Avaya BCM50a Bedienungsanleitung

BCM50aBCM50a Integrated Router Document Number: N0115790Document Version: 1.0Date: September 2006BCM50a Integrated Router Configuration — Basics

10 ContentsN0115790Chapter 12Content filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187Introduc

100 Chapter 7 WAN screensN0115790Configuring GeneralClick WAN to open the General screen. Figure 24 WAN: General

Chapter 7 WAN screens 101BCM50a Integrated Router Configuration — BasicsTable 17 describes the fields in Figure 24. Table 17 WAN: GeneralLabel Desc

102 Chapter 7 WAN screensN0115790PPPoE encapsulationThe BCM50a Integrated Router supports PPPoE (Point-to-Point Protocol over Ethernet). PPPoE is an I

Chapter 7 WAN screens 103BCM50a Integrated Router Configuration — BasicsConfiguring WAN ISPTo configure the WAN ISP settings for your BCM50a Integrate

104 Chapter 7 WAN screensN0115790Table 18 describes the fields in Figure 25.Table 18 WAN: WAN ISPLabel DescriptionName Enter the name of your Intern

Chapter 7 WAN screens 105BCM50a Integrated Router Configuration — BasicsConfiguring WAN IP To change the WAN IP settings of your BCM50a Integrated Rou

106 Chapter 7 WAN screensN0115790Figure 26 WAN: IP

Chapter 7 WAN screens 107BCM50a Integrated Router Configuration — BasicsTable 19 describes the fields in Figure 26.Table 19 WAN: IPLabel Description

108 Chapter 7 WAN screensN0115790Metric ( This field sets this route's priority among the routes the BCM50a Integrated Router uses.The metric rep

Chapter 7 WAN screens 109BCM50a Integrated Router Configuration — BasicsTraffic redirectTraffic redirect forwards WAN traffic to a backup gateway when

Contents 11BCM50a Integrated Router Configuration — BasicsPreshared key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

110 Chapter 7 WAN screensN0115790Figure 27 Traffic Redirect WAN SetupThe network topology illustrated in Figure 28 avoids triangle route security is

Chapter 7 WAN screens 111BCM50a Integrated Router Configuration — BasicsConfiguring Traffic RedirectTo change the traffic redirect settings, click WA

112 Chapter 7 WAN screensN0115790Configuring Dial BackupTo change the dial backup settings, click WAN , then the Dial Backup tab. The screen appears a

Chapter 7 WAN screens 113BCM50a Integrated Router Configuration — BasicsFigure 30 Dial Backup Setup

114 Chapter 7 WAN screensN0115790Table 21 describes the fields in Figure 30.Table 21 Dial Backup SetupLabel DescriptionEnable Dial Backup Select thi

Chapter 7 WAN screens 115BCM50a Integrated Router Configuration — BasicsUsed Fixed IP Address Select this check box if your ISP assigned you a fixed I

116 Chapter 7 WAN screensN0115790RIP Direction RIP (Routing Information Protocol) allows a router to exchange routing information with other routers.

Chapter 7 WAN screens 117BCM50a Integrated Router Configuration — BasicsAdvanced Modem SetupAT Command StringsFor regular telephone lines, the default

118 Chapter 7 WAN screensN0115790Configuring Advanced Modem Setup Click the Edit button in the Dial Backup screen to display the Advanced Setup screen

Chapter 7 WAN screens 119BCM50a Integrated Router Configuration — BasicsTable 22 describes the fields in Figure 31.Table 22 Advanced SetupLabel Desc

12 ContentsN0115790Importing a Trusted CA certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272Trusted CA Cert

120 Chapter 7 WAN screensN0115790Call Back Delay (sec)Type a number of seconds for the BCM50a Integrated Router to wait between dropping a callback re

121BCM50a Integrated Router Configuration — BasicsChapter 8Network Address Translation (NAT) ScreensThis chapter discusses how to configure NAT on the

122 Chapter 8 Network Address Translation (NAT) ScreensN0115790Note that inside/outside refers to the location of a host, while global/local refers to

Chapter 8 Network Address Translation (NAT) Screens 123BCM50a Integrated Router Configuration — BasicsHow NAT worksEach packet has two addresses–a sou

124 Chapter 8 Network Address Translation (NAT) ScreensN0115790In Figure 33, B can send packets, with source IP address e.f.g.h and port 20202 to A be

Chapter 8 Network Address Translation (NAT) Screens 125BCM50a Integrated Router Configuration — BasicsFigure 34 NAT application with IP AliasNAT map

126 Chapter 8 Network Address Translation (NAT) ScreensN0115790Table 24 summarizes these types.Using NATSUA (Single User Account) versus NATSUA (Singl

Chapter 8 Network Address Translation (NAT) Screens 127BCM50a Integrated Router Configuration — BasicsSUA Server A SUA server set is a list of inside

128 Chapter 8 Network Address Translation (NAT) ScreensN0115790Port forwarding: Services and Port NumbersThe most often used port numbers are shown in

Chapter 8 Network Address Translation (NAT) Screens 129BCM50a Integrated Router Configuration — BasicsFigure 35 Multiple servers behind NAT exampleC

Contents 13BCM50a Integrated Router Configuration — BasicsChapter 17Remote management screens . . . . . . . . . . . . . . . . . . . . . . . . . . . .

130 Chapter 8 Network Address Translation (NAT) ScreensN0115790Figure 36 SUA/NAT setupTable 26 describes the fields in Figure 36.Table 26 SUA/NAT

Chapter 8 Network Address Translation (NAT) Screens 131BCM50a Integrated Router Configuration — BasicsConfiguring Address MappingOrdering your rules i

132 Chapter 8 Network Address Translation (NAT) ScreensN0115790Figure 37 Address MappingTable 27 describes the fields in Figure 37.Table 27 Addres

Chapter 8 Network Address Translation (NAT) Screens 133BCM50a Integrated Router Configuration — BasicsConfiguring Address Mapping To edit an Address M

134 Chapter 8 Network Address Translation (NAT) ScreensN0115790Figure 38 Address Mapping editTable 28 describes the fields in Figure 38.Table 28 A

Chapter 8 Network Address Translation (NAT) Screens 135BCM50a Integrated Router Configuration — BasicsTrigger Port ForwardingSome services use a dedic

136 Chapter 8 Network Address Translation (NAT) ScreensN0115790Figure 39 Trigger Port Forwarding process: example1 Jane (A) requests a file from the

Chapter 8 Network Address Translation (NAT) Screens 137BCM50a Integrated Router Configuration — BasicsConfiguring Trigger Port ForwardingTo change tri

138 Chapter 8 Network Address Translation (NAT) ScreensN0115790Table 29 describes the fields in Figure 40.Table 29 Trigger PortLabel DescriptionNo.

139BCM50a Integrated Router Configuration — BasicsChapter 9Static Route screensThis chapter shows you how to configure static routes for your BCM50a I

14 ContentsN0115790How do I know if I am using UPnP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347NAT Traversal . . . . .

140 Chapter 9 Static Route screensN0115790Figure 41 Example of Static Routing topologyConfiguring IP Static RouteClick STATIC ROUTE to open the Rout

Chapter 9 Static Route screens 141BCM50a Integrated Router Configuration — BasicsFigure 42 Static Route screenTable 30 describes the fields in Figur

142 Chapter 9 Static Route screensN0115790Configuring Route entrySelect a static route index number and click Edit. The screen is illustrated in Figur

Chapter 9 Static Route screens 143BCM50a Integrated Router Configuration — BasicsMetric Metric represents the cost of transmission for routing purpose

144 Chapter 9 Static Route screensN0115790

145BCM50a Integrated Router Configuration — BasicsChapter 10FirewallsThis chapter gives some background information on firewalls and introduces the BC

146 Chapter 10 FirewallsN0115790Packet filtering firewallsPacket filtering firewalls restrict access based on the source or destination computer netwo

Chapter 10 Firewalls 147BCM50a Integrated Router Configuration — BasicsIntroduction to the BCM50a Integrated Router firewallThe BCM50a Integrated Rout

148 Chapter 10 FirewallsN0115790Figure 44 BCM50a Integrated Router firewall applicationDenial of ServiceDenials of Service (DoS) attacks are aimed a

Chapter 10 Firewalls 149BCM50a Integrated Router Configuration — BasicsWhen computers communicate on the Internet, they use the client/server model, w

Contents 15BCM50a Integrated Router Configuration — BasicsDHCP Table screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

150 Chapter 10 FirewallsN01157902 Weaknesses in the TCP/IP specification leave it open to SYN Flood and LAND attacks. These attacks are executed durin

Chapter 10 Firewalls 151BCM50a Integrated Router Configuration — BasicsFigure 46 SYN floodIn a LAND Attack, hackers flood SYN packets into the netw

152 Chapter 10 FirewallsN0115790Figure 47 Smurf attack• ICMP vulnerability ICMP is an error reporting protocol that works in concert with IP. The fo

Chapter 10 Firewalls 153BCM50a Integrated Router Configuration — BasicsAll SMTP commands are illegal except for those displayed in Table 35.• Tracerou

154 Chapter 10 FirewallsN0115790In summary, stateful inspection: • Allows all sessions originating from the LAN (local network) to the WAN (Internet).

Chapter 10 Firewalls 155BCM50a Integrated Router Configuration — Basics3 The packet is inspected by a firewall rule to determine and record informatio

156 Chapter 10 FirewallsN0115790• Restrict use of certain protocols, such as Telnet, to authorized users on the LAN.These custom rules work by evaluat

Chapter 10 Firewalls 157BCM50a Integrated Router Configuration — BasicsAfter the BCM50a Integrated Router receives any subsequent packet (from the Int

158 Chapter 10 FirewallsN0115790Consider the FTP protocol. A user on the LAN opens a control connection to a server on the Internet and requests a fil

Chapter 10 Firewalls 159BCM50a Integrated Router Configuration — BasicsPacket filtering:• The router filters packets as they pass through the router i

16 ContentsN0115790VPN Responder IPSec Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423Log Commands .

160 Chapter 10 FirewallsN0115790When to use the firewall1 To prevent DoS attacks and prevent hackers cracking your network.2 A range of source and des

161BCM50a Integrated Router Configuration — BasicsChapter 11Firewall screensThis chapter shows you how to configure your BCM50a Integrated Router fire

162 Chapter 11 Firewall screensN0115790By default, the BCM50a Integrated Router stateful packet inspection blocks packets traveling in the following d

Chapter 11 Firewall screens 163BCM50a Integrated Router Configuration — BasicsRule logic overviewRule checklist1 State the intent of the rule. For exa

164 Chapter 11 Firewall screensN0115790Once these questions have been answered, adding rules is simply a matter of plugging the information into the c

Chapter 11 Firewall screens 165BCM50a Integrated Router Configuration — Basicssession through the LAN interface is an example of traffic destined for

166 Chapter 11 Firewall screensN0115790Figure 49 LAN to WAN trafficWAN to LAN rulesThe default rule for WAN to LAN traffic blocks all incoming conne

Chapter 11 Firewall screens 167BCM50a Integrated Router Configuration — BasicsThe BCM50a Integrated Router applies the firewall rules in order, starti

168 Chapter 11 Firewall screensN0115790Figure 51 Enabling the firewall Table 36 describes the fields in Figure 51.Table 36 Firewall rules summary:

Chapter 11 Firewall screens 169BCM50a Integrated Router Configuration — BasicsBypass Triangle RouteSelect this check box to have the BCM50a Integrated

17BCM50a Integrated Router Configuration — BasicsFiguresFigure 1 Secure Internet Access and VPN Application . . . . . . . . . . . . . . . . . . . .

170 Chapter 11 Firewall screensN0115790Configuring firewall rulesFollow these directions to create a new rule.In the Summary screen, type the index nu

Chapter 11 Firewall screens 171BCM50a Integrated Router Configuration — BasicsFigure 52 Creating and editing a firewall rule Table 37 describes the

172 Chapter 11 Firewall screensN0115790Source Address Click SrcAdd to add a new address, SrcEdit to edit an existing one or SrcDelete to delete one. T

Chapter 11 Firewall screens 173BCM50a Integrated Router Configuration — BasicsConfiguring source and destination addressesTo add a new source or desti

174 Chapter 11 Firewall screensN0115790Configuring custom portsYou can also configure customized ports for services not predefined by the BCM50a Integ

Chapter 11 Firewall screens 175BCM50a Integrated Router Configuration — Basics Example firewall rule The following Internet firewall rule example allo

176 Chapter 11 Firewall screensN01157906 Configure the Firewall Rule Edit IP screen as follows and click Apply.Figure 56 Firewall rule edit IP examp

Chapter 11 Firewall screens 177BCM50a Integrated Router Configuration — BasicsFigure 58 MyService rule configuration exampleAfter completing the con

178 Chapter 11 Firewall screensN0115790Figure 59 My Service example rule summary Predefined servicesThe Available Services list box in the Edit Rule

Chapter 11 Firewall screens 179BCM50a Integrated Router Configuration — Basicstype. For example, look at the default configuration labeled “(DNS)”. (U

18 FiguresN0115790Figure 30 Dial Backup Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Figure 31 Advanced

180 Chapter 11 Firewall screensN0115790NEW-ICQ(TCP:5190) An Internet chat program.NEWS(TCP:144) A protocol for news groups.NFS(UDP:2049) Network Fil

Chapter 11 Firewall screens 181BCM50a Integrated Router Configuration — BasicsAlertsAlerts are reports on events, such as attacks, that you want to kn

182 Chapter 11 Firewall screensN0115790Configuring attack alertAttack alerts are the first defense against DOS attacks. In the Attack Alert screen (Fi

Chapter 11 Firewall screens 183BCM50a Integrated Router Configuration — BasicsThe BCM50a Integrated Router measures both the total number of existing

184 Chapter 11 Firewall screensN0115790The BCM50a Integrated Router also sends alerts whenever TCP Maximum Incomplete is exceeded. The global values s

Chapter 11 Firewall screens 185BCM50a Integrated Router Configuration — BasicsOne Minute High This is the rate of new half-open sessions that causes t

186 Chapter 11 Firewall screensN0115790Apply Click Apply to save your changes to the BCM50a Integrated Router.Reset Click Reset to begin configuring t

187BCM50a Integrated Router Configuration — BasicsChapter 12Content filtering This chapter provides a brief overview of content filtering using the em

188 Chapter 12 Content filteringN0115790Configure Content FilteringClick Content Filter on the navigation panel, to open the screen show in Figure 61.

Chapter 12 Content filtering 189BCM50a Integrated Router Configuration — BasicsTable 42 describes the fields in Figure 61.Table 42 Content filterLab

Figures 19BCM50a Integrated Router Configuration — BasicsFigure 65 IPSec summary fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

190 Chapter 12 Content filteringN0115790Time of Day to BlockTime of Day to Block allows the administrator to define during which time periods content

191BCM50a Integrated Router Configuration — BasicsChapter 13VPNThis chapter introduces the basics of IPSec VPNs and covers the VPN WebGUI. See Chapter

192 Chapter 13 VPNN0115790or • As a VPN router that can have encrypted connections to multiple remote VPN routers. See Table 1 on page 31 for details

Chapter 13 VPN 193BCM50a Integrated Router Configuration — BasicsOther terminologyEncryptionEncryption is a mathematical operation that transforms dat

194 Chapter 13 VPNN0115790Connect branch offices and business partners over the Internet with significant cost savings and improved performance when c

Chapter 13 VPN 195BCM50a Integrated Router Configuration — BasicsFigure 63 IPSec architectureIPSec algorithmsThe ESP (Encapsulating Security Payload

196 Chapter 13 VPNN0115790The Authentication Algorithms, HMAC-MD5 (RFC 2403) and HMAC-SHA-1 (RFC 2404), provide an authentication mechanism for the AH

Chapter 13 VPN 197BCM50a Integrated Router Configuration — BasicsAn added feature of the ESP is payload padding, which further protects communications

198 Chapter 13 VPNN0115790EncapsulationThe two modes of operation for IPSec VPNs are Transport mode and Tunnel mode. Figure 64 Transport and Tunnel

Chapter 13 VPN 199BCM50a Integrated Router Configuration — BasicsTunnel mode Tunnel mode encapsulates the entire IP packet to transmit it securely. A

2N0115790N0115790Copyright © Nortel 2005–2006All rights reserved.The information in this document is subject to change without notice. The statements,

20 FiguresN0115790Figure 100 Bandwidth management statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .301Figure 101 Bandwidth manager

200 Chapter 13 VPNN0115790IPSec using ESP in Tunnel mode encapsulates the entire original packet (including headers) in a new IP packet. The new IP pa

Chapter 13 VPN 201BCM50a Integrated Router Configuration — BasicsYou can also enter the domain name of the remote secure gateway in the Secure Gateway

202 Chapter 13 VPNN0115790Figure 66 SummaryIP Policies

Chapter 13 VPN 203BCM50a Integrated Router Configuration — BasicsTable 46 describes the fields in Figure 66.Table 46 SummaryLabel DescriptionContivi

204 Chapter 13 VPNN0115790Keep AliveWhen you initiate an IPSec tunnel with keep alive enabled, the BCM50a Integrated Router automatically renegotiates

Chapter 13 VPN 205BCM50a Integrated Router Configuration — Basicsinformation about the IPSec SA lifetime). The nailed up option is available with the

206 Chapter 13 VPNN0115790NAT traversal solves the problem by adding a UDP port 500 header to the IPSec packet. The NAT router forwards the IPSec pack

Chapter 13 VPN 207BCM50a Integrated Router Configuration — BasicsFigure 68 VPN Contivity Client rule setupTable 47 VPN Contivity Client rule setup

208 Chapter 13 VPNN0115790Configuring Advanced SetupSelect one of the VPN rules in the VPN Summary screen and click Edit to configure the rule. If the

Chapter 13 VPN 209BCM50a Integrated Router Configuration — BasicsFigure 69 VPN Contivity Client advanced rule setupTable 48 describes the fields in

Figures 21BCM50a Integrated Router Configuration — BasicsFigure 135 Network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

210 Chapter 13 VPNN0115790ID Type and contentWith aggressive negotiation mode (see “Negotiation Mode” on page 232 for more information), the BCM50a In

Chapter 13 VPN 211BCM50a Integrated Router Configuration — BasicsConfigure the ID type and content in the VPN Branch Office Rule Setup screen (see Fig

212 Chapter 13 VPNN0115790The two BCM50a Integrated Routers shown in Table 51 can complete negotiation and establish a VPN tunnel.The two BCM50a Integ

Chapter 13 VPN 213BCM50a Integrated Router Configuration — BasicsConfiguring Branch Office VPN Rule SetupSelect one of the VPN rules in the VPN Summar

214 Chapter 13 VPNN0115790Figure 70 VPN Branch Office rule setup

Chapter 13 VPN 215BCM50a Integrated Router Configuration — BasicsTable 53 describes the fields in Figure 70.Table 53 VPN Branch Office rule setupLab

216 Chapter 13 VPNN0115790Available/ Selected IP PolicyThe Available IP Policy table displays network routes. Use the Add, Edit and Delete buttons to

Chapter 13 VPN 217BCM50a Integrated Router Configuration — BasicsLocal IP Address This field displays the IP address (or range of IP addresses) of the

218 Chapter 13 VPNN0115790Remote IP Address This field displays the IP addresses of computers on the remote network behind the remote IPSec router.Thi

Chapter 13 VPN 219BCM50a Integrated Router Configuration — BasicsCertificate Use the drop-down list to select the certificate to use for this VPN tunn

22 FiguresN0115790Figure 170 Pop-up Blocker settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .401Figure 171 Internet

220 Chapter 13 VPNN0115790Peer Content When you select IP in the Peer ID Type field, type the IP address of the computer with which you make the VPN c

Chapter 13 VPN 221BCM50a Integrated Router Configuration — BasicsESP Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP proto

222 Chapter 13 VPNN0115790Configuring an IP PolicySelect one of the IP policies in the VPN Branch Office screen and click Add or Edit to configure the

Chapter 13 VPN 223BCM50a Integrated Router Configuration — BasicsFigure 71 VPN Branch Office — IP Policy

224 Chapter 13 VPNN0115790Table 54 describes the fields in Figure 71.Table 54 VPN Branch Office — IP PolicyLabel DescriptionProtocol Enter a number

Chapter 13 VPN 225BCM50a Integrated Router Configuration — BasicsType Select one of the following port mapping types. 1. One-to-One: One-to-one mode m

226 Chapter 13 VPNN0115790Virtual Ending IP Address When the Type field is configured to One-to-one or Many-to-One, this field is N/A. When the Type f

Chapter 13 VPN 227BCM50a Integrated Router Configuration — BasicsProtocol Enter a number to specify what type of traffic is allowed to go through the

228 Chapter 13 VPNN0115790Port forwarding server A NAT server set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that y

Chapter 13 VPN 229BCM50a Integrated Router Configuration — BasicsFigure 72 VPN Branch Office — IP Policy - Port Forwarding ServerTable 55 describes

23BCM50a Integrated Router Configuration — BasicsTablesTable 1 Feature specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

230 Chapter 13 VPNN0115790IKE phasesThere are two phases to every IKE (Internet Key Exchange) negotiation–phase 1 (Authentication) and phase 2 (Key Ex

Chapter 13 VPN 231BCM50a Integrated Router Configuration — BasicsFigure 73 Two phases to set up the IPSec SAIn Phase 1 you must:• Choose a negotiati

232 Chapter 13 VPNN0115790• Set the IPSec SA lifetime. In this field, you can determine how long the IPSec SA will stay up before it times out. The BC

Chapter 13 VPN 233BCM50a Integrated Router Configuration — BasicsDiffie-Hellman (DH) Key GroupsDiffie-Hellman (DH) is a public-key cryptography protoc

234 Chapter 13 VPNN0115790Figure 74 VPN Branch Office advanced rule setupTable 56 describes the fields in Figure 74.Table 56 VPN Branch Office Adv

Chapter 13 VPN 235BCM50a Integrated Router Configuration — BasicsMultiple Proposal Select this check box to allow the BCM50a Integrated Router to use

236 Chapter 13 VPNN0115790Multiple Proposal Select this check box to allow the BCM50a Integrated Router to use any of its phase 2 encryption and auth

Chapter 13 VPN 237BCM50a Integrated Router Configuration — BasicsSA MonitorIn the WebGUI, click VPN and the SA Monitor tab. Use this screen to display

238 Chapter 13 VPNN0115790Figure 75 VPN SA Monitor Table 57 describes the fields in Figure 75.Table 57 VPN SA MonitorLabel Description# This is t

Chapter 13 VPN 239BCM50a Integrated Router Configuration — Basics Global settingsIn the WebGUI, click VPN on the navigation panel, then click the Glob

24 TablesN0115790Table 30 IP Static Route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141Table 31 Edit IP Static R

240 Chapter 13 VPNN0115790VPN Client Termination Use these screens to configure the BCM50a Integrated Router for VPN connections from computers using

Chapter 13 VPN 241BCM50a Integrated Router Configuration — BasicsFigure 77 VPN Client Termination

242 Chapter 13 VPNN0115790Table 59 describes the fields in Figure 77.Table 59 VPN Client TerminationLabel DescriptionEnable Client TerminationTurn

Chapter 13 VPN 243BCM50a Integrated Router Configuration — BasicsEncryption Select the combinations of protocol and encryption and authentication alg

244 Chapter 13 VPNN0115790VPN Client Termination IP pool summaryIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to ope

Chapter 13 VPN 245BCM50a Integrated Router Configuration — BasicsFigure 78 VPN Client Termination IP pool summaryTable 60 describes the fields in Fi

246 Chapter 13 VPNN0115790VPN Client Termination IP pool editIn the WebGUI, click VPN on the navigation panel and the Client Termination tab to open t

Chapter 13 VPN 247BCM50a Integrated Router Configuration — BasicsVPN Client Termination advancedIn the WebGUI, click VPN on the navigation panel and t

248 Chapter 13 VPNN0115790Figure 80 VPN Client Termination advanced

Chapter 13 VPN 249BCM50a Integrated Router Configuration — BasicsTable 62 describes the fields in Figure 80.Table 62 VPN Client Termination advanced

Tables 25BCM50a Integrated Router Configuration — BasicsTable 65 My Certificate create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

250 Chapter 13 VPNN0115790Accept ISAKMP Initial Contact PayloadThe BCM50a Integrated Router can accept the INITIAL-CONTACT status messages to inform i

Chapter 13 VPN 251BCM50a Integrated Router Configuration — BasicsPassword Management You can have the BCM50a Integrated Router use some password requi

252 Chapter 13 VPNN0115790

253BCM50a Integrated Router Configuration — BasicsChapter 14CertificatesThis chapter gives background information about public-key certificates and ex

254 Chapter 14 CertificatesN0115790The BCM50a Integrated Router uses certificates based on public-key cryptology to authenticate users attempting to e

Chapter 14 Certificates 255BCM50a Integrated Router Configuration — BasicsConfiguration summaryThis section summarizes how to manage certificates on t

256 Chapter 14 CertificatesN0115790Figure 82 My Certificates

Chapter 14 Certificates 257BCM50a Integrated Router Configuration — BasicsTable 63 describes the labels in Figure 82.Table 63 My CertificatesLabel D

258 Chapter 14 CertificatesN0115790Certificate file formatsThe certification authority certificate that you want to import has to be in one of these f

Chapter 14 Certificates 259BCM50a Integrated Router Configuration — Basics• Binary PKCS#7: This is a standard that defines the general syntax for data

26 TablesN0115790Table 100 Web site hits report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .368Table 101 Protocol

260 Chapter 14 CertificatesN0115790Figure 83 My Certificate ImportTable 64 describes the labels in Figure 83.Table 64 My Certificate ImportLabel D

Chapter 14 Certificates 261BCM50a Integrated Router Configuration — BasicsCreating a certificateClick CERTIFICATES, My Certificates and then Create to

262 Chapter 14 CertificatesN0115790Figure 84 My Certificate create

Chapter 14 Certificates 263BCM50a Integrated Router Configuration — BasicsTable 65 describes the labels in the Figure 84.Table 65 My Certificate cre

264 Chapter 14 CertificatesN0115790Create a certification request and save it locally for later manual enrollment Select Create a certification reques

Chapter 14 Certificates 265BCM50a Integrated Router Configuration — BasicsAfter you click Apply in the My Certificate Create screen, you see a screen

266 Chapter 14 CertificatesN0115790Figure 85 My Certificate details

Chapter 14 Certificates 267BCM50a Integrated Router Configuration — BasicsTable 66 describes the labels in Figure 85.Table 66 My Certificate details

268 Chapter 14 CertificatesN0115790Issuer This field displays identifying information about the certification authority that issued the certificate, s

Chapter 14 Certificates 269BCM50a Integrated Router Configuration — BasicsTrusted CAsClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen, s

27BCM50a Integrated Router Configuration — BasicsPrefaceBefore you beginThis guide assists you through the basic configuration of your BCM50a Integrat

270 Chapter 14 CertificatesN0115790Figure 86 Trusted CAsTable 67 describes the labels in Figure 86.Table 67 Trusted CAsLabel DescriptionPKI Storag

Chapter 14 Certificates 271BCM50a Integrated Router Configuration — BasicsIssuer This field displays identifying information about the certification a

272 Chapter 14 CertificatesN0115790Importing a Trusted CA certificateClick CERTIFICATES, Trusted CAs to open the Trusted CAs screen and then click Imp

Chapter 14 Certificates 273BCM50a Integrated Router Configuration — BasicsTrusted CA Certificate detailsClick CERTIFICATES, Trusted CAs to open the Tr

274 Chapter 14 CertificatesN0115790Figure 88 Trusted CA details

Chapter 14 Certificates 275BCM50a Integrated Router Configuration — BasicsTable 69 describes the labels in Figure 88.Table 69 Trusted CA detailsLabe

276 Chapter 14 CertificatesN0115790Signature AlgorithmThis field displays the type of algorithm that was used to sign the certificate. Some certificat

Chapter 14 Certificates 277BCM50a Integrated Router Configuration — BasicsTrusted remote hostsClick CERTIFICATES, Trusted Remote Hosts to open the Tru

278 Chapter 14 CertificatesN0115790Figure 89 Trusted remote hostsTable 70 describes the labels in Figure 89.Table 70 Trusted Remote HostsLabel Des

Chapter 14 Certificates 279BCM50a Integrated Router Configuration — BasicsVerifying a certificate of a trusted remote hostCertificates issued by certi

28 PrefaceN0115790Related publications• For more information about using the BCM50a Integrated Router, refer to the following publications:BCM50a Inte

280 Chapter 14 CertificatesN01157902 Make sure that the certificate has a “.cer” or “.crt” file name extension.Figure 90 Remote host certificates3 D

Chapter 14 Certificates 281BCM50a Integrated Router Configuration — BasicsImporting a certificate of a trusted remote hostClick CERTIFICATES, Trusted

282 Chapter 14 CertificatesN0115790Table 71 describes the labels in Figure 92.Trusted remote host certificate detailsClick CERTIFICATES, Trusted Remot

Chapter 14 Certificates 283BCM50a Integrated Router Configuration — BasicsFigure 93 Trusted remote host details

284 Chapter 14 CertificatesN0115790Table 72 describes the labels in Figure 93.Table 72 Trusted remote host detailsLabel DescriptionName This field d

Chapter 14 Certificates 285BCM50a Integrated Router Configuration — BasicsValid To This field displays the date that the certificate expires. The text

286 Chapter 14 CertificatesN0115790Directory serversClick CERTIFICATES, Directory Servers to open the Directory Servers screen (Figure 94). This scree

Chapter 14 Certificates 287BCM50a Integrated Router Configuration — BasicsTable 73 describes the labels in Figure 94.Add or edit a directory serverCli

288 Chapter 14 CertificatesN0115790Figure 95 Directory server addTable 74 describes the labels in Figure 95.Table 74 Directory server addLabel Des

Chapter 14 Certificates 289BCM50a Integrated Router Configuration — BasicsServer Port This field displays the default server port number of the protoc

Preface 29BCM50a Integrated Router Configuration — BasicsGetting Help from the Nortel Web siteThe best way to get technical support for Nortel product

290 Chapter 14 CertificatesN0115790

291BCM50a Integrated Router Configuration — BasicsChapter 15Bandwidth managementThis chapter describes the functions and configuration of bandwidth ma

292 Chapter 15 Bandwidth managementN0115790Bandwidth classes and filtersUse bandwidth subclasses to allocate specific amounts of bandwidth capacity (b

Chapter 15 Bandwidth management 293BCM50a Integrated Router Configuration — BasicsFigure 96 Subnet based bandwidth management exampleApplication and

294 Chapter 15 Bandwidth managementN0115790Configuring summaryClick BW MGMT to open the Summary screen. Enable bandwidth management on an interface an

Chapter 15 Bandwidth management 295BCM50a Integrated Router Configuration — BasicsConfiguring class setupThe class setup screen displays the configure

296 Chapter 15 Bandwidth managementN0115790Figure 98 Bandwidth Manager: Class setupTable 77 describes the labels in Figure 98.Table 77 Bandwidth M

Chapter 15 Bandwidth management 297BCM50a Integrated Router Configuration — BasicsBandwidth Manager Class ConfigurationConfigure a bandwidth managemen

298 Chapter 15 Bandwidth managementN0115790Figure 99 Bandwidth Manager: Edit classTable 78 describes the labels in Figure 99.Table 78 Bandwidth Ma

Chapter 15 Bandwidth management 299BCM50a Integrated Router Configuration — BasicsFilter ConfigurationEnable Bandwidth Filter Select Enable Bandwidth

3BCM50a Integrated Router Configuration — BasicsContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30 PrefaceN0115790Getting Help through a Nortel distributor or reseller If you purchased a service contract for your Nortel product from a distributor

300 Chapter 15 Bandwidth managementN0115790Bandwidth management statisticsUse the Bandwidth Management Statistics screen to view network performance f

Chapter 15 Bandwidth management 301BCM50a Integrated Router Configuration — BasicsFigure 100 Bandwidth management statistics Table 80 describes the

302 Chapter 15 Bandwidth managementN0115790MonitorTo view bandwidth usage and allotments, click BW MGMT, then the Monitor tab. The screen appears as s

303BCM50a Integrated Router Configuration — BasicsChapter 16Authentication serverThe BCM50a Integrated Router can use either the local user database i

304 Chapter 16 Authentication serverN0115790Figure 102 Local User databaseTable 82 describes the labels in Figure 102. Table 82 Local User databas

Chapter 16 Authentication server 305BCM50a Integrated Router Configuration — BasicsEdit Local User DatabaseTo change a local user database entry, clic

306 Chapter 16 Authentication serverN0115790Figure 103 Local User database edit

Chapter 16 Authentication server 307BCM50a Integrated Router Configuration — BasicsTable 83 describes the labels in Figure 103. Table 83 Local User

308 Chapter 16 Authentication serverN0115790Current split networksIn the Local User Database Edit screen, click Configure Network to display the Curre

Chapter 16 Authentication server 309BCM50a Integrated Router Configuration — BasicsTable 84 describes the labels in Figure 104. Current split networks

31BCM50a Integrated Router Configuration — BasicsChapter 1Getting to know your BCM50a Integrated RouterThis chapter introduces the main features and a

310 Chapter 16 Authentication serverN0115790Figure 105 Current split networks editTable 85 describes the labels in Figure 105. Table 85 Current sp

Chapter 16 Authentication server 311BCM50a Integrated Router Configuration — BasicsConfiguring RADIUSUse RADIUS if you want to authenticate users usin

312 Chapter 16 Authentication serverN0115790Figure 106 RADIUSTable 86 describes the labels in Figure 106.Table 86 RADIUSLabel DescriptionAuthentic

Chapter 16 Authentication server 313BCM50a Integrated Router Configuration — BasicsPort Number The default port of the RADIUS server for authenticatio

314 Chapter 16 Authentication serverN0115790

315BCM50a Integrated Router Configuration — BasicsChapter 17Remote management screensThis chapter provides information on the Remote Management screen

316 Chapter 17 Remote management screensN01157901 A filter in SMT menu 3.1 (LAN) or in menu 11.1.4 (WAN) is applied to block a Telnet, FTP, or Web ser

Chapter 17 Remote management screens 317BCM50a Integrated Router Configuration — BasicsIntroduction to HTTPSHTTPS (HyperText Transfer Protocol over Se

318 Chapter 17 Remote management screensN0115790Figure 107 HTTPS implementationConfiguring WWWTo change your BCM50a Integrated Router Web settings,

Chapter 17 Remote management screens 319BCM50a Integrated Router Configuration — BasicsFigure 108 WWWTable 87 describes the labels in Figure 108.Tab

32 Chapter 1 Getting to know your BCM50a Integrated RouterN0115790Physical featuresHigh-speed Internet accessYour BCM50a Integrated Router supports AD

320 Chapter 17 Remote management screensN0115790HTTPS exampleTo change the default HTTPS port on the BCM50a Integrated Router, in your browser, enter

Chapter 17 Remote management screens 321BCM50a Integrated Router Configuration — BasicsInternet Explorer warning messagesWhen you attempt to access th

322 Chapter 17 Remote management screensN0115790Select Accept this certificate permanently to import the BCM50a Integrated Router certificate into the

Chapter 17 Remote management screens 323BCM50a Integrated Router Configuration — BasicsFigure 111 Security Certificate 2 (Netscape)Avoiding the brow

324 Chapter 17 Remote management screensN0115790a Click REMOTE MGMT. Write down the name of the certificate displayed in the Server Certificate field.

Chapter 17 Remote management screens 325BCM50a Integrated Router Configuration — BasicsFigure 112 Logon screen (Internet Explorer)

326 Chapter 17 Remote management screensN0115790Figure 113 Login screen (Netscape)Click Login to proceed. The screen shown in Figure 114 appears.The

Chapter 17 Remote management screens 327BCM50a Integrated Router Configuration — BasicsFigure 114 Replace certificateClick Apply in the Replace Cert

328 Chapter 17 Remote management screensN0115790Figure 115 Device-specific certificateClick Ignore in the Replace Certificate screen to use the comm

Chapter 17 Remote management screens 329BCM50a Integrated Router Configuration — BasicsFigure 116 Common BCM50a Integrated Router certificateSSH ove

Chapter 1 Getting to know your BCM50a Integrated Router 33BCM50a Integrated Router Configuration — Basics• Extended-reach ADSL (ER ADSL)• SRA (Seamles

330 Chapter 17 Remote management screensN0115790Figure 117 SSH Communication ExampleHow SSH worksFigure 118 summarizes how a secure connection is es

Chapter 17 Remote management screens 331BCM50a Integrated Router Configuration — BasicsThe client automatically saves any new server public keys. In s

332 Chapter 17 Remote management screensN0115790Figure 119 SSHTable 88 describes the labels in Figure 119.Table 88 SSHLabel DescriptionServer Host

Chapter 17 Remote management screens 333BCM50a Integrated Router Configuration — BasicsSecure Telnet using SSH examplesThis section shows two examples

334 Chapter 17 Remote management screensN0115790Example 2: LinuxThis section describes how to access the BCM50a Integrated Router using the OpenSSH cl

Chapter 17 Remote management screens 335BCM50a Integrated Router Configuration — BasicsFigure 122 SSH Example 2: Log on3 The SMT main menu displays.

336 Chapter 17 Remote management screensN0115790Figure 123 Secure FTP: Firmware Upload ExampleTelnetYou can configure your BCM50a Integrated Router

Chapter 17 Remote management screens 337BCM50a Integrated Router Configuration — BasicsConfiguring TELNETClick REMOTE MANAGEMENT to open the TELNET sc

338 Chapter 17 Remote management screensN0115790Configuring FTPYou can upload and download the BCM50a Integrated Router firmware and configuration fil

Chapter 17 Remote management screens 339BCM50a Integrated Router Configuration — BasicsConfiguring SNMPSimple Network Management Protocol is a protoco

34 Chapter 1 Getting to know your BCM50a Integrated RouterN0115790Autonegotiating 10/100 Mb/s Ethernet LANThe LAN interfaces automatically detect if t

340 Chapter 17 Remote management screensN0115790Figure 127 SNMP Management ModelAn SNMP-managed network consists of two main types of component: age

Chapter 17 Remote management screens 341BCM50a Integrated Router Configuration — Basics• Get-Allows the manager to retrieve an object variable from th

342 Chapter 17 Remote management screensN0115790REMOTE MANAGEMENT: SNMPTo change your BCM50a Integrated Router SNMP settings, click REMOTE MANAGEMENT,

Chapter 17 Remote management screens 343BCM50a Integrated Router Configuration — BasicsConfiguring DNSUse DNS (Domain Name System) to map a domain nam

344 Chapter 17 Remote management screensN0115790Figure 129 DNSTable 93 describes the fields in Figure 129.Configuring SecurityTo change your BCM50a

Chapter 17 Remote management screens 345BCM50a Integrated Router Configuration — BasicsIf an outside user attempts to probe an unsupported port on you

346 Chapter 17 Remote management screensN0115790Do not respond to requests for unauthorized servicesSelect this option to prevent hackers from finding

347BCM50a Integrated Router Configuration — BasicsChapter 18UPnPThis chapter introduces the Universal Plug and Play feature. Universal Plug and Play o

348 Chapter 18 UPnPN0115790Windows Messenger is an example of an application that supports NAT traversal and UPnP. Cautions with UPnPThe automated nat

Chapter 18 UPnP 349BCM50a Integrated Router Configuration — BasicsFigure 131 Configuring UPnPTable 95 describes the fields in Figure 131.Table 95

Chapter 1 Getting to know your BCM50a Integrated Router 35BCM50a Integrated Router Configuration — BasicsCertificatesThe BCM50a Integrated Router can

350 Chapter 18 UPnPN0115790Displaying UPnP port mappingClick UPnP and then Ports to display the screen as shown in Figure 132. Use this screen to view

Chapter 18 UPnP 351BCM50a Integrated Router Configuration — BasicsInstalling UPnP in Windows exampleThis section shows how to install UPnP in Windows

352 Chapter 18 UPnPN0115790Installing UPnP in Windows MeFollow the steps below to install UPnP in Windows Me. 1 Click Start and Control Panel. Double-

Chapter 18 UPnP 353BCM50a Integrated Router Configuration — BasicsFigure 134 CommunicationsInstalling UPnP in Windows XPFollow the steps below to in

354 Chapter 18 UPnPN0115790Figure 136 Windows optional networking components wizard5 In the Networking Services window, select the Universal Plug an

Chapter 18 UPnP 355BCM50a Integrated Router Configuration — BasicsMake sure the computer is connected to a LAN port of the device. Turn on your comput

356 Chapter 18 UPnPN01157904 You can edit or delete the port mappings or click Add to manually add port mappings.Figure 140 Internet connection prop

Chapter 18 UPnP 357BCM50a Integrated Router Configuration — Basics5 Select the Show icon in notification area when connected check box and click OK. A

358 Chapter 18 UPnPN01157903 Select My Network Places under Other PlacesFigure 144 Network connections 4 An icon with the description for each UPnP-

359BCM50a Integrated Router Configuration — BasicsChapter 19Logs ScreensThis chapter contains information about configuring general log settings and v

36 Chapter 1 Getting to know your BCM50a Integrated RouterN0115790Content filteringThe BCM50a Integrated Router can block web features such as ActiveX

360 Chapter 19 Logs ScreensN0115790Figure 146 View LogTable 97 describes the fields in Figure 146.Table 97 View LogLabel DescriptionDisplay The c

Chapter 19 Logs Screens 361BCM50a Integrated Router Configuration — BasicsConfiguring Log settingsTo change your BCM50a Integrated Router log settings

362 Chapter 19 Logs ScreensN0115790Figure 147 Log settings

Chapter 19 Logs Screens 363BCM50a Integrated Router Configuration — BasicsTable 98 describes the fields in Figure 147.Table 98 Log settingsLabel Des

364 Chapter 19 Logs ScreensN0115790Configuring ReportsTo change your BCM50a Integrated Router log reports, click Logs, and then the Reports tab. The s

Chapter 19 Logs Screens 365BCM50a Integrated Router Configuration — Basics• The LAN IP addresses to and from which the most traffic has been sent• How

366 Chapter 19 Logs ScreensN0115790Figure 148 ReportsTable 99 describes the fields in Figure 148.Note: Enabling the reporting function decreases the

Chapter 19 Logs Screens 367BCM50a Integrated Router Configuration — BasicsViewing Web site hitsIn the Reports screen, select Web Site Hits from the Re

368 Chapter 19 Logs ScreensN0115790Figure 149 Web site hits report exampleTable 100 describes the fields in Figure 149.Table 100 Web site hits rep

Chapter 19 Logs Screens 369BCM50a Integrated Router Configuration — BasicsViewing Protocol/PortIn the Reports screen, select Protocol/Port from the Re

Chapter 1 Getting to know your BCM50a Integrated Router 37BCM50a Integrated Router Configuration — BasicsIP MulticastThe BCM50a Integrated Router can

370 Chapter 19 Logs ScreensN0115790Table 101 describes the fields in Figure 150.Viewing LAN IP addressIn the Reports screen, select LAN IP Address fro

Chapter 19 Logs Screens 371BCM50a Integrated Router Configuration — BasicsFigure 151 LAN IP address report exampleTable 102 describes the fields in

372 Chapter 19 Logs ScreensN0115790Reports specificationsTable 103 lists detailed specifications on the reports feature.Table 103 Report Specificati

373BCM50a Integrated Router Configuration — BasicsChapter 20Call scheduling screensWith call scheduling (applicable for PPPoA or PPPoE encapsulation o

374 Chapter 20 Call scheduling screensN0115790Figure 152 Call schedule summaryTable 104 describes the fields in Figure 152.Table 104 Call Schedule

Chapter 20 Call scheduling screens 375BCM50a Integrated Router Configuration — BasicsCall scheduling editTo configure a schedule set, click the Edit b

376 Chapter 20 Call scheduling screensN0115790If a connection has been already established, your BCM50a Integrated Router will not drop it. After the

Chapter 20 Call scheduling screens 377BCM50a Integrated Router Configuration — BasicsApplying Schedule Sets to a remote nodeOnce your schedule sets ar

378 Chapter 20 Call scheduling screensN0115790

379BCM50a Integrated Router Configuration — BasicsChapter 21MaintenanceThis chapter displays system information such as firmware, port IP addresses, a

38 Chapter 1 Getting to know your BCM50a Integrated RouterN0115790Traffic RedirectTraffic Redirect forwards WAN traffic to a backup gateway when the B

380 Chapter 21 MaintenanceN0115790Figure 154 System Status Table 106 describes the fields in Figure 154.Table 106 System StatusLabel DescriptionS

Chapter 21 Maintenance 381BCM50a Integrated Router Configuration — BasicsSystem statisticsRead-only information here includes port status and packet s

382 Chapter 21 MaintenanceN0115790Figure 155 System Status: Show statisticsTable 107 describes the fields in Figure 155.Table 107 System Status: S

Chapter 21 Maintenance 383BCM50a Integrated Router Configuration — BasicsDHCP Table screen With DHCP (Dynamic Host Configuration Protocol, RFC 2131 an

384 Chapter 21 MaintenanceN0115790Figure 156 DHCP TableTable 108 describes the fields in Figure 156.Diagnostic ScreenFrom the Site Map screen, click

Chapter 21 Maintenance 385BCM50a Integrated Router Configuration — BasicsFigure 157 DiagnosticTable 109 describes the fields in Figure 157.Table 109

386 Chapter 21 MaintenanceN0115790F/W Upload screenFind firmware at www.nortel.com/index.html in a file that usually uses the system model name with a

Chapter 21 Maintenance 387BCM50a Integrated Router Configuration — BasicsFigure 158 Firmware uploadTable 110 describes the fields in Figure 158.Afte

388 Chapter 21 MaintenanceN0115790Figure 159 Firmware Upload In ProcessThe device automatically restarts in this time, causing a temporary network d

Chapter 21 Maintenance 389BCM50a Integrated Router Configuration — BasicsConfiguration screenClick MAINTENANCE, and then the Configuration tab. Inform

Chapter 1 Getting to know your BCM50a Integrated Router 39BCM50a Integrated Router Configuration — BasicsUpgrade BCM50a Integrated Router FirmwareThe

390 Chapter 21 MaintenanceN0115790Figure 163 Reset warning messageThe BCM50a Integrated Router LAN IP address changes back to 192.168.1.1 and the pa

Chapter 21 Maintenance 391BCM50a Integrated Router Configuration — BasicsNote: Do not turn off the device while configuration file upload is in progre

392 Chapter 21 MaintenanceN0115790If the upload was not successful, click Return to return to the Configuration screen. Restart screenWith system rest

393BCM50a Integrated Router Configuration — BasicsAppendix ATroubleshootingThis chapter covers potential problems and the corresponding remedies.Probl

394 Appendix A TroubleshootingN0115790Problems with the LAN LEDProblems with the LAN interfaceTable 113 Troubleshooting the LAN LEDProblem Correctiv

Appendix A Troubleshooting 395BCM50a Integrated Router Configuration — BasicsProblems with the WAN interfaceProblems with Internet accessTable 115 T

396 Appendix A TroubleshootingN0115790Problems accessing an Internet Web site Problems with the passwordProblems with the WebGUIProblems with Remote M

Appendix A Troubleshooting 397BCM50a Integrated Router Configuration — BasicsAllowing Pop-up Windows, JavaScript and Java Permissions In order to use

398 Appendix A TroubleshootingN0115790Figure 167 Pop-up BlockerYou can also check if pop-up blocking is disabled in the Pop-up Blocker section in th

Appendix A Troubleshooting 399BCM50a Integrated Router Configuration — BasicsFigure 168 Internet Options3 Click Apply to save this setting.Enabling

4 ContentsN0115790Nortel Contivity Client Termination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34Certificates . . . . . . .

40 Chapter 1 Getting to know your BCM50a Integrated RouterN0115790Figure 1 Secure Internet Access and VPN ApplicationCaution: Electro-static Dischar

400 Appendix A TroubleshootingN01157902 Select Settings… to open the Pop-up Blocker Settings screen.Figure 169 Internet options3 Type the IP address

Appendix A Troubleshooting 401BCM50a Integrated Router Configuration — Basics4 Click Add to move the IP address to the list of Allowed sites.Figure 17

402 Appendix A TroubleshootingN01157901 In Internet Explorer, click Tools, Internet Options, and then the Security tab. Figure 171 Internet options

Appendix A Troubleshooting 403BCM50a Integrated Router Configuration — Basics6 Click OK to close the window.Figure 172 Security Settings - Java Scri

404 Appendix A TroubleshootingN01157905 Click OK to close the window.Figure 173 Security Settings - Java JAVA (Sun)1 From Internet Explorer, click T

Appendix A Troubleshooting 405BCM50a Integrated Router Configuration — Basics4 Close your existing browser session and open a new browser.Figure 174

406 Appendix A TroubleshootingN0115790Allowing Pop-ups1 In Netscape, click Tools, Popup Manager and then select Allow Popups From This Site. Figure 17

Appendix A Troubleshooting 407BCM50a Integrated Router Configuration — Basics3 Clear the Block unrequested popup windows check box. Figure 177 Pop

408 Appendix A TroubleshootingN01157904 Click the Allowed Sites... button. Figure 178 Popup Windows5 Type the IP address of your device (the Web pag

Appendix A Troubleshooting 409BCM50a Integrated Router Configuration — Basics6 Click Add to move the IP address to the Site list.Figure 179 Allowed

41BCM50a Integrated Router Configuration — BasicsChapter 2Introducing the WebGUIThis chapter describes how to access the BCM50a Integrated Router WebG

410 Appendix A TroubleshootingN01157904 Click OK to close the window.Figure 180 Advanced 5 Click the Advanced directory and then select Scripts &

Appendix A Troubleshooting 411BCM50a Integrated Router Configuration — Basics7 Click OK to close the window.Figure 181 Scripts & Plug-ins

412 Appendix A TroubleshootingN0115790

413BCM50a Integrated Router Configuration — BasicsAppendix BLog DescriptionsThis appendix provides descriptions of example log messages.Table 120 Sy

414 Appendix B Log DescriptionsN0115790TELNET Login Fail Someone has failed to log on to the router through Telnet.FTP Login Successfully Someone has

Appendix B Log Descriptions 415BCM50a Integrated Router Configuration — Basicsattack ESP The firewall detected an ESP attack.attack GRE The firewall d

416 Appendix B Log DescriptionsN0115790For type and code details, see Table 127.teardrop ICMP (type:%d, code:%d)The firewall detected an ICMP teardrop

Appendix B Log Descriptions 417BCM50a Integrated Router Configuration — BasicsFirewall default policy: ICMP (set:%d, type:%d, code:%d)ICMP access matc

418 Appendix B Log DescriptionsN0115790Firewall rule match: (set:%d, rule:%d)Access matched the listed firewall rule and the BCM50a Integrated Router

Appendix B Log Descriptions 419BCM50a Integrated Router Configuration — BasicsFilter default policy DROP!Access matched a default filter policy (denie

42 Chapter 2 Introducing the WebGUIN01157901 Launch your web browser.2 Type 192.168.1.1 as the URL.3 Type the username (“nnadmin” is the default) and

420 Appendix B Log DescriptionsN0115790(set:%d) With firewall messages, this is the number of the ACL policy set and denotes the packet's directi

Appendix B Log Descriptions 421BCM50a Integrated Router Configuration — BasicsFor type and code details, see Table 127.Table 126 ACL Setting NotesAC

422 Appendix B Log DescriptionsN0115790VPN/IPSec LogsTo view the IPSec and IKE connection log, type 3 in menu 27 and press [ENTER] to display the IPSe

Appendix B Log Descriptions 423BCM50a Integrated Router Configuration — BasicsFigure 182 Example VPN Initiator IPSec LogVPN Responder IPSec LogFigur

424 Appendix B Log DescriptionsN0115790Figure 183 Example VPN Responder IPSec LogThis menu is useful for troubleshooting your BCM50a Integrated Rout

Appendix B Log Descriptions 425BCM50a Integrated Router Configuration — BasicsTable 129 Sample IKE Key Exchange LogsLog Message DescriptionSend <

426 Appendix B Log DescriptionsN0115790!! Remote IP <IP start> / <IP end> conflictsIf the security gateway is “0.0.0.0”, the BCM50a Integ

Appendix B Log Descriptions 427BCM50a Integrated Router Configuration — BasicsTable 130 shows sample log messages during packet transmission. ->

428 Appendix B Log DescriptionsN0115790Table 131 shows RFC 2408 ISAKMP payload types that the log displays. Refer to RFC 2408 for detailed information

Appendix B Log Descriptions 429BCM50a Integrated Router Configuration — BasicsFailed to resolve <CMP CA server url>The CMP online certificate en

Chapter 2 Introducing the WebGUI 43BCM50a Integrated Router Configuration — BasicsFigure 3 Change password screen5 Click Apply in the Replace Certif

430 Appendix B Log DescriptionsN0115790Table 133 Certificate Path Verification Failure Reason CodesCode Description1 Algorithm mismatch between the

Appendix B Log Descriptions 431BCM50a Integrated Router Configuration — BasicsLog CommandsGo to the command interpreter interface (the Command Interpr

432 Appendix B Log DescriptionsN0115790Displaying LogsUse the sys logs display command to show all of the logs in the BCM50a Integrated Router log.Use

Appendix B Log Descriptions 433BCM50a Integrated Router Configuration — BasicsLog Command ExampleThis example shows how to set the BCM50a Integrated R

434 Appendix B Log DescriptionsN0115790

BCM50a Integrated Router Configuration — Basics435IndexNumbers3DES 1974-Port Switch 33AAction 169Action for Matched Packets 172ActiveX 189Administrato

436 IndexN0115790Maximum Number of Schedule Sets 373, 377Precedence 373Precedence Example 373Called ID 119Calling Line Identification 119Central Netwo

Index 437BCM50a Integrated Router Configuration — BasicsEnable Wildcard 81Encapsulating Security Payload 196Encapsulation 47, 50ENET ENCAP 47PPP over

438 IndexN0115790Illegal Commands 152Initial Contact Payload 250Inside 122Inside Global Address 122Inside Local Address 122Internet access 32Internet

Index 439BCM50a Integrated Router Configuration — BasicsMultiprotocol Encapsulation 48My Password 307, 313NNailed-Up Connection 53NAT 53, 107, 115, 12

44 Chapter 2 Introducing the WebGUIN0115790The MAIN MENU screen appears.Restoring the factory-default configuration settingsIf you forget your passwor

440 IndexN0115790Rreboot 386regulatory information 2reinitialize the ADSL line 386Remote Management and NAT 316Remote Management Limitations 315Report

Index 441BCM50a Integrated Router Configuration — BasicsStatic Route 139, 140SUA 127, 128, 130SUA (Single User Account) 126SUA Only 107SUA Server 129S

442 IndexN0115790WWW 318

Chapter 2 Introducing the WebGUI 45BCM50a Integrated Router Configuration — BasicsFigure 5 MAIN MENU ScreenClick the Contact link to display the cus

46 Chapter 2 Introducing the WebGUIN0115790Figure 6 Contact Support

47BCM50a Integrated Router Configuration — BasicsChapter 3Wizard setupThis chapter provides information on the Wizard screens in the WebGUI.Wizard ove

48 Chapter 3 Wizard setupN0115790PPP over EthernetPPP over Ethernet (PPPoE) provides access control and billing functionality in a manner similar to d

Chapter 3 Wizard setup 49BCM50a Integrated Router Configuration — BasicsVC-based multiplexingIn this case, by prior mutual agreement, each protocol is

Contents 5BCM50a Integrated Router Configuration — BasicsChapter 3Wizard setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50 Chapter 3 Wizard setupN0115790Figure 7 Wizard Screen 1Table 2 describes the fields in Figure 7.Table 2 Wizard Screen 1Label DescriptionMode Fro

Chapter 3 Wizard setup 51BCM50a Integrated Router Configuration — BasicsIP address and subnet maskSimilar to the way houses on a street share a common

52 Chapter 3 Wizard setupN0115790IP assignment with PPPoA or PPPoE encapsulationIf you have a dynamic IP, the IP Address and ENET ENCAP Gateway fields

Chapter 3 Wizard setup 53BCM50a Integrated Router Configuration — BasicsYou can obtain your IP address from the IANA, from an ISP, or it can be assign

54 Chapter 3 Wizard setupN0115790Figure 8 Internet connection with PPPoATable 3 describes the fields in Figure 8.Table 3 Internet connection with

Chapter 3 Wizard setup 55BCM50a Integrated Router Configuration — BasicsFigure 9 Internet connection with RFC 1483Table 4 describes the fields in Fi

56 Chapter 3 Wizard setupN0115790Figure 10 Internet connection with ENET ENCAPTable 5 describes the fields in Figure 10.Network Address Translation

Chapter 3 Wizard setup 57BCM50a Integrated Router Configuration — BasicsFigure 11 Internet connection with PPPoEENET ENCAP GatewayYou must specify a

58 Chapter 3 Wizard setupN0115790Table 6 describes the fields in Figure 11.Table 6 Internet connection with PPPoELabel DescriptionService Name Type

Chapter 3 Wizard setup 59BCM50a Integrated Router Configuration — BasicsDHCP setupUsing Dynamic Host Configuration Protocol (DHCP), individual clients

6 ContentsN0115790Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68Routing . . .

60 Chapter 3 Wizard setupN0115790Figure 12 Wizard Screen 32 To change your BCM50a Integrated Router LAN settings, click Change LAN Configuration to

Chapter 3 Wizard setup 61BCM50a Integrated Router Configuration — BasicsFigure 13 Wizard: LAN configurationTable 7 describes the fields in Figure 13

62 Chapter 3 Wizard setupN0115790DHCP With DHCP (Dynamic Host Configuration Protocol, RFC 2131 and RFC 2132) individual clients (workstations) can ob

Chapter 3 Wizard setup 63BCM50a Integrated Router Configuration — BasicsWizard setup configuration: connection testsThe BCM50a Integrated Router autom

64 Chapter 3 Wizard setupN0115790

65BCM50a Integrated Router Configuration — BasicsChapter 4User NotesGeneral NotesThere are some router functions that, although performing as expected

66 Chapter 4 User NotesN0115790If the Administrator Timeout is set to 0, and an administration session is terminated without logging off, the router n

Chapter 4 User Notes 67BCM50a Integrated Router Configuration — BasicsIf a VPN Client user account is de-activated, deleted, or changed, and that user

68 Chapter 4 User NotesN0115790Security1 Exporting or Saving Self-Signed CertificateTo export or save a self-signed certificate, click details (the ic

Chapter 4 User Notes 69BCM50a Integrated Router Configuration — BasicsSetting up the router when the system has a server1 If you are using a Full-Feat

Contents 7BCM50a Integrated Router Configuration — BasicsFactory LAN defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 Chapter 4 User NotesN0115790Adding IP telephony to a multi-site networkScenario 1: A BCM50 in the primary site acting as the gateway for both sites

Chapter 4 User Notes 71BCM50a Integrated Router Configuration — BasicsConfiguring the router to act as a Nortel VPN Server (Client Termination)1 Under

72 Chapter 4 User NotesN01157902 Create the appropriate Firewall rules to add BCM50 access.Go to FIREWALL / Summary, and create two WAN-to-LAN firewal

Chapter 4 User Notes 73BCM50a Integrated Router Configuration — Basics2 On BANDWIDTH MANAGEMENT / Class Setup, add a WAN subclass, and reserve suffici

74 Chapter 4 User NotesN0115790

75BCM50a Integrated Router Configuration — BasicsChapter 5System screensThis chapter provides information on the System screens.System overviewThis se

76 Chapter 5 System screensN0115790Figure 15 depicts an example where three VPN tunnels are created from BCM50a Integrated Router A; one to branch off

Chapter 5 System screens 77BCM50a Integrated Router Configuration — BasicsFigure 16 System general setupTable 8 describes the fields in Figure 16.Ta

78 Chapter 5 System screensN0115790System DNS Servers (if applicable)DNS (Domain Name System) is for mapping a domain name to its corresponding IP add

Chapter 5 System screens 79BCM50a Integrated Router Configuration — BasicsDynamic DNSWith Dynamic DNS, you can update your current dynamic IP address

8 ContentsN0115790SUA Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127Defaul

80 Chapter 5 System screensN0115790Figure 17 DDNSTable 9 describes the fields in Figure 17.Table 9 DDNSLabel DescriptionActive Select this check b

Chapter 5 System screens 81BCM50a Integrated Router Configuration — BasicsConfiguring PasswordTo change the password of your BCM50a Integrated Router

82 Chapter 5 System screensN0115790Figure 18 PasswordTable 10 describes the fields in Figure 18.Table 10 PasswordLabel DescriptionAdministrator Se

Chapter 5 System screens 83BCM50a Integrated Router Configuration — BasicsPredefined NTP time server listThe BCM50a Integrated Router uses the predefi

84 Chapter 5 System screensN0115790When the BCM50a Integrated Router uses the predefined list of NTP time servers, it randomly selects one server and

Chapter 5 System screens 85BCM50a Integrated Router Configuration — BasicsFigure 19 Time and Date

86 Chapter 5 System screensN0115790Table 12 describes the fields in Figure 19.Table 12 Time and DateLabel DescriptionCurrent Time and DateCurrent Ti

Chapter 5 System screens 87BCM50a Integrated Router Configuration — BasicsTime Zone SetupTime Zone Choose the time zone of your location. This will se

88 Chapter 5 System screensN0115790ALG With Application Layer Gateway (ALG), an application can pass through NAT and the firewall. You must also conf

89BCM50a Integrated Router Configuration — BasicsChapter 6LAN screens This chapter describes how to configure LAN settings.LAN overviewLocal Area Netw

Contents 9BCM50a Integrated Router Configuration — BasicsPacket filtering vs. firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

90 Chapter 6 LAN screensN0115790DNS serversUse the LAN IP screen to configure the DNS server information that the BCM50a Integrated Router sends to th

Chapter 6 LAN screens 91BCM50a Integrated Router Configuration — BasicsBoth RIP-2B and RIP-2M send routing data in RIP-2 format; the difference being

92 Chapter 6 LAN screensN0115790Configuring IP Click LAN to open the IP screen.Figure 21 LAN IP

Chapter 6 LAN screens 93BCM50a Integrated Router Configuration — BasicsTable 14 describes the fields in Figure 21.Table 14 LAN IPLabel DescriptionDH

94 Chapter 6 LAN screensN0115790First DNS Server Second DNS Server Third DNS Server Select From ISP if your ISP dynamically assigns DNS server informa

Chapter 6 LAN screens 95BCM50a Integrated Router Configuration — BasicsConfiguring Static DHCPWith Static DHCP, you can assign IP addresses on the LAN

96 Chapter 6 LAN screensN0115790To change the static DHCP settings, click LAN, then the Static DHCP tab. The screen appears as shown in Figure 22.Figu

Chapter 6 LAN screens 97BCM50a Integrated Router Configuration — BasicsConfiguring IP AliasWith IP Alias, you can partition a physical network into di

98 Chapter 6 LAN screensN0115790Table 16 describes the fields in Figure 23.Table 16 IP AliasLabel DescriptionIP Alias 1,2 Select the check box to co

99BCM50a Integrated Router Configuration — BasicsChapter 7WAN screensThis chapter describes how to configure WAN settings. WAN overviewThis section pr