AG 3100146 System AdministrationEnabling Secure Management {VPN Tunnel}There are many different ways to configure, manage and monitor the performance and up-timeof network devices. SNMP, Telnet, HTTP and ICMP are all common protocols to accomplishnetwork management objectives. And within those objectives is the requirement to provide thehighest level of security possible.While several network protocols have evolved that offer some level of security and dataencryption, the preferred method for attaining maximum security across all network devices isto establish an IPSec tunnel between the NOC (Network Operations Center) and the edgedevice (early VPN protocols such as PPTP have been widely discredited as a secure tunnelingmethod).As part of Nomadix’ commitment to provide outstanding carrier-class network managementcapabilities to its family of public access gateways, we offer secure management through theNSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption.Establishing the IPSec tunnel not only allows for the secure management of the Nomadixgateway using any preferred management protocol, but also the secure management of thirdparty devices (for example, WLAN Access Points and 802.3 switches) on private subnets onthe subscriber side of the Nomadix gateway.The advantage of using IPSec is that all types of management traffic are supported, includingthe following typical examples:z ICMP - PING from NOC to edge devicesz Telnet - Telnet from NOC to edge devicesz Web Management - HTTP access from NOC to edge devicesz SNMPz SNMP GET from NOC to subscriber-side device (for example, AP)z SNMP SET from NOC to subscriber-side device (for example, AP)z SNMP Trap from subscriber-side device (for example, AP) to NOCTwo subsequent events drive the secure management function of the Nomadix gateway and thedevices behind it:1. Establishing an IPSec tunnel to a centralized IPSec termination server (for example, NortelContivity). As part of the session establishment process, key tunnel parameters areexchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).2. The exchange of management traffic, either originating at the NOC or from the edgedevice through the IPSec tunnel. Alternatively, AAA data such as RADIUSAuthentication and Accounting traffic can be sent through the IPSec tunnel. See also,Defining Automatic Configuration Settings {Auto Configuration} on page 76.