84 System informationNAT Traversal featureThe NAT Traversal feature is used where the IP Phone (this includes thehandsets) is located on the private side of the NAT router, while the rest ofthe Server resides on the public side.To ensure correct deployment of the wireless handsets in this type ofnetwork configuration, most, if not all, of the WLAN equipment must resideon the private side of the NAT router.Network configurationsThe WLAN Handset 2212 has a VPN feature that enables an IPsec tunnelto a Nortel VPN Router, which is the only IPsec platform supported today.This feature alters some of the usual design recommendations for thetelephony components, such as the WLAN IP Telephony Manager 2245.Usually, the WLAN IP Telephony Manager 2245 is placed in the samesubnet with the handsets.With the VPN feature enabled, the WLAN IP Telephony Manager 2245 nowresides behind the VPN Router in a different subnet from the handsets;however, even though the same-subnet restriction has been lifted, it is stillvery important to locate the WLAN IP Telephony Manager 2245 as close tothe handsets as possible. In this case, it is located immediately behind theVPN Router (and in the same subnet as the VPN Router). The VPN Routermust also be located as close to the handsets as possible.You can deploy the handsets behind a NAT router with no Security Switch,as shown in Figure 18 "VPN design over a Layer 2 network" (page 85). Thisconfiguration includes a Layer 2 switch, which can be any Layer 2 switch(for example, Nortel Ethernet Switch 450). No Layer 3 device, such as arouter, can be located between the wireless handsets and the WLAN IPTelephony Manager 2245.Nortel Communication Server 1000WLAN IP Telephony Installation and CommissioningNN43001-504 01.02 StandardRelease 5.0 15 June 2007Copyright © 2004-2007, Nortel Networks.