Manuals / Nokia / Cell Phone / Cell Phone

Nokia IPSO 4.0 IPSec Tunnels Ipso Implementation, Enabling Encryption Accelerator Cards, 328

Models: IPSO 4.0

1 510

Download 510 pages 5.58 Kb

Page 328

8

Enabling Encryption Accelerator Cards

If you do not intend to use SecureXL, you must manually enable the encryption accelerator card after you install it. If you enable SecureXL, the encryption accelerator card is automatically enabled—you do not need to perform any other software task to activate the card.

Note

You cannot enable the card before you install it. The options in Network Voyager for enabling the card do not appear until it is installed.

To enable the encryption accelerator card when you are using Check Point software to create and manage VPN tunnels, complete the following procedure.

To enable the card for a Check Point VPN

1.Click IPSec under Security and Access in the tree view.

2.Scroll down the page and click IPSec Advanced Configuration.

3.At Hardware Device Configuration, click On.

4.Click Apply to enable the card.

Monitoring Cryptographic Acceleration

You can also monitor encryption accelerator card interfaces with Network Voyager.

To monitor the encryption accelerator cards, click Cryptographic Accelerator Statistics under Monitor > Hardware Monitoring in the tree view.

IPSec Tunnels (IPSO Implementation)

Developed by the Internet Engineering Task Force (IETF), IPSec is the industry standard that ensures the construction of secure virtual private networks (VPNs). A VPN is a private and secure network implemented on a public and insecure network. Secure VPNs are as safe as isolated office LANs running entirely over private lines and much more cost effective.

Note

Because the IP2250 appliance requires the use of Check Point’s SecureXL, this platform does not support IPSO’s implementation of IPsec.

The IPSec protocol suite provides three new protocols for IP:

An authentication header (AH) that provides connectionless integrity and data origin authentication. The IP header is included in the authenticated data. It does not offer encryption services.

328	Nokia Network Voyager for IPSO 4.0 Reference Guide

Image 328

Nokia IPSO 4.0 manual IPSec Tunnels Ipso Implementation, Enabling Encryption Accelerator Cards, 328

Contents

Nokia Network Voyager For Ipso Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide Restricted Rights Legend Https//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Clustering Virtual Router Redundancy Protocol Vrrp Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Snmp Configuring IPv6 Managing Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Configuring Router Services Monitoring System Configuration and Hardware Index About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Conventions This Guide Uses Text ConventionsText Conventions Convention Description Related Documentation Menu Items Software Overview Nokia Network Voyager for Ipso 4.0 Reference Guide Logging Off Logging In to Network VoyagerTo open Nokia Network Voyager Obtaining a Configuration Lock To log in with exclusive configuration lockTo log in without exclusive configuration lock To override a configuration lock Accessing Documentation and Help Navigating in Network VoyagerReloading Pages To clear the memory and disk cache „ Nokia support site https//support.nokia.com To open a new window to view help Viewing Hardware and Software Information for Your System To view the asset management summary Configuring Interfaces Interface Overview IP2250 Management Ports Configuring Network DevicesType Prefix Configuring IP Addresses Physical Interface Logical Interface Interface Status Interface Status Indicators Configuring Tunnel InterfacesIndicator Description Configuring Ethernet Interfaces Physical Interface Configuration ParametersEthernet Interfaces Parameter Description To configure an Ethernet interface Link Aggregation Managing Link Aggregation Using Snmp Configuring Switches for Link Aggregation Link Aggregation on the IP2250 Static Link AggregationFirewall Synchronization Traffic Configuring the Remaining Management Ports Production Traffic ADP I/O Ports Only Configuring Link Aggregation Physical Interface ConfigurationTo set up link aggregation in Network Voyager To physically configure the interfaces you will aggregate Group Configuration To configure link aggregation groups Logical Configuration Gigabit Ethernet InterfacesDeleting Aggregation Groups Gigabit Ethernet Interface Parameters To configure a Gigabit Ethernet interface MTU To configure PPPoE Configuring PPPoEPoint-to-Point Over Ethernet Nokia Network Voyager for Ipso 4.0 Reference Guide To change configuration profiles To delete configuration profilesTo create PPPoE logical interfaces To delete PPPoE logical interfaces Configuring MSS Clamping Virtual LAN Interfaces To configure a Vlan Interface To delete a Vlan Interface Vlan Example Topology To define the maximum number of VLANs To configure an Fddi Interface Fddi Interfaces To change the duplex setting of an Fddi interface To change the IP address of an Fddi interface To configure an Isdn physical interface Isdn Interfaces To configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls Configuring Calling Line-Identification Screening To add an incoming number To configure an interface to place and receive calls To remove an incoming number Dial-on-Demand Routing DDR Lists To delete a DDR list To create a DDR listTo add a new rule to a DDR list To modify a rule Example DDR ListTo apply or remove a DDR list to/from an interface Isdn Network Configuration Example To configure the IP330 to place an outgoing call To configure the IP650 to handle an incoming call Sample Call Traces Trace for connecting a call from the Nokia IP330 is Isdn Troubleshooting LoggingTo set level of messages logged To view the message log Troubleshooting Cause Codes To trace Isdn traffic using tcpdumpTracing Isdn Cause Code Fields Isdn Cause Values Cause Cause Description DiagnosticsCause Values See Isdn Cause Values table Information-element identifiers is missing Isdn Bearer-Capable Values Value Description To configure a Token Ring interface Token Ring Interfaces To deactivate a Token Ring interface To change a Token Ring interface Token Ring Example Fddi To configure an ATM interface Point-to-Point Link over ATM To change the VPI/VCI of an ATM interface To change the IP Address of an ATM interface To change the IP MTU of an ATM interface ATM Example Fddi To configure an ATM logical IP subnet LIS interface To configure the ATM interface on Nokia Platform aIP over ATM IPoA To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface IPoA Example ATM To configure a serial interface for Cisco Hdlc Serial V.35 and X.21 Interfaces To configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example To configure a T1 Interface for Cisco Hdlc To configure the serial interface on Nokia Platform aT1with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a To configure an E1 interface for Cisco Hdlc E1 with Built-In CSU/DSU Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for frame relay 100 Nokia Network Voyager for Ipso 4.0 Reference Guide 101 102 Hssi Interfaces To configure an Hssi interface for Cisco HdlcNokia Network Voyager for Ipso 4.0 Reference Guide 103 To configure an Hssi interface for PPP 104 To configure an Hssi interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 105 106 Configuring Unnumbered Interfaces To configure an unnumbered interfaceUnnumbered Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 107 To change an unnumbered interface to a numbered interface 108 To configure a static route over an unnumbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 109 Ospf over Unnumbered Interfaces Using Virtual Links Configuring Ospf over Unnumbered Interface110 To change the keepalive interval for Cisco Hdlc Cisco Hdlc ProtocolNokia Network Voyager for Ipso 4.0 Reference Guide 111 Point-to-Point Protocol To change the IP address in Cisco HdlcTo change the keepalive interval in PPP 112 To change the IP address in PPP To change the keepalive maximum failures in PPPNokia Network Voyager for Ipso 4.0 Reference Guide 113 Frame Relay Protocol To change the keepalive interval in frame relayTo change the Dlci in frame relay 114 To change the interface type in frame relay To change the LMI parameters in frame relayNokia Network Voyager for Ipso 4.0 Reference Guide 115 To change the active status monitor setting in frame relay To change the IP address in frame relayTo remove a frame relay interface 116 Loopback Interfaces To add an IP Address to a Loopback InterfaceTo change the IP Address of a loopback interface Nokia Network Voyager for Ipso 4.0 Reference Guide 117 Configuring GRE Tunnels GRE TunnelsTo create a GRE tunnel 118 Nokia Network Voyager for Ipso 4.0 Reference Guide 119 To change IP TOS value of a GRE tunnel 120 GRE Tunnel Example Nokia Network Voyager for Ipso 4.0 Reference Guide 121 HA GRE Tunnel Example High Availability GRE Tunnels122 Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 To create a Dvmrp tunnel Dvmrp TunnelsNokia Network Voyager for Ipso 4.0 Reference Guide 125 To change the local or remote addresses of a Dvmrp tunnel Dvmrp Tunnel Example126 Nokia Network Voyager for Ipso 4.0 Reference Guide 127 To change ARP global parameters ARP Table Entries128 To add a proxy ARP entry To add a static ARP entryNokia Network Voyager for Ipso 4.0 Reference Guide 129 Configuring ARP for ATM Interfaces To add a static ATM ARP entry To delete a static ATM ARP entryTo view and delete dynamic ATM ARP entries Nokia Network Voyager for Ipso 4.0 Reference Guide 131 Limitations Transparent Mode132 Transparent Mode Processing Details Nokia Network Voyager for Ipso 4.0 Reference Guide 133 Configuring Transparent Mode in VPN Environments 134 Example of Transparent Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 135 Configuring Transparent Mode 136 Creating and Deleting Transparent Mode Groups To create a transparent mode groupTo delete a transparent mode group Nokia Network Voyager for Ipso 4.0 Reference Guide 137 To enable or disable a transparent mode group Enabling or Disabling a Transparent Mode Group138 Monitoring Transparent Mode Groups Transparent Mode and Check Point NGXEnabling or Disabling Vrrp for a Transparent Mode Group Configuring Antispoofing Virtual Tunnel Interfaces Fwvpn for Route-Based VPN Unnumbered VTIsRouting Traffic through the VTI 140 Nokia Network Voyager for Ipso 4.0 Reference Guide 141 Creating Virtual Tunnel Interfaces Vrrp SupportTo create a virtual tunnel interface To create the VPN community Nokia Network Voyager for Ipso 4.0 Reference Guide 143 To create the virtual tunnel interface 144 Configuring Dhcp Nokia Network Voyager for Ipso 4.0 Reference Guide 145 Configuring Dhcp Client Interfaces Dhcp Client ConfigurationTo configure the Dhcp client interface To enable the Dhcp client process To configure the Dhcp server process Configuring the Dhcp ServerNokia Network Voyager for Ipso 4.0 Reference Guide 147 To enable the Dhcp server process Dhcp Server Configuration148 Changing Dhcp Service To disable the Dhcp server processTo change the Dhcp service Adding Dhcp Address Pools To enable and existing IP address pool Enabling or Disabling Dhcp Address PoolsAssigning a Fixed-IP Address to a Client To assign a fixed-IP address to a client Creating Dhcp Client Templates Nokia Network Voyager for Ipso 4.0 Reference Guide 151 152 Configuring Dynamic Domain Name System Service Configuring Dynamic Domain Name System ZonesTo configure Dynamic Domain Name System Ddns Nokia Network Voyager for Ipso 4.0 Reference Guide 153 Configuring the Domain Name Service Configuring Disk MirroringTo configure DNS To create a mirror set To delete a mirror set Using an Optional Disk Flash-Based Systems OnlyNokia Network Voyager for Ipso 4.0 Reference Guide 155 To install and configure PC card flash memory To configure the system to store log files on the PC cardMail Relay To remove an optional disk Configuring Mail Relay To configure failure notificationTo configure mail relay for your firewall System Failure Notification Setting the System Time Sending MailTo send mail from the firewall 158 Configuring Host Addresses To set system time onceTo add a static host entry Nokia Network Voyager for Ipso 4.0 Reference Guide 159 Configuring System Logging Configuring Logging on Disk-Based SystemsAccepting Log Messages Logging to a Remote System To send syslog messages to a remote system Configuring Logging on Flash-Based SystemsNokia Network Voyager for Ipso 4.0 Reference Guide 161 Configuring Logging to Remote Log Servers 162 Configuring Logging to an Optional Disk Configuring Audit LogsNokia Network Voyager for Ipso 4.0 Reference Guide 163 To set the system configuration audit log 164 Remote Core Dump Server on Flash-Based Systems Nokia Network Voyager for Ipso 4.0 Reference Guide 165 Managing Configuration Sets Changing the HostnameTo change the hostname 166 To create a factory default configuration file To switch a currently active databaseTo delete unwanted configuration database files Scheduling Jobs To delete scheduled jobs Backing Up and Restoring Files168 Creating Backup Files To create a backup file manuallyTo delete local backup files Nokia Network Voyager for Ipso 4.0 Reference Guide 169 Transferring Backup Files Configuring Automatic TransfersTo configure scheduled backups To cancel a regularly scheduled backup To manually transfer archive files to a remote server Transferring Backup Files ManuallyNokia Network Voyager for Ipso 4.0 Reference Guide 171 To restore files Restoring Files from Locally Stored Backup Files172 Managing Nokia Ipso Images Changing Current ImageDeleting Images To select a new current image To delete an Nokia Ipso image Installing New Images174 To test an image before activating it Testing a New ImageNokia Network Voyager for Ipso 4.0 Reference Guide 175 Rebooting a Cluster Upgrading Nokia Ipso Images for a ClusterDowngrading Nokia Ipso Images 176 Configuring Monitor Reports Nokia Network Voyager for Ipso 4.0 Reference Guide 177 Installing and Enabling Packages Managing PackagesRestrictions for Flash-Based Platforms Monitor Report Parameters To install a package Nokia Network Voyager for Ipso 4.0 Reference Guide 179 Advanced System Tuning Tuning the TCP/IP StackTo enable or disable a package To delete a package To set the TCP MSS Router Alert IP OptionNokia Network Voyager for Ipso 4.0 Reference Guide 181 182 How Vrrp Works Vrrp OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 183 Simple Vrrp Configuration 184 Vrrp Configuration with Internal and External VRIDs Vrrp Configuration with Simultaneous Backup Understanding Monitored-Circuit Vrrp Configuring Vrrp186 Priority Selecting Configuration ParametersNokia Network Voyager for Ipso 4.0 Reference Guide 187 Hello Interval Authentication188 Priority Delta Backup AddressNokia Network Voyager for Ipso 4.0 Reference Guide 189 Vmac Mode 190 Global Vrrp Settings Vrrp Configuration ParametersBefore you Begin Nokia Network Voyager for Ipso 4.0 Reference Guide 191 Configuring Monitored-Circuit Vrrp 192 To add a virtual router Nokia Network Voyager for Ipso 4.0 Reference Guide 193 Configuring Monitored-Circuit Vrrp using the Full Method To change the configuration of an existing virtual routerTo delete a virtual router 194 Additional Vrrp Parameters Used in Full Method Nokia Network Voyager for Ipso 4.0 Reference Guide 195 To add or back up a virtual router using VRRPv2 Configuring VRRPv2196 Configuring Check Point NGX for Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 197 Configure settings under the 3rd party configuration tab 198 Configuration Rule for Check Point NGX FP1 Configuring Vrrp Rules for Check Point NGXNokia Network Voyager for Ipso 4.0 Reference Guide 199 Configuration Rules for Check Point NGX FP2 and Later Configuring Rules if You Are Using Ospf or DvmrpSource Destination Service Action 200 CLI commands for Vrrp Monitoring VrrpLink Aggregation IP2250 Systems Only State Stats Location202 Troubleshooting Vrrp General Configuration ConsiderationsTo enable or disable Monitor Firewall state To enable traces for Vrrp Firewall Policies Access Control Lists204 Switched Environments Monitored-Circuit Vrrp in Switched EnvironmentsVRRPv2 in Switched Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 205 206 IP Clustering Description Using Flash-Based PlatformsNokia Network Voyager for Ipso 4.0 Reference Guide 207 Example Cluster 208 Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 209 Cluster Terminology 210 Cluster member a cluster node that is not the master Nokia Network Voyager for Ipso 4.0 Reference Guide 211 Clustering Modes 212 Nokia Network Voyager for Ipso 4.0 Reference Guide 213 Network Environment Considerations for Clustering214 Other Considerations Nokia Network Voyager for Ipso 4.0 Reference Guide 215 Clustering IP2250 Platforms 216 Upgrading Ipso in a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 217 For All Upgrades Upgrading from Ipso 3.7 or LaterUpgrading from Ipso 218 Enabling Cluster Management Nokia Network Voyager for Ipso 4.0 Reference Guide 219 Creating and Configuring a Cluster Configuration OverviewTo create and configure a cluster Creating a Cluster Configuring the Work Assignment Method Selecting the Cluster ModeNokia Network Voyager for Ipso 4.0 Reference Guide 221 To include an interface in the cluster Configuring an Interface222 Supporting Non-Check Point Gateways and Clients Configuring Firewall MonitoringNokia Network Voyager for Ipso 4.0 Reference Guide 223 Using IP Pools Configuring VPN Tunnels224 Using IP Pools When Only Check Point Gateways Are Involved Nokia Network Voyager for Ipso 4.0 Reference Guide 225 Configuring IP pools in Cluster Voyager Configuring Join-Time Shared Features226 What if Settings Conflict? What is Sharable?Nokia Network Voyager for Ipso 4.0 Reference Guide 227 Configuring Features for Sharing 228 Adding a Node to a Cluster Making the Cluster ActiveAfter You Create a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 229 Recommended Procedure 230 Joining a System to a Cluster Managing a ClusterNokia Network Voyager for Ipso 4.0 Reference Guide 231 To start Cluster Voyager Using Cluster Voyager232 Cluster Administrator Users If You Forget the cadmin PasswordNokia Network Voyager for Ipso 4.0 Reference Guide 233 Configuring the Failure Interval Configuring the Performance RatingMonitoring a Cluster 234 Managing Join-Time Shared Features Nokia Network Voyager for Ipso 4.0 Reference Guide 235 Installing Ipso Images 236 Nokia Network Voyager for Ipso 4.0 Reference Guide 237 Removing a Node from a Cluster 238 Changing Cluster Interface Configurations Deleting a Cluster ConfigurationSynchronizing the Time on Cluster Nodes Assigning the Time Zone NTP Server Outside the Cluster Configuring NTP240 Using the Master Node as the NTP Server Configuring NGX for ClusteringNokia Network Voyager for Ipso 4.0 Reference Guide 241 242 Clustering Example Three Nodes Nokia Network Voyager for Ipso 4.0 Reference Guide 243 Configuring the Cluster in Voyager 244 Configuring the Internal and External Routers Nokia Network Voyager for Ipso 4.0 Reference Guide 245 Clustering Example With Non-Check Point VPN 246 Nokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Snmp Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 249 250 Source Function Nokia Network Voyager for Ipso 4.0 Reference Guide 251 UDP-MIB Snmp Proxy Support for Check Point MIB 252 Using cpsnmpstart Using the Check Point MIBNokia Network Voyager for Ipso 4.0 Reference Guide 253 Enabling Snmp and Selecting the Version To enable or disable Snmp254 Configuring the System for Snmp Setting an Agent AddressTo set an Snmp agent address Nokia Network Voyager for Ipso 4.0 Reference Guide 255 Configuring Traps Types of Snmp Traps256 Type of Trap Description Nokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Setting the Trap PDU Agent Address Configuring Trap ReceiversEnabling or Disabling Trap Types Interpreting Error Messages Configuring Location and Contact InformationTo configure location and contact information Error status code Meaning GetRequest Nokia Network Voyager for Ipso 4.0 Reference Guide 261Variable-bindings Element Description Value Field Set Description Configuring SNMPv3 GetNextRequestGetBulkRequest 262 Request Messages Managing Snmp UsersSecurity Related Options Used in Request Messages Nokia Network Voyager for Ipso 4.0 Reference Guide 263 To add an Snmp user 264 To delete a USM user Nokia Network Voyager for Ipso 4.0 Reference Guide 265 266 IPv6 Overview Nokia Network Voyager for Ipso 4.0 Reference Guide 267 Interfaces To configure IPv6 logical interfaces268 To disable IPv6 on an interface To configure neighbor discoveryTo delete an IPv6 address Nokia Network Voyager for Ipso 4.0 Reference Guide 269 Configuring IPv6 in IPv4 Tunnels To configure IPv6 in IPv4 tunnelsIPv6 and IPv4 Compatibility 270 Configuring IPv6 to IPv4 Configuring IPv6 over IPv4To configure IPv6 to IPv4 To configure IPv6 over IPv4 Configuring IPv4 in IPv6 Tunnels Configuring an IPv6 Default or Static RouteTo configure IPv4 in IPv6 tunnels To configure an IPv6 default or static route Routing Configuration Configuring OSPFv3Configuring RIPng Creating IPv6 Aggregate Routes Creating Redistributed Routes Redistributing Static Routes into RIPngRedistributing Aggregate Routes in RIPng 274 Configuring ICMPv6 Router Discovery Router DiscoveryRedistributing Interface Routes into RIPng Nokia Network Voyager for Ipso 4.0 Reference Guide 275 276 Vrrp for IPv6 Configuring Vrrp for IPv6Nokia Network Voyager for Ipso 4.0 Reference Guide 277 Creating a Virtual Router for an IPv6 Interface Using VRRPv3 278 Nokia Network Voyager for Ipso 4.0 Reference Guide 279 To set the virtual MAC address Setting a Virtual MAC Address for a Virtual Router280 Removing a Virtual Router in VRRPv3 Changing the IP Address List of a Virtual Router in VRRPv3Nokia Network Voyager for Ipso 4.0 Reference Guide 281 Creating a Virtual Router in Monitored Circuit Mode for IPv6 282 Nokia Network Voyager for Ipso 4.0 Reference Guide 283 Traffic Management 284 To enable FTP, TFTP, or Telnet access Security and Access ConfigurationNokia Network Voyager for Ipso 4.0 Reference Guide 285 286 To change the current user’s password Managing PasswordsNokia Network Voyager for Ipso 4.0 Reference Guide 287 Managing User Accounts To change another user’s password288 Adding and Deleting Users User Account AttributesNokia Network Voyager for Ipso 4.0 Reference Guide 289 Attribute Description Managing and Using S/Key To add a userTo remove a user 290 Using S/Key To configure S/KeyTo use the S/Key Nokia Network Voyager for Ipso 4.0 Reference Guide 291 To disable S/Key Managing GroupsDisabling S/Key 292 To add or edit a group Role-Based AdministrationNokia Network Voyager for Ipso 4.0 Reference Guide 293 To add or edit a role Managing Roles294 Assigning Roles and Access Mechanisms to Users To assign roles and access mechanisms to usersTo delete a role Nokia Network Voyager for Ipso 4.0 Reference Guide 295 Creating Cluster Administrator Users 296 Configuring Network Access and Services Network Access Configuration OptionsNetwork Services Service Description Configuring a Modem on COM2, COM3, or COM4 To enable network access options and servicesModem Configuration Parameters 298 To configure a modem on COM2, COM3, or COM4 Nokia Network Voyager for Ipso 4.0 Reference Guide 299 Configuring Nokia Network Voyager Access Country Codes for Ositech Five of Clubs CardCountry Codes for Ositech Five of Clubs Card II 300 To configure Web access for Nokia Network Voyager Configuring Basic Nokia Network Voyager OptionsNokia Network Voyager for Ipso 4.0 Reference Guide 301 Generating and Installing SSL/TLS Certificates Generating an SSL/TLS Certificate and KeysTo generate a certificate and its associated private key 302 To install the certificate and its associated private key Installing the SSL/TLS CertificateNokia Network Voyager for Ipso 4.0 Reference Guide 303 Secure Shell SSH Troubleshooting SSL/TLS Configuration304 To configure SSH Initial SSH ConfigurationNokia Network Voyager for Ipso 4.0 Reference Guide 305 To configure advanced options Configuring Advanced Options for SSH306 Nokia Network Voyager for Ipso 4.0 Reference Guide 307 Configuring Secure Shell Authorized Keys 308 To configure authorized keys To configure key pairsChanging Secure Shell Key Pairs Nokia Network Voyager for Ipso 4.0 Reference Guide 309 To manage user identities Managing User RSA and DSA Identities310 Network Voyager Session Management Tunneling Http Over SSHTo tunnel Http over SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 311 Configuring Session Timeouts To enable or disable session managementTo set the session timeout interval Enabling Enabling or Disabling Session Management Authentication, Authorization, and Accounting AAA Creating an AAA ConfigurationTo create an AAA configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 313 Creating a Service Profile Creating a Service Module EntryCreating an Authentication Profile Nokia Network Voyager for Ipso 4.0 Reference Guide 315 Authentication Profile TypesType Module Description To create an account profile Creating an Accounting Profile316 317 Creating a Service Module Example Profile Controls318 Control Description Service Auth. Mgmt Acct. Mgmt Session Mgmt Configuring RadiusNokia Network Voyager for Ipso 4.0 Reference Guide 319 320 Configuring TACACS+ Nokia Network Voyager for Ipso 4.0 Reference Guide 321 To delete an authentication server Deleting an AAA Authentication Server Configuration322 Changing an AAA Configuration Changing the Service ProfileTo change an AAA configuration To add an authentication profile Service Authentication Management Creating a Stacked Service Module324 Changing a Service Module Configuration Changing an Authentication Profile ConfigurationTo add an accounting profile To add a session profile Changing a Session Profile Configuration Changing an Accounting Profile Configuration326 Deleting an AAA Configuration Deleting an Item in a Service Profile EntryTo delete an AAA configuration Encryption Acceleration To enable the card for a Check Point VPN IPSec Tunnels Ipso ImplementationEnabling Encryption Accelerator Cards Monitoring Cryptographic Acceleration Transport and Tunnel Modes Nokia Network Voyager for Ipso 4.0 Reference Guide 329 Protocol Negotiation and Key Management Building VPN on ESP330 Nokia Network Voyager for Ipso 4.0 Reference Guide 331 Using PKI IPSec Implementation in IpsoIPSec RFCs 332 Miscellaneous Tunnel Requirements Nokia Network Voyager for Ipso 4.0 Reference Guide 333 Phase 1 Configuration IPSec ParametersPlatform Support 334 Choosing IPv4 or IPv6 General Configuration To chose IPv4 or IPv6 general configuration pagesCreating an IPSec Policy Nokia Network Voyager for Ipso 4.0 Reference Guide 335 Proposal and Filters Trusted CA CertificatesTo select a trusted CA certificate 336 Device Certificates Nokia Network Voyager for Ipso 4.0 Reference Guide 337 To enroll and install a device certificate 338 Advanced IPSec Nokia Network Voyager for Ipso 4.0 Reference Guide 339 To complete creating an IPSec policy Putting It All Together340 To create an IPSec tunnel rule Creating an IPSec Tunnel RuleNokia Network Voyager for Ipso 4.0 Reference Guide 341 To create a transport rule Transport Rule342 Nokia Network Voyager for Ipso 4.0 Reference Guide 343 IPSec Tunnel Rule Example To configure Nokia Platform344 Nokia Network Voyager for Ipso 4.0 Reference Guide 345 Configure Nokia Platform To configure Nokia Platform 1 IpsoIPSec Transport Rule Example 346 Nokia Network Voyager for Ipso 4.0 Reference Guide 347 Configure PC1 Removing an IPSec TunnelTo remove an IPSec tunnel 348 To set TCP flag combinations Miscellaneous Security SettingsNokia Network Voyager for Ipso 4.0 Reference Guide 349 350 Routing Protocols Routing OverviewNokia Network Voyager for Ipso 4.0 Reference Guide 351 RIP 352 Route Maps Nokia Network Voyager for Ipso 4.0 Reference Guide 353 Types of Areas 354 High Availability Support for Ospf Area Border RoutersNokia Network Voyager for Ipso 4.0 Reference Guide 355 Clustering Configuring Ospf356 Configuring Ospf Areas and Global Settings Ospf Area Configuration ParametersStub Area Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 357 Nssa Not So Stubby Area Parameters 358 Configuring Virtual Links To configure OspfTo configure a virtual link Nokia Network Voyager for Ipso 4.0 Reference Guide 359 Configuring Global Settings 360 Global Settings for Ospf Nokia Network Voyager for Ipso 4.0 Reference Guide 361 Configuration Parameters for Ospf Interfaces Configuring Ospf Interfaces362 To configure an Ospf interface Nokia Network Voyager for Ipso 4.0 Reference Guide 363 Configuring Ospf Example 364 Network Mask Nokia Network Voyager for Ipso 4.0 Reference Guide 365 Auto Summarization Virtual IP Address Support for Vrrp366 Configuring RIP To configure RIPRIP 1 Configuration Options Available from Network Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 367 Configuring RIP Timers 368 Configuring Auto-Summarization RIP ExampleEnabling RIP 1 on an Interface Nokia Network Voyager for Ipso 4.0 Reference Guide 369 Enabling RIP 2 on an Interface 370 Configuring Virtual IP Support for Vrrp PIM Support for IP ClusteringPIM Dense-Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 371 PIM Sparse-Mode 372 Configuring Dense-Mode PIM Configuring Check Point VPN-1 Pro/ExpressPIM and Check Point SecureXL Nokia Network Voyager for Ipso 4.0 Reference Guide 373 Disabling PIM 374 Setting Advanced Options for Dense-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 375 Configuring Sparse-Mode PIM 376 Configuring High-Availability Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 377 378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 Configuring a PIM-SM Static Rendezvous Point 380 Setting Advanced Options for Sparse-Mode PIM Optional Nokia Network Voyager for Ipso 4.0 Reference Guide 381 382 Debugging PIM Command ShowsNokia Network Voyager for Ipso 4.0 Reference Guide 383 To log information about errors and events 384 Igrp Nokia Network Voyager for Ipso 4.0 Reference Guide 385 386 Generation of Exterior Routes Nokia Network Voyager for Ipso 4.0 Reference Guide 387 Configuring Igrp Aliased InterfacesIgrp Aggregation 388 Igrp Example To enable Igrp on an interfaceNokia Network Voyager for Ipso 4.0 Reference Guide 389 Dvmrp 390 Configuring Dvmrp Timers Configuring DvmrpNokia Network Voyager for Ipso 4.0 Reference Guide 391 Igmp 392 Configuring Igmp Nokia Network Voyager for Ipso 4.0 Reference Guide 393 Static Routes 394 To setting the rank for static routes To configure a default or static routeNokia Network Voyager for Ipso 4.0 Reference Guide 395 To add and configure many static routes at the same time 396 To create a static default route To create a static route non-defaultAdding and Managing Static Routes Example Creating/Removing Static Routes Backup Static Routes To disable a static routeTo create a backup static route Route Aggregation To remove aggregate routes To create aggregate routesNokia Network Voyager for Ipso 4.0 Reference Guide 399 Route Aggregation Example 400 Preference Default Route RankRank Assignments Nokia Network Voyager for Ipso 4.0 Reference Guide 401 To set route rank Routing Protocol Rank Example402 Support for BGP-4++ To configure the routing preferencesNokia Network Voyager for Ipso 4.0 Reference Guide 403 BGP Path Attributes BGP Sessions Internal and External404 Nokia Network Voyager for Ipso 4.0 Reference Guide 405 Path Attribute Definition BGP Interactions with IGPs BGP Multi-Exit Discriminator406 Inbound BGP Route Filters Redistributing Routes to BGPCommunities Nokia Network Voyager for Ipso 4.0 Reference Guide 407 408 Route ReflectionCommunity attribute Description Confederations Nokia Network Voyager for Ipso 4.0 Reference Guide 409 Ebgp Multihop Support 410 Route Dampening TCP MD5 AuthenticationNokia Network Voyager for Ipso 4.0 Reference Guide 411 BGP Support for Virtual IP for Vrrp 412 BGP Support for IP Clustering BGP Memory RequirementsTables Nokia Network Voyager for Ipso 4.0 Reference Guide 413 Example Memory Size414 BGP Neighbors Example To configure Ibgp on Nokia Platform aNokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform C To configure Ibgp on Nokia Platform B416 To configure Ebgp on Nokia Platform a To configure Ebgp on Nokia Platform CTo configure Ebgp on Nokia Platform D Nokia Network Voyager for Ipso 4.0 Reference Guide 417 To configuring Ebgp on Nokia Platform E Path Filtering Based on Communities ExampleVerification 418 BGP Multi Exit Discriminator Example To configure Default MED for Nokia Platform DNokia Network Voyager for Ipso 4.0 Reference Guide 419 To configure MED Values for all peers of AS200 420 Changing the Local Preference Value Example Nokia Network Voyager for Ipso 4.0 Reference Guide 421 To configure an Ibgp peer for Nokia Platform B To configure the static routes required for an Ibgp sessionTo set the local preference value for an Ibgp peer 422 BGP Confederation Example Configuring Nokia Platform CNokia Network Voyager for Ipso 4.0 Reference Guide 423 Configuring Platform B 424 Nokia Network Voyager for Ipso 4.0 Reference Guide 425 Route Reflector Example Configuring Platform B as Route Reflector426 Configuring Platform D as Ibgp Peer of Platform B Configuring Platform C as Ibgp Peer of Platform BNokia Network Voyager for Ipso 4.0 Reference Guide 427 Configuring BGP Route Inbound Policy on Platform B Configuring Redistribution of BGP Routes on Platform BBGP Community Example 428 Follow the steps in the Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 429 Configuring a Loopback Address on Platform a Configuring a Loopback Address on Platform BConfiguring a Static Route on Platform a Ebgp Load Balancing Example Scenario #1 Configuring a Static Route on Platform B Configuring an Ebgp Peer on Platform aConfiguring an Ebgp Peer on Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 431 Configuring Ospf on Platform a Configuring Ospf on Platform BEbgp Load Balancing Example Scenario #2 432 Adjusting BGP Timers Example Nokia Network Voyager for Ipso 4.0 Reference Guide 433 TCP MD5 Authentication Example Configuring TCP MD5 Authentication on Nokia Platform aConfiguring BGP Route Redistribution on Nokia Platform B 434 BGP Route Dampening Example Field Default value Units of measurementNokia Network Voyager for Ipso 4.0 Reference Guide 435 BGP-4++ Example BGP Path Selection436 To configure configure a BGP4 session over IPv6 transport Nokia Network Voyager for Ipso 4.0 Reference Guide 437 Route Redistribution 438 Nokia Network Voyager for Ipso 4.0 Reference Guide 439 To configure BGP route redistribution on Nokia Platform D Redistributing Routes to RIP and IgrpBGP Route Redistribution Example To redistribute a single route Redistributing RIP to Ospf Example Nokia Network Voyager for Ipso 4.0 Reference Guide 441 442 Redistributing Ospf to BGP Example Nokia Network Voyager for Ipso 4.0 Reference Guide 443 To redistribute Ospf to BGP through Nokia Platform a Redistributing Routes with Ospf444 Inbound Route Filters To configure IGP inbound filtersNokia Network Voyager for Ipso 4.0 Reference Guide 445 BGP Route Inbound Policy Example 446 Nokia Network Voyager for Ipso 4.0 Reference Guide 447 Aspath Regular Expressions BGP AS Path Filtering Example448 Traffic Management Overview Packet Filtering DescriptionTraffic Shaping Description Nokia Network Voyager for Ipso 4.0 Reference Guide 449 Traffic Queuing Description Configuring Access Control Lists450 To apply or remove an ACL to or from an interface To create or delete an ACLNokia Network Voyager for Ipso 4.0 Reference Guide 451 Configuring ACL Rules 452 To add a new rule to an ACL Modifying a RuleNokia Network Voyager for Ipso 4.0 Reference Guide 453 ACL Rule Attributes 454 Configuring Aggregation Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 455 To associate an aggregation class with a rule To create an Aggregation Class456 Configuring Queue Classes Nokia Network Voyager for Ipso 4.0 Reference Guide 457 To create or delete a queue class To set or modify queue class configuration values458 Configuring ATM QoS To associate a queue class with an interfaceCreate a QoS descriptor Nokia Network Voyager for Ipso 4.0 Reference Guide 459 To dissociate an ATM QoS Descriptor from an existing PVC To delete an ATM QoS descriptor460 Configuring Common Open Policy Server Nokia Network Voyager for Ipso 4.0 Reference Guide 461 Configuring Security Parameters for a Cops Client ID Configuring a Cops Client ID and Policy Decision Point462 Assigning Roles to Specific Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 463 To disable and delete a Client ID Activating and Deactivating the Cops ClientDeleting a Client ID 464 Example Rate Shaping Nokia Network Voyager for Ipso 4.0 Reference Guide 465 Example Expedited Forwarding 466 Nokia Network Voyager for Ipso 4.0 Reference Guide 467 To test the configuration 468 BOOTP/DHCP Relay Nokia Network Voyager for Ipso 4.0 Reference Guide 469 Configuring BOOTP/DHCP Relay To enable Bootp relay on an InterfaceBootp configuration parameters 470 To disable Bootp relay on an interface IP Broadcast helper configuration parametersIP Broadcast Helper Nokia Network Voyager for Ipso 4.0 Reference Guide 471 To configure IP broadcast helper 472 Router Discovery Overview Configuring Router DiscoveryNokia Network Voyager for Ipso 4.0 Reference Guide 473 Router discover configuration parameters To enable router discovery services474 Network Time Protocol NTP To disable router discovery servicesNokia Network Voyager for Ipso 4.0 Reference Guide 475 To configure NTP Configuring NTP476 Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 CPU-Memory Live Utilization Viewing System Utilization StatisticsNokia Network Voyager for Ipso 4.0 Reference Guide 479 Monitoring Process Utilization Disk and Swap Space480 Nokia Network Voyager for Ipso 4.0 Reference Guide 481 Ipso Process ManagementProcess Description Generating Monitor Reports Reports482 Report Description To display reports Monitoring System HealthNokia Network Voyager for Ipso 4.0 Reference Guide 483 Monitoring System Logs 484 Viewing Cluster Status and Members Nokia Network Voyager for Ipso 4.0 Reference Guide 485 Displaying Route Settings Viewing Routing Protocol InformationDisplaying the Kernel Forwarding Table 486 Hardware Monitoring Displaying Interface SettingsNokia Network Voyager for Ipso 4.0 Reference Guide 487 Using the iclid Tool Iclid CommandsTo display routing daemon status using iclid 488 Nokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 Preventing Full Log Buffers and Related Console Messages 494 If you are using FireWall-1 NG If you are using FireWall-1Nokia Network Voyager for Ipso 4.0 Reference Guide 495 496 Index Nokia Network Voyager for Ipso 4.0 Reference Guide Index Bios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index