Restricted mode, Nailed-up control tunnels – Panasonic 7 User Manual

Page 140

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

140 Chapter? Configuring control tunnels

In this environment, the remote Boston Nortel VPN Router is a control tunnel to

the local Cleveland Nortel VPN Router. From any system on the Cleveland

network, you can access the management address for the Boston Nortel VPN

Router. This allows systems on the Cleveland network to initiate management

operations on the Boston Nortel VPN Router, such as HTTP, FTP, and Telnet. Yet

because it is a control tunnel, users on the Cleveland private networks cannot

exchange packets with users on the private Boston Network.

Additionally, a user control tunnel is configured so that a remote user can establish

a control tunnel when using the IPsec client. You create this user account with

password authentication in the Control Tunnels group using the serial port.

Restricted mode

The Restricted mode feature prevents management of the Nortel VPN Router

except through a control tunnel. This limits the scope of management to someone
who has the proper credentials both to set up the tunnel (if it is an end user) and to

log in as an administrator (administrative access privileges). Having the proper

access privileges acts as a level of security. Additionally, since in restricted mode

you are forced to manage the Nortel VPN Router through a tunnel, you are
guaranteeing data protection through encryption.

You enable Restricted mode through the Serial Interface menu or the command
line interface available through Telnet. In Restricted mode, you can perform the
key management functions through the control tunnel, including HTTP, FTP,
SNMP, and Telnet. All other attempts to perform these actions outside of the

control tunnel will fail. You cannot enter Restricted mode unless there is an active
control tunnel. This ensures there is a mechanism to manage the Nortel VPN

Router in restricted mode.

Nailed-up control tunnels

You may want to have some control tunnels remain up even when there is no
traffic traversing the control tunnel. This is generally the case for branch office

versus end user control tunnels.

Note: If you change any settings to the branch office connection when

using nailed up tunnels, you must bring down the tunnel for the changes
to take effect.

NN46110-500

Advertising
Popular Brands
Popular manuals