Avaya Business Secure Router 222 Fundamentals User's Manual
Contents
1. 2 The second wizard screen has three variations depending on the encapsulation type you use Use the information in Internet Account Information to fill in the fields Nortel Business Secure Router 222 Fundamentals 26 Chapter 4 Configuring your Business Secure Router WIZARD ISP Parameters for Internet Access Encapsulation Ethernet Service Type Standard User Name N A Password N A Login Server IP Address N A Back Next Internet connection with ethernet This variation is shown when the WAN port is used as a regular Ethernet Choose either Standard or a Road Runner ISP version You need your User Name Password and Login Server IP Address for some Road Runner ISP versions NN47922 301 Chapter 4 Configuring your Business Secure Router 27 WIZARD ISP Parameters for Internet Access Encapsulation PPP over Ethernet Service Namel n User Name Po Password fe I Nailed Up Connection Idle Timeout fi 00 Seconds Back Next Internet connection with PPPoE Point to Point Protocol over Ethernet PPPoE also functions as a dial up connection Therefore you also need a username and password and possibly the PPPoE service name from ISP Select Nailed Up Connection when you want your connection active all the time The Business Secure Router tries to bring up the connection automatically if it is disconnected Nortel Business Secure Router 222 Fundamentals 28 Ch2. 1 Under VPN Client Termination a Enable Client Termination b Select authentication type and the encryption algorithms supported c If the clients are assigned IP addresses from a pool define the pool and enable it 2 Assuming a Local User Database is used for authentication a Add user name and password to the local user database as an IPSec user and activate it If the hosts will be assigned a static IP address enter the address that will be assigned to the user Configuring the router to connect to a Nortel VPN Server Client Emulation Go to VPN Summary and select Edit 2 Selecta connection type of Contivity Client and fill in the web page with the relevant data 3 If Group authentication or On Demand Client Tunnels are needed click the Advanced button to configure this Allowing remote management of a LAN connected BCM50 1 Create the appropriate NAT server rules to add the BCMSO Go to SUA NAT SUA Server and create two server rules for HTTPS and Element Manager access One named BCM_HTTPS with port number 443 and the IP address of the BCM50 One named BCM_EM with the port number 5989 and the IP address of the BCM50 Nortel Business Secure Router 222 Fundamentals 38 Chapter 5 User Notes Note In DHCP Server mode the BCMS0 IP address will be the lowest address in the pool 2 Create the appropriate Firewall rules to add BCM50 access Go to FIREWALL Summary and create two W
3. Nortel Business Secure Router 222 Fundamentals BSR222 Business Secure Router Document Number NN47922 301 Document Version 1 4 Date May 2007 NORTEL Copyright Nortel 2005 2006 All rights reserved The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty The information in this document is proprietary to Nortel Trademarks Nortel Nortel Logo the Globemark and This is the way This is Nortel Design mark are trademarks of Nortel Microsoft MS MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation All other trademarks and registered trademarks are the property of their respective owners NN47922 301 Contents PERINOD 64408 04405 11949804408 1159s RR 7 Before YOu BEGIN ccs cariche eeeedsee ety Re eee eee es 7 Tox Conv ONONS aspirina eee elia 7 POON E A E E EAT T TE A TENTE eke 7 Related publications 55 s 05330000 ELSE nyirep Nero ees eek s es 8 Hard copy technical Manuals ea ersi boa eee Vaia E eee 9 Ho TGR LE conten racecar ea trie tto ARRLIRERT TRITATE RREIIRELA RE 9 AC Power Adapter Specifications cc2cccs0ecesseesarebeeeceeasediaeeebes 10 Chapter 1 Introducing the Business Secure Router 11 Chapter 2 Hardware Installatigtt lt ssssra
4. address range is entered the range is ignored 2 Automatic Firewall Programming Configurations to various areas of the router such as remote management or adding a SUA Server do not automatically add the appropriate rules to the Firewall to enable the traffic to pass through the router These need to be added separately Note Firewall rules do not apply to IPSec tunnels NAT 1 Deleting NAT Rule Does Not Drop an Existing Connection If a NAT rule is deleted the router must be rebooted to apply the change to existing service connections This is already noted in the GUI 2 NAT Traversal Status If NAT Traversal is enabled but is not needed because the client is not behind a NAT router it will be shown as inactive in the VPN Client Monitor This may confuse some users VPN Client Termination 1 Change of User Account Does Not Drop Existing Connections NN47922 301 Chapter 5 User Notes 33 If a VPN Client user account is de activated deleted or changed and that user is currently connected the connection is not automatically dropped To drop the connection the administrator needs to disconnect the user using the Disconnect function in the VPN SA Monitor GUI This is consistent with other Nortel Contivity products 2 User Name Restrictions User names are limited to a maximum length of 63 characters 3 VPN Client Account Password Restrictions The password for a VPN Client user cannot contain the single o
5. details Ping the Business Secure Router the default IP address is 192 168 1 1 froma LAN computer Make sure your computer Ethernet card is installed and functioning properly Problem You cannot ping any computer on the LAN If the LAN LEDs are off check the cable connections between the Business Secure Router and your LAN computers Verify that the IP address and subnet mask of the Business Secure Router and the LAN computers are in the same IP address range See 3 1 Static or dynamic configuration Windows 2000 NT XP on page 17 for details about how to change your computer s IP address with Windows 2000 NT and XP operating systems Refer to Configuring and Troubleshooting the Nortel Business Secure Router 222 for detailed IP address configuration for Windows 95 98 Me and Macintosh and Linux computer operating systems Nortel Business Secure Router 222 Fundamentals 42 Chapter 6 Troubleshooting Problem You cannot get a WAN IP address from the ISP The WAN IP is provided after the ISP verifies the MAC address hostname or user ID Find out the verification method used by your ISP and configure the corresponding fields If the ISP checks the WAN MAC address clone the MAC address from a LAN computer Click WAN and then the MAC tab select Spoof this Computer s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC address you are cloning If the ISP checks the host name ent
6. o System DNS Servers From ISP First DNS Server Goo From ISP Second DNS Server Go U From ISP gt Third DNS Server WAN MAC Address Factory Default C Spoof this Computer s MAC Address fi 168 1 IP Address SLB Finish WAN IP address assignment Select Get automatically from ISP if your ISP did not assign you a fixed IP address Select Use fixed IP address if the ISP assigned a fixed IP address and then enter your IP address and subnet mask in the next two fields Enter the gateway IP address in the Remote IP Address field if provided when you select Use Fixed IP Address Nortel Business Secure Router 222 Fundamentals 30 Chapter 4 Configuring your Business Secure Router System DNS servers Select From ISP if your ISP dynamically assigns DNS server information and the Business Secure Router s WAN IP address The right field displays the read only DNS server IP address that the ISP assigns If you chose From ISP but the Business Secure Router has a fixed WAN IP address From ISP changes to None after you click Apply If you chose From ISP for the second or third DNS server but the ISP does not provide a second or third IP address From ISP changes to None after you click Apply Select User Defined if you have the IP address of a DNS server Enter the DNS server s IP address in the field to the right If you chose User Defined but leave the IP address set to 0 0 0 0 User Defined chang
7. 22 Configuration Basics NN47922 500 and Nortel Business Secure Router 222 Configuration Advanced NN47922 501 for detailed IP address configuration for other Windows and Macintosh computer operating systems Nortel Business Secure Router 222 Fundamentals 20 Chapter 3 Setting up your computer IP address NN47922 301 Chapter 4 Configuring your Business Secure Router 21 Chapter 4 Configuring your Business Secure Router Choose one of these methods to access and configure the Business Secure Router This guide shows you how to use the WebGUI wizard only See Nortel Business Secure Router 222 Configuration Basics NN47922 500 and Nortel Business Secure Router 222 Configuration Advanced NN47922 501 for background information about all Business Secure Router features and SMT configuration Click the WebGUI online help for screen specific web help 4 1 Accessing your Business Secure Router via the WebGUI 1 Launch your web browser Enter 192 168 1 1 as the web site address File Edit View Favorites Tools Help Back gt A Al Asearch Favorites Meda dr GH H8 Address http 192 168 1 1 2 The default username admin and password setup are already in the password field in non readable format Click Login to proceed to a screen that will let you to change your password Click Reset if you want to clear any information you have entered in the Username and Password fields Nortel Busines
8. AN to LAN firewall rules One rule allowing access from allowed remote computer IP addresses to the BCMS0 IP address for service type HTTPS TCP 443 One rule allowing access from allowed remote computer IP addresses to the BCMS0 IP address for custom port TCP 5989 Setting up the router for guest access The recommended approach to provide guest access is by creating an IP Alias and using static addressing for the corporate equipment to make it a member of the defined Alias subnet Then use firewall rules to restrict access of the guest equipment NOTE if a BCM50 is used it will also need to be assigned a static IP address 1 GotoLAN IP Alias and Enable IP Alias 1 Define a subnet for the corporate equipment Statically assign addresses to the corporate equipment that are within the IP Alias subnet 4 Set up LAN IP to enable DHCP Server with an address range that will be used for guest equipment 5 Inthe FIREWALL set up a LAN to LAN rule to block traffic between the guest subnet DHCP Pool and the corporate subnet IP Alias subnet Note If branch tunnels are being used the policies on these tunnels should exclude the guest subnet Preventing heavy data traffic from impacting telephone calls To ensure voice quality during heavy data traffic bandwidth needs to be reserved for voice traffic NN47922 301 Chapter 5 User Notes 39 Determine your actual WAN up stream bandwidth by connecting to a web site s
9. ES with MDS integrity e IKE Encryption must be Triple DES with Diffie Hellman Group 2 e Perfect Forward Secrecy PFS must be enabled Security 1 Exporting or Saving Self Signed Certificate To export or save a self signed certificate click details the icon that looks like a paper note then click Export or copy the PEM text into the clipboard and paste into a file Routing 1 RIP Version Advertisement Control To change the version of generated RIP advertisements the following CLI command needs to be used ip rip mode enifOlenif1 inlout 0111213 where enif0 is the LAN side and enifl is the WAN side in affects recognition of received advertisements and out applies to generated advertisements The number controls the operating mode None disabled RIP 1 only RIP 2 only NN47922 301 Chapter 5 User Notes 35 Both RIP 1 and RIP 2 Advanced Router Configuration The following notes are intended to help with advanced router configuration Setting up the router when the system has a server 1 If you are using a Full Feature NAT configuration first do the following a In SUA NAT Address Mapping add a Server rule specifying the Public IP address of the server 2 For both SUA Only and Full Feature NAT configurations do the following a In SUA NAT SUA Server add server private IP address and port number s to the SUA NAT Server table b In FIREWALL add a WAN to LAN
10. Secure Router 222 Before you begin This Quick Start Guide is intended for network managers who are installing the Nortel Business Secure Router 222 for the first time It assumes that you are familiar with the type of Internet connection used with your Business Secure Router Text conventions This guide uses the following text conventions italic text Indicates new terms book titles and variables in command syntax descriptions Where a variable is two or more words the words are connected by an underscore Example If the command syntax is show at lt valid_route gt valid_route is one variable and you substitute one value for it Acronyms This guide uses the following acronyms ADSL asymmetric digital subscriber line DHCP Dynamic Host Configuration Protocol Nortel Business Secure Router 222 Fundamentals 8 Preface Related publications DNS ENET IP ISP LAN LLC PPPoA PPPoE RFC SUA TCP IP VC VCI VPI WAN domain name server Ethernet Internet Protocol Internet Service Provider local area network logical link control Point to Point Protocol over ADSL Point to Point Protocol over Ethernet request for comment single user account Transmission Control Protocol Internet Protocol virtual channel virtual channel identifier virtual path identifier wide area network For more information about using the Nortel Business Secure Router 222 refer to the following publication e Conf
11. apter 4 Configuring your Business Secure Router WIZARD ISP Parameters for Internet Access Encapsulation PPTP User Name Password l Nailed Up Connection Idle Timeout 100 Seconds PPTP Configuration My IP Address ooo oo My IP Subnet Mask ooo Server IP Address ooo Connection ID Name o cc Back Next Internet connection with PPTP Choose PPTP if your service provider uses a DSL terminator with PPTP log on The Business Secure Router must have a static IP address in this case You need a log on name associated password the PPTP server IP address and a connection ID Type the subnet mask assigned to you by your ISP if given Type the static IP address assigned to you by your ISP The connection ID or name is optional depending on your ISP s requirements If you have a connection ID from your ISP enter it in C ID format where ID is the id given to you by your ISP For example C 12 If you have a connection name from your ISP enter it in N Name format where Name is the connection name given to you by your ISP For example N MyISP NN47922 301 Chapter 4 Configuring your Business Secure Router 29 Click Next to continue 3 Fill in the fields and click Finish to save and complete the wizard setup WIZARD WAN IP Address Assignment Get automatically from ISP Default C Use fixed IP address My WAN IP Address o 0 0 0 My WAN IP Subnet Mask o Oc Gateway IP Address
12. auto negotiating can connect at 10 or 100Mb s and auto sensing automatically adjusts to the type of Ethernet cable you use straight through or crossover Step 2 Connect your cable or DSL modem to this port with the cable that a came with your modem D 6 NN47922 301 Chapter 2 Hardware installation 15 2 2 Rear panel 18vpce jo B Table 3 Rear panel details LABEL DESCRIPTION Step 3 Connect the included power adaptor use only this adapter to this POWER power socket After you have made the connections connect the power cable to a power supply and look at the front panel LEDs The power LED blinks while performing system testing and then stays on if the testing is successful The Ethernet port LEDs turn on if the ports are properly connected Refer to Configuring and Troubleshooting the Nortel Business Secure Router 222 for more detailed LED descriptions CON AUX port CON AUX switch Only connect this port if you want to configure the Business Secure Router using the SMT via console port See your User s Guide for details Set this switch to the CON Console side to use the CON AUX port as a console port for local device configuration and management Connect the 9 pin male end of the console cable to the console port of the Business Secure Router and the other end to a serial port COM1 COM2 or other COM port on your computer Your computer must have a terminal emulati
13. bandwidth for UDP traffic protocol ID 17 See the preceding section titled Preventing heavy data traffic from impacting telephone calls Provision the IP set with the corporate call server address On the PC install Contivity Client Software and configure it with the PC user account information Nortel Business Secure Router 222 Fundamentals 40 Chapter 5 User Notes Inter Operability With Third Party Routers VPN Connections With Cisco Routers When establishing a VPN Client tunnel or Branch Office Tunnel between the Business Secure Router and a Cisco router the following configuration rules should be followed 1 Ensure that the WAN IP of the BSR222 252 router and the Cisco router are not in the same subnet 2 Configure the connection to use DES Encryption and MD5 Authentication NN47922 301 Chapter 6 Troubleshooting 41 Chapter 6 Troubleshooting Problem None of the LEDs turn on when you turn on the Business Secure Router Make sure that you have the correct power adapter connected to the Business Secure Router and that it is plugged in to an appropriate power source Check all cable connections If the LEDs still do not turn on you may have a hardware problem In this case contact your local vendor Problem You cannot access the Business Secure Router from the LAN Check the cable connection between the Business Secure Router and your computer or hub Refer to the Rear Panel section for
14. e Network 36 Configuring the router to act as a Nortel VPN Server Client Termination 37 Configuring the router to connect to a Nortel VPN Server Client Emulation 37 Allowing remote management of a LAN connected BCM50 37 Setting up the router for guest access 38 Preventing heavy data traffic from impacting telephone calls 38 Setting Up a Remote Office with a UNIStim IP Telephone 39 Inter Operability With Third Party Routers LL 40 VPN Connections With Cisco Routers 0 00 0c eee eee 40 Chapter 6 Troubleshooting 220 cd be nae wie ead RA RR ee 41 Problem None of the LEDs turn on when you turn on the Business Secure Router 41 Problem You cannot access the Business Secure Router from the LAN 41 Problem You cannot ping any computer on the LAN 41 Problem You cannot get a WAN IP address from the ISP 42 Problem You cannot access the Internet 42 NN47922 301 Table 1 Internet account information worksheet 11 Table 2 Front panel details 14 Table 3 Rear panel details 15 Nortel Business Secure Router 222 Fundamentals NN47922 301 Preface 7 Preface This Quick Start Guide provides instructions for installing and configuring your Nortel Business Secure Router 222 as an Office Gateway for your network After completing this guide you can access the Internet securely through your Nortel Business
15. er your computer s name refer to the Wizard Setup section in the Configuring and Troubleshooting the Business Secure Router SOHO Internet Security Gateway in the System Name field in the first screen of the Wizard If the ISP checks the user ID click WAN and then the ISP tab Check your service type user name and password Problem You cannot access the Internet Check the Business Secure Router connection to the cable or DSL device Check whether your cable or DSL device requires a crossover or straight through cable Click WAN to verify your settings NN47922 301
16. es to None after you click Apply If you set a second choice to User Defined and enter the same IP address the second User Defined changes to None after you click Apply Select None if you do not want to configure DNS servers If you do not configure a system DNS server you must use IP addresses when configuring VPN DDNS and the timeserver WAN MAC address Select Factory Default to use the factory assigned default MAC address Alternatively select Spoof this Computer s MAC address IP Address and enter the IP address of the computer on the LAN whose MAC address you are cloning 4 3 Test your internet connection Launch your web browser and go to www nortel com You do not need a dial up program such as Dial Up Networking Internet access is just the beginning Refer to the Nortel Business Secure Router 222 Configuration Basics NN47922 500 and Nortel Business Secure Router 222 Configuration Advanced NN47922 501 for more detailed information about the complete range of Nortel Business Secure Router 222 features NN47922 301 Chapter 5 User Notes 31 Chapter 5 User Notes General Notes There are some router functions that although performing as expected might cause some confusion These are summarized below General 1 Default Address Mapping Rules When First Enable NAT Full Feature When NAT Full Feature is first enabled two address mapping rules are added to the address mapping table This is done to
17. facilitate programming and matches the default SUA rule The rules can be deleted 2 Response to Invalid User ID or Password When the wrong user ID or password is entered into the router login screen no error message is displayed Instead the login screen is simply displayed again 3 First DHCP Address Reserved for BCM50 The first address of the DHCP Address Pool is reserved for a BCM50 in the subnet and will not be assigned to any other equipment Once assigned to a BCMS 0 it is reserved for that BCMSO and will not be assigned to any other If the BCMS0 is changed the following command must be used to enable the router to assign the first address to a different BCM50 ip dhcp enif0 server m50mac clear 4 Login Requires Reboot If the Administrator Timeout is set to 0 and an administration session is terminated without logging off the router needs to be rebooted in order for the administrator to log in to the WebGUI again Alternatively the administrator can log in using a TelNet session if TelNet access has been enabled in the Remote Management menu Nortel Business Secure Router 222 Fundamentals 32 Chapter 5 User Notes 5 Clicking Sound The Business Secure Router will click once every two minutes until an ADSL line is connected Firewall 1 Address Range Validation In the firewall rules the router does not confirm when given an address range that the second address is higher than the first If this type of
18. iguring and Troubleshooting the Nortel Business Secure Router 222 317517 A NN47922 301 Preface 9 Hard copy technical manuals You can print selected technical manuals and release notes free directly from the Internet Go to www nortel com documentation Find the product for which you need documentation Then locate the specific category and model or version for your hardware or software product Use Adobe Reader to open the manuals and release notes search for the sections you need and print them on most standard printers Go to the Adobe Systems web site at www adobe com to download a free copy of Adobe Reader How to get help If you purchased a service contract for your Nortel product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased a Nortel service program contact Nortel Technical Support To obtain contact information online go to www nortel com cgi bin comments comments cgi then click on Technical Support From the Technical Support page you can open a Customer Service Request online or find the telephone number for the nearest Technical Solutions Center If you are not connected to the Internet you can call 1 800 4NORTEL 1 800 466 7835 to learn the telephone number for the nearest Technical Solutions Center An Express Routing Code ERC is available for many Nortel products and services When you use an ERC yo
19. iness Secure Router Click WIZARD to configure your system for Internet access VPH CERTIFICATES BW MGMT AUTH SERVER REMOTE MGMT UPnP LOGS CALL SCHEDULE e Click any link under MAIN MENU to configure advanced settings e Click MAINTENANCE to access a range of maintenance menus e Click LOGOUT to exit the WebGUI xl Status Ready CE omme y 4 2 Using the wizard to configure for internet access 1 Select WIZARD to display the first wizard screen NN47922 301 Chapter 4 Configuring your Business Secure Router 25 WIZARD General Setup This information is optional but may be helpful in accessing services of your Internet Service Provider such as mail and news servers and customer support web pages Enter a descriptive name for identification purposes We recommend using your computer s name System Name um La i The ISP s domain name is often sent automatically by the ISP to the router If you are having difficulty accessing ISP services you may need to enter the Domain Name manually in the field below Domain Name Next System Name is for identification purposes Enter the name of your computer in the System Name field to easily identify your computer The Domain Name entry defines the domain name that is passed on to the DHCP clients on the LAN If you leave this field blank the domain name obtained by DHCP from the ISP is used Click Next to continue
20. ion Advanced NN47922 501 for detailed IP address configuration for Windows 95 98 Me and Macintosh and Linux computer operating systems 3 1 Static or dynamic configuration Windows 2000 NT XP 1 In Windows XP click Start Control Panel a In Windows 2000 NT click Start Settings Control Panel 2 In Windows XP click Network Connections a In Windows 2000 NT click Network and Dial up Connections Right click Local Area Connection and then click Properties Select Internet Protocol TCP IP under the General tab in Windows XP and click Properties 5 The Internet Protocol TCP IP Properties screen appears the General tab in Windows XP a To have your computer assigned a dynamic IP address click Obtain an IP address automatically b To configure a static IP address click Use the following IP Address and fill in the IP address choose one from 192 168 1 34 to 192 168 1 254 Subnet mask 255 255 255 0 and Default gateway 192 168 1 1 fields Nortel Business Secure Router 222 Fundamentals 18 Chapter 3 Setting up your computer IP address Nortel recommends that you do not use a static IP address in the same range as the Business Secure Router DHCP server address pool 192 168 1 2 to 192 168 1 33 by default Internet Protocol TCP IP Properties Germs Adenate Configuration You can get IP satigi avegred autonsicaly poe retno supports ta capably Dhamne pou meed to att your navod adatto tor the acce
21. on communications program such as HyperTerminal set to VT100 terminal emulation no parity 8 data bits 1 stop bit no flow control and 9600 b s port speed RESET Press this button for one to three seconds to restart the Business Secure Router Press this button for longer than three seconds to return the Business Secure Router to the factory defaults password is setup LAN IP address 192 168 1 1 terminal emulation settings as described above see your User s Guide for details Nortel Business Secure Router 222 Fundamentals 16 Chapter 2 Hardware installation NN47922 301 Chapter 3 Setting up your computer IP address 17 Chapter 3 Setting up your computer IP address The BSR222 is already set up to assign your computer an IP address Use this section to set up your computer to receive an IP address or assign it a static IP address in the 192 168 1 34 to 192 168 1 254 range with a subnet mask of 255 255 255 0 This is necessary to ensure that your computer can communicate with your Business Secure Router Your computer must have an Ethernet card and TCP IP installed TCP IP must already be installed on computers using Windows NT 2000 XP or Macintosh OS 7 and later operating systems Instructions are provided here for configuring Windows 2000 NT and XP operating systems Refer to Nortel Business Secure Router 222 Configuration Basics NN47922 500 and Nortel Business Secure Router 222 Configurat
22. r double quote characters 4 IP Pool Address Overlap When defining multiple VPN Client Termination IP pools the router uses the IP Subnet mask and not the pool size to determine if the pools are overlapping The subnet mask of each pool should be appropriate for the size of the VPN Client Termination IP pool 5 VPN Client Termination Failure In Specific Addressing Situation If the Client has an assigned IP address that is the same as the IP address assigned for the Client Tunnel the connection will fail to be established 6 VPN Client Termination Configuration Restrictions This router has some restrictions when compared to larger Contivity Routers 1000 Series and above In particular VPN Clients cannot be added to the LAN subnet They must have addresses outside of the LAN subnet VPN Clients can have dynamically assigned IP addresses or they can have a statically assigned addresses However the router does not support both modes at once All addresses must either be dynamically assigned or they must all be statically assigned 7 Establishing a Client Tunnel From One Business Secure Router to Another Nortel Business Secure Router 222 Fundamentals 34 Chapter 5 User Notes When defining a Client Termination account for another Business Secure Router that will connect using Contivity Client Emulation the following configuration is required e Encryption must be Triple DES with SHAI integrity or Triple D
23. ress if given DNS Server IP Address if given First Second Third Encapsulation select one below O Ethernet Service Type Login Server IP Address User Name Password O PPTP User Name Password PPTP Server IP Address Connection ID if required O PPPoE PPPoE Service Name User Name Password Nortel Business Secure Router 222 Fundamentals 12 Chapter 1 Introducing the Business Secure Router NN47922 301 Chapter 2 Hardware installation 13 Chapter 2 Hardware installation Caution To keep the Business Secure Router operating at optimal internal temperature keep the bottom sides and rear clear of obstructions and away from the exhaust of other equipment Caution AC Power Adapter Specifications Only use the approved Phihong Model PSA21R 180 power supply with this device NOTE Attach the appropriate plug to the power supply first before inserting it into the power outlet Caution Electro static Discharge can disrupt the router Use appropriate handling precautions to avoid ESD Avoid touching the connectors on the router particularly when it is in use Nortel Business Secure Router 222 Fundamentals 14 Chapter 2 Hardware installation 2 1 Front panel BSR222 Table 2 Front panel details LABEL DESCRIPTION Step 1 1 4 Connect a computer to one of these ports with an Ethernet cable These ports are
24. rule If the service is not in the list of available services add it as a Custom Port d Add the rule selecting the service and entering the server IP address as the destination IP address Connecting two sites to establish a virtual private network The recommended method to do this is through a branch to branch IPSec tunnel 1 In VPN Summary add a new tunnel by editing an unused rule Create an Active Branch Office tunnel a Select Nailed Up if the tunnel should not be closed while not in use b Enter the authentication information with either a pre shared key or an imported certificate c Enter the IP Address assigned to the router WAN port This should be a static address or a dynamic DNS name and the IP address of the remote router Select the encryption and authentication algorithms e Add an IP policy by specifying the IP address ranges of the local and remote hosts that will use the tunnel Nortel Business Secure Router 222 Fundamentals 36 Chapter 5 User Notes 2 Repeat these steps at the other end of the branch Note If VPN Client Termination is used on these sites the client termination address range will need to be included in the tunnel policies in order for the VPN clients to see the other site Adding IP telephony to a multi site network Scenario 1 A BCM50 in the primary site acting as the gateway for both sites 1 Ensure that the DHCP Server in the BCMS0 is disabled tha
25. s Secure Router 222 Fundamentals 22 Chapter 4 Configuring your Business Secure Router 3 Nortel recommends you change the default password Enter a new password retype it to confirm it and click Apply Alternatively click Ignore to proceed to the main menu if you do not want to change the password now NORTEL Ignore NN47922 301 Chapter 4 Configuring your Business Secure Router 23 4 Click Apply in the Replace Factory Default Certificate screen to create a certificate using your Business Secure Router MAC address which will be specific to this device 5 The WebGUI MAIN MENU screen appears e Select WIZARD if you want help configuring your Business Secure Router for the first time e Select a link under MAIN MENU in the navigation panel to configure a Business Secure Router feature e Select MAINTENANCE in the navigation panel to view Business Secure Router performance statistics upload firmware and back up information or restore or upload a configuration file e Click LOGOUT when you have finished a Business Secure Router management session The Business Secure Router automatically logs you off if the session is left idle for five minutes Click ENTER to display the Login screen again and then log back on This idle timeout timer is one of the many Business Secure Router features that you can edit using the WebGUI Nortel Business Secure Router 222 Fundamentals 24 Chapter 4 Configuring your Bus
26. seone iene ieri 13 2 1 FROM panel pci dela LR ERETTA 14 RARI RE MISTI 15 Chapter 3 Setting up your computer IP address 17 3 1 Static or dynamic configuration Windows 2000 NT XP 17 3 2 Checking your computer IP address 19 Chapter 4 Configuring your Business Secure Router 21 4 1 Accessing your Business Secure Router via the WebGUI 21 4 2 Using the wizard to configure for internet access 24 Internet connection with ethernet 26 Internet connection with PPPoE cee eee eee ees 27 Internet connection with PPTP c 0 eeseuesencneereeeeseGeuns eure 28 Nortel Business Secure Router 222 Fundamentals 4 Contents WAN IP address assignment 0000 e eee ees 29 4 3 Test your internet Connection saci ceea bee ko Seu ERETTA RI ORE eS EROS 30 Chapter 5 User GIES cc doc cerwde chews repentini aerei eee 31 General NOT apa dder aidake cda ted ta eee eee 31 MENG REESE TE TA A N E E E T E E T T ET T 31 Firewall sorrette ERE ea fiera 32 AT cick iL ETA Lees eee RI EIA Rd La 32 VPN Clert Termination xx sic chan RR paren eek adRe RMR ARRE 32 SECURE 34 BOU lille either 34 Advanced Router Configuration 5 31 3isi ira 35 Setting up the router when the system has a server 35 Connecting two sites to establish a virtual private network 35 Adding IP telephony to a multi sit
27. ssorie P oiro Ottan an Padbest automate ally Die tt lolosing I dheis C Obtain DNS server asceti auto mabosly Une the follosang DIS server ackberrer 6 Click Advanced Remove any previously installed gateways in the IP Settings tab and click OK to go back to the Internet Protocol TCP IP Properties screen Advanced TCPAP Settings Pietro DNS WINS Option IP adga ze IP addens OHOP Enabled Fo Autorustio netso NN47922 301 Chapter 3 Setting up your computer IP address 19 7 Click Obtain DNS server address automatically if you do not know your DNS server IP address es a If you know your DNS server IP addresses click Use the following DNS server addresses and type them in the Preferred DNS server and Alternate DNS server fields b Ifyou have more than two DNS servers click Advanced select the DNS tab and then configure the two DNS servers using the Add button Click OK to close the Internet Protocol TCP IP Properties window Click OK to close the Local Area Connection Properties window 3 2 Checking your computer IP address 1 On your computer click Start All Programs Accessories and then Command Prompt 2 Inthe Command Prompt window type ipconfig and then press Enter Your computer IP address must be in the correct range 192 168 1 2 to 192 168 1 254 with subnet mask 255 255 255 0 in order to communicate with the Business Secure Router Refer to Nortel Business Secure Router 2
28. t the BCMS50 is connected to the router and both have booted Add the IP phones to the primary site as per BCMSO installation guide Create a tunnel to the remote site as described above In the remote site set the S1 and S2 addresses to the IP address of the BCMS50 which is identified in the router DHCP table or in the BCMS50 This is done with a CLI command TELNET or SSH to the router This needs TELNET or SSH enabled on that router Select menu 24 select menu 8 and enter the commands ip dhcp enif0 server voipserver 1 lt BCM50_IP_Address gt 7000 1 ip dhcp enif0 server voipserver 2 lt BCM50_IP_Address gt 7000 1 5 Add the IP phones to the remote site configured for full DHCP client mode Scenario 2 A BCM50 in each site each acting as the backup call server for the other site 1 Ateach site a Ensure that the DHCP Server in the BCMS0 is disabled that the BCM50 is connected to the router and both have booted b Add the IP phones to the site as per BCMS0 installation guide c At each router change the S2 address to the IP address of the remote BCM50 using TELNET or SSH and the CLI command ip dhcp enif0 server voipserver 2 lt Remote_BCM50_IP_Address gt 7000 1 NN47922 301 Chapter 5 User Notes 37 2 Create a tunnel between the sites as described above 3 Create an H 323 trunk between the BCMS0s as per the BCM50 User Guide Configuring the router to act as a Nortel VPN Server Client Termination
29. uch as http myvoipspeed visualware com On BANDWIDTH MANAGEMENT Summary activate WAN bandwidth management and fill in your actual uplink speed in the WAN Speed field On BANDWIDTH MANAGEMENT Class Setup add a WAN subclass and reserve sufficient bandwidth based on the number of telephones for Protocol ID 17 UDP Traffic The amount of bandwidth should be based on a reasonable peak number of simultaneous calls and the data rate needed by the IP telephony CODECS Setting Up a Remote Office with a UNIStim IP Telephone For a remote office with a PC and a UNIStim IP telephone behind a BCM50a Integrated Router Client Emulation is the recommended method to connect to the main office 1 At the main office Contivity Client Server establish two user accounts one for the telephone and one for the PC On the remote office BCM50a Integrated Router do the following Under WAN WAN IP ensure that Network Address Translation is set to SUA Only default Also ensure that the Gateway IP address is set not 0 0 0 0 Under VPN Summary create an entry for the IP telephone client tunnel Contivity Client Active Keep Alive Fill in the IP address of the Contivity Client Server and the name and password of the telephone set user account Under VPN Global Setting enable Exclusive Mode and fill in the MAC address of the telephone set Under Bandwidth Management set up WAN bandwidth management to reserve 110 kbps of
30. ur call is routed to a technical support person who specializes in supporting that product or service To locate an ERC for your product or service go to http www nortel com help contact erc index html Nortel Business Secure Router 222 Fundamentals 10 Preface AC Power Adapter Specifications Use only power supplies listed in the user instructions Phihong Model PSA21R 180 Note Not to remove the plug and plug into a wall outlet by itself always attach the plug to the power supply first before insert into the wall Leader Model MU18 2180100 XX XX can be Al A2 A3 B2 or C5 for the different plugs used NN47922 301 Chapter 1 Introducing the Business Secure Router 11 Chapter 1 Introducing the Business Secure Router The Nortel Business Secure Router 222 is the ideal secure gateway for all data passing between the Internet and the LAN By integrating Network Address Translation NAT firewall and Virtual Private Network VPN capability the Nortel Business Secure Router 222 is a complete security solution that protects your Intranet and efficiently manages data traffic on your network The embedded WebGUI is easy to operate and totally independent of the operating system platform you use You must have an Internet account already set up and have most of the following information Table 1 Internet account information worksheet Your device WAN IP Address if given Subnet Mask Remote IP Add
Download Pdf Manuals
Related Search