Appendix D Configuring for interoperability 219

(are correctly decrypted, and authenticated) are accepted; other packets are dropped. If any attempt is made to change the station address of the client, the tunnel is automatically closed. Third-party clients do not necessarily have this security.

Tight integration with MS-DUN and IPASS—This allows one-click access that dials and authorizes the ISP connection and then creates the VPN connection automatically. This makes it significantly easier for the end user. Third-party clients typically do not have this ease-of-use feature.

High end PKI integration—The VPN Router integrates software from the leading certificate vendors, for a high-end managed PKI implementation. Managed PKI features like automated enrollment and automatic renewal are critical for large-scale rollouts. Other clients have loose or no integration for managed PKI and rely on the features of a browser or simple cut-and-paste methods. This is not available with third-party clients when used with the VPN Router, even if the client has the support built in.

Configuring the VPN Router as a branch office tunnel

To configure the VPN Router as a branch office tunnel:

1Select Profiles > Branch Office and click Define Branch Office Connection.

The Branch Office > Define Connection window appears.

2For the local endpoint address, select the address of the local VPN Router from the list.

3For the remote endpoint address, enter the address of the remote VPN Router that forms the opposite end of the branch office connection.

4Set the tunnel type to IPsec.

5Depending on what your third-party clients support, you can use either pre-shared key or digital certificate authentication. Click to enable the user name and password to authenticate user identity. The user name is the user’s IP address and the password can be any password. Match the preshared secret with the client shared secret.

6Click RSA Digital Signature to enable certificate authentication if your third-party client supports RSA Digital Signature authentication. You must

Nortel VPN Router Troubleshooting

Page 219
Image 219
Nortel Networks NN46110-602 manual Configuring the VPN Router as a branch office tunnel