Manuals / Nokia / Cell Phone / Cell Phone

Nokia IPSO 4.0 manual Configuring VPN Tunnels, Using IP Pools, 224

Models: IPSO 4.0

1 510

Download 510 pages 5.58 Kb

Page 224

5

Configuring VPN Tunnels

If you want the cluster to support VPN tunnels in which non-Check Point gateways participate, you must configure the tunnels in Voyager (on the Clustering Setup Configuration page) as well as in NGX. Perform the following procedure:

1.In the Network Address field under Add New VPN Tunnel, enter the remote encryption domain IP address in dotted-decimal format (for example, 192.168.50.0).

2.In the Mask field, enter the mask value as a number of bits. The range is 8 to 32.

3.In the Tunnel End Point field, enter the external address of the non-Check Point gateway.

4.Click Apply.

The VPN Tunnel Information table appears and displays the information you configured.

5.If there is more than one network behind the non-Check Point gateway, repeat these steps for each network. In each case, enter the external address of the non-Check Point gateway as the tunnel end point. If one of the networks behind a non-Check Point gateway is not encrypted (for example, a DMZ), set its end point to 0.0.0.0.

Note

See “Clustering Example With Non-Check Point VPN” for an example of configuring a cluster to support a VPN with a non-Check Point gateway.

Using IP Pools

IPSO clusters support the use of IP pools (address ranges), which are useful for solving certain routing problems. For example, you might want to use an IPSO cluster (and NGX) to create a

224	Nokia Network Voyager for IPSO 4.0 Reference Guide

Image 224

Nokia IPSO 4.0 manual Configuring VPN Tunnels, Using IP Pools, 224

Contents

Nokia Network Voyager For Ipso Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide Restricted Rights LegendHttps//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Clustering Virtual Router Redundancy Protocol VrrpNokia Network Voyager Ipso 4.0 Reference Guide Configuring Snmp Configuring IPv6Managing Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Configuring Router Services Monitoring System Configuration and HardwareIndex About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Conventions This Guide Uses Text ConventionsText Conventions Convention DescriptionRelated Documentation Menu ItemsSoftware Overview Nokia Network Voyager for Ipso 4.0 Reference GuideTo open Nokia Network Voyager Logging In to Network VoyagerLogging Off Obtaining a Configuration Lock To log in with exclusive configuration lockTo log in without exclusive configuration lock To override a configuration lockAccessing Documentation and Help Navigating in Network VoyagerReloading Pages To clear the memory and disk cache„ Nokia support site https//support.nokia.com To open a new window to view helpViewing Hardware and Software Information for Your System To view the asset management summaryConfiguring Interfaces Interface OverviewType Prefix Configuring Network DevicesIP2250 Management Ports Configuring IP Addresses Physical Interface Logical InterfaceInterface Status Indicator Description Configuring Tunnel InterfacesInterface Status Indicators Configuring Ethernet Interfaces Physical Interface Configuration ParametersEthernet Interfaces Parameter DescriptionTo configure an Ethernet interface Link AggregationManaging Link Aggregation Using Snmp Configuring Switches for Link AggregationFirewall Synchronization Traffic Static Link AggregationLink Aggregation on the IP2250 Configuring the Remaining Management Ports Production Traffic ADP I/O Ports OnlyConfiguring Link Aggregation Physical Interface ConfigurationTo set up link aggregation in Network Voyager To physically configure the interfaces you will aggregateGroup Configuration To configure link aggregation groupsLogical Configuration Gigabit Ethernet InterfacesDeleting Aggregation Groups Gigabit Ethernet Interface ParametersTo configure a Gigabit Ethernet interface MTUPoint-to-Point Over Ethernet Configuring PPPoETo configure PPPoE Nokia Network Voyager for Ipso 4.0 Reference Guide To change configuration profiles To delete configuration profilesTo create PPPoE logical interfaces To delete PPPoE logical interfacesConfiguring MSS Clamping Virtual LAN InterfacesTo configure a Vlan Interface To delete a Vlan InterfaceVlan Example Topology To define the maximum number of VLANsTo configure an Fddi Interface Fddi InterfacesTo change the duplex setting of an Fddi interface To change the IP address of an Fddi interfaceTo configure an Isdn physical interface Isdn InterfacesTo configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls Configuring Calling Line-Identification Screening To add an incoming numberTo configure an interface to place and receive calls To remove an incoming numberDial-on-Demand Routing DDR Lists To add a new rule to a DDR list To create a DDR listTo delete a DDR list To apply or remove a DDR list to/from an interface Example DDR ListTo modify a rule Isdn Network Configuration Example To configure the IP330 to place an outgoing call To configure the IP650 to handle an incoming callSample Call Traces Trace for connecting a call from the Nokia IP330 is Isdn Troubleshooting LoggingTo set level of messages logged To view the message logTroubleshooting Cause Codes To trace Isdn traffic using tcpdumpTracing Isdn Cause Code FieldsCause Values Cause Cause Description DiagnosticsIsdn Cause Values See Isdn Cause Values table Information-element identifiers is missing Isdn Bearer-Capable Values Value DescriptionTo configure a Token Ring interface Token Ring InterfacesTo deactivate a Token Ring interface To change a Token Ring interfaceToken Ring Example Fddi To configure an ATM interface Point-to-Point Link over ATMTo change the VPI/VCI of an ATM interface To change the IP Address of an ATM interface To change the IP MTU of an ATM interfaceATM Example FddiIP over ATM IPoA To configure the ATM interface on Nokia Platform aTo configure an ATM logical IP subnet LIS interface To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface IPoA Example ATMTo configure a serial interface for Cisco Hdlc Serial V.35 and X.21 InterfacesTo configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example T1with Built-In CSU/DSU Interfaces To configure the serial interface on Nokia Platform aTo configure a T1 Interface for Cisco Hdlc Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a To configure an E1 interface for Cisco Hdlc E1 with Built-In CSU/DSU InterfacesNokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for frame relay 100Nokia Network Voyager for Ipso 4.0 Reference Guide 101 102 Nokia Network Voyager for Ipso 4.0 Reference Guide 103 To configure an Hssi interface for Cisco HdlcHssi Interfaces To configure an Hssi interface for PPP 104To configure an Hssi interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 105106 Configuring Unnumbered Interfaces To configure an unnumbered interfaceUnnumbered Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 107To change an unnumbered interface to a numbered interface 108To configure a static route over an unnumbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 109110 Configuring Ospf over Unnumbered InterfaceOspf over Unnumbered Interfaces Using Virtual Links Nokia Network Voyager for Ipso 4.0 Reference Guide 111 Cisco Hdlc ProtocolTo change the keepalive interval for Cisco Hdlc Point-to-Point Protocol To change the IP address in Cisco HdlcTo change the keepalive interval in PPP 112Nokia Network Voyager for Ipso 4.0 Reference Guide 113 To change the keepalive maximum failures in PPPTo change the IP address in PPP Frame Relay Protocol To change the keepalive interval in frame relayTo change the Dlci in frame relay 114Nokia Network Voyager for Ipso 4.0 Reference Guide 115 To change the LMI parameters in frame relayTo change the interface type in frame relay To change the active status monitor setting in frame relay To change the IP address in frame relayTo remove a frame relay interface 116Loopback Interfaces To add an IP Address to a Loopback InterfaceTo change the IP Address of a loopback interface Nokia Network Voyager for Ipso 4.0 Reference Guide 117Configuring GRE Tunnels GRE TunnelsTo create a GRE tunnel 118Nokia Network Voyager for Ipso 4.0 Reference Guide 119 To change IP TOS value of a GRE tunnel 120GRE Tunnel Example Nokia Network Voyager for Ipso 4.0 Reference Guide 121122 High Availability GRE TunnelsHA GRE Tunnel Example Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 Nokia Network Voyager for Ipso 4.0 Reference Guide 125 Dvmrp TunnelsTo create a Dvmrp tunnel 126 Dvmrp Tunnel ExampleTo change the local or remote addresses of a Dvmrp tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 127 128 ARP Table EntriesTo change ARP global parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 129 To add a static ARP entryTo add a proxy ARP entry Configuring ARP for ATM Interfaces To add a static ATM ARP entry To delete a static ATM ARP entryTo view and delete dynamic ATM ARP entries Nokia Network Voyager for Ipso 4.0 Reference Guide 131132 Transparent ModeLimitations Transparent Mode Processing Details Nokia Network Voyager for Ipso 4.0 Reference Guide 133Configuring Transparent Mode in VPN Environments 134Example of Transparent Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 135Configuring Transparent Mode 136Creating and Deleting Transparent Mode Groups To create a transparent mode groupTo delete a transparent mode group Nokia Network Voyager for Ipso 4.0 Reference Guide 137138 Enabling or Disabling a Transparent Mode GroupTo enable or disable a transparent mode group Monitoring Transparent Mode Groups Transparent Mode and Check Point NGXEnabling or Disabling Vrrp for a Transparent Mode Group Configuring AntispoofingVirtual Tunnel Interfaces Fwvpn for Route-Based VPN Unnumbered VTIsRouting Traffic through the VTI 140Nokia Network Voyager for Ipso 4.0 Reference Guide 141 Creating Virtual Tunnel Interfaces Vrrp SupportTo create a virtual tunnel interface To create the VPN communityNokia Network Voyager for Ipso 4.0 Reference Guide 143 To create the virtual tunnel interface 144Configuring Dhcp Nokia Network Voyager for Ipso 4.0 Reference Guide 145Configuring Dhcp Client Interfaces Dhcp Client ConfigurationTo configure the Dhcp client interface To enable the Dhcp client processNokia Network Voyager for Ipso 4.0 Reference Guide 147 Configuring the Dhcp ServerTo configure the Dhcp server process 148 Dhcp Server ConfigurationTo enable the Dhcp server process Changing Dhcp Service To disable the Dhcp server processTo change the Dhcp service Adding Dhcp Address PoolsTo enable and existing IP address pool Enabling or Disabling Dhcp Address PoolsAssigning a Fixed-IP Address to a Client To assign a fixed-IP address to a clientCreating Dhcp Client Templates Nokia Network Voyager for Ipso 4.0 Reference Guide 151152 Configuring Dynamic Domain Name System Service Configuring Dynamic Domain Name System ZonesTo configure Dynamic Domain Name System Ddns Nokia Network Voyager for Ipso 4.0 Reference Guide 153Configuring the Domain Name Service Configuring Disk MirroringTo configure DNS To create a mirror setNokia Network Voyager for Ipso 4.0 Reference Guide 155 Using an Optional Disk Flash-Based Systems OnlyTo delete a mirror set To install and configure PC card flash memory To configure the system to store log files on the PC cardMail Relay To remove an optional diskConfiguring Mail Relay To configure failure notificationTo configure mail relay for your firewall System Failure NotificationSetting the System Time Sending MailTo send mail from the firewall 158Configuring Host Addresses To set system time onceTo add a static host entry Nokia Network Voyager for Ipso 4.0 Reference Guide 159Configuring System Logging Configuring Logging on Disk-Based SystemsAccepting Log Messages Logging to a Remote SystemNokia Network Voyager for Ipso 4.0 Reference Guide 161 Configuring Logging on Flash-Based SystemsTo send syslog messages to a remote system Configuring Logging to Remote Log Servers 162Nokia Network Voyager for Ipso 4.0 Reference Guide 163 Configuring Audit LogsConfiguring Logging to an Optional Disk To set the system configuration audit log 164Remote Core Dump Server on Flash-Based Systems Nokia Network Voyager for Ipso 4.0 Reference Guide 165Managing Configuration Sets Changing the HostnameTo change the hostname 166To create a factory default configuration file To switch a currently active databaseTo delete unwanted configuration database files Scheduling Jobs168 Backing Up and Restoring FilesTo delete scheduled jobs Creating Backup Files To create a backup file manuallyTo delete local backup files Nokia Network Voyager for Ipso 4.0 Reference Guide 169Transferring Backup Files Configuring Automatic TransfersTo configure scheduled backups To cancel a regularly scheduled backupNokia Network Voyager for Ipso 4.0 Reference Guide 171 Transferring Backup Files ManuallyTo manually transfer archive files to a remote server 172 Restoring Files from Locally Stored Backup FilesTo restore files Managing Nokia Ipso Images Changing Current ImageDeleting Images To select a new current image174 Installing New ImagesTo delete an Nokia Ipso image Nokia Network Voyager for Ipso 4.0 Reference Guide 175 Testing a New ImageTo test an image before activating it Rebooting a Cluster Upgrading Nokia Ipso Images for a ClusterDowngrading Nokia Ipso Images 176Configuring Monitor Reports Nokia Network Voyager for Ipso 4.0 Reference Guide 177Installing and Enabling Packages Managing PackagesRestrictions for Flash-Based Platforms Monitor Report ParametersTo install a package Nokia Network Voyager for Ipso 4.0 Reference Guide 179Advanced System Tuning Tuning the TCP/IP StackTo enable or disable a package To delete a packageNokia Network Voyager for Ipso 4.0 Reference Guide 181 Router Alert IP OptionTo set the TCP MSS 182 Nokia Network Voyager for Ipso 4.0 Reference Guide 183 Vrrp OverviewHow Vrrp Works Simple Vrrp Configuration 184Vrrp Configuration with Internal and External VRIDs Vrrp Configuration with Simultaneous Backup186 Configuring VrrpUnderstanding Monitored-Circuit Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 187 Selecting Configuration ParametersPriority 188 AuthenticationHello Interval Nokia Network Voyager for Ipso 4.0 Reference Guide 189 Backup AddressPriority Delta Vmac Mode 190Global Vrrp Settings Vrrp Configuration ParametersBefore you Begin Nokia Network Voyager for Ipso 4.0 Reference Guide 191Configuring Monitored-Circuit Vrrp 192To add a virtual router Nokia Network Voyager for Ipso 4.0 Reference Guide 193Configuring Monitored-Circuit Vrrp using the Full Method To change the configuration of an existing virtual routerTo delete a virtual router 194Additional Vrrp Parameters Used in Full Method Nokia Network Voyager for Ipso 4.0 Reference Guide 195196 Configuring VRRPv2To add or back up a virtual router using VRRPv2 Configuring Check Point NGX for Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 197Configure settings under the 3rd party configuration tab 198Nokia Network Voyager for Ipso 4.0 Reference Guide 199 Configuring Vrrp Rules for Check Point NGXConfiguration Rule for Check Point NGX FP1 Configuration Rules for Check Point NGX FP2 and Later Configuring Rules if You Are Using Ospf or DvmrpSource Destination Service Action 200CLI commands for Vrrp Monitoring VrrpLink Aggregation IP2250 Systems Only State202 LocationStats Troubleshooting Vrrp General Configuration ConsiderationsTo enable or disable Monitor Firewall state To enable traces for Vrrp204 Access Control ListsFirewall Policies Switched Environments Monitored-Circuit Vrrp in Switched EnvironmentsVRRPv2 in Switched Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 205206 Nokia Network Voyager for Ipso 4.0 Reference Guide 207 Using Flash-Based PlatformsIP Clustering Description Example Cluster 208Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 209Cluster Terminology 210Cluster member a cluster node that is not the master Nokia Network Voyager for Ipso 4.0 Reference Guide 211Clustering Modes 212Nokia Network Voyager for Ipso 4.0 Reference Guide 213 214 Considerations for ClusteringNetwork Environment Other Considerations Nokia Network Voyager for Ipso 4.0 Reference Guide 215Clustering IP2250 Platforms 216Upgrading Ipso in a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 217For All Upgrades Upgrading from Ipso 3.7 or LaterUpgrading from Ipso 218Enabling Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 219Creating and Configuring a Cluster Configuration OverviewTo create and configure a cluster Creating a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 221 Selecting the Cluster ModeConfiguring the Work Assignment Method 222 Configuring an InterfaceTo include an interface in the cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 223 Configuring Firewall MonitoringSupporting Non-Check Point Gateways and Clients 224 Configuring VPN TunnelsUsing IP Pools Using IP Pools When Only Check Point Gateways Are Involved Nokia Network Voyager for Ipso 4.0 Reference Guide 225226 Configuring Join-Time Shared FeaturesConfiguring IP pools in Cluster Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 227 What is Sharable?What if Settings Conflict? Configuring Features for Sharing 228Adding a Node to a Cluster Making the Cluster ActiveAfter You Create a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 229Recommended Procedure 230Nokia Network Voyager for Ipso 4.0 Reference Guide 231 Managing a ClusterJoining a System to a Cluster 232 Using Cluster VoyagerTo start Cluster Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 233 If You Forget the cadmin PasswordCluster Administrator Users Configuring the Failure Interval Configuring the Performance RatingMonitoring a Cluster 234Managing Join-Time Shared Features Nokia Network Voyager for Ipso 4.0 Reference Guide 235Installing Ipso Images 236Nokia Network Voyager for Ipso 4.0 Reference Guide 237 Removing a Node from a Cluster 238Changing Cluster Interface Configurations Deleting a Cluster ConfigurationSynchronizing the Time on Cluster Nodes Assigning the Time Zone240 Configuring NTPNTP Server Outside the Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 241 Configuring NGX for ClusteringUsing the Master Node as the NTP Server 242 Clustering Example Three Nodes Nokia Network Voyager for Ipso 4.0 Reference Guide 243Configuring the Cluster in Voyager 244Configuring the Internal and External Routers Nokia Network Voyager for Ipso 4.0 Reference Guide 245Clustering Example With Non-Check Point VPN 246Nokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Snmp Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 249250 Source FunctionNokia Network Voyager for Ipso 4.0 Reference Guide 251 UDP-MIBSnmp Proxy Support for Check Point MIB 252Nokia Network Voyager for Ipso 4.0 Reference Guide 253 Using the Check Point MIBUsing cpsnmpstart 254 To enable or disable SnmpEnabling Snmp and Selecting the Version Configuring the System for Snmp Setting an Agent AddressTo set an Snmp agent address Nokia Network Voyager for Ipso 4.0 Reference Guide 255Configuring Traps Types of Snmp Traps256 Type of Trap DescriptionNokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Enabling or Disabling Trap Types Configuring Trap ReceiversSetting the Trap PDU Agent Address Interpreting Error Messages Configuring Location and Contact InformationTo configure location and contact information Error status code MeaningGetRequest Nokia Network Voyager for Ipso 4.0 Reference Guide 261Variable-bindings Element Description Value Field Set DescriptionConfiguring SNMPv3 GetNextRequestGetBulkRequest 262Request Messages Managing Snmp UsersSecurity Related Options Used in Request Messages Nokia Network Voyager for Ipso 4.0 Reference Guide 263To add an Snmp user 264To delete a USM user Nokia Network Voyager for Ipso 4.0 Reference Guide 265266 IPv6 Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 267268 To configure IPv6 logical interfacesInterfaces To disable IPv6 on an interface To configure neighbor discoveryTo delete an IPv6 address Nokia Network Voyager for Ipso 4.0 Reference Guide 269Configuring IPv6 in IPv4 Tunnels To configure IPv6 in IPv4 tunnelsIPv6 and IPv4 Compatibility 270Configuring IPv6 to IPv4 Configuring IPv6 over IPv4To configure IPv6 to IPv4 To configure IPv6 over IPv4Configuring IPv4 in IPv6 Tunnels Configuring an IPv6 Default or Static RouteTo configure IPv4 in IPv6 tunnels To configure an IPv6 default or static routeRouting Configuration Configuring OSPFv3Configuring RIPng Creating IPv6 Aggregate RoutesCreating Redistributed Routes Redistributing Static Routes into RIPngRedistributing Aggregate Routes in RIPng 274Configuring ICMPv6 Router Discovery Router DiscoveryRedistributing Interface Routes into RIPng Nokia Network Voyager for Ipso 4.0 Reference Guide 275276 Nokia Network Voyager for Ipso 4.0 Reference Guide 277 Configuring Vrrp for IPv6Vrrp for IPv6 Creating a Virtual Router for an IPv6 Interface Using VRRPv3 278Nokia Network Voyager for Ipso 4.0 Reference Guide 279 280 Setting a Virtual MAC Address for a Virtual RouterTo set the virtual MAC address Nokia Network Voyager for Ipso 4.0 Reference Guide 281 Changing the IP Address List of a Virtual Router in VRRPv3Removing a Virtual Router in VRRPv3 Creating a Virtual Router in Monitored Circuit Mode for IPv6 282Nokia Network Voyager for Ipso 4.0 Reference Guide 283 Traffic Management 284Nokia Network Voyager for Ipso 4.0 Reference Guide 285 Security and Access ConfigurationTo enable FTP, TFTP, or Telnet access 286 Nokia Network Voyager for Ipso 4.0 Reference Guide 287 Managing PasswordsTo change the current user’s password 288 To change another user’s passwordManaging User Accounts Adding and Deleting Users User Account AttributesNokia Network Voyager for Ipso 4.0 Reference Guide 289 Attribute DescriptionManaging and Using S/Key To add a userTo remove a user 290Using S/Key To configure S/KeyTo use the S/Key Nokia Network Voyager for Ipso 4.0 Reference Guide 291To disable S/Key Managing GroupsDisabling S/Key 292Nokia Network Voyager for Ipso 4.0 Reference Guide 293 Role-Based AdministrationTo add or edit a group 294 Managing RolesTo add or edit a role Assigning Roles and Access Mechanisms to Users To assign roles and access mechanisms to usersTo delete a role Nokia Network Voyager for Ipso 4.0 Reference Guide 295Creating Cluster Administrator Users 296Configuring Network Access and Services Network Access Configuration OptionsNetwork Services Service DescriptionConfiguring a Modem on COM2, COM3, or COM4 To enable network access options and servicesModem Configuration Parameters 298To configure a modem on COM2, COM3, or COM4 Nokia Network Voyager for Ipso 4.0 Reference Guide 299Configuring Nokia Network Voyager Access Country Codes for Ositech Five of Clubs CardCountry Codes for Ositech Five of Clubs Card II 300Nokia Network Voyager for Ipso 4.0 Reference Guide 301 Configuring Basic Nokia Network Voyager OptionsTo configure Web access for Nokia Network Voyager Generating and Installing SSL/TLS Certificates Generating an SSL/TLS Certificate and KeysTo generate a certificate and its associated private key 302Nokia Network Voyager for Ipso 4.0 Reference Guide 303 Installing the SSL/TLS CertificateTo install the certificate and its associated private key 304 Troubleshooting SSL/TLS ConfigurationSecure Shell SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 305 Initial SSH ConfigurationTo configure SSH 306 Configuring Advanced Options for SSHTo configure advanced options Nokia Network Voyager for Ipso 4.0 Reference Guide 307 Configuring Secure Shell Authorized Keys 308To configure authorized keys To configure key pairsChanging Secure Shell Key Pairs Nokia Network Voyager for Ipso 4.0 Reference Guide 309310 Managing User RSA and DSA IdentitiesTo manage user identities Network Voyager Session Management Tunneling Http Over SSHTo tunnel Http over SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 311Configuring Session Timeouts To enable or disable session managementTo set the session timeout interval Enabling Enabling or Disabling Session ManagementAuthentication, Authorization, and Accounting AAA Creating an AAA ConfigurationTo create an AAA configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 313Creating an Authentication Profile Creating a Service Module EntryCreating a Service Profile Type Module Description Authentication Profile TypesNokia Network Voyager for Ipso 4.0 Reference Guide 315 316 Creating an Accounting ProfileTo create an account profile 317 Creating a Service Module Example Profile Controls318 Control DescriptionNokia Network Voyager for Ipso 4.0 Reference Guide 319 Configuring RadiusService Auth. Mgmt Acct. Mgmt Session Mgmt 320 Configuring TACACS+ Nokia Network Voyager for Ipso 4.0 Reference Guide 321322 Deleting an AAA Authentication Server ConfigurationTo delete an authentication server Changing an AAA Configuration Changing the Service ProfileTo change an AAA configuration To add an authentication profile324 Creating a Stacked Service ModuleService Authentication Management Changing a Service Module Configuration Changing an Authentication Profile ConfigurationTo add an accounting profile To add a session profile326 Changing an Accounting Profile ConfigurationChanging a Session Profile Configuration Deleting an AAA Configuration Deleting an Item in a Service Profile EntryTo delete an AAA configuration Encryption AccelerationTo enable the card for a Check Point VPN IPSec Tunnels Ipso ImplementationEnabling Encryption Accelerator Cards Monitoring Cryptographic AccelerationTransport and Tunnel Modes Nokia Network Voyager for Ipso 4.0 Reference Guide 329330 Building VPN on ESPProtocol Negotiation and Key Management Nokia Network Voyager for Ipso 4.0 Reference Guide 331 Using PKI IPSec Implementation in IpsoIPSec RFCs 332Miscellaneous Tunnel Requirements Nokia Network Voyager for Ipso 4.0 Reference Guide 333Phase 1 Configuration IPSec ParametersPlatform Support 334Choosing IPv4 or IPv6 General Configuration To chose IPv4 or IPv6 general configuration pagesCreating an IPSec Policy Nokia Network Voyager for Ipso 4.0 Reference Guide 335Proposal and Filters Trusted CA CertificatesTo select a trusted CA certificate 336Device Certificates Nokia Network Voyager for Ipso 4.0 Reference Guide 337To enroll and install a device certificate 338Advanced IPSec Nokia Network Voyager for Ipso 4.0 Reference Guide 339340 Putting It All TogetherTo complete creating an IPSec policy Nokia Network Voyager for Ipso 4.0 Reference Guide 341 Creating an IPSec Tunnel RuleTo create an IPSec tunnel rule 342 Transport RuleTo create a transport rule Nokia Network Voyager for Ipso 4.0 Reference Guide 343 344 To configure Nokia PlatformIPSec Tunnel Rule Example Nokia Network Voyager for Ipso 4.0 Reference Guide 345 Configure Nokia Platform To configure Nokia Platform 1 IpsoIPSec Transport Rule Example 346Nokia Network Voyager for Ipso 4.0 Reference Guide 347 Configure PC1 Removing an IPSec TunnelTo remove an IPSec tunnel 348Nokia Network Voyager for Ipso 4.0 Reference Guide 349 Miscellaneous Security SettingsTo set TCP flag combinations 350 Nokia Network Voyager for Ipso 4.0 Reference Guide 351 Routing OverviewRouting Protocols RIP 352Route Maps Nokia Network Voyager for Ipso 4.0 Reference Guide 353Types of Areas 354Nokia Network Voyager for Ipso 4.0 Reference Guide 355 Area Border RoutersHigh Availability Support for Ospf 356 Configuring OspfClustering Configuring Ospf Areas and Global Settings Ospf Area Configuration ParametersStub Area Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 357Nssa Not So Stubby Area Parameters 358Configuring Virtual Links To configure OspfTo configure a virtual link Nokia Network Voyager for Ipso 4.0 Reference Guide 359Configuring Global Settings 360Global Settings for Ospf Nokia Network Voyager for Ipso 4.0 Reference Guide 361362 Configuring Ospf InterfacesConfiguration Parameters for Ospf Interfaces To configure an Ospf interface Nokia Network Voyager for Ipso 4.0 Reference Guide 363Configuring Ospf Example 364Network Mask Nokia Network Voyager for Ipso 4.0 Reference Guide 365366 Virtual IP Address Support for VrrpAuto Summarization Configuring RIP To configure RIPRIP 1 Configuration Options Available from Network Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 367Configuring RIP Timers 368Configuring Auto-Summarization RIP ExampleEnabling RIP 1 on an Interface Nokia Network Voyager for Ipso 4.0 Reference Guide 369Enabling RIP 2 on an Interface 370Configuring Virtual IP Support for Vrrp PIM Support for IP ClusteringPIM Dense-Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 371PIM Sparse-Mode 372Configuring Dense-Mode PIM Configuring Check Point VPN-1 Pro/ExpressPIM and Check Point SecureXL Nokia Network Voyager for Ipso 4.0 Reference Guide 373Disabling PIM 374Setting Advanced Options for Dense-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 375Configuring Sparse-Mode PIM 376Configuring High-Availability Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 377378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 Configuring a PIM-SM Static Rendezvous Point 380Setting Advanced Options for Sparse-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 381382 Nokia Network Voyager for Ipso 4.0 Reference Guide 383 Command ShowsDebugging PIM To log information about errors and events 384Igrp Nokia Network Voyager for Ipso 4.0 Reference Guide 385386 Generation of Exterior Routes Nokia Network Voyager for Ipso 4.0 Reference Guide 387Configuring Igrp Aliased InterfacesIgrp Aggregation 388Nokia Network Voyager for Ipso 4.0 Reference Guide 389 To enable Igrp on an interfaceIgrp Example Dvmrp 390Nokia Network Voyager for Ipso 4.0 Reference Guide 391 Configuring DvmrpConfiguring Dvmrp Timers Igmp 392Configuring Igmp Nokia Network Voyager for Ipso 4.0 Reference Guide 393Static Routes 394Nokia Network Voyager for Ipso 4.0 Reference Guide 395 To configure a default or static routeTo setting the rank for static routes To add and configure many static routes at the same time 396To create a static default route To create a static route non-defaultAdding and Managing Static Routes Example Creating/Removing Static RoutesBackup Static Routes To disable a static routeTo create a backup static route Route AggregationNokia Network Voyager for Ipso 4.0 Reference Guide 399 To create aggregate routesTo remove aggregate routes Route Aggregation Example 400Preference Default Route RankRank Assignments Nokia Network Voyager for Ipso 4.0 Reference Guide 401402 Routing Protocol Rank ExampleTo set route rank Nokia Network Voyager for Ipso 4.0 Reference Guide 403 To configure the routing preferencesSupport for BGP-4++ 404 BGP Sessions Internal and ExternalBGP Path Attributes Nokia Network Voyager for Ipso 4.0 Reference Guide 405 Path Attribute Definition406 BGP Multi-Exit DiscriminatorBGP Interactions with IGPs Inbound BGP Route Filters Redistributing Routes to BGPCommunities Nokia Network Voyager for Ipso 4.0 Reference Guide 407Community attribute Description Route Reflection408 Confederations Nokia Network Voyager for Ipso 4.0 Reference Guide 409Ebgp Multihop Support 410Nokia Network Voyager for Ipso 4.0 Reference Guide 411 TCP MD5 AuthenticationRoute Dampening BGP Support for Virtual IP for Vrrp 412BGP Support for IP Clustering BGP Memory RequirementsTables Nokia Network Voyager for Ipso 4.0 Reference Guide 413414 Memory SizeExample Nokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform aBGP Neighbors Example 416 To configure Ibgp on Nokia Platform BTo configure Ibgp on Nokia Platform C To configure Ebgp on Nokia Platform a To configure Ebgp on Nokia Platform CTo configure Ebgp on Nokia Platform D Nokia Network Voyager for Ipso 4.0 Reference Guide 417To configuring Ebgp on Nokia Platform E Path Filtering Based on Communities ExampleVerification 418Nokia Network Voyager for Ipso 4.0 Reference Guide 419 To configure Default MED for Nokia Platform DBGP Multi Exit Discriminator Example To configure MED Values for all peers of AS200 420Changing the Local Preference Value Example Nokia Network Voyager for Ipso 4.0 Reference Guide 421To configure an Ibgp peer for Nokia Platform B To configure the static routes required for an Ibgp sessionTo set the local preference value for an Ibgp peer 422Nokia Network Voyager for Ipso 4.0 Reference Guide 423 Configuring Nokia Platform CBGP Confederation Example Configuring Platform B 424Nokia Network Voyager for Ipso 4.0 Reference Guide 425 426 Configuring Platform B as Route ReflectorRoute Reflector Example Nokia Network Voyager for Ipso 4.0 Reference Guide 427 Configuring Platform C as Ibgp Peer of Platform BConfiguring Platform D as Ibgp Peer of Platform B Configuring BGP Route Inbound Policy on Platform B Configuring Redistribution of BGP Routes on Platform BBGP Community Example 428Follow the steps in the Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 429Configuring a Loopback Address on Platform a Configuring a Loopback Address on Platform BConfiguring a Static Route on Platform a Ebgp Load Balancing Example Scenario #1Configuring a Static Route on Platform B Configuring an Ebgp Peer on Platform aConfiguring an Ebgp Peer on Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 431Configuring Ospf on Platform a Configuring Ospf on Platform BEbgp Load Balancing Example Scenario #2 432Adjusting BGP Timers Example Nokia Network Voyager for Ipso 4.0 Reference Guide 433TCP MD5 Authentication Example Configuring TCP MD5 Authentication on Nokia Platform aConfiguring BGP Route Redistribution on Nokia Platform B 434Nokia Network Voyager for Ipso 4.0 Reference Guide 435 Field Default value Units of measurementBGP Route Dampening Example 436 BGP Path SelectionBGP-4++ Example To configure configure a BGP4 session over IPv6 transport Nokia Network Voyager for Ipso 4.0 Reference Guide 437Route Redistribution 438Nokia Network Voyager for Ipso 4.0 Reference Guide 439 To configure BGP route redistribution on Nokia Platform D Redistributing Routes to RIP and IgrpBGP Route Redistribution Example To redistribute a single routeRedistributing RIP to Ospf Example Nokia Network Voyager for Ipso 4.0 Reference Guide 441442 Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 443444 Redistributing Routes with OspfTo redistribute Ospf to BGP through Nokia Platform a Nokia Network Voyager for Ipso 4.0 Reference Guide 445 To configure IGP inbound filtersInbound Route Filters BGP Route Inbound Policy Example 446Nokia Network Voyager for Ipso 4.0 Reference Guide 447 448 BGP AS Path Filtering ExampleAspath Regular Expressions Traffic Management Overview Packet Filtering DescriptionTraffic Shaping Description Nokia Network Voyager for Ipso 4.0 Reference Guide 449450 Configuring Access Control ListsTraffic Queuing Description Nokia Network Voyager for Ipso 4.0 Reference Guide 451 To create or delete an ACLTo apply or remove an ACL to or from an interface Configuring ACL Rules 452Nokia Network Voyager for Ipso 4.0 Reference Guide 453 Modifying a RuleTo add a new rule to an ACL ACL Rule Attributes 454Configuring Aggregation Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 455456 To create an Aggregation ClassTo associate an aggregation class with a rule Configuring Queue Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 457458 To set or modify queue class configuration valuesTo create or delete a queue class Configuring ATM QoS To associate a queue class with an interfaceCreate a QoS descriptor Nokia Network Voyager for Ipso 4.0 Reference Guide 459460 To delete an ATM QoS descriptorTo dissociate an ATM QoS Descriptor from an existing PVC Configuring Common Open Policy Server Nokia Network Voyager for Ipso 4.0 Reference Guide 461462 Configuring a Cops Client ID and Policy Decision PointConfiguring Security Parameters for a Cops Client ID Assigning Roles to Specific Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 463To disable and delete a Client ID Activating and Deactivating the Cops ClientDeleting a Client ID 464Example Rate Shaping Nokia Network Voyager for Ipso 4.0 Reference Guide 465Example Expedited Forwarding 466Nokia Network Voyager for Ipso 4.0 Reference Guide 467 To test the configuration 468BOOTP/DHCP Relay Nokia Network Voyager for Ipso 4.0 Reference Guide 469Configuring BOOTP/DHCP Relay To enable Bootp relay on an InterfaceBootp configuration parameters 470To disable Bootp relay on an interface IP Broadcast helper configuration parametersIP Broadcast Helper Nokia Network Voyager for Ipso 4.0 Reference Guide 471To configure IP broadcast helper 472Nokia Network Voyager for Ipso 4.0 Reference Guide 473 Configuring Router DiscoveryRouter Discovery Overview 474 To enable router discovery servicesRouter discover configuration parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 475 To disable router discovery servicesNetwork Time Protocol NTP 476 Configuring NTPTo configure NTP Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 Nokia Network Voyager for Ipso 4.0 Reference Guide 479 Viewing System Utilization StatisticsCPU-Memory Live Utilization 480 Disk and Swap SpaceMonitoring Process Utilization Process Description Ipso Process ManagementNokia Network Voyager for Ipso 4.0 Reference Guide 481 Generating Monitor Reports Reports482 Report DescriptionNokia Network Voyager for Ipso 4.0 Reference Guide 483 Monitoring System HealthTo display reports Monitoring System Logs 484Viewing Cluster Status and Members Nokia Network Voyager for Ipso 4.0 Reference Guide 485Displaying Route Settings Viewing Routing Protocol InformationDisplaying the Kernel Forwarding Table 486Nokia Network Voyager for Ipso 4.0 Reference Guide 487 Displaying Interface SettingsHardware Monitoring Using the iclid Tool Iclid CommandsTo display routing daemon status using iclid 488Nokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 Preventing Full Log Buffers and Related Console Messages 494Nokia Network Voyager for Ipso 4.0 Reference Guide 495 If you are using FireWall-1If you are using FireWall-1 NG 496 Index Nokia Network Voyager for Ipso 4.0 Reference Guide IndexBios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index