Nortel Networks NN46110-602 User Manual

Page 219

Advertising
background image

Appendix D Configuring for interoperability 219

Nortel VPN Router Troubleshooting

(are correctly decrypted, and authenticated) are accepted; other packets are
dropped. If any attempt is made to change the station address of the client, the
tunnel is automatically closed. Third-party clients do not necessarily have this
security.

Tight integration with MS-DUN and IPASS—This allows one-click access
that dials and authorizes the ISP connection and then creates the VPN
connection automatically. This makes it significantly easier for the end user.
Third-party clients typically do not have this ease-of-use feature.

High end PKI integration—The VPN Router integrates software from the
leading certificate vendors, for a high-end managed PKI implementation.
Managed PKI features like automated enrollment and automatic renewal are
critical for large-scale rollouts. Other clients have loose or no integration for
managed PKI and rely on the features of a browser or simple cut-and-paste
methods. This is not available with third-party clients when used with the
VPN Router, even if the client has the support built in.

Configuring the VPN Router as a branch office tunnel

To configure the VPN Router as a branch office tunnel:

1

Select Profiles

> Branch Office and click Define Branch Office

Connection.

The Branch Office

> Define Connection window appears.

2

For the local endpoint address, select the address of the local VPN Router
from the list.

3

For the remote endpoint address, enter the address of the remote VPN Router
that forms the opposite end of the branch office connection.

4

Set the tunnel type to IPsec.

5

Depending on what your third-party clients support, you can use either
pre-shared key or digital certificate authentication. Click to enable the user
name and password to authenticate user identity. The user name is the user’s
IP address and the password can be any password. Match the preshared secret
with the client shared secret.

6

Click RSA Digital Signature to enable certificate authentication if your
third-party client supports RSA Digital Signature authentication. You must

Advertising
Popular Brands
Popular manuals