A CCESS G ATEWAY22 IntroductionAs part of Nomadix’ commitment to provide outstanding carrier-class network managementcapabilities to its family of public access gateways, we offer secure management through theNSE’s standards-driven, peer-to-peer IPSec tunneling with strong data encryption. Establishingthe IPSec tunnel not only allows for the secure management of the Nomadix gateway using anypreferred management protocol, but also the secure management of third party devices (forexample, WLAN Access Points and 802.3 switches) on private subnets on the subscriber sideof the Nomadix gateway. See also, “Defining IPSec Tunnel Settings” on page 188.Two subsequent events drive the secure management function of the Nomadix gateway and thedevices behind it:1. Establishing an IPSec tunnel to a centralized IPSec termination server (for example, NortelContivity). As part of the session establishment process, key tunnel parameters areexchanged (for example, Hash Algorithm, Security Association Lifetimes, etc.).2. The exchange of management traffic, either originating at the NOC or from the edgedevice through the IPSec tunnel. Alternatively, AAA data such as RADIUSAuthentication and Accounting traffic can be sent through the IPSec tunnel. See also,“RADIUS-driven Auto Configuration” on page 20.The advantage of using IPSec is that all types of management traffic are supported, includingthe following typical examples: ICMP - PING from NOC to edge devices Telnet - Telnet from NOC to edge devices Web Management - HTTP access from NOC to edge devices SNMP SNMP GET from NOC to subscriber-side device (for example, AP) SNMP SET from NOC to subscriber-side device (for example, AP) SNMP Trap from subscriber-side device (for example, AP) to NOCSecure Socket Layer (SSL)This feature allows for the creation of an end-to-end encrypted link between your NSE-powered product and wireless clients by enabling the Internal Web Server (IWS) to displaypages under a secure link—important when transmitting AAA information in a wirelessnetwork when using RADIUS.SSL requires service providers to obtain digital certificates to create HTTPS pages.Instructions for obtaining certificates are provided by Nomadix.
