H OT S POT G ATEWAY ™24 IntroductionAs part of Nomadix’ commitment to provide outstanding carrier-class networkmanagement capabilities to its family of public access gateways, we offer securemanagement through the NSE’s standards-driven, peer-to-peer IPSec tunneling withstrong data encryption. Establishing the IPSec tunnel not only allows for the securemanagement of the Nomadix gateway using any preferred management protocol, butalso the secure management of third party devices (for example, WLAN AccessPoints and 802.3 switches) on private subnets on the subscriber side of the Nomadixgateway. See also, “Enabling Secure Management {VPN Tunnel}” on page 117.Two subsequent events drive the secure management function of the Nomadixgateway and the devices behind it:1. Establishing an IPSec tunnel to a centralized IPSec termination server (forexample, Nortel Contivity). As part of the session establishment process, keytunnel parameters are exchanged (for example, Hash Algorithm, SecurityAssociation Lifetimes, etc.).2. The exchange of management traffic, either originating at the NOC or fromthe edge device through the IPSec tunnel. Alternatively, AAA data such asRADIUS Authentication and Accounting traffic can be sent through theIPSec tunnel. See also, “RADIUS-driven Auto Configuration” on page 22.The advantage of using IPSec is that all types of management traffic are supported,including the following typical examples: ICMP - PING from NOC to edge devices Telnet - Telnet from NOC to edge devices Web Management - HTTP access from NOC to edge devices SNMP SNMP GET from NOC to subscriber-side device (for example, AP) SNMP SET from NOC to subscriber-side device (for example, AP) SNMP Trap from subscriber-side device (for example, AP) to NOCSecure Socket Layer (SSL)This feature allows for the creation of an end-to-end encrypted link between yourNSE-powered product and wireless clients by enabling the Internal Web Server(IWS) to display pages under a secure link—important when transmitting AAAinformation in a wireless network when using RADIUS.SSL requires service providers to obtain digital certificates from VeriSign™ to createHTTPS pages. Instructions for obtaining certificates are provided by Nomadix.
