Manuals / Nokia / Cell Phone / Cell Phone

Nokia IPSO 4.0 manual Creating an IPSec Policy, Choosing IPv4 or IPv6 General Configuration

Models: IPSO 4.0

1 510

Page 335

Some IPSec systems require that the SA lifetimes (seconds, as well as megabytes) match on both devices. See “Putting It All Together” in “Creating an IPSec Policy” for more information.

IKE and PFS groups should match on both devices. See “Putting It All Together” in “Creating an IPSec Policy” for more information.

The Diffie-Hellman key exchange uses the IKE group during the establishment of Phase 1 ISAKMP SA. Value options are 1, 2, or 5; 2 is the default value.

The Diffie-Hellman key exchange uses the PFS group in Phase 2 to construct key material for IPSec SAs. The value options are 1, 2, 5, or none; 2 is the default. Setting the value to none disables PFS.

Note

When IPSO is acting as the responder of the Phase 2 negotiation, it always accepts the PFS group proposed by the initiator.

Creating an IPSec Policy

Choosing IPv4 or IPv6 General Configuration Page

To chose IPv4 or IPv6 general configuration pages

1.Click IPSec under Security and Access in the tree view. .

2.Access the appropriate IPSec General Configuration page:

To display the IPv4 IPSec General Configuration page—click on the IPSec link

To display the IPv6 IPSec General Configuration page—first click on the IPv6 Configuration link; this takes you to the main IPv6 page. Next, click on the IPSec link; this takes you to the IPv6 IPSec General Configuration Page.

If you are on the IPv4 General Configuration page—6to move to the IPv6 General configuration page, scroll down to the bottom of the page and click the IPv6 IPSec General Configuration link.

Note

Application procedures are the same for both configuration page types. The primary difference is the format of the IP addresses. IPv4 uses dotted quad format and IPv6 uses canonical address format. Selected range values might be different; consult the inline Help option for specifics.

The following sections describe how to create an IPSec policy.

Nokia Network Voyager for IPSO 4.0 Reference Guide

335

Page 335

Image 335

Nokia IPSO 4.0 manual Creating an IPSec Policy, Choosing IPv4 or IPv6 General Configuration

Contents

Nokia Network Voyager For Ipso Reference Guide Restricted Rights Legend Nokia Network Voyager for Ipso 4.0 Reference Guide Https//support.nokia.com Tac.support@nokia.com Nokia Network Voyager for Ipso 4.0 Reference Guide Contents Nokia Network Voyager Ipso 4.0 Reference Guide Configuring System Functions Nokia Network Voyager Ipso 4.0 Reference Guide Virtual Router Redundancy Protocol Vrrp Configuring Clustering Nokia Network Voyager Ipso 4.0 Reference Guide Configuring IPv6 Configuring Snmp Managing Security and Access Configuring Routing Nokia Network Voyager Ipso 4.0 Reference Guide Nokia Network Voyager Ipso 4.0 Reference Guide Configuring Traffic Management Monitoring System Configuration and Hardware Configuring Router Services Index About the Nokia Network Voyager Reference Guide About the Nokia Network Voyager Reference Guide Convention Description Conventions This Guide UsesText Conventions Text Conventions Menu Items Related Documentation Nokia Network Voyager for Ipso 4.0 Reference Guide Software Overview To open Nokia Network Voyager Logging In to Network VoyagerLogging Off To override a configuration lock Obtaining a Configuration LockTo log in with exclusive configuration lock To log in without exclusive configuration lock To clear the memory and disk cache Accessing Documentation and HelpNavigating in Network Voyager Reloading Pages To open a new window to view help „ Nokia support site https//support.nokia.com To view the asset management summary Viewing Hardware and Software Information for Your System Interface Overview Configuring Interfaces Type Prefix Configuring Network DevicesIP2250 Management Ports Physical Interface Logical Interface Configuring IP Addresses Interface Status Indicator Description Configuring Tunnel InterfacesInterface Status Indicators Parameter Description Configuring Ethernet InterfacesPhysical Interface Configuration Parameters Ethernet Interfaces Link Aggregation To configure an Ethernet interface Configuring Switches for Link Aggregation Managing Link Aggregation Using Snmp Firewall Synchronization Traffic Static Link AggregationLink Aggregation on the IP2250 Production Traffic ADP I/O Ports Only Configuring the Remaining Management Ports To physically configure the interfaces you will aggregate Configuring Link AggregationPhysical Interface Configuration To set up link aggregation in Network Voyager To configure link aggregation groups Group Configuration Gigabit Ethernet Interface Parameters Logical ConfigurationGigabit Ethernet Interfaces Deleting Aggregation Groups MTU To configure a Gigabit Ethernet interface Point-to-Point Over Ethernet Configuring PPPoETo configure PPPoE Nokia Network Voyager for Ipso 4.0 Reference Guide To delete PPPoE logical interfaces To change configuration profilesTo delete configuration profiles To create PPPoE logical interfaces Virtual LAN Interfaces Configuring MSS Clamping To delete a Vlan Interface To configure a Vlan Interface To define the maximum number of VLANs Vlan Example Topology Fddi Interfaces To configure an Fddi Interface To change the IP address of an Fddi interface To change the duplex setting of an Fddi interface Isdn Interfaces To configure an Isdn physical interface To configure an Isdn logical interface to place calls Nokia Network Voyager for Ipso 4.0 Reference Guide Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an Isdn interface to receive calls To add an incoming number Configuring Calling Line-Identification Screening To remove an incoming number To configure an interface to place and receive calls Dial-on-Demand Routing DDR Lists To add a new rule to a DDR list To create a DDR listTo delete a DDR list To apply or remove a DDR list to/from an interface Example DDR ListTo modify a rule Isdn Network Configuration Example To configure the IP650 to handle an incoming call To configure the IP330 to place an outgoing call Sample Call Traces Trace for connecting a call from the Nokia IP330 is To view the message log Isdn TroubleshootingLogging To set level of messages logged Isdn Cause Code Fields Troubleshooting Cause CodesTo trace Isdn traffic using tcpdump Tracing Cause Values Cause Cause Description DiagnosticsIsdn Cause Values See Isdn Cause Values table Information-element identifiers is missing Value Description Isdn Bearer-Capable Values Token Ring Interfaces To configure a Token Ring interface To change a Token Ring interface To deactivate a Token Ring interface Token Ring Example Fddi Point-to-Point Link over ATM To configure an ATM interface To change the VPI/VCI of an ATM interface To change the IP MTU of an ATM interface To change the IP Address of an ATM interface Fddi ATM Example IP over ATM IPoA To configure the ATM interface on Nokia Platform aTo configure an ATM logical IP subnet LIS interface To change the VPI/VCIs of an ATM LIS Interface To change the IP Address of an ATM LIS interface ATM IPoA Example Serial V.35 and X.21 Interfaces To configure a serial interface for Cisco Hdlc To configure a Serial Interface for PPP To configure a serial interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide Serial Interface Example T1with Built-In CSU/DSU Interfaces To configure the serial interface on Nokia Platform aTo configure a T1 Interface for Cisco Hdlc Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 Interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide To configure a T1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide T1 Interface Example To configure the serial interface on Nokia Platform a E1 with Built-In CSU/DSU Interfaces To configure an E1 interface for Cisco Hdlc Nokia Network Voyager for Ipso 4.0 Reference Guide To configure an E1 interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 100 To configure an E1 interface for frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 101 102 Nokia Network Voyager for Ipso 4.0 Reference Guide 103 To configure an Hssi interface for Cisco HdlcHssi Interfaces 104 To configure an Hssi interface for PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 105 To configure an Hssi interface for frame relay 106 Nokia Network Voyager for Ipso 4.0 Reference Guide 107 Configuring Unnumbered InterfacesTo configure an unnumbered interface Unnumbered Interfaces 108 To change an unnumbered interface to a numbered interface Nokia Network Voyager for Ipso 4.0 Reference Guide 109 To configure a static route over an unnumbered interface 110 Configuring Ospf over Unnumbered InterfaceOspf over Unnumbered Interfaces Using Virtual Links Nokia Network Voyager for Ipso 4.0 Reference Guide 111 Cisco Hdlc ProtocolTo change the keepalive interval for Cisco Hdlc 112 Point-to-Point ProtocolTo change the IP address in Cisco Hdlc To change the keepalive interval in PPP Nokia Network Voyager for Ipso 4.0 Reference Guide 113 To change the keepalive maximum failures in PPPTo change the IP address in PPP 114 Frame Relay ProtocolTo change the keepalive interval in frame relay To change the Dlci in frame relay Nokia Network Voyager for Ipso 4.0 Reference Guide 115 To change the LMI parameters in frame relayTo change the interface type in frame relay 116 To change the active status monitor setting in frame relayTo change the IP address in frame relay To remove a frame relay interface Nokia Network Voyager for Ipso 4.0 Reference Guide 117 Loopback InterfacesTo add an IP Address to a Loopback Interface To change the IP Address of a loopback interface 118 Configuring GRE TunnelsGRE Tunnels To create a GRE tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 119 120 To change IP TOS value of a GRE tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 121 GRE Tunnel Example 122 High Availability GRE TunnelsHA GRE Tunnel Example Nokia Network Voyager for Ipso 4.0 Reference Guide 123 124 Nokia Network Voyager for Ipso 4.0 Reference Guide 125 Dvmrp TunnelsTo create a Dvmrp tunnel 126 Dvmrp Tunnel ExampleTo change the local or remote addresses of a Dvmrp tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 127 128 ARP Table EntriesTo change ARP global parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 129 To add a static ARP entryTo add a proxy ARP entry Configuring ARP for ATM Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 131 To add a static ATM ARP entryTo delete a static ATM ARP entry To view and delete dynamic ATM ARP entries 132 Transparent ModeLimitations Nokia Network Voyager for Ipso 4.0 Reference Guide 133 Transparent Mode Processing Details 134 Configuring Transparent Mode in VPN Environments Nokia Network Voyager for Ipso 4.0 Reference Guide 135 Example of Transparent Mode 136 Configuring Transparent Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 137 Creating and Deleting Transparent Mode GroupsTo create a transparent mode group To delete a transparent mode group 138 Enabling or Disabling a Transparent Mode GroupTo enable or disable a transparent mode group Configuring Antispoofing Monitoring Transparent Mode GroupsTransparent Mode and Check Point NGX Enabling or Disabling Vrrp for a Transparent Mode Group 140 Virtual Tunnel Interfaces Fwvpn for Route-Based VPNUnnumbered VTIs Routing Traffic through the VTI Nokia Network Voyager for Ipso 4.0 Reference Guide 141 To create the VPN community Creating Virtual Tunnel InterfacesVrrp Support To create a virtual tunnel interface Nokia Network Voyager for Ipso 4.0 Reference Guide 143 144 To create the virtual tunnel interface Nokia Network Voyager for Ipso 4.0 Reference Guide 145 Configuring Dhcp To enable the Dhcp client process Configuring Dhcp Client InterfacesDhcp Client Configuration To configure the Dhcp client interface Nokia Network Voyager for Ipso 4.0 Reference Guide 147 Configuring the Dhcp ServerTo configure the Dhcp server process 148 Dhcp Server ConfigurationTo enable the Dhcp server process Adding Dhcp Address Pools Changing Dhcp ServiceTo disable the Dhcp server process To change the Dhcp service To assign a fixed-IP address to a client To enable and existing IP address poolEnabling or Disabling Dhcp Address Pools Assigning a Fixed-IP Address to a Client Nokia Network Voyager for Ipso 4.0 Reference Guide 151 Creating Dhcp Client Templates 152 Nokia Network Voyager for Ipso 4.0 Reference Guide 153 Configuring Dynamic Domain Name System ServiceConfiguring Dynamic Domain Name System Zones To configure Dynamic Domain Name System Ddns To create a mirror set Configuring the Domain Name ServiceConfiguring Disk Mirroring To configure DNS Nokia Network Voyager for Ipso 4.0 Reference Guide 155 Using an Optional Disk Flash-Based Systems OnlyTo delete a mirror set To remove an optional disk To install and configure PC card flash memoryTo configure the system to store log files on the PC card Mail Relay System Failure Notification Configuring Mail RelayTo configure failure notification To configure mail relay for your firewall 158 Setting the System TimeSending Mail To send mail from the firewall Nokia Network Voyager for Ipso 4.0 Reference Guide 159 Configuring Host AddressesTo set system time once To add a static host entry Logging to a Remote System Configuring System LoggingConfiguring Logging on Disk-Based Systems Accepting Log Messages Nokia Network Voyager for Ipso 4.0 Reference Guide 161 Configuring Logging on Flash-Based SystemsTo send syslog messages to a remote system 162 Configuring Logging to Remote Log Servers Nokia Network Voyager for Ipso 4.0 Reference Guide 163 Configuring Audit LogsConfiguring Logging to an Optional Disk 164 To set the system configuration audit log Nokia Network Voyager for Ipso 4.0 Reference Guide 165 Remote Core Dump Server on Flash-Based Systems 166 Managing Configuration SetsChanging the Hostname To change the hostname Scheduling Jobs To create a factory default configuration fileTo switch a currently active database To delete unwanted configuration database files 168 Backing Up and Restoring FilesTo delete scheduled jobs Nokia Network Voyager for Ipso 4.0 Reference Guide 169 Creating Backup FilesTo create a backup file manually To delete local backup files To cancel a regularly scheduled backup Transferring Backup FilesConfiguring Automatic Transfers To configure scheduled backups Nokia Network Voyager for Ipso 4.0 Reference Guide 171 Transferring Backup Files ManuallyTo manually transfer archive files to a remote server 172 Restoring Files from Locally Stored Backup FilesTo restore files To select a new current image Managing Nokia Ipso ImagesChanging Current Image Deleting Images 174 Installing New ImagesTo delete an Nokia Ipso image Nokia Network Voyager for Ipso 4.0 Reference Guide 175 Testing a New ImageTo test an image before activating it 176 Rebooting a ClusterUpgrading Nokia Ipso Images for a Cluster Downgrading Nokia Ipso Images Nokia Network Voyager for Ipso 4.0 Reference Guide 177 Configuring Monitor Reports Monitor Report Parameters Installing and Enabling PackagesManaging Packages Restrictions for Flash-Based Platforms Nokia Network Voyager for Ipso 4.0 Reference Guide 179 To install a package To delete a package Advanced System TuningTuning the TCP/IP Stack To enable or disable a package Nokia Network Voyager for Ipso 4.0 Reference Guide 181 Router Alert IP OptionTo set the TCP MSS 182 Nokia Network Voyager for Ipso 4.0 Reference Guide 183 Vrrp OverviewHow Vrrp Works 184 Simple Vrrp Configuration Vrrp Configuration with Simultaneous Backup Vrrp Configuration with Internal and External VRIDs 186 Configuring VrrpUnderstanding Monitored-Circuit Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 187 Selecting Configuration ParametersPriority 188 AuthenticationHello Interval Nokia Network Voyager for Ipso 4.0 Reference Guide 189 Backup AddressPriority Delta 190 Vmac Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 191 Global Vrrp SettingsVrrp Configuration Parameters Before you Begin 192 Configuring Monitored-Circuit Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 193 To add a virtual router 194 Configuring Monitored-Circuit Vrrp using the Full MethodTo change the configuration of an existing virtual router To delete a virtual router Nokia Network Voyager for Ipso 4.0 Reference Guide 195 Additional Vrrp Parameters Used in Full Method 196 Configuring VRRPv2To add or back up a virtual router using VRRPv2 Nokia Network Voyager for Ipso 4.0 Reference Guide 197 Configuring Check Point NGX for Vrrp 198 Configure settings under the 3rd party configuration tab Nokia Network Voyager for Ipso 4.0 Reference Guide 199 Configuring Vrrp Rules for Check Point NGXConfiguration Rule for Check Point NGX FP1 200 Configuration Rules for Check Point NGX FP2 and LaterConfiguring Rules if You Are Using Ospf or Dvmrp Source Destination Service Action State CLI commands for VrrpMonitoring Vrrp Link Aggregation IP2250 Systems Only 202 LocationStats To enable traces for Vrrp Troubleshooting VrrpGeneral Configuration Considerations To enable or disable Monitor Firewall state 204 Access Control ListsFirewall Policies Nokia Network Voyager for Ipso 4.0 Reference Guide 205 Switched EnvironmentsMonitored-Circuit Vrrp in Switched Environments VRRPv2 in Switched Environments 206 Nokia Network Voyager for Ipso 4.0 Reference Guide 207 Using Flash-Based PlatformsIP Clustering Description 208 Example Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 209 Cluster Management 210 Cluster Terminology Nokia Network Voyager for Ipso 4.0 Reference Guide 211 Cluster member a cluster node that is not the master 212 Clustering Modes Nokia Network Voyager for Ipso 4.0 Reference Guide 213 214 Considerations for ClusteringNetwork Environment Nokia Network Voyager for Ipso 4.0 Reference Guide 215 Other Considerations 216 Clustering IP2250 Platforms Nokia Network Voyager for Ipso 4.0 Reference Guide 217 Upgrading Ipso in a Cluster 218 For All UpgradesUpgrading from Ipso 3.7 or Later Upgrading from Ipso Nokia Network Voyager for Ipso 4.0 Reference Guide 219 Enabling Cluster Management Creating a Cluster Creating and Configuring a ClusterConfiguration Overview To create and configure a cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 221 Selecting the Cluster ModeConfiguring the Work Assignment Method 222 Configuring an InterfaceTo include an interface in the cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 223 Configuring Firewall MonitoringSupporting Non-Check Point Gateways and Clients 224 Configuring VPN TunnelsUsing IP Pools Nokia Network Voyager for Ipso 4.0 Reference Guide 225 Using IP Pools When Only Check Point Gateways Are Involved 226 Configuring Join-Time Shared FeaturesConfiguring IP pools in Cluster Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 227 What is Sharable?What if Settings Conflict? 228 Configuring Features for Sharing Nokia Network Voyager for Ipso 4.0 Reference Guide 229 Adding a Node to a ClusterMaking the Cluster Active After You Create a Cluster 230 Recommended Procedure Nokia Network Voyager for Ipso 4.0 Reference Guide 231 Managing a ClusterJoining a System to a Cluster 232 Using Cluster VoyagerTo start Cluster Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 233 If You Forget the cadmin PasswordCluster Administrator Users 234 Configuring the Failure IntervalConfiguring the Performance Rating Monitoring a Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 235 Managing Join-Time Shared Features 236 Installing Ipso Images Nokia Network Voyager for Ipso 4.0 Reference Guide 237 238 Removing a Node from a Cluster Assigning the Time Zone Changing Cluster Interface ConfigurationsDeleting a Cluster Configuration Synchronizing the Time on Cluster Nodes 240 Configuring NTPNTP Server Outside the Cluster Nokia Network Voyager for Ipso 4.0 Reference Guide 241 Configuring NGX for ClusteringUsing the Master Node as the NTP Server 242 Nokia Network Voyager for Ipso 4.0 Reference Guide 243 Clustering Example Three Nodes 244 Configuring the Cluster in Voyager Nokia Network Voyager for Ipso 4.0 Reference Guide 245 Configuring the Internal and External Routers 246 Clustering Example With Non-Check Point VPN Nokia Network Voyager for Ipso 4.0 Reference Guide 247 248 Nokia Network Voyager for Ipso 4.0 Reference Guide 249 Snmp Overview Source Function 250 UDP-MIB Nokia Network Voyager for Ipso 4.0 Reference Guide 251 252 Snmp Proxy Support for Check Point MIB Nokia Network Voyager for Ipso 4.0 Reference Guide 253 Using the Check Point MIBUsing cpsnmpstart 254 To enable or disable SnmpEnabling Snmp and Selecting the Version Nokia Network Voyager for Ipso 4.0 Reference Guide 255 Configuring the System for SnmpSetting an Agent Address To set an Snmp agent address Type of Trap Description Configuring TrapsTypes of Snmp Traps 256 Nokia Network Voyager for Ipso 4.0 Reference Guide 257 258 Enabling or Disabling Trap Types Configuring Trap ReceiversSetting the Trap PDU Agent Address Error status code Meaning Interpreting Error MessagesConfiguring Location and Contact Information To configure location and contact information Value Field Set Description GetRequestNokia Network Voyager for Ipso 4.0 Reference Guide 261 Variable-bindings Element Description 262 Configuring SNMPv3GetNextRequest GetBulkRequest Nokia Network Voyager for Ipso 4.0 Reference Guide 263 Request MessagesManaging Snmp Users Security Related Options Used in Request Messages 264 To add an Snmp user Nokia Network Voyager for Ipso 4.0 Reference Guide 265 To delete a USM user 266 Nokia Network Voyager for Ipso 4.0 Reference Guide 267 IPv6 Overview 268 To configure IPv6 logical interfacesInterfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 269 To disable IPv6 on an interfaceTo configure neighbor discovery To delete an IPv6 address 270 Configuring IPv6 in IPv4 TunnelsTo configure IPv6 in IPv4 tunnels IPv6 and IPv4 Compatibility To configure IPv6 over IPv4 Configuring IPv6 to IPv4Configuring IPv6 over IPv4 To configure IPv6 to IPv4 To configure an IPv6 default or static route Configuring IPv4 in IPv6 TunnelsConfiguring an IPv6 Default or Static Route To configure IPv4 in IPv6 tunnels Creating IPv6 Aggregate Routes Routing ConfigurationConfiguring OSPFv3 Configuring RIPng 274 Creating Redistributed RoutesRedistributing Static Routes into RIPng Redistributing Aggregate Routes in RIPng Nokia Network Voyager for Ipso 4.0 Reference Guide 275 Configuring ICMPv6 Router DiscoveryRouter Discovery Redistributing Interface Routes into RIPng 276 Nokia Network Voyager for Ipso 4.0 Reference Guide 277 Configuring Vrrp for IPv6Vrrp for IPv6 278 Creating a Virtual Router for an IPv6 Interface Using VRRPv3 Nokia Network Voyager for Ipso 4.0 Reference Guide 279 280 Setting a Virtual MAC Address for a Virtual RouterTo set the virtual MAC address Nokia Network Voyager for Ipso 4.0 Reference Guide 281 Changing the IP Address List of a Virtual Router in VRRPv3Removing a Virtual Router in VRRPv3 282 Creating a Virtual Router in Monitored Circuit Mode for IPv6 Nokia Network Voyager for Ipso 4.0 Reference Guide 283 284 Traffic Management Nokia Network Voyager for Ipso 4.0 Reference Guide 285 Security and Access ConfigurationTo enable FTP, TFTP, or Telnet access 286 Nokia Network Voyager for Ipso 4.0 Reference Guide 287 Managing PasswordsTo change the current user’s password 288 To change another user’s passwordManaging User Accounts Attribute Description Adding and Deleting UsersUser Account Attributes Nokia Network Voyager for Ipso 4.0 Reference Guide 289 290 Managing and Using S/KeyTo add a user To remove a user Nokia Network Voyager for Ipso 4.0 Reference Guide 291 Using S/KeyTo configure S/Key To use the S/Key 292 To disable S/KeyManaging Groups Disabling S/Key Nokia Network Voyager for Ipso 4.0 Reference Guide 293 Role-Based AdministrationTo add or edit a group 294 Managing RolesTo add or edit a role Nokia Network Voyager for Ipso 4.0 Reference Guide 295 Assigning Roles and Access Mechanisms to UsersTo assign roles and access mechanisms to users To delete a role 296 Creating Cluster Administrator Users Service Description Configuring Network Access and ServicesNetwork Access Configuration Options Network Services 298 Configuring a Modem on COM2, COM3, or COM4To enable network access options and services Modem Configuration Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 299 To configure a modem on COM2, COM3, or COM4 300 Configuring Nokia Network Voyager AccessCountry Codes for Ositech Five of Clubs Card Country Codes for Ositech Five of Clubs Card II Nokia Network Voyager for Ipso 4.0 Reference Guide 301 Configuring Basic Nokia Network Voyager OptionsTo configure Web access for Nokia Network Voyager 302 Generating and Installing SSL/TLS CertificatesGenerating an SSL/TLS Certificate and Keys To generate a certificate and its associated private key Nokia Network Voyager for Ipso 4.0 Reference Guide 303 Installing the SSL/TLS CertificateTo install the certificate and its associated private key 304 Troubleshooting SSL/TLS ConfigurationSecure Shell SSH Nokia Network Voyager for Ipso 4.0 Reference Guide 305 Initial SSH ConfigurationTo configure SSH 306 Configuring Advanced Options for SSHTo configure advanced options Nokia Network Voyager for Ipso 4.0 Reference Guide 307 308 Configuring Secure Shell Authorized Keys Nokia Network Voyager for Ipso 4.0 Reference Guide 309 To configure authorized keysTo configure key pairs Changing Secure Shell Key Pairs 310 Managing User RSA and DSA IdentitiesTo manage user identities Nokia Network Voyager for Ipso 4.0 Reference Guide 311 Network Voyager Session ManagementTunneling Http Over SSH To tunnel Http over SSH Enabling Enabling or Disabling Session Management Configuring Session TimeoutsTo enable or disable session management To set the session timeout interval Nokia Network Voyager for Ipso 4.0 Reference Guide 313 Authentication, Authorization, and Accounting AAACreating an AAA Configuration To create an AAA configuration Creating an Authentication Profile Creating a Service Module EntryCreating a Service Profile Type Module Description Authentication Profile TypesNokia Network Voyager for Ipso 4.0 Reference Guide 315 316 Creating an Accounting ProfileTo create an account profile 317 Control Description Creating a Service Module ExampleProfile Controls 318 Nokia Network Voyager for Ipso 4.0 Reference Guide 319 Configuring RadiusService Auth. Mgmt Acct. Mgmt Session Mgmt 320 Nokia Network Voyager for Ipso 4.0 Reference Guide 321 Configuring TACACS+ 322 Deleting an AAA Authentication Server ConfigurationTo delete an authentication server To add an authentication profile Changing an AAA ConfigurationChanging the Service Profile To change an AAA configuration 324 Creating a Stacked Service ModuleService Authentication Management To add a session profile Changing a Service Module ConfigurationChanging an Authentication Profile Configuration To add an accounting profile 326 Changing an Accounting Profile ConfigurationChanging a Session Profile Configuration Encryption Acceleration Deleting an AAA ConfigurationDeleting an Item in a Service Profile Entry To delete an AAA configuration Monitoring Cryptographic Acceleration To enable the card for a Check Point VPNIPSec Tunnels Ipso Implementation Enabling Encryption Accelerator Cards Nokia Network Voyager for Ipso 4.0 Reference Guide 329 Transport and Tunnel Modes 330 Building VPN on ESPProtocol Negotiation and Key Management Nokia Network Voyager for Ipso 4.0 Reference Guide 331 332 Using PKIIPSec Implementation in Ipso IPSec RFCs Nokia Network Voyager for Ipso 4.0 Reference Guide 333 Miscellaneous Tunnel Requirements 334 Phase 1 ConfigurationIPSec Parameters Platform Support Nokia Network Voyager for Ipso 4.0 Reference Guide 335 Choosing IPv4 or IPv6 General ConfigurationTo chose IPv4 or IPv6 general configuration pages Creating an IPSec Policy 336 Proposal and FiltersTrusted CA Certificates To select a trusted CA certificate Nokia Network Voyager for Ipso 4.0 Reference Guide 337 Device Certificates 338 To enroll and install a device certificate Nokia Network Voyager for Ipso 4.0 Reference Guide 339 Advanced IPSec 340 Putting It All TogetherTo complete creating an IPSec policy Nokia Network Voyager for Ipso 4.0 Reference Guide 341 Creating an IPSec Tunnel RuleTo create an IPSec tunnel rule 342 Transport RuleTo create a transport rule Nokia Network Voyager for Ipso 4.0 Reference Guide 343 344 To configure Nokia PlatformIPSec Tunnel Rule Example Nokia Network Voyager for Ipso 4.0 Reference Guide 345 346 Configure Nokia PlatformTo configure Nokia Platform 1 Ipso IPSec Transport Rule Example Nokia Network Voyager for Ipso 4.0 Reference Guide 347 348 Configure PC1Removing an IPSec Tunnel To remove an IPSec tunnel Nokia Network Voyager for Ipso 4.0 Reference Guide 349 Miscellaneous Security SettingsTo set TCP flag combinations 350 Nokia Network Voyager for Ipso 4.0 Reference Guide 351 Routing OverviewRouting Protocols 352 RIP Nokia Network Voyager for Ipso 4.0 Reference Guide 353 Route Maps 354 Types of Areas Nokia Network Voyager for Ipso 4.0 Reference Guide 355 Area Border RoutersHigh Availability Support for Ospf 356 Configuring OspfClustering Nokia Network Voyager for Ipso 4.0 Reference Guide 357 Configuring Ospf Areas and Global SettingsOspf Area Configuration Parameters Stub Area Parameters 358 Nssa Not So Stubby Area Parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 359 Configuring Virtual LinksTo configure Ospf To configure a virtual link 360 Configuring Global Settings Nokia Network Voyager for Ipso 4.0 Reference Guide 361 Global Settings for Ospf 362 Configuring Ospf InterfacesConfiguration Parameters for Ospf Interfaces Nokia Network Voyager for Ipso 4.0 Reference Guide 363 To configure an Ospf interface 364 Configuring Ospf Example Nokia Network Voyager for Ipso 4.0 Reference Guide 365 Network Mask 366 Virtual IP Address Support for VrrpAuto Summarization Nokia Network Voyager for Ipso 4.0 Reference Guide 367 Configuring RIPTo configure RIP RIP 1 Configuration Options Available from Network Voyager 368 Configuring RIP Timers Nokia Network Voyager for Ipso 4.0 Reference Guide 369 Configuring Auto-SummarizationRIP Example Enabling RIP 1 on an Interface 370 Enabling RIP 2 on an Interface Nokia Network Voyager for Ipso 4.0 Reference Guide 371 Configuring Virtual IP Support for VrrpPIM Support for IP Clustering PIM Dense-Mode 372 PIM Sparse-Mode Nokia Network Voyager for Ipso 4.0 Reference Guide 373 Configuring Dense-Mode PIMConfiguring Check Point VPN-1 Pro/Express PIM and Check Point SecureXL 374 Disabling PIM Nokia Network Voyager for Ipso 4.0 Reference Guide 375 Setting Advanced Options for Dense-Mode PIM Optional 376 Configuring Sparse-Mode PIM Nokia Network Voyager for Ipso 4.0 Reference Guide 377 Configuring High-Availability Mode 378 Nokia Network Voyager for Ipso 4.0 Reference Guide 379 380 Configuring a PIM-SM Static Rendezvous Point Nokia Network Voyager for Ipso 4.0 Reference Guide 381 Setting Advanced Options for Sparse-Mode PIM Optional 382 Nokia Network Voyager for Ipso 4.0 Reference Guide 383 Command ShowsDebugging PIM 384 To log information about errors and events Nokia Network Voyager for Ipso 4.0 Reference Guide 385 Igrp 386 Nokia Network Voyager for Ipso 4.0 Reference Guide 387 Generation of Exterior Routes 388 Configuring IgrpAliased Interfaces Igrp Aggregation Nokia Network Voyager for Ipso 4.0 Reference Guide 389 To enable Igrp on an interfaceIgrp Example 390 Dvmrp Nokia Network Voyager for Ipso 4.0 Reference Guide 391 Configuring DvmrpConfiguring Dvmrp Timers 392 Igmp Nokia Network Voyager for Ipso 4.0 Reference Guide 393 Configuring Igmp 394 Static Routes Nokia Network Voyager for Ipso 4.0 Reference Guide 395 To configure a default or static routeTo setting the rank for static routes 396 To add and configure many static routes at the same time Creating/Removing Static Routes To create a static default routeTo create a static route non-default Adding and Managing Static Routes Example Route Aggregation Backup Static RoutesTo disable a static route To create a backup static route Nokia Network Voyager for Ipso 4.0 Reference Guide 399 To create aggregate routesTo remove aggregate routes 400 Route Aggregation Example Nokia Network Voyager for Ipso 4.0 Reference Guide 401 Preference DefaultRoute Rank Rank Assignments 402 Routing Protocol Rank ExampleTo set route rank Nokia Network Voyager for Ipso 4.0 Reference Guide 403 To configure the routing preferencesSupport for BGP-4++ 404 BGP Sessions Internal and ExternalBGP Path Attributes Path Attribute Definition Nokia Network Voyager for Ipso 4.0 Reference Guide 405 406 BGP Multi-Exit DiscriminatorBGP Interactions with IGPs Nokia Network Voyager for Ipso 4.0 Reference Guide 407 Inbound BGP Route FiltersRedistributing Routes to BGP Communities Community attribute Description Route Reflection408 Nokia Network Voyager for Ipso 4.0 Reference Guide 409 Confederations 410 Ebgp Multihop Support Nokia Network Voyager for Ipso 4.0 Reference Guide 411 TCP MD5 AuthenticationRoute Dampening 412 BGP Support for Virtual IP for Vrrp Nokia Network Voyager for Ipso 4.0 Reference Guide 413 BGP Support for IP ClusteringBGP Memory Requirements Tables 414 Memory SizeExample Nokia Network Voyager for Ipso 4.0 Reference Guide 415 To configure Ibgp on Nokia Platform aBGP Neighbors Example 416 To configure Ibgp on Nokia Platform BTo configure Ibgp on Nokia Platform C Nokia Network Voyager for Ipso 4.0 Reference Guide 417 To configure Ebgp on Nokia Platform aTo configure Ebgp on Nokia Platform C To configure Ebgp on Nokia Platform D 418 To configuring Ebgp on Nokia Platform EPath Filtering Based on Communities Example Verification Nokia Network Voyager for Ipso 4.0 Reference Guide 419 To configure Default MED for Nokia Platform DBGP Multi Exit Discriminator Example 420 To configure MED Values for all peers of AS200 Nokia Network Voyager for Ipso 4.0 Reference Guide 421 Changing the Local Preference Value Example 422 To configure an Ibgp peer for Nokia Platform BTo configure the static routes required for an Ibgp session To set the local preference value for an Ibgp peer Nokia Network Voyager for Ipso 4.0 Reference Guide 423 Configuring Nokia Platform CBGP Confederation Example 424 Configuring Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 425 426 Configuring Platform B as Route ReflectorRoute Reflector Example Nokia Network Voyager for Ipso 4.0 Reference Guide 427 Configuring Platform C as Ibgp Peer of Platform BConfiguring Platform D as Ibgp Peer of Platform B 428 Configuring BGP Route Inbound Policy on Platform BConfiguring Redistribution of BGP Routes on Platform B BGP Community Example Nokia Network Voyager for Ipso 4.0 Reference Guide 429 Follow the steps in the Redistributing Ospf to BGP Example Ebgp Load Balancing Example Scenario #1 Configuring a Loopback Address on Platform aConfiguring a Loopback Address on Platform B Configuring a Static Route on Platform a Nokia Network Voyager for Ipso 4.0 Reference Guide 431 Configuring a Static Route on Platform BConfiguring an Ebgp Peer on Platform a Configuring an Ebgp Peer on Platform B 432 Configuring Ospf on Platform aConfiguring Ospf on Platform B Ebgp Load Balancing Example Scenario #2 Nokia Network Voyager for Ipso 4.0 Reference Guide 433 Adjusting BGP Timers Example 434 TCP MD5 Authentication ExampleConfiguring TCP MD5 Authentication on Nokia Platform a Configuring BGP Route Redistribution on Nokia Platform B Nokia Network Voyager for Ipso 4.0 Reference Guide 435 Field Default value Units of measurementBGP Route Dampening Example 436 BGP Path SelectionBGP-4++ Example Nokia Network Voyager for Ipso 4.0 Reference Guide 437 To configure configure a BGP4 session over IPv6 transport 438 Route Redistribution Nokia Network Voyager for Ipso 4.0 Reference Guide 439 To redistribute a single route To configure BGP route redistribution on Nokia Platform DRedistributing Routes to RIP and Igrp BGP Route Redistribution Example Nokia Network Voyager for Ipso 4.0 Reference Guide 441 Redistributing RIP to Ospf Example 442 Nokia Network Voyager for Ipso 4.0 Reference Guide 443 Redistributing Ospf to BGP Example 444 Redistributing Routes with OspfTo redistribute Ospf to BGP through Nokia Platform a Nokia Network Voyager for Ipso 4.0 Reference Guide 445 To configure IGP inbound filtersInbound Route Filters 446 BGP Route Inbound Policy Example Nokia Network Voyager for Ipso 4.0 Reference Guide 447 448 BGP AS Path Filtering ExampleAspath Regular Expressions Nokia Network Voyager for Ipso 4.0 Reference Guide 449 Traffic Management OverviewPacket Filtering Description Traffic Shaping Description 450 Configuring Access Control ListsTraffic Queuing Description Nokia Network Voyager for Ipso 4.0 Reference Guide 451 To create or delete an ACLTo apply or remove an ACL to or from an interface 452 Configuring ACL Rules Nokia Network Voyager for Ipso 4.0 Reference Guide 453 Modifying a RuleTo add a new rule to an ACL 454 ACL Rule Attributes Nokia Network Voyager for Ipso 4.0 Reference Guide 455 Configuring Aggregation Classes 456 To create an Aggregation ClassTo associate an aggregation class with a rule Nokia Network Voyager for Ipso 4.0 Reference Guide 457 Configuring Queue Classes 458 To set or modify queue class configuration valuesTo create or delete a queue class Nokia Network Voyager for Ipso 4.0 Reference Guide 459 Configuring ATM QoSTo associate a queue class with an interface Create a QoS descriptor 460 To delete an ATM QoS descriptorTo dissociate an ATM QoS Descriptor from an existing PVC Nokia Network Voyager for Ipso 4.0 Reference Guide 461 Configuring Common Open Policy Server 462 Configuring a Cops Client ID and Policy Decision PointConfiguring Security Parameters for a Cops Client ID Nokia Network Voyager for Ipso 4.0 Reference Guide 463 Assigning Roles to Specific Interfaces 464 To disable and delete a Client IDActivating and Deactivating the Cops Client Deleting a Client ID Nokia Network Voyager for Ipso 4.0 Reference Guide 465 Example Rate Shaping 466 Example Expedited Forwarding Nokia Network Voyager for Ipso 4.0 Reference Guide 467 468 To test the configuration Nokia Network Voyager for Ipso 4.0 Reference Guide 469 BOOTP/DHCP Relay 470 Configuring BOOTP/DHCP RelayTo enable Bootp relay on an Interface Bootp configuration parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 471 To disable Bootp relay on an interfaceIP Broadcast helper configuration parameters IP Broadcast Helper 472 To configure IP broadcast helper Nokia Network Voyager for Ipso 4.0 Reference Guide 473 Configuring Router DiscoveryRouter Discovery Overview 474 To enable router discovery servicesRouter discover configuration parameters Nokia Network Voyager for Ipso 4.0 Reference Guide 475 To disable router discovery servicesNetwork Time Protocol NTP 476 Configuring NTPTo configure NTP Nokia Network Voyager for Ipso 4.0 Reference Guide 477 478 Nokia Network Voyager for Ipso 4.0 Reference Guide 479 Viewing System Utilization StatisticsCPU-Memory Live Utilization 480 Disk and Swap SpaceMonitoring Process Utilization Process Description Ipso Process ManagementNokia Network Voyager for Ipso 4.0 Reference Guide 481 Report Description Generating Monitor ReportsReports 482 Nokia Network Voyager for Ipso 4.0 Reference Guide 483 Monitoring System HealthTo display reports 484 Monitoring System Logs Nokia Network Voyager for Ipso 4.0 Reference Guide 485 Viewing Cluster Status and Members 486 Displaying Route SettingsViewing Routing Protocol Information Displaying the Kernel Forwarding Table Nokia Network Voyager for Ipso 4.0 Reference Guide 487 Displaying Interface SettingsHardware Monitoring 488 Using the iclid ToolIclid Commands To display routing daemon status using iclid Nokia Network Voyager for Ipso 4.0 Reference Guide 489 490 Nokia Network Voyager for Ipso 4.0 Reference Guide 491 492 Nokia Network Voyager for Ipso 4.0 Reference Guide 493 494 Preventing Full Log Buffers and Related Console Messages Nokia Network Voyager for Ipso 4.0 Reference Guide 495 If you are using FireWall-1If you are using FireWall-1 NG 496 Nokia Network Voyager for Ipso 4.0 Reference Guide Index Index Bios CPU DSA Http Httpd Managing NGX Nssa RIP RSA TACACS+ Deleting virtual router Index