Establishing security
188 Avaya VPNmanager Configuration Guide Release 3.7
Traffic Type - The fields and drop-down lists in this section change according to the IP Protocol
type selected. Depending on the traffic type selected (user-defined TCP and user-defined
UDP), Source and Destination fields appear to collect additional parameters.
If the Traffic Type selected is user-defined IP, a Protocol ID field appears.
A comprehensive suite of UDP, TCP, and ICMP filter options are provided.
Keep State - Appears when user-defined TCP or user-defined UDP traffic type is selected. This
function allows a filter rule set for the intended traffic to also be applied to the reply packets.
This function can be applied to both TCP and UDP packets.
Keep State sets up a state table, with each entry set up by the sending side. Reply packets
pass through a matching filter based on the respective state table entry.
Note:
Note:
Although UDP is connectionless, if a packet is first sent out from a given port, a
reply is expected in the reverse direction on the same port. Keep State
essentially “remembers” the port and lets the replying packet enter in the same
port.
Source Port - Appears when User-defined TCP or User-defined UDP selections are made.
Select the Range (Any or User-defined), then enter the from: and to: values. The port range is
inclusive. If you want to choose a single port, simply specify the same port as both start and end
port.
You can also choose an operator on the port range ( = means in the port range and != means
out of the port range).
Destination Port - Appears when User-defined TCP or User-defined UDP selections are
made. Select the Range (Any or User-defined), then enter the from: and to: values. The port
range is inclusive. If you want to choose a single port, simply specify the same port as both start
and end port.
You can also choose an operator on the port range ( = means in the port range and != means
out of the port range).
Comparator - Permits logical include (=) or exclude (!=) operation on the range entered. For
example, if you want to block ports 1024 through 1250, you would enter (Action = Deny) from:
1024 to 1250 and select = as the comparator value.
From/Where
●
Type. Choices are Network/Mask Pair or Any.
●
IP Network Mask Pair. Identify the source IP address to which the filter rule applies.
Summary of Contents for 3.7
Page 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Page 4: ......
Page 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Page 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Page 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Page 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Page 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Page 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...