Nortel BCM 3.7 Manual

Contents

Contents 27Programming Operations GuideModifying a Destination Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763Deleting a Destination Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764Deleting a PPTP tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767Encryption method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767Authentication method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767IPSec capacity restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768Settings required for IPSec tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768NAT (Network Address Translation) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768Dialup ISDN connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769Compatibility with Contivity Extranet Switch and Shasta 5000 . . . . . . . . . . . 769IPSec and PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769Multiple IP Address restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769Firewall rules for IPSec Branch Office and Remote User Tunnels . . . . . . . . 769Changing the IPSec global settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773IPSec Branch Office configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774Adding a Branch Office IPSec Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774Adding Local Accessible Networks to the Branch Office IPSec tunnel . . . . . 777Adding Remote Accessible Networks to the Branch Office IPSec tunnel . . . 777Sending all traffic from Local Accessible Networks through the IPSec tunnel 778Modifying a Branch Office IPSec Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779Modifying Local Accessible Networks to the Branch Office IPSec tunnel . . . 779Modifying Remote Accessible Networks to the Branch Office IPSec tunnel . 779Deleting a Branch Office IPSec tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780Deleting Local Accessible Networks to the Branch Office IPSec tunnel . . . . 780Deleting Remote Accessible Networks to the Branch Office IPSec tunnel . . 780Creating a tunnel between two Business Communications Managers . . . . . . . . 781Configuring the first Business Communications Manager . . . . . . . . . . . . . . 781Configuring the second Business Communications Manager . . . . . . . . . . . 781Creating a tunnel between a Business Communications Manager and a Contivity ExtranetSwitch v02_61 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782Configuring the Business Communications Manager . . . . . . . . . . . . . . . . . . 782Configuring the Contivity Extranet Switch . . . . . . . . . . . . . . . . . . . . . . . . . . 782Configuring the Business Communications Manager . . . . . . . . . . . . . . . . . . 783Configuring the Contivity Extranet Switch . . . . . . . . . . . . . . . . . . . . . . . . . . 783IPSec Remote User configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784IPSec Remote User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784Split Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784Adding a Remote User IPSec Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786Assigning an IP Address to a Remote User Account . . . . . . . . . . . . . . . . . . 786Adding a Remote IP Address Pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787