Guide 127 To change ARP global parameters ARP Table Entries128 To add a proxy ARP entry To add a static ARP entryNokia Network Voyager for Ipso 4.0 Reference Guide 129 Configuring ARP for ATM Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 131 To add a static ATM ARP entryTo delete a static ATM ARP entry To view and delete dynamic ATM ARP entriesLimitations Transparent Mode132 Nokia Network Voyager for Ipso 4.0 Reference Guide 133 Transparent Mode Processing Details134 Configuring Transparent Mode in VPN EnvironmentsNokia Network Voyager for Ipso 4.0 Reference Guide 135 Example of Transparent Mode136 Configuring Transparent ModeNokia Network Voyager for Ipso 4.0 Reference Guide 137 Creating and Deleting Transparent Mode GroupsTo create a transparent mode group To delete a transparent mode groupTo enable or disable a transparent mode group Enabling or Disabling a Transparent Mode Group138 Configuring Antispoofing Monitoring Transparent Mode GroupsTransparent Mode and Check Point NGX Enabling or Disabling Vrrp for a Transparent Mode Group140 Virtual Tunnel Interfaces Fwvpn for Route-Based VPNUnnumbered VTIs Routing Traffic through the VTINokia Network Voyager for Ipso 4.0 Reference Guide 141 To create the VPN community Creating Virtual Tunnel InterfacesVrrp Support To create a virtual tunnel interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 143 144 To create the virtual tunnel interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 145 Configuring DhcpTo enable the Dhcp client process Configuring Dhcp Client InterfacesDhcp Client Configuration To configure the Dhcp client interfaceTo configure the Dhcp server process Configuring the Dhcp ServerNokia Network Voyager for Ipso 4.0 Reference Guide 147 To enable the Dhcp server process Dhcp Server Configuration148 Adding Dhcp Address Pools Changing Dhcp ServiceTo disable the Dhcp server process To change the Dhcp serviceTo assign a fixed-IP address to a client To enable and existing IP address poolEnabling or Disabling Dhcp Address Pools Assigning a Fixed-IP Address to a ClientNokia Network Voyager for Ipso 4.0 Reference Guide 151 Creating Dhcp Client Templates152 Nokia Network Voyager for Ipso 4.0 Reference Guide 153 Configuring Dynamic Domain Name System ServiceConfiguring Dynamic Domain Name System Zones To configure Dynamic Domain Name System DdnsTo create a mirror set Configuring the Domain Name ServiceConfiguring Disk Mirroring To configure DNSTo delete a mirror set Using an Optional Disk Flash-Based Systems OnlyNokia Network Voyager for Ipso 4.0 Reference Guide 155 To remove an optional disk To install and configure PC card flash memoryTo configure the system to store log files on the PC card Mail RelaySystem Failure Notification Configuring Mail RelayTo configure failure notification To configure mail relay for your firewall158 Setting the System TimeSending Mail To send mail from the firewallNokia Network Voyager for Ipso 4.0 Reference Guide 159 Configuring Host AddressesTo set system time once To add a static host entryLogging to a Remote System Configuring System LoggingConfiguring Logging on Disk-Based Systems Accepting Log MessagesTo send syslog messages to a remote system Configuring Logging on Flash-Based SystemsNokia Network Voyager for Ipso 4.0 Reference Guide 161 162 Configuring Logging to Remote Log ServersConfiguring Logging to an Optional Disk Configuring Audit LogsNokia Network Voyager for Ipso 4.0 Reference Guide 163 164 To set the system configuration audit logNokia Network Voyager for Ipso 4.0 Reference Guide 165 Remote Core Dump Server on Flash-Based Systems166 Managing Configuration SetsChanging the Hostname To change the hostnameScheduling Jobs To create a factory default configuration fileTo switch a currently active database To delete unwanted configuration database filesTo delete scheduled jobs Backing Up and Restoring Files168 Nokia Network Voyager for Ipso 4.0 Reference Guide 169 Creating Backup FilesTo create a backup file manually To delete local backup filesTo cancel a regularly scheduled backup Transferring Backup FilesConfiguring Automatic Transfers To configure scheduled backupsTo manually transfer archive files to a remote server Transferring Backup Files ManuallyNokia Network Voyager for Ipso 4.0 Reference Guide 171 To restore files Restoring Files from Locally Stored Backup Files172 To select a new current image Managing Nokia Ipso ImagesChanging Current Image Deleting ImagesTo delete an Nokia Ipso image Installing New Images174 To test an image before activating it Testing a New ImageNokia Network Voyager for Ipso 4.0 Reference Guide 175 176 Rebooting a ClusterUpgrading Nokia Ipso Images for a Cluster Downgrading Nokia Ipso ImagesNokia Network Voyager for Ipso 4.0 Reference Guide 177 Configuring Monitor ReportsMonitor Report Parameters Installing and Enabling PackagesManaging Packages Restrictions for Flash-Based PlatformsNokia Network Voyager for Ipso 4.0 Reference Guide 179 To install a packageTo delete a package Advanced System TuningTuning the TCP/IP Stack To enable or disable a packageTo set the TCP MSS Router Alert IP OptionNokia Network Voyager for Ipso 4.0 Reference Guide 181 182 How Vrrp Works Vrrp OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 183 184 Simple Vrrp ConfigurationVrrp Configuration with Simultaneous Backup Vrrp Configuration with Internal and External VRIDsUnderstanding Monitored-Circuit Vrrp Configuring Vrrp186 Priority Selecting Configuration ParametersNokia Network Voyager for Ipso 4.0 Reference Guide 187 Hello Interval Authentication188 Priority Delta Backup AddressNokia Network Voyager for Ipso 4.0 Reference Guide 189 190 Vmac ModeNokia Network Voyager for Ipso 4.0 Reference Guide 191 Global Vrrp SettingsVrrp Configuration Parameters Before you Begin192 Configuring Monitored-Circuit VrrpNokia Network Voyager for Ipso 4.0 Reference Guide 193 To add a virtual router194 Configuring Monitored-Circuit Vrrp using the Full MethodTo change the configuration of an existing virtual router To delete a virtual routerNokia Network Voyager for Ipso 4.0 Reference Guide 195 Additional Vrrp Parameters Used in Full MethodTo add or back up a virtual router using VRRPv2 Configuring VRRPv2196 Nokia Network Voyager for Ipso 4.0 Reference Guide 197 Configuring Check Point NGX for Vrrp198 Configure settings under the 3rd party configuration tabConfiguration Rule for Check Point NGX FP1 Configuring Vrrp Rules for Check Point NGXNokia Network Voyager for Ipso 4.0 Reference Guide 199 200 Configuration Rules for Check Point NGX FP2 and LaterConfiguring Rules if You Are Using Ospf or Dvmrp Source Destination Service ActionState CLI commands for VrrpMonitoring Vrrp Link Aggregation IP2250 Systems OnlyStats Location202 To enable traces for Vrrp Troubleshooting VrrpGeneral Configuration Considerations To enable or disable Monitor Firewall stateFirewall Policies Access Control Lists204 Nokia Network Voyager for Ipso 4.0 Reference Guide 205 Switched EnvironmentsMonitored-Circuit Vrrp in Switched Environments VRRPv2 in Switched Environments206 IP Clustering Description Using Flash-Based PlatformsNokia Network Voyager for Ipso 4.0 Reference Guide 207 208 Example ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 209 Cluster Management210 Cluster TerminologyNokia Network Voyager for Ipso 4.0 Reference Guide 211 Cluster member a cluster node that is not the master212 Clustering ModesNokia Network Voyager for Ipso 4.0 Reference Guide 213 Network Environment Considerations for Clustering214 Nokia Network Voyager for Ipso 4.0 Reference Guide 215 Other Considerations216 Clustering IP2250 PlatformsNokia Network Voyager for Ipso 4.0 Reference Guide 217 Upgrading Ipso in a Cluster218 For All UpgradesUpgrading from Ipso 3.7 or Later Upgrading from IpsoNokia Network Voyager for Ipso 4.0 Reference Guide 219 Enabling Cluster ManagementCreating a Cluster Creating and Configuring a ClusterConfiguration Overview To create and configure a clusterConfiguring the Work Assignment Method Selecting the Cluster ModeNokia Network Voyager for Ipso 4.0 Reference Guide 221 To include an interface in the cluster Configuring an Interface222 Supporting Non-Check Point Gateways and Clients Configuring Firewall MonitoringNokia Network Voyager for Ipso 4.0 Reference Guide 223 Using IP Pools Configuring VPN Tunnels224 Nokia Network Voyager for Ipso 4.0 Reference Guide 225 Using IP Pools When Only Check Point Gateways Are InvolvedConfiguring IP pools in Cluster Voyager Configuring Join-Time Shared Features226 What if Settings Conflict? What is Sharable?Nokia Network Voyager for Ipso 4.0 Reference Guide 227 228 Configuring Features for SharingNokia Network Voyager for Ipso 4.0 Reference Guide 229 Adding a Node to a ClusterMaking the Cluster Active After You Create a Cluster230 Recommended ProcedureJoining a System to a Cluster Managing a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 231 To start Cluster Voyager Using Cluster Voyager232 Cluster Administrator Users If You Forget the cadmin PasswordNokia Network Voyager for Ipso 4.0 Reference Guide 233 234 Configuring the Failure IntervalConfiguring the Performance Rating Monitoring a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 235 Managing Join-Time Shared Features236 Installing Ipso ImagesNokia Network Voyager for Ipso 4.0 Reference Guide 237 238 Removing a Node from a ClusterAssigning the Time Zone Changing Cluster Interface ConfigurationsDeleting a Cluster Configuration Synchronizing the Time on Cluster NodesNTP Server Outside the Cluster Configuring NTP240 Using the Master Node as the NTP Server Configuring NGX for ClusteringNokia Network Voyager for Ipso 4.0 Reference Guide 241 242 Nokia Network Voyager for Ipso 4.0 Reference Guide 243 Clustering Example Three Nodes244 Configuring the Cluster in VoyagerNokia Network Voyager for Ipso 4.0 Reference Guide 245 Configuring the Internal and External Routers246 Clustering Example With Non-Check Point VPNNokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Nokia Network Voyager for Ipso 4.0 Reference Guide 249 Snmp OverviewSource Function 250UDP-MIB Nokia Network Voyager for Ipso 4.0 Reference Guide 251252 Snmp Proxy Support for Check Point MIBUsing cpsnmpstart Using the Check Point MIBNokia Network Voyager for Ipso 4.0 Reference Guide 253 Enabling Snmp and Selecting the Version To enable or disable Snmp254 Nokia Network Voyager for Ipso 4.0 Reference Guide 255 Configuring the System for SnmpSetting an Agent Address To set an Snmp agent addressType of Trap Description Configuring TrapsTypes of Snmp Traps 256Nokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Setting the Trap PDU Agent Address Configuring Trap ReceiversEnabling or Disabling Trap Types Error status code Meaning Interpreting Error MessagesConfiguring Location and Contact Information To configure location and contact informationValue Field Set Description GetRequestNokia Network Voyager for Ipso 4.0 Reference Guide 261 Variable-bindings Element Description262 Configuring SNMPv3GetNextRequest GetBulkRequestNokia Network Voyager for Ipso 4.0 Reference Guide 263 Request MessagesManaging Snmp Users Security Related Options Used in Request Messages264 To add an Snmp userNokia Network Voyager for Ipso 4.0 Reference Guide 265 To delete a USM user266 Nokia Network Voyager for Ipso 4.0 Reference Guide 267 IPv6 OverviewInterfaces To configure IPv6 logical interfaces268 Nokia Network Voyager for Ipso 4.0 Reference Guide 269 To disable IPv6 on an interfaceTo configure neighbor discovery To delete an IPv6 address270 Configuring IPv6 in IPv4 TunnelsTo configure IPv6 in IPv4 tunnels IPv6 and IPv4 CompatibilityTo configure IPv6 over IPv4 Configuring IPv6 to IPv4Configuring IPv6 over IPv4 To configure IPv6 to IPv4To configure an IPv6 default or static route Configuring IPv4 in IPv6 TunnelsConfiguring an IPv6 Default or Static Route To configure IPv4 in IPv6 tunnelsCreating IPv6 Aggregate Routes Routing ConfigurationConfiguring OSPFv3 Configuring RIPng274 Creating Redistributed RoutesRedistributing Static Routes into RIPng Redistributing Aggregate Routes in RIPngNokia Network Voyager for Ipso 4.0 Reference Guide 275 Configuring ICMPv6 Router DiscoveryRouter Discovery Redistributing Interface Routes into RIPng276 Vrrp for IPv6 Configuring Vrrp for IPv6Nokia Network Voyager for Ipso 4.0 Reference Guide 277 278 Creating a Virtual Router for an IPv6 Interface Using VRRPv3Nokia Network Voyager for Ipso 4.0 Reference Guide 279 To set the virtual MAC address Setting a Virtual MAC Address for a Virtual Router280 Removing a Virtual Router in VRRPv3 Changing the IP Address List of a Virtual Router in VRRPv3Nokia Network Voyager for Ipso 4.0 Reference Guide 281 282 Creating a Virtual Router in Monitored Circuit Mode for IPv6Nokia Network Voyager for Ipso 4.0 Reference Guide 283 284 Traffic ManagementTo enable FTP, TFTP, or Telnet access Security and Access ConfigurationNokia Network Voyager for Ipso 4.0 Reference Guide 285 286 To change the current user’s password Managing PasswordsNokia Network Voyager for Ipso 4.0 Reference Guide 287 Managing User Accounts To change another user’s password288 Attribute Description Adding and Deleting UsersUser Account Attributes Nokia Network Voyager for Ipso 4.0 Reference Guide 289290 Managing and Using S/KeyTo add a user To remove a userNokia Network Voyager for Ipso 4.0 Reference Guide 291 Using S/KeyTo configure S/Key To use the S/Key292 To disable S/KeyManaging Groups Disabling S/KeyTo add or edit a group Role-Based AdministrationNokia Network Voyager for Ipso 4.0 Reference Guide 293 To add or edit a role Managing Roles294 Nokia Network Voyager for Ipso 4.0 Reference Guide 295 Assigning Roles and Access Mechanisms to UsersTo assign roles and access mechanisms to users To delete a role296 Creating Cluster Administrator UsersService Description Configuring Network Access and ServicesNetwork Access Configuration Options Network Services298 Configuring a Modem on COM2, COM3, or COM4To enable network access options and services Modem Configuration ParametersNokia Network Voyager for Ipso 4.0 Reference Guide 299 To configure a modem on COM2, COM3, or COM4300 Configuring Nokia Network Voyager AccessCountry Codes for Ositech Five of Clubs Card Country Codes for Ositech Five of Clubs Card IITo configure Web access for Nokia Network Voyager Configuring Basic Nokia Network Voyager OptionsNokia Network Voyager for Ipso 4.0 Reference Guide 301 302 Generating and Installing SSL/TLS CertificatesGenerating an SSL/TLS Certificate and Keys To generate a certificate and its associated private keyTo install the certificate and its associated private key Installing the SSL/TLS CertificateNokia Network Voyager for Ipso 4.0 Reference Guide 303 Secure Shell SSH Troubleshooting SSL/TLS Configuration304 To configure SSH Initial SSH ConfigurationNokia Network Voyager for Ipso 4.0 Reference Guide 305 To configure advanced options Configuring Advanced Options for SSH306 Nokia Network Voyager for Ipso 4.0 Reference Guide 307 308 Configuring Secure Shell Authorized KeysNokia Network Voyager for Ipso 4.0 Reference Guide 309 To configure authorized keysTo configure key pairs Changing Secure Shell Key PairsTo manage user identities Managing User RSA and DSA Identities310 Nokia Network Voyager for Ipso 4.0 Reference Guide 311 Network Voyager Session ManagementTunneling Http Over SSH To tunnel Http over SSHEnabling Enabling or Disabling Session Management Configuring Session TimeoutsTo enable or disable session management To set the session timeout intervalNokia Network Voyager for Ipso 4.0 Reference Guide 313 Authentication, Authorization, and Accounting AAACreating an AAA Configuration To create an AAA configurationCreating a Service Profile Creating a Service Module EntryCreating an Authentication Profile Nokia Network Voyager for Ipso 4.0 Reference Guide 315 Authentication Profile TypesType Module Description To create an account profile Creating an Accounting Profile316 317 Control Description Creating a Service Module ExampleProfile Controls 318Service Auth. Mgmt Acct. Mgmt Session Mgmt Configuring RadiusNokia Network Voyager for Ipso 4.0 Reference Guide 319 320 Nokia Network Voyager for Ipso 4.0 Reference Guide 321 Configuring TACACS+To delete an authentication server Deleting an AAA Authentication Server Configuration322 To add an authentication profile Changing an AAA ConfigurationChanging the Service Profile To change an AAA configurationService Authentication Management Creating a Stacked Service Module324 To add a session profile Changing a Service Module ConfigurationChanging an Authentication Profile Configuration To add an accounting profileChanging a Session Profile Configuration Changing an Accounting Profile Configuration326 Encryption Acceleration Deleting an AAA ConfigurationDeleting an Item in a Service Profile Entry To delete an AAA configurationMonitoring Cryptographic Acceleration To enable the card for a Check Point VPNIPSec Tunnels Ipso Implementation Enabling Encryption Accelerator CardsNokia Network Voyager for Ipso 4.0 Reference Guide 329 Transport and Tunnel ModesProtocol Negotiation and Key Management Building VPN on ESP330 Nokia Network Voyager for Ipso 4.0 Reference Guide 331 332 Using PKIIPSec Implementation in Ipso IPSec RFCsNokia Network Voyager for Ipso 4.0 Reference Guide 333 Miscellaneous Tunnel Requirements334 Phase 1 ConfigurationIPSec Parameters Platform SupportNokia Network Voyager for Ipso 4.0 Reference Guide 335 Choosing IPv4 or IPv6 General ConfigurationTo chose IPv4 or IPv6 general configuration pages Creating an IPSec Policy336 Proposal and FiltersTrusted CA Certificates To select a trusted CA certificateNokia Network Voyager for Ipso 4.0 Reference Guide 337 Device Certificates338 To enroll and install a device certificateNokia Network Voyager for Ipso 4.0 Reference Guide 339 Advanced IPSecTo complete creating an IPSec policy Putting It All Together340 To create an IPSec tunnel rule Creating an IPSec Tunnel RuleNokia Network Voyager for Ipso 4.0 Reference Guide 341 To create a transport rule Transport Rule342 Nokia Network Voyager for Ipso 4.0 Reference Guide 343 IPSec Tunnel Rule Example To configure Nokia Platform344 Nokia Network Voyager for Ipso 4.0 Reference Guide 345 346 Configure Nokia PlatformTo configure Nokia Platform 1 Ipso IPSec Transport Rule ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 347 348 Configure PC1Removing an IPSec Tunnel To remove an IPSec tunnelTo set TCP flag combinations Miscellaneous Security SettingsNokia Network Voyager for Ipso 4.0 Reference Guide 349 350 Routing Protocols Routing OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 351 352 RIPNokia Network Voyager for Ipso 4.0 Reference Guide 353 Route Maps354 Types of AreasHigh Availability Support for Ospf Area Border RoutersNokia Network Voyager for Ipso 4.0 Reference Guide 355 Clustering Configuring Ospf356 Nokia Network Voyager for Ipso 4.0 Reference Guide 357 Configuring Ospf Areas and Global SettingsOspf Area Configuration Parameters Stub Area Parameters358 Nssa Not So Stubby Area ParametersNokia Network Voyager for Ipso 4.0 Reference Guide 359 Configuring Virtual LinksTo configure Ospf To configure a virtual link360 Configuring Global SettingsNokia Network Voyager for Ipso 4.0 Reference Guide 361 Global Settings for OspfConfiguration Parameters for Ospf Interfaces Configuring Ospf Interfaces362 Nokia Network Voyager for Ipso 4.0 Reference Guide 363 To configure an Ospf interface364 Configuring Ospf ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 365 Network MaskAuto Summarization Virtual IP Address Support for Vrrp366 Nokia Network Voyager for Ipso 4.0 Reference Guide 367 Configuring RIPTo configure RIP RIP 1 Configuration Options Available from Network Voyager368 Configuring RIP TimersNokia Network Voyager for Ipso 4.0 Reference Guide 369 Configuring Auto-SummarizationRIP Example Enabling RIP 1 on an Interface370 Enabling RIP 2 on an InterfaceNokia Network Voyager for Ipso 4.0 Reference Guide 371 Configuring Virtual IP Support for VrrpPIM Support for IP Clustering PIM Dense-Mode372 PIM Sparse-ModeNokia Network Voyager for Ipso 4.0 Reference Guide 373 Configuring Dense-Mode PIMConfiguring Check Point VPN-1 Pro/Express PIM and Check Point SecureXL374 Disabling PIMNokia Network Voyager for Ipso 4.0 Reference Guide 375 Setting Advanced Options for Dense-Mode PIM Optional376 Configuring Sparse-Mode PIMNokia Network Voyager for Ipso 4.0 Reference Guide 377 Configuring High-Availability Mode378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 380 Configuring a PIM-SM Static Rendezvous PointNokia Network Voyager for Ipso 4.0 Reference Guide 381 Setting Advanced Options for Sparse-Mode PIM Optional382 Debugging PIM Command ShowsNokia Network Voyager for Ipso 4.0 Reference Guide 383 384 To log information about errors and eventsNokia Network Voyager for Ipso 4.0 Reference Guide 385 Igrp386 Nokia Network Voyager for Ipso 4.0 Reference Guide 387 Generation of Exterior Routes388 Configuring IgrpAliased Interfaces Igrp AggregationIgrp Example To enable Igrp on an interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 389 390 DvmrpConfiguring Dvmrp Timers Configuring DvmrpNokia Network Voyager for Ipso 4.0 Reference Guide 391 392 IgmpNokia Network Voyager for Ipso 4.0 Reference Guide 393 Configuring Igmp394 Static RoutesTo setting the rank for static routes To configure a default or static routeNokia Network Voyager for Ipso 4.0 Reference Guide 395 396 To add and configure many static routes at the same timeCreating/Removing Static Routes To create a static default routeTo create a static route non-default Adding and Managing Static Routes ExampleRoute Aggregation Backup Static RoutesTo disable a static route To create a backup static routeTo remove aggregate routes To create aggregate routesNokia Network Voyager for Ipso 4.0 Reference Guide 399 400 Route Aggregation ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 401 Preference DefaultRoute Rank Rank AssignmentsTo set route rank Routing Protocol Rank Example402 Support for BGP-4++ To configure the routing preferencesNokia Network Voyager for Ipso 4.0 Reference Guide 403 BGP Path Attributes BGP Sessions Internal and External404 Path Attribute Definition Nokia Network Voyager for Ipso 4.0 Reference Guide 405BGP Interactions with IGPs BGP Multi-Exit Discriminator406 Nokia Network Voyager for Ipso 4.0 Reference Guide 407 Inbound BGP Route FiltersRedistributing Routes to BGP Communities408 Route ReflectionCommunity attribute Description Nokia Network Voyager for Ipso 4.0 Reference Guide 409 Confederations410 Ebgp Multihop SupportRoute Dampening TCP MD5 AuthenticationNokia Network Voyager for Ipso 4.0 Reference Guide 411 412 BGP Support for Virtual IP for VrrpNokia Network Voyager for Ipso 4.0 Reference Guide 413 BGP Support for IP ClusteringBGP Memory Requirements TablesExample Memory Size414 BGP Neighbors Example To configure Ibgp on Nokia Platform aNokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform C To configure Ibgp on Nokia Platform B416 Nokia Network Voyager for Ipso 4.0 Reference Guide 417 To configure Ebgp on Nokia Platform aTo configure Ebgp on Nokia Platform C To configure Ebgp on Nokia Platform D418 To configuring Ebgp on Nokia Platform EPath Filtering Based on Communities Example VerificationBGP Multi Exit Discriminator Example To configure Default MED for Nokia Platform DNokia Network Voyager for Ipso 4.0 Reference Guide 419 420 To configure MED Values for all peers of AS200Nokia Network Voyager for Ipso 4.0 Reference Guide 421 Changing the Local Preference Value Example422 To configure an Ibgp peer for Nokia Platform BTo configure the static routes required for an Ibgp session To set the local preference value for an Ibgp peerBGP Confederation Example Configuring Nokia Platform CNokia Network Voyager for Ipso 4.0 Reference Guide 423 424 Configuring Platform BNokia Network Voyager for Ipso 4.0 Reference Guide 425 Route Reflector Example Configuring Platform B as Route Reflector426 Configuring Platform D as Ibgp Peer of Platform B Configuring Platform C as Ibgp Peer of Platform BNokia Network Voyager for Ipso 4.0 Reference Guide 427 428 Configuring BGP Route Inbound Policy on Platform BConfiguring Redistribution of BGP Routes on Platform B BGP Community ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 429 Follow the steps in the Redistributing Ospf to BGP ExampleEbgp Load Balancing Example Scenario #1 Configuring a Loopback Address on Platform aConfiguring a Loopback Address on Platform B Configuring a Static Route on Platform aNokia Network Voyager for Ipso 4.0 Reference Guide 431 Configuring a Static Route on Platform BConfiguring an Ebgp Peer on Platform a Configuring an Ebgp Peer on Platform B432 Configuring Ospf on Platform aConfiguring Ospf on Platform B Ebgp Load Balancing Example Scenario #2Nokia Network Voyager for Ipso 4.0 Reference Guide 433 Adjusting BGP Timers Example434 TCP MD5 Authentication ExampleConfiguring TCP MD5 Authentication on Nokia Platform a Configuring BGP Route Redistribution on Nokia Platform BBGP Route Dampening Example Field Default value Units of measurementNokia Network Voyager for Ipso 4.0 Reference Guide 435 BGP-4++ Example BGP Path Selection436 Nokia Network Voyager for Ipso 4.0 Reference Guide 437 To configure configure a BGP4 session over IPv6 transport438 Route RedistributionNokia Network Voyager for Ipso 4.0 Reference Guide 439 To redistribute a single route To configure BGP route redistribution on Nokia Platform DRedistributing Routes to RIP and Igrp BGP Route Redistribution ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 441 Redistributing RIP to Ospf Example442 Nokia Network Voyager for Ipso 4.0 Reference Guide 443 Redistributing Ospf to BGP ExampleTo redistribute Ospf to BGP through Nokia Platform a Redistributing Routes with Ospf444 Inbound Route Filters To configure IGP inbound filtersNokia Network Voyager for Ipso 4.0 Reference Guide 445 446 BGP Route Inbound Policy ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 447 Aspath Regular Expressions BGP AS Path Filtering Example448 Nokia Network Voyager for Ipso 4.0 Reference Guide 449 Traffic Management OverviewPacket Filtering Description Traffic Shaping DescriptionTraffic Queuing Description Configuring Access Control Lists450 To apply or remove an ACL to or from an interface To create or delete an ACLNokia Network Voyager for Ipso 4.0 Reference Guide 451 452 Configuring ACL RulesTo add a new rule to an ACL Modifying a RuleNokia Network Voyager for Ipso 4.0 Reference Guide 453 454 ACL Rule AttributesNokia Network Voyager for Ipso 4.0 Reference Guide 455 Configuring Aggregation ClassesTo associate an aggregation class with a rule To create an Aggregation Class456 Nokia Network Voyager for Ipso 4.0 Reference Guide 457 Configuring Queue ClassesTo create or delete a queue class To set or modify queue class configuration values458 Nokia Network Voyager for Ipso 4.0 Reference Guide 459 Configuring ATM QoSTo associate a queue class with an interface Create a QoS descriptorTo dissociate an ATM QoS Descriptor from an existing PVC To delete an ATM QoS descriptor460 Nokia Network Voyager for Ipso 4.0 Reference Guide 461 Configuring Common Open Policy ServerConfiguring Security Parameters for a Cops Client ID Configuring a Cops Client ID and Policy Decision Point462 Nokia Network Voyager for Ipso 4.0 Reference Guide 463 Assigning Roles to Specific Interfaces464 To disable and delete a Client IDActivating and Deactivating the Cops Client Deleting a Client IDNokia Network Voyager for Ipso 4.0 Reference Guide 465 Example Rate Shaping466 Example Expedited ForwardingNokia Network Voyager for Ipso 4.0 Reference Guide 467 468 To test the configurationNokia Network Voyager for Ipso 4.0 Reference Guide 469 BOOTP/DHCP Relay470 Configuring BOOTP/DHCP RelayTo enable Bootp relay on an Interface Bootp configuration parametersNokia Network Voyager for Ipso 4.0 Reference Guide 471 To disable Bootp relay on an interfaceIP Broadcast helper configuration parameters IP Broadcast Helper472 To configure IP broadcast helperRouter Discovery Overview Configuring Router DiscoveryNokia Network Voyager for Ipso 4.0 Reference Guide 473 Router discover configuration parameters To enable router discovery services474 Network Time Protocol NTP To disable router discovery servicesNokia Network Voyager for Ipso 4.0 Reference Guide 475 To configure NTP Configuring NTP476 Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 CPU-Memory Live Utilization Viewing System Utilization StatisticsNokia Network Voyager for Ipso 4.0 Reference Guide 479 Monitoring Process Utilization Disk and Swap Space480 Nokia Network Voyager for Ipso 4.0 Reference Guide 481 Ipso Process ManagementProcess Description Report Description Generating Monitor ReportsReports 482To display reports Monitoring System HealthNokia Network Voyager for Ipso 4.0 Reference Guide 483 484 Monitoring System LogsNokia Network Voyager for Ipso 4.0 Reference Guide 485 Viewing Cluster Status and Members486 Displaying Route SettingsViewing Routing Protocol Information Displaying the Kernel Forwarding TableHardware Monitoring Displaying Interface SettingsNokia Network Voyager for Ipso 4.0 Reference Guide 487 488 Using the iclid ToolIclid Commands To display routing daemon status using iclidNokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 494 Preventing Full Log Buffers and Related Console MessagesIf you are using FireWall-1 NG If you are using FireWall-1Nokia Network Voyager for Ipso 4.0 Reference Guide 495 496 Nokia Network Voyager for Ipso 4.0 Reference Guide Index IndexBios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index