manualshive.com logo in svg

Avaya VSU 10000, Administrator'S Manual

The Avaya VSU 10000 is a powerful communication system designed to streamline your business operations. With its comprehensive features and advanced functionalities, this product delivers seamless connectivity. Enhance your experience with the detailed Administrator's Manual, available for free download from our website, ensuring smooth integration and optimal performance.

Share
Download
background image

Introduction

1-1

Chapter 1

Introduction

Functional Overview

The VSU-10000 is a high-performance VPN gateway for large-scale, business-
critical virtual private networks (VPNs). Designed to provide the high capacity, 
scalability and reliability required by enterprise and service provider networks, 
the VSU-10000 supports Gigabit copper Ethernet connectivity over standard 
CAT-5 cables.

Like other platforms in Avaya’s VPNware family, the VSU-10000 adds 
compression, encryption, authentication, and key management to public network 
data links to ensure privacy and integrity of corporate data, and to enable the 
efficient and secure operation of virtual private networks (VPNs). It is designed 
to perform complex operations, in real time, without compromising network 
performance, and in many cases can actually increase data throughput. It is 
capable of up to 10,000 simultaneous VPN tunnels.

The VSU-10000 supports a full suite of VPN services including: ICSA-certified 
IPSec-based encryption, strong two-factor authentication (digital certificates, 
SecurID

 tokens, RADIUS, SmartCards), data compression, packet and user 

authentication, IKE key management, Network Address Translation (NAT), 
dynamic routing, and stateful inspection based packet filtering firewall.

Summary of Contents for VSU 10000

Page 1: ...VSU10000 System Administrator s Guide Comcode 700213853 09 0060 00 Issue 1 0 December 2001 ...

Page 2: ......

Page 3: ...ware and documentation shall remain solely with Avaya The license is effective until terminated Customer may terminate this License at any time by destroying all copies of Software including any documentation This License will terminate immediately without notice from Avaya if Customer must destroy all copies of Software Software including technical data is subject to U S export control laws inclu...

Page 4: ...whether in contract tort including negligence or otherwise exceed the price paid by Customer The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose Software Avaya warrants that for a period of ninety 90 days from the date of shipment from Avaya i the media on which the Software is furnished will be free of defects in materials and workmanship under n...

Page 5: ...ment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case users will be required to correct the interference at t...

Page 6: ...VSU 10000 User Guide ...

Page 7: ...iew 1 1 VSU 10000 Components 1 3 Safety Recommendations 1 5 General Site Requirements 1 6 Chapter 2 Installing the VSU 10000 Installing the Power Supply Modules 2 1 Physical Installation 2 1 Overview of Front Panel 2 2 Connecting the VSU 10000 to the Network 2 5 Chapter 3 Preparing the VSU 10000 for Configuration Preparation 3 1 Configuration 3 1 FIPS Mode 3 8 General Firmware Upgrade Information ...

Page 8: ...4 3 Ethernet Interface Module 4 3 APPENDIX A Specifications Physical Specifications A 1 Environmental Specifications A 2 Electrical Specifications A 2 Compliance Specifications A 3 Additional Features A 4 APPENDIX B 10 100 1000BASE T UTP Crossover Cable Pinouts GLOSSARY VSU Acronyms ...

Page 9: ... of the back panel and a procedure for physical installation including placement and connection to the network Chapter 3 Preparing the VSU 10000 for Configuration provides instructions for setting up VSU 10000 addressing and enabling remote connectivity for using the VPNmanager Avaya s VPN network management application Appendix A Specifications documents physical environmental electrical and comp...

Page 10: ...Technical Support Technical support is available to registered users of the VSU 10000 Phone Support Domestic Toll free 800 237 0016 24x7 International 727 217 2425 Email vpnsupport avaya com Version Date Changes 09 0058 00 December 2001 Initial release ...

Page 11: ...work data links to ensure privacy and integrity of corporate data and to enable the efficient and secure operation of virtual private networks VPNs It is designed to perform complex operations in real time without compromising network performance and in many cases can actually increase data throughput It is capable of up to 10 000 simultaneous VPN tunnels The VSU 10000 supports a full suite of VPN...

Page 12: ...he throughput measured in packets per second Of even greater impact is the tendency for packets lengthened by IPSec headers to be fragmented by network routers causing further reductions in performance and additional latency Real time compression performed by the VSU 10000 reduces packet fragmentation and produces smaller packets which can significantly enhance network throughput and performance P...

Page 13: ...VSU 10000 is also provided on the support CD ROM shipped with the unit VSU 10000 Components Each of the major VSU 10000 components are shown in Figures 1 1 and 1 2 and described in Table 1 1 Figure 1 1 VSU 10000 Front Panel Figure 1 2 VSU 10000 Back Panel 12 13 10 9 8 2 5 4 11 14 3 6 7 1 ...

Page 14: ... the unit If the fan speed falls below the threshold value a warning message is sent to the console port an SNMP trap and a syslog message are sent to all configured SNMP trap targets and configured syslog server targets respectively e g the workstation on which the VPNmanager resides a third party network management station like HPOpenView or Unix based syslog server Table 1 1 VSU 10000 Component...

Page 15: ...and dust free during and after installation Keep the VSU 10000 ventilation gratings clear of any blockages Do not rest equipment in excess of 10 lbs on top of the VSU 10000 chassis Disconnect all power before doing the following Plugging or unplugging the Ethernet or serial port connections Mounting or unmounting a unit from an equipment rack Never assume power is disconnected from a circuit Alway...

Page 16: ...10000 is intended for use in a normal office environment For more extreme conditions verify that temperature humidity and power conditions meet the specifications indicated in Table 1 2 Additional VSU 10000 specifications are included in Appendix A Site Power Considerations Check the power at your site to ensure that you are receiving clean power free of spikes and noise Install a power conditione...

Page 17: ...The VSU 10000 chassis can be mounted in a standard 19 inch equipment rack Rack mounting requires a Phillips head screwdriver the VSU rack mount bracket kit and four screws to match the rack Screws for attaching the mounting brackets to the chassis are provided Instructions for rack mounting are provided in the section Rack Mount on page 2 1 Quantity Part Description 1 VSU 10000 VPN Service Unit 1 ...

Page 18: ...ave adequate ventilation Ensure that the rack is not overly congested because each unit generates heat An enclosed rack should have louvered sides and a fan to provide cooling air When mounting a chassis in an open rack ensure that the rack frame does not block the ventilation grates If the chassis is installed on slides check the position of the chassis when it is seated all the way into the rack...

Page 19: ...r shipping containers NOTE The power supply modules feature autoranging of the source AC line voltage thus eliminating the need for a voltage selector switch 2 Slide each power supply module into the enclosure and press firmly on the front of the unit to securely seat the unit The black spring loaded retaining clip should snap when the power supply is locked into place 3 Set the ON OFF I O switch ...

Page 20: ...ard 19 inch equipment rack 1 From one side of the VSU 10000 remove the two front side screws 2 Using the screws provided with the bracket attach the bracket to the VSU 10000 Figure 2 1 Attaching the Rack Mount Brackets 3 Repeat bracket installation on the other side of the VSU 10000 4 Install the VSU 10000 into a standard 19 inch rack using screws that fit the rack not provided Overview of Front P...

Page 21: ... from an asynchronous ASCII terminal or a PC running terminal emulation software The connection requires a null modem cable which is supplied The communication settings for a device interfacing with the console port are provided in Table 2 1 Public Port Private Port Ethernet Port Status Indicators Console Port Aux Status Indicator Fault Indicator Port Ports not used Table 2 1 Terminal Settings Par...

Page 22: ...rough CAT5 UTP cable When connecting directly to a router FW or other similar device use a cross over CAT5 UTP cable NOTE To realize maximum performance when operating at the 1000 BASE T rate it is necessary to use CAT5e cables Standard CAT5 cables are not rated for full Gigabit data rates generally this is problematic when cable run lengths greater than 100 meters are involved Ethernet Port Statu...

Page 23: ...the VSU 10000 to the Network Figure 2 4 shows a typical network using the VSU 10000 Figure 2 4 Example of Two VSU 10000 Hardware Installations Public Network DSU CSU Router VSU 10000 Private LAN Crossover Cable DSU CSU Router VSU 10000 Private LAN Crossover Cable ...

Page 24: ...user supplied straight through cable 3 Connect an asynchronous ASCII terminal or PC running terminal emulation software to the VSU 10000 Connect one end of the provided null modem cable to the Console port on the VSU 10000 Connect the other end to the terminal The terminal s communications parameters should be set to 9600 baud 8 data bits none for parity 1 stop bit and none for hardware flow contr...

Page 25: ...preliminary configuration is performed using a terminal or a PC running terminal emulation software connected to the RS 232 console port The following procedure assumes that the VSU 10000 has been physically installed on the network according to the instructions provided in Chapter 2 Configuration The following information is configured through the VSU console Quick Setup The VSU s IP address and ...

Page 26: ... when the VSU dedicated to VPN traffic and is the only device between the private and the public networks Deny all non VPN traffic When checked all non VPN traffic is prevented from passing through the VSU This mode blocks non IP traffic and non VPN IP traffic including broadcast traffic e g ARPs IP multicast traffic e g OSPF updates and other traffic containing routing information NOTE This mode ...

Page 27: ...Day 2001 17 06 01 ethernet0 MAC Address 00 60 a1 00 23 f9 ethernet1 MAC Address 00 60 a1 00 23 fa Checking Non Volatile RAM integrity OK Checking Configuration Database OK Checking Certificate Database OK Calibrating CPU performance monitor OK Power Cooling subsystems Monitor initializing Power Subsystem is Good Cooling Subsystem Good Done VPNet Technologies VSU XXXX 3DES ENCRYPTION Main Menu 1 Co...

Page 28: ...dress and mask are optional 3 Enter the default route for this VSU Typically the default route is the IP address of the gateway on the public side of the VSU 10000 i e the gateway providing an IP route to the internet VPNet Technologies VSU XXXX Main Menu 1 Configuration 2 Statistics 3 Utilities 4 Logout 5 Quick Setup Your choice 1 5 5 IP address 192 0 2 1 Mask 255 255 255 0 Enter IP address 210 1...

Page 29: ... the VSU console Pressing Return without typing anything at the Enter new VSU console password and Confirm new VSU console password prompts will set the VSU console password to empty no password required to access the VSU console 5 A superuser name and password is required to allow the Network Administrator to initially configure this VSU through the VPNmanager application Press Return or enter n ...

Page 30: ...PN traffic is blocked Deny all non VPN traffic When checked all non VPN traffic is blocked For additional information regarding traffic modes see page 3 2 7 Enter n if you do not want the VSU to run in FIPs compliant mode If you answer n the code skips to the Ethernet port speed configuration Go to Step 8 Enter y if you want the VSU to run in FIPs compliant mode If you answer y answer the followin...

Page 31: ...figuring specific port speeds section in the VPNos Readme on the CD for instructions on how to fix the port speed and known problems with fixed port speed configurations You may also wish to refer to the documentation for the router or switch in question to determine the appropriate VSU speed setting for your installation Your VSU 10000 is now prepared for configuration using the VPNmanager The VS...

Page 32: ...tems are likely to be configured by most administrators but are left to VPNmanager or other VSU console menu items to keep the Quick Setup menu minimal LDAP servers used to authenticate VPNmanager console users Disable a VSU s SuperUser account Flushing the configuration on VPNware 3 1 In the event you flush the configuration via VSU console menu item Configuration Flush Configuration on a VSU run...

Page 33: ...If the power supply module fails an audible alarm will sound and the green LED status indicator on the power supply subsystem extinguishes The audible alarm automatically silences after a preset time Contact your customer service representative to obtain a replacement for the defective power supply module WARNING To ensure that the power supply ventilation system continues to work correctly do not...

Page 34: ...ntly pull the defective module out of its enclosure 4 Set the ON OFF I O switch on the new power supply module to OFF 5 Slide the new power supply module into the enclosure and press firmly on the front of the module to securely seat the module Be sure the retaining lock is engaged to secure the module Figure 4 1 Power Supply Removal Replacement WARNING Do not insert any object into the power supp...

Page 35: ... 1 Unscrew the two thumbscrews in the lower left and upper right corner of the fan then pull the fan straight out of the unit 2 Making sure that the fan s power connector is aligned with its socket slide the new fan into place and tighten the two thumbscrews to secure it to the unit Ethernet Interface Module The VSU 10000 includes two single port 10 100 1000BASE T Ethernet cards one for the public...

Page 36: ...4 4 Troubleshooting VSU 10000 User Guide ...

Page 37: ...r the VSU 10000 as well as standards compliance information Physical Specifications Table 1 1 VSU 10000 Physical Specifications Parameter Specification Dimensions 17 W x 18 D x 3 5 H 43 2 cm x 50 8 cm x 8 9 cm rack mountable Weight 14 75 lbs 6 7kg LAN Interface 10 100 1000BASE T Ethernet Management Interfaces RS 232 Console ...

Page 38: ...h the same or equivalent type recommended by the manufacturer Dispose of used batteries according to the manufacturer s instructions Table 1 2 Environmental Specifications Parameter Operating Specification Temperature 32 122 F 0 50 C Relative Humidity 5 90 non condensing Altitude 0 12 000 feet 0 3 660 meters Table 1 3 Electrical Specifications Parameter Specification Voltage 90 264 VAC Input Frequ...

Page 39: ... 2403 The Use of HMAC MD5 96 within ESP and AH RFC 2404 The Use of HMAC SHA 1 96 within ESP and AH RFC 2405 The ESP DES CBC Cipher Algorithm with Explicit IV RFC 2406 IP Encapsulating Security Payload RFC 2407 Internet IP Security Domain of Interpretation for ISAKMP RFC 2408 Internet Security Association and Key Management ISAKMP RFC 2409 Internet Key Exchange IKE RFC 2410 The NULL Encryption Algo...

Page 40: ...RFC 2104 Key Management ISAKMP Internet Security Association Key Management Protocol Supports network address translation for firewall support Compression Stac Lempel Ziv hardware data compression User Authentication RADIUS Ascend Access Control Security Dynamics ACE Server Access Manager BaySecure Access Control Funk Steel Belted RADIUS CHAP PAP SecurID Tokens Digital Certificates X 509v3 for net...

Page 41: ... APPENDIX B 10 100 1000BASE T UTP Crossover Cable Pinouts The 10 100 1000BASE T UTP Crossover Cable defined below is provided with the VSU 10000 Signal Name Male RJ 45 Male RJ 45 TPAP 1 3 TPAN 2 6 TPBP 3 1 TPBN 6 2 TPCP 4 4 TPCN 5 5 TPDP 7 7 TPDN 8 8 ...

Page 42: ...10 100 1000BASE T UTP Crossover Cable Pinouts B 2 VSU 10000 User Guide ...

Page 43: ... DNS Domain Name Server a distributed database system used to map host names to IP addresses and vice versa DCE Data Communication Equipment DSU CSU Data Service Unit Channel Service Unit DTE Data Terminal Equipment HDLC High level Data Link Control ISAKMP Internet Security Association Key Management Protocol IPSEC Internet Protocol SECurity MD5 Message Digest Algorithm ...

Page 44: ... User Server RFC Request For Comment SHA 1 Secure Hash Algorithm 1 SNMP Simple Network Management Protocol SSL Secure Socket Layer TCP IP Transmission Control Protocol Internet Protocol URL Uniform Resource Locator UTP Unshielded Twisted Pair VPN Virtual Private Network VSU VPN Service Unit ...

Reviews:

No comments

Related manuals for VSU 10000

Ubisys G1 Assembly And Commissioning Instructions preview
G1
Brand: Ubisys Pages: 51
Karel GT20 Technical Reference And User'S Manual preview
GT20
Brand: Karel Pages: 17
H3C VG Series Configuration Manual preview
VG Series
Brand: H3C Pages: 4
LifeShield WGC1000 Installation Instructions preview
WGC1000
Brand: LifeShield Pages: 2
Qiagen QIAsphere Base Installation Manual preview
QIAsphere Base
Brand: Qiagen Pages: 22
Cisco 1100 Series Hardware Installation Manual preview
1100 Series
Brand: Cisco Pages: 76
Elexim GSM Gateway Proline Digital User Manual preview
GSM Gateway Proline Digital
Brand: Elexim Pages: 11
Eaton Power Xpert Meter 2000 Quick Start Manual preview
Power Xpert Meter 2000
Brand: Eaton Pages: 12
Technicolor MediaAccess TG389ac Setup And User Manual preview
MediaAccess TG389ac
Brand: Technicolor Pages: 74
TECOM AG-300 Plus User Manual preview
AG-300 Plus
Brand: TECOM Pages: 48
Baytec RTA04W User Manual preview
RTA04W
Brand: Baytec Pages: 64
MiSensors MNG-9-2A2V User Manual preview
MNG-9-2A2V
Brand: MiSensors Pages: 22
Weir MPM Setup Manual preview
MPM
Brand: Weir Pages: 52
Nateks voicecom Installation Manual preview
voicecom
Brand: Nateks Pages: 39
Silicon Laboratories TS-TG1 User Manual preview
TS-TG1
Brand: Silicon Laboratories Pages: 7
Nortel BCM 4.0 Manual preview
BCM 4.0
Brand: Nortel Pages: 90
Sagem MA 500+ Series Installation Manual preview
MA 500+ Series
Brand: Sagem Pages: 43
Accton Technology Edge-Core OD200 User Manual preview
Edge-Core OD200
Brand: Accton Technology Pages: 124

Brands by name

Popular brands

Load more brands