Clustering Example With Non-Check Point VPN, 246 | Nokia IPSO 4.0

5

Clustering Example With Non-Check Point VPN

This section presents an example that shows how easy it is to configure an IPSO cluster to support a VPN with a non-Check Point gateway. The following diagram illustrates the example configuration:

Internal Cluster IP

Cluster (ID 10)

												Internal
												Router			Primary Cluster Protocol
															Primary Cluster Protocol
									192.168.1.5						Network:192.168.3.0
															Cluster IP: 192.168.3.10
192.168.1.0
192.16			.1.10				192.16					.1.10		192.16				.1.10
192.16		8	.1.10				192.16				8	.1.10		192.16			8	.1.10
.1					.1						.2		.2				.3
.1					.1						.2		.2				.3			.3
eth-s1p1 eth-s3p1								eth-s1p1					eth-s3p1			eth-s1p1 eth-s3p1
	Firewall A										Firewall B							Firewall C

eth-s2p1				eth-s4p1				eth-s2p1					eth-s4p1			eth-s2p1			eth-s4p1

		.1
	Tunnel Endpoint
		192.16	8	.2.10
	(External Cluster IP)

.1	.2	.2	.3

192.168.2.10 192.168.2.10

.3

	192.168.2.0
		192.168.2.5
	VPN-1/FireWall-1	External
	Synchronization Network	External
	Synchronization Network	Router
		Router
	VPN Tunnel
		Internet
	Tunnel Endpoint:
	10.1.2.5

Non-Check

Point VPN

Gateway

Secondary Cluster Protocol

Network: 192.168.4.0

Cluster IP: 192.168.4.10

10.1.1.0

Network

This example cluster is very similar to the previous example. The additional elements are:

Hosts in the 10.1.1.0 network (the remote encryption domain) use a VPN tunnel to access the 192.168.1.x network (connected to the internal router).

The VPN tunnel end points are the external cluster IP address and the external address of the remote non-Check Point VPN gateway.

Here are the steps you would perform to configure the tunnel:

1.Follow the steps under “Configuring the Cluster in Voyager.”

2.Log into the cluster using Cluster Voyager.

3.Click the option for enabling non-Check Point gateway and client support on the Clustering Setup Configuration page.

246	Nokia Network Voyager for IPSO 4.0 Reference Guide

Image 246

Nokia IPSO 4.0 manual Clustering Example With Non-Check Point VPN, 246

Contents

Nokia Network Voyager For Ipso Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide Restricted Rights Legend Https//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Clustering Virtual Router Redundancy Protocol Vrrp Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Snmp Configuring IPv6 Managing Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Configuring Router Services Monitoring System Configuration and Hardware Index About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Text Conventions Conventions This Guide UsesText Conventions Convention Description Related Documentation Menu Items Software Overview Nokia Network Voyager for Ipso 4.0 Reference Guide Logging In to Network Voyager Logging OffTo open Nokia Network Voyager To log in without exclusive configuration lock Obtaining a Configuration LockTo log in with exclusive configuration lock To override a configuration lock Reloading Pages Accessing Documentation and HelpNavigating in Network Voyager To clear the memory and disk cache „ Nokia support site https//support.nokia.com To open a new window to view help Viewing Hardware and Software Information for Your System To view the asset management summary Configuring Interfaces Interface Overview Configuring Network Devices IP2250 Management PortsType Prefix Configuring IP Addresses Physical Interface Logical Interface Interface Status Configuring Tunnel Interfaces Interface Status IndicatorsIndicator Description Ethernet Interfaces Configuring Ethernet InterfacesPhysical Interface Configuration Parameters Parameter Description To configure an Ethernet interface Link Aggregation Managing Link Aggregation Using Snmp Configuring Switches for Link Aggregation Static Link Aggregation Link Aggregation on the IP2250Firewall Synchronization Traffic Configuring the Remaining Management Ports Production Traffic ADP I/O Ports Only To set up link aggregation in Network Voyager Configuring Link AggregationPhysical Interface Configuration To physically configure the interfaces you will aggregate Group Configuration To configure link aggregation groups Deleting Aggregation Groups Logical ConfigurationGigabit Ethernet Interfaces Gigabit Ethernet Interface Parameters To configure a Gigabit Ethernet interface MTU Configuring PPPoE To configure PPPoEPoint-to-Point Over Ethernet Nokia Network Voyager for Ipso 4.0 Reference Guide To create PPPoE logical interfaces To change configuration profilesTo delete configuration profiles To delete PPPoE logical interfaces Configuring MSS Clamping Virtual LAN Interfaces To configure a Vlan Interface To delete a Vlan Interface Vlan Example Topology To define the maximum number of VLANs To configure an Fddi Interface Fddi Interfaces To change the duplex setting of an Fddi interface To change the IP address of an Fddi interface To configure an Isdn physical interface Isdn Interfaces To configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls Configuring Calling Line-Identification Screening To add an incoming number To configure an interface to place and receive calls To remove an incoming number Dial-on-Demand Routing DDR Lists To create a DDR list To delete a DDR listTo add a new rule to a DDR list Example DDR List To modify a ruleTo apply or remove a DDR list to/from an interface Isdn Network Configuration Example To configure the IP330 to place an outgoing call To configure the IP650 to handle an incoming call Sample Call Traces Trace for connecting a call from the Nokia IP330 is To set level of messages logged Isdn TroubleshootingLogging To view the message log Tracing Troubleshooting Cause CodesTo trace Isdn traffic using tcpdump Isdn Cause Code Fields Cause Cause Description Diagnostics Isdn Cause ValuesCause Values See Isdn Cause Values table Information-element identifiers is missing Isdn Bearer-Capable Values Value Description To configure a Token Ring interface Token Ring Interfaces To deactivate a Token Ring interface To change a Token Ring interface Token Ring Example Fddi To configure an ATM interface Point-to-Point Link over ATM To change the VPI/VCI of an ATM interface To change the IP Address of an ATM interface To change the IP MTU of an ATM interface ATM Example Fddi To configure the ATM interface on Nokia Platform a To configure an ATM logical IP subnet LIS interfaceIP over ATM IPoA To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface IPoA Example ATM To configure a serial interface for Cisco Hdlc Serial V.35 and X.21 Interfaces To configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example To configure the serial interface on Nokia Platform a To configure a T1 Interface for Cisco HdlcT1with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a To configure an E1 interface for Cisco Hdlc E1 with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for frame relay 100 Nokia Network Voyager for Ipso 4.0 Reference Guide 101 102 To configure an Hssi interface for Cisco Hdlc Hssi InterfacesNokia Network Voyager for Ipso 4.0 Reference Guide 103 To configure an Hssi interface for PPP 104 To configure an Hssi interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 105 106 Unnumbered Interfaces Configuring Unnumbered InterfacesTo configure an unnumbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 107 To change an unnumbered interface to a numbered interface 108 To configure a static route over an unnumbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 109 Configuring Ospf over Unnumbered Interface Ospf over Unnumbered Interfaces Using Virtual Links110 Cisco Hdlc Protocol To change the keepalive interval for Cisco HdlcNokia Network Voyager for Ipso 4.0 Reference Guide 111 To change the keepalive interval in PPP Point-to-Point ProtocolTo change the IP address in Cisco Hdlc 112 To change the keepalive maximum failures in PPP To change the IP address in PPPNokia Network Voyager for Ipso 4.0 Reference Guide 113 To change the Dlci in frame relay Frame Relay ProtocolTo change the keepalive interval in frame relay 114 To change the LMI parameters in frame relay To change the interface type in frame relayNokia Network Voyager for Ipso 4.0 Reference Guide 115 To remove a frame relay interface To change the active status monitor setting in frame relayTo change the IP address in frame relay 116 To change the IP Address of a loopback interface Loopback InterfacesTo add an IP Address to a Loopback Interface Nokia Network Voyager for Ipso 4.0 Reference Guide 117 To create a GRE tunnel Configuring GRE TunnelsGRE Tunnels 118 Nokia Network Voyager for Ipso 4.0 Reference Guide 119 To change IP TOS value of a GRE tunnel 120 GRE Tunnel Example Nokia Network Voyager for Ipso 4.0 Reference Guide 121 High Availability GRE Tunnels HA GRE Tunnel Example122 Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 Dvmrp Tunnels To create a Dvmrp tunnelNokia Network Voyager for Ipso 4.0 Reference Guide 125 Dvmrp Tunnel Example To change the local or remote addresses of a Dvmrp tunnel126 Nokia Network Voyager for Ipso 4.0 Reference Guide 127 ARP Table Entries To change ARP global parameters128 To add a static ARP entry To add a proxy ARP entryNokia Network Voyager for Ipso 4.0 Reference Guide 129 Configuring ARP for ATM Interfaces To view and delete dynamic ATM ARP entries To add a static ATM ARP entryTo delete a static ATM ARP entry Nokia Network Voyager for Ipso 4.0 Reference Guide 131 Transparent Mode Limitations132 Transparent Mode Processing Details Nokia Network Voyager for Ipso 4.0 Reference Guide 133 Configuring Transparent Mode in VPN Environments 134 Example of Transparent Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 135 Configuring Transparent Mode 136 To delete a transparent mode group Creating and Deleting Transparent Mode GroupsTo create a transparent mode group Nokia Network Voyager for Ipso 4.0 Reference Guide 137 Enabling or Disabling a Transparent Mode Group To enable or disable a transparent mode group138 Enabling or Disabling Vrrp for a Transparent Mode Group Monitoring Transparent Mode GroupsTransparent Mode and Check Point NGX Configuring Antispoofing Routing Traffic through the VTI Virtual Tunnel Interfaces Fwvpn for Route-Based VPNUnnumbered VTIs 140 Nokia Network Voyager for Ipso 4.0 Reference Guide 141 To create a virtual tunnel interface Creating Virtual Tunnel InterfacesVrrp Support To create the VPN community Nokia Network Voyager for Ipso 4.0 Reference Guide 143 To create the virtual tunnel interface 144 Configuring Dhcp Nokia Network Voyager for Ipso 4.0 Reference Guide 145 To configure the Dhcp client interface Configuring Dhcp Client InterfacesDhcp Client Configuration To enable the Dhcp client process Configuring the Dhcp Server To configure the Dhcp server processNokia Network Voyager for Ipso 4.0 Reference Guide 147 Dhcp Server Configuration To enable the Dhcp server process148 To change the Dhcp service Changing Dhcp ServiceTo disable the Dhcp server process Adding Dhcp Address Pools Assigning a Fixed-IP Address to a Client To enable and existing IP address poolEnabling or Disabling Dhcp Address Pools To assign a fixed-IP address to a client Creating Dhcp Client Templates Nokia Network Voyager for Ipso 4.0 Reference Guide 151 152 To configure Dynamic Domain Name System Ddns Configuring Dynamic Domain Name System ServiceConfiguring Dynamic Domain Name System Zones Nokia Network Voyager for Ipso 4.0 Reference Guide 153 To configure DNS Configuring the Domain Name ServiceConfiguring Disk Mirroring To create a mirror set Using an Optional Disk Flash-Based Systems Only To delete a mirror setNokia Network Voyager for Ipso 4.0 Reference Guide 155 Mail Relay To install and configure PC card flash memoryTo configure the system to store log files on the PC card To remove an optional disk To configure mail relay for your firewall Configuring Mail RelayTo configure failure notification System Failure Notification To send mail from the firewall Setting the System TimeSending Mail 158 To add a static host entry Configuring Host AddressesTo set system time once Nokia Network Voyager for Ipso 4.0 Reference Guide 159 Accepting Log Messages Configuring System LoggingConfiguring Logging on Disk-Based Systems Logging to a Remote System Configuring Logging on Flash-Based Systems To send syslog messages to a remote systemNokia Network Voyager for Ipso 4.0 Reference Guide 161 Configuring Logging to Remote Log Servers 162 Configuring Audit Logs Configuring Logging to an Optional DiskNokia Network Voyager for Ipso 4.0 Reference Guide 163 To set the system configuration audit log 164 Remote Core Dump Server on Flash-Based Systems Nokia Network Voyager for Ipso 4.0 Reference Guide 165 To change the hostname Managing Configuration SetsChanging the Hostname 166 To delete unwanted configuration database files To create a factory default configuration fileTo switch a currently active database Scheduling Jobs Backing Up and Restoring Files To delete scheduled jobs168 To delete local backup files Creating Backup FilesTo create a backup file manually Nokia Network Voyager for Ipso 4.0 Reference Guide 169 To configure scheduled backups Transferring Backup FilesConfiguring Automatic Transfers To cancel a regularly scheduled backup Transferring Backup Files Manually To manually transfer archive files to a remote serverNokia Network Voyager for Ipso 4.0 Reference Guide 171 Restoring Files from Locally Stored Backup Files To restore files172 Deleting Images Managing Nokia Ipso ImagesChanging Current Image To select a new current image Installing New Images To delete an Nokia Ipso image174 Testing a New Image To test an image before activating itNokia Network Voyager for Ipso 4.0 Reference Guide 175 Downgrading Nokia Ipso Images Rebooting a ClusterUpgrading Nokia Ipso Images for a Cluster 176 Configuring Monitor Reports Nokia Network Voyager for Ipso 4.0 Reference Guide 177 Restrictions for Flash-Based Platforms Installing and Enabling PackagesManaging Packages Monitor Report Parameters To install a package Nokia Network Voyager for Ipso 4.0 Reference Guide 179 To enable or disable a package Advanced System TuningTuning the TCP/IP Stack To delete a package Router Alert IP Option To set the TCP MSSNokia Network Voyager for Ipso 4.0 Reference Guide 181 182 Vrrp Overview How Vrrp WorksNokia Network Voyager for Ipso 4.0 Reference Guide 183 Simple Vrrp Configuration 184 Vrrp Configuration with Internal and External VRIDs Vrrp Configuration with Simultaneous Backup Configuring Vrrp Understanding Monitored-Circuit Vrrp186 Selecting Configuration Parameters PriorityNokia Network Voyager for Ipso 4.0 Reference Guide 187 Authentication Hello Interval188 Backup Address Priority DeltaNokia Network Voyager for Ipso 4.0 Reference Guide 189 Vmac Mode 190 Before you Begin Global Vrrp SettingsVrrp Configuration Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 191 Configuring Monitored-Circuit Vrrp 192 To add a virtual router Nokia Network Voyager for Ipso 4.0 Reference Guide 193 To delete a virtual router Configuring Monitored-Circuit Vrrp using the Full MethodTo change the configuration of an existing virtual router 194 Additional Vrrp Parameters Used in Full Method Nokia Network Voyager for Ipso 4.0 Reference Guide 195 Configuring VRRPv2 To add or back up a virtual router using VRRPv2196 Configuring Check Point NGX for Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 197 Configure settings under the 3rd party configuration tab 198 Configuring Vrrp Rules for Check Point NGX Configuration Rule for Check Point NGX FP1Nokia Network Voyager for Ipso 4.0 Reference Guide 199 Source Destination Service Action Configuration Rules for Check Point NGX FP2 and LaterConfiguring Rules if You Are Using Ospf or Dvmrp 200 Link Aggregation IP2250 Systems Only CLI commands for VrrpMonitoring Vrrp State Location Stats202 To enable or disable Monitor Firewall state Troubleshooting VrrpGeneral Configuration Considerations To enable traces for Vrrp Access Control Lists Firewall Policies204 VRRPv2 in Switched Environments Switched EnvironmentsMonitored-Circuit Vrrp in Switched Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 205 206 Using Flash-Based Platforms IP Clustering DescriptionNokia Network Voyager for Ipso 4.0 Reference Guide 207 Example Cluster 208 Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 209 Cluster Terminology 210 Cluster member a cluster node that is not the master Nokia Network Voyager for Ipso 4.0 Reference Guide 211 Clustering Modes 212 Nokia Network Voyager for Ipso 4.0 Reference Guide 213 Considerations for Clustering Network Environment214 Other Considerations Nokia Network Voyager for Ipso 4.0 Reference Guide 215 Clustering IP2250 Platforms 216 Upgrading Ipso in a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 217 Upgrading from Ipso For All UpgradesUpgrading from Ipso 3.7 or Later 218 Enabling Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 219 To create and configure a cluster Creating and Configuring a ClusterConfiguration Overview Creating a Cluster Selecting the Cluster Mode Configuring the Work Assignment MethodNokia Network Voyager for Ipso 4.0 Reference Guide 221 Configuring an Interface To include an interface in the cluster222 Configuring Firewall Monitoring Supporting Non-Check Point Gateways and ClientsNokia Network Voyager for Ipso 4.0 Reference Guide 223 Configuring VPN Tunnels Using IP Pools224 Using IP Pools When Only Check Point Gateways Are Involved Nokia Network Voyager for Ipso 4.0 Reference Guide 225 Configuring Join-Time Shared Features Configuring IP pools in Cluster Voyager226 What is Sharable? What if Settings Conflict?Nokia Network Voyager for Ipso 4.0 Reference Guide 227 Configuring Features for Sharing 228 After You Create a Cluster Adding a Node to a ClusterMaking the Cluster Active Nokia Network Voyager for Ipso 4.0 Reference Guide 229 Recommended Procedure 230 Managing a Cluster Joining a System to a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 231 Using Cluster Voyager To start Cluster Voyager232 If You Forget the cadmin Password Cluster Administrator UsersNokia Network Voyager for Ipso 4.0 Reference Guide 233 Monitoring a Cluster Configuring the Failure IntervalConfiguring the Performance Rating 234 Managing Join-Time Shared Features Nokia Network Voyager for Ipso 4.0 Reference Guide 235 Installing Ipso Images 236 Nokia Network Voyager for Ipso 4.0 Reference Guide 237 Removing a Node from a Cluster 238 Synchronizing the Time on Cluster Nodes Changing Cluster Interface ConfigurationsDeleting a Cluster Configuration Assigning the Time Zone Configuring NTP NTP Server Outside the Cluster240 Configuring NGX for Clustering Using the Master Node as the NTP ServerNokia Network Voyager for Ipso 4.0 Reference Guide 241 242 Clustering Example Three Nodes Nokia Network Voyager for Ipso 4.0 Reference Guide 243 Configuring the Cluster in Voyager 244 Configuring the Internal and External Routers Nokia Network Voyager for Ipso 4.0 Reference Guide 245 Clustering Example With Non-Check Point VPN 246 Nokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Snmp Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 249 250 Source Function Nokia Network Voyager for Ipso 4.0 Reference Guide 251 UDP-MIB Snmp Proxy Support for Check Point MIB 252 Using the Check Point MIB Using cpsnmpstartNokia Network Voyager for Ipso 4.0 Reference Guide 253 To enable or disable Snmp Enabling Snmp and Selecting the Version254 To set an Snmp agent address Configuring the System for SnmpSetting an Agent Address Nokia Network Voyager for Ipso 4.0 Reference Guide 255 256 Configuring TrapsTypes of Snmp Traps Type of Trap Description Nokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Configuring Trap Receivers Setting the Trap PDU Agent AddressEnabling or Disabling Trap Types To configure location and contact information Interpreting Error MessagesConfiguring Location and Contact Information Error status code Meaning Variable-bindings Element Description GetRequestNokia Network Voyager for Ipso 4.0 Reference Guide 261 Value Field Set Description GetBulkRequest Configuring SNMPv3GetNextRequest 262 Security Related Options Used in Request Messages Request MessagesManaging Snmp Users Nokia Network Voyager for Ipso 4.0 Reference Guide 263 To add an Snmp user 264 To delete a USM user Nokia Network Voyager for Ipso 4.0 Reference Guide 265 266 IPv6 Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 267 To configure IPv6 logical interfaces Interfaces268 To delete an IPv6 address To disable IPv6 on an interfaceTo configure neighbor discovery Nokia Network Voyager for Ipso 4.0 Reference Guide 269 IPv6 and IPv4 Compatibility Configuring IPv6 in IPv4 TunnelsTo configure IPv6 in IPv4 tunnels 270 To configure IPv6 to IPv4 Configuring IPv6 to IPv4Configuring IPv6 over IPv4 To configure IPv6 over IPv4 To configure IPv4 in IPv6 tunnels Configuring IPv4 in IPv6 TunnelsConfiguring an IPv6 Default or Static Route To configure an IPv6 default or static route Configuring RIPng Routing ConfigurationConfiguring OSPFv3 Creating IPv6 Aggregate Routes Redistributing Aggregate Routes in RIPng Creating Redistributed RoutesRedistributing Static Routes into RIPng 274 Redistributing Interface Routes into RIPng Configuring ICMPv6 Router DiscoveryRouter Discovery Nokia Network Voyager for Ipso 4.0 Reference Guide 275 276 Configuring Vrrp for IPv6 Vrrp for IPv6Nokia Network Voyager for Ipso 4.0 Reference Guide 277 Creating a Virtual Router for an IPv6 Interface Using VRRPv3 278 Nokia Network Voyager for Ipso 4.0 Reference Guide 279 Setting a Virtual MAC Address for a Virtual Router To set the virtual MAC address280 Changing the IP Address List of a Virtual Router in VRRPv3 Removing a Virtual Router in VRRPv3Nokia Network Voyager for Ipso 4.0 Reference Guide 281 Creating a Virtual Router in Monitored Circuit Mode for IPv6 282 Nokia Network Voyager for Ipso 4.0 Reference Guide 283 Traffic Management 284 Security and Access Configuration To enable FTP, TFTP, or Telnet accessNokia Network Voyager for Ipso 4.0 Reference Guide 285 286 Managing Passwords To change the current user’s passwordNokia Network Voyager for Ipso 4.0 Reference Guide 287 To change another user’s password Managing User Accounts288 Nokia Network Voyager for Ipso 4.0 Reference Guide 289 Adding and Deleting UsersUser Account Attributes Attribute Description To remove a user Managing and Using S/KeyTo add a user 290 To use the S/Key Using S/KeyTo configure S/Key Nokia Network Voyager for Ipso 4.0 Reference Guide 291 Disabling S/Key To disable S/KeyManaging Groups 292 Role-Based Administration To add or edit a groupNokia Network Voyager for Ipso 4.0 Reference Guide 293 Managing Roles To add or edit a role294 To delete a role Assigning Roles and Access Mechanisms to UsersTo assign roles and access mechanisms to users Nokia Network Voyager for Ipso 4.0 Reference Guide 295 Creating Cluster Administrator Users 296 Network Services Configuring Network Access and ServicesNetwork Access Configuration Options Service Description Modem Configuration Parameters Configuring a Modem on COM2, COM3, or COM4To enable network access options and services 298 To configure a modem on COM2, COM3, or COM4 Nokia Network Voyager for Ipso 4.0 Reference Guide 299 Country Codes for Ositech Five of Clubs Card II Configuring Nokia Network Voyager AccessCountry Codes for Ositech Five of Clubs Card 300 Configuring Basic Nokia Network Voyager Options To configure Web access for Nokia Network VoyagerNokia Network Voyager for Ipso 4.0 Reference Guide 301 To generate a certificate and its associated private key Generating and Installing SSL/TLS CertificatesGenerating an SSL/TLS Certificate and Keys 302 Installing the SSL/TLS Certificate To install the certificate and its associated private keyNokia Network Voyager for Ipso 4.0 Reference Guide 303 Troubleshooting SSL/TLS Configuration Secure Shell SSH304 Initial SSH Configuration To configure SSHNokia Network Voyager for Ipso 4.0 Reference Guide 305 Configuring Advanced Options for SSH To configure advanced options306 Nokia Network Voyager for Ipso 4.0 Reference Guide 307 Configuring Secure Shell Authorized Keys 308 Changing Secure Shell Key Pairs To configure authorized keysTo configure key pairs Nokia Network Voyager for Ipso 4.0 Reference Guide 309 Managing User RSA and DSA Identities To manage user identities310 To tunnel Http over SSH Network Voyager Session ManagementTunneling Http Over SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 311 To set the session timeout interval Configuring Session TimeoutsTo enable or disable session management Enabling Enabling or Disabling Session Management To create an AAA configuration Authentication, Authorization, and Accounting AAACreating an AAA Configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 313 Creating a Service Module Entry Creating a Service ProfileCreating an Authentication Profile Authentication Profile Types Nokia Network Voyager for Ipso 4.0 Reference Guide 315Type Module Description Creating an Accounting Profile To create an account profile316 317 318 Creating a Service Module ExampleProfile Controls Control Description Configuring Radius Service Auth. Mgmt Acct. Mgmt Session MgmtNokia Network Voyager for Ipso 4.0 Reference Guide 319 320 Configuring TACACS+ Nokia Network Voyager for Ipso 4.0 Reference Guide 321 Deleting an AAA Authentication Server Configuration To delete an authentication server322 To change an AAA configuration Changing an AAA ConfigurationChanging the Service Profile To add an authentication profile Creating a Stacked Service Module Service Authentication Management324 To add an accounting profile Changing a Service Module ConfigurationChanging an Authentication Profile Configuration To add a session profile Changing an Accounting Profile Configuration Changing a Session Profile Configuration326 To delete an AAA configuration Deleting an AAA ConfigurationDeleting an Item in a Service Profile Entry Encryption Acceleration Enabling Encryption Accelerator Cards To enable the card for a Check Point VPNIPSec Tunnels Ipso Implementation Monitoring Cryptographic Acceleration Transport and Tunnel Modes Nokia Network Voyager for Ipso 4.0 Reference Guide 329 Building VPN on ESP Protocol Negotiation and Key Management330 Nokia Network Voyager for Ipso 4.0 Reference Guide 331 IPSec RFCs Using PKIIPSec Implementation in Ipso 332 Miscellaneous Tunnel Requirements Nokia Network Voyager for Ipso 4.0 Reference Guide 333 Platform Support Phase 1 ConfigurationIPSec Parameters 334 Creating an IPSec Policy Choosing IPv4 or IPv6 General ConfigurationTo chose IPv4 or IPv6 general configuration pages Nokia Network Voyager for Ipso 4.0 Reference Guide 335 To select a trusted CA certificate Proposal and FiltersTrusted CA Certificates 336 Device Certificates Nokia Network Voyager for Ipso 4.0 Reference Guide 337 To enroll and install a device certificate 338 Advanced IPSec Nokia Network Voyager for Ipso 4.0 Reference Guide 339 Putting It All Together To complete creating an IPSec policy340 Creating an IPSec Tunnel Rule To create an IPSec tunnel ruleNokia Network Voyager for Ipso 4.0 Reference Guide 341 Transport Rule To create a transport rule342 Nokia Network Voyager for Ipso 4.0 Reference Guide 343 To configure Nokia Platform IPSec Tunnel Rule Example344 Nokia Network Voyager for Ipso 4.0 Reference Guide 345 IPSec Transport Rule Example Configure Nokia PlatformTo configure Nokia Platform 1 Ipso 346 Nokia Network Voyager for Ipso 4.0 Reference Guide 347 To remove an IPSec tunnel Configure PC1Removing an IPSec Tunnel 348 Miscellaneous Security Settings To set TCP flag combinationsNokia Network Voyager for Ipso 4.0 Reference Guide 349 350 Routing Overview Routing ProtocolsNokia Network Voyager for Ipso 4.0 Reference Guide 351 RIP 352 Route Maps Nokia Network Voyager for Ipso 4.0 Reference Guide 353 Types of Areas 354 Area Border Routers High Availability Support for OspfNokia Network Voyager for Ipso 4.0 Reference Guide 355 Configuring Ospf Clustering356 Stub Area Parameters Configuring Ospf Areas and Global SettingsOspf Area Configuration Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 357 Nssa Not So Stubby Area Parameters 358 To configure a virtual link Configuring Virtual LinksTo configure Ospf Nokia Network Voyager for Ipso 4.0 Reference Guide 359 Configuring Global Settings 360 Global Settings for Ospf Nokia Network Voyager for Ipso 4.0 Reference Guide 361 Configuring Ospf Interfaces Configuration Parameters for Ospf Interfaces362 To configure an Ospf interface Nokia Network Voyager for Ipso 4.0 Reference Guide 363 Configuring Ospf Example 364 Network Mask Nokia Network Voyager for Ipso 4.0 Reference Guide 365 Virtual IP Address Support for Vrrp Auto Summarization366 RIP 1 Configuration Options Available from Network Voyager Configuring RIPTo configure RIP Nokia Network Voyager for Ipso 4.0 Reference Guide 367 Configuring RIP Timers 368 Enabling RIP 1 on an Interface Configuring Auto-SummarizationRIP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 369 Enabling RIP 2 on an Interface 370 PIM Dense-Mode Configuring Virtual IP Support for VrrpPIM Support for IP Clustering Nokia Network Voyager for Ipso 4.0 Reference Guide 371 PIM Sparse-Mode 372 PIM and Check Point SecureXL Configuring Dense-Mode PIMConfiguring Check Point VPN-1 Pro/Express Nokia Network Voyager for Ipso 4.0 Reference Guide 373 Disabling PIM 374 Setting Advanced Options for Dense-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 375 Configuring Sparse-Mode PIM 376 Configuring High-Availability Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 377 378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 Configuring a PIM-SM Static Rendezvous Point 380 Setting Advanced Options for Sparse-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 381 382 Command Shows Debugging PIMNokia Network Voyager for Ipso 4.0 Reference Guide 383 To log information about errors and events 384 Igrp Nokia Network Voyager for Ipso 4.0 Reference Guide 385 386 Generation of Exterior Routes Nokia Network Voyager for Ipso 4.0 Reference Guide 387 Igrp Aggregation Configuring IgrpAliased Interfaces 388 To enable Igrp on an interface Igrp ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 389 Dvmrp 390 Configuring Dvmrp Configuring Dvmrp TimersNokia Network Voyager for Ipso 4.0 Reference Guide 391 Igmp 392 Configuring Igmp Nokia Network Voyager for Ipso 4.0 Reference Guide 393 Static Routes 394 To configure a default or static route To setting the rank for static routesNokia Network Voyager for Ipso 4.0 Reference Guide 395 To add and configure many static routes at the same time 396 Adding and Managing Static Routes Example To create a static default routeTo create a static route non-default Creating/Removing Static Routes To create a backup static route Backup Static RoutesTo disable a static route Route Aggregation To create aggregate routes To remove aggregate routesNokia Network Voyager for Ipso 4.0 Reference Guide 399 Route Aggregation Example 400 Rank Assignments Preference DefaultRoute Rank Nokia Network Voyager for Ipso 4.0 Reference Guide 401 Routing Protocol Rank Example To set route rank402 To configure the routing preferences Support for BGP-4++Nokia Network Voyager for Ipso 4.0 Reference Guide 403 BGP Sessions Internal and External BGP Path Attributes404 Nokia Network Voyager for Ipso 4.0 Reference Guide 405 Path Attribute Definition BGP Multi-Exit Discriminator BGP Interactions with IGPs406 Communities Inbound BGP Route FiltersRedistributing Routes to BGP Nokia Network Voyager for Ipso 4.0 Reference Guide 407 Route Reflection 408Community attribute Description Confederations Nokia Network Voyager for Ipso 4.0 Reference Guide 409 Ebgp Multihop Support 410 TCP MD5 Authentication Route DampeningNokia Network Voyager for Ipso 4.0 Reference Guide 411 BGP Support for Virtual IP for Vrrp 412 Tables BGP Support for IP ClusteringBGP Memory Requirements Nokia Network Voyager for Ipso 4.0 Reference Guide 413 Memory Size Example414 To configure Ibgp on Nokia Platform a BGP Neighbors ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform B To configure Ibgp on Nokia Platform C416 To configure Ebgp on Nokia Platform D To configure Ebgp on Nokia Platform aTo configure Ebgp on Nokia Platform C Nokia Network Voyager for Ipso 4.0 Reference Guide 417 Verification To configuring Ebgp on Nokia Platform EPath Filtering Based on Communities Example 418 To configure Default MED for Nokia Platform D BGP Multi Exit Discriminator ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 419 To configure MED Values for all peers of AS200 420 Changing the Local Preference Value Example Nokia Network Voyager for Ipso 4.0 Reference Guide 421 To set the local preference value for an Ibgp peer To configure an Ibgp peer for Nokia Platform BTo configure the static routes required for an Ibgp session 422 Configuring Nokia Platform C BGP Confederation ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 423 Configuring Platform B 424 Nokia Network Voyager for Ipso 4.0 Reference Guide 425 Configuring Platform B as Route Reflector Route Reflector Example426 Configuring Platform C as Ibgp Peer of Platform B Configuring Platform D as Ibgp Peer of Platform BNokia Network Voyager for Ipso 4.0 Reference Guide 427 BGP Community Example Configuring BGP Route Inbound Policy on Platform BConfiguring Redistribution of BGP Routes on Platform B 428 Follow the steps in the Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 429 Configuring a Static Route on Platform a Configuring a Loopback Address on Platform aConfiguring a Loopback Address on Platform B Ebgp Load Balancing Example Scenario #1 Configuring an Ebgp Peer on Platform B Configuring a Static Route on Platform BConfiguring an Ebgp Peer on Platform a Nokia Network Voyager for Ipso 4.0 Reference Guide 431 Ebgp Load Balancing Example Scenario #2 Configuring Ospf on Platform aConfiguring Ospf on Platform B 432 Adjusting BGP Timers Example Nokia Network Voyager for Ipso 4.0 Reference Guide 433 Configuring BGP Route Redistribution on Nokia Platform B TCP MD5 Authentication ExampleConfiguring TCP MD5 Authentication on Nokia Platform a 434 Field Default value Units of measurement BGP Route Dampening ExampleNokia Network Voyager for Ipso 4.0 Reference Guide 435 BGP Path Selection BGP-4++ Example436 To configure configure a BGP4 session over IPv6 transport Nokia Network Voyager for Ipso 4.0 Reference Guide 437 Route Redistribution 438 Nokia Network Voyager for Ipso 4.0 Reference Guide 439 BGP Route Redistribution Example To configure BGP route redistribution on Nokia Platform DRedistributing Routes to RIP and Igrp To redistribute a single route Redistributing RIP to Ospf Example Nokia Network Voyager for Ipso 4.0 Reference Guide 441 442 Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 443 Redistributing Routes with Ospf To redistribute Ospf to BGP through Nokia Platform a444 To configure IGP inbound filters Inbound Route FiltersNokia Network Voyager for Ipso 4.0 Reference Guide 445 BGP Route Inbound Policy Example 446 Nokia Network Voyager for Ipso 4.0 Reference Guide 447 BGP AS Path Filtering Example Aspath Regular Expressions448 Traffic Shaping Description Traffic Management OverviewPacket Filtering Description Nokia Network Voyager for Ipso 4.0 Reference Guide 449 Configuring Access Control Lists Traffic Queuing Description450 To create or delete an ACL To apply or remove an ACL to or from an interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 451 Configuring ACL Rules 452 Modifying a Rule To add a new rule to an ACLNokia Network Voyager for Ipso 4.0 Reference Guide 453 ACL Rule Attributes 454 Configuring Aggregation Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 455 To create an Aggregation Class To associate an aggregation class with a rule456 Configuring Queue Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 457 To set or modify queue class configuration values To create or delete a queue class458 Create a QoS descriptor Configuring ATM QoSTo associate a queue class with an interface Nokia Network Voyager for Ipso 4.0 Reference Guide 459 To delete an ATM QoS descriptor To dissociate an ATM QoS Descriptor from an existing PVC460 Configuring Common Open Policy Server Nokia Network Voyager for Ipso 4.0 Reference Guide 461 Configuring a Cops Client ID and Policy Decision Point Configuring Security Parameters for a Cops Client ID462 Assigning Roles to Specific Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 463 Deleting a Client ID To disable and delete a Client IDActivating and Deactivating the Cops Client 464 Example Rate Shaping Nokia Network Voyager for Ipso 4.0 Reference Guide 465 Example Expedited Forwarding 466 Nokia Network Voyager for Ipso 4.0 Reference Guide 467 To test the configuration 468 BOOTP/DHCP Relay Nokia Network Voyager for Ipso 4.0 Reference Guide 469 Bootp configuration parameters Configuring BOOTP/DHCP RelayTo enable Bootp relay on an Interface 470 IP Broadcast Helper To disable Bootp relay on an interfaceIP Broadcast helper configuration parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 471 To configure IP broadcast helper 472 Configuring Router Discovery Router Discovery OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 473 To enable router discovery services Router discover configuration parameters474 To disable router discovery services Network Time Protocol NTPNokia Network Voyager for Ipso 4.0 Reference Guide 475 Configuring NTP To configure NTP476 Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 Viewing System Utilization Statistics CPU-Memory Live UtilizationNokia Network Voyager for Ipso 4.0 Reference Guide 479 Disk and Swap Space Monitoring Process Utilization480 Ipso Process Management Nokia Network Voyager for Ipso 4.0 Reference Guide 481Process Description 482 Generating Monitor ReportsReports Report Description Monitoring System Health To display reportsNokia Network Voyager for Ipso 4.0 Reference Guide 483 Monitoring System Logs 484 Viewing Cluster Status and Members Nokia Network Voyager for Ipso 4.0 Reference Guide 485 Displaying the Kernel Forwarding Table Displaying Route SettingsViewing Routing Protocol Information 486 Displaying Interface Settings Hardware MonitoringNokia Network Voyager for Ipso 4.0 Reference Guide 487 To display routing daemon status using iclid Using the iclid ToolIclid Commands 488 Nokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 Preventing Full Log Buffers and Related Console Messages 494 If you are using FireWall-1 If you are using FireWall-1 NGNokia Network Voyager for Ipso 4.0 Reference Guide 495 496 Index Nokia Network Voyager for Ipso 4.0 Reference Guide Index Bios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index