ShoreTel VPN Concentrator 4500 Installation And Configuration Manual Download Page 35 | Manualshive

Page: 35 / 46

background image

Chapter 3:

Configuration

VPN Concentrator Installation and Configuration Guide

29

MAC Address Blacklist

If MAC Blacklist validation is enabled for STUNNEL, the MAC Address sent by the client is

validated against the configured MAC Address Blacklist. If the MAC Address is present in the

Blacklist then the session request is rejected.
The maximum number of MAC Addresses that can be configured at a time in the Blacklist

database is 1000. Only valid MAC addresses are allowed. Duplicate MAC Addresses cannot

be configured. If MAC Whitelist validation is enabled, MAC Whitelist validation is done after

MAC Blacklist validation.
To add or delete MAC addresses from the database, choose “Stunnel” submenu from

“Configuration Menu” and then choose “MAC Blacklist” submenu of “Stunnel.”

MAC addresses can be entered in the following format:

HH:HH:HH:HH:HH:HH[/X]

, where “

H”

is a hexadecimal digit from 0 to f.

The optional part /X specifies the number of hex digits from right to left. X can

be between 1 to 12.
Example: 12:34:56:78:90:AB/3 would match all the MAC addresses in the range

of 12:34:56:78:90:00 to 12:34:56:78:9F:FF

«
...
33
34
35
36
37
...
»

Summary of Contents for VPN Concentrator 4500

Page 1: ...VPN Concentrator 4500 5300 Installation and Configuration Guide...

Page 2: ...r mechanical for any purpose without prior written authorization of ShoreTel Inc ShoreTel Inc reserves the right to make changes without notice to the specifications and materi als contained herein an...

Page 3: ...ount Installation 10 Connecting the Power and Cables 10 1 2 2 5 Initial Configuration 11 1 2 3 Deployment Scenarios 12 2 1 Introduction 13 2 2 Redundant VPN Concentrators 14 2 3 SSL VPN Authentication...

Page 4: ...f recommended configuration and deployment procedure 33 4 1 Tools and Troubleshooting 35 4 1 1 Network Information 36 4 1 2 Network Connectivity 37 4 1 3 Viewing Log Files 38 4 1 4 Packet Capture 39 4...

Page 5: ...10 100 Ethernet LAN Ports 4 x 10 100 Ethernet Serial Ports 1 x RS 232 Dimensions Height 1 688 42 863 mm Width 10 438 265 113 mm Depth 6 625 168 275 mm Weight 2 lb 0 91 kg Power 12V 3A external AC Ada...

Page 6: ...f or no power from the AC outlet Solid Green Power is supplied to the unit Status Off The unit could not boot up because of self test failure Solid Green Self test passed Flashing Green Configuration...

Page 7: ...C USB Ports Not used D Ethernet WAN Port This port is typically used when connecting the 4500 to an upstream router E Management Console Port This port is used to establish a local console session wi...

Page 8: ...hilips or slotted screws 1 inch long F Erase If pressed twice in quick succession the CLI password will be changed to its original password If pressed three times in quick succession the 5300 will rev...

Page 9: ...y Wall Mount Installation You can mount the 4500 on a wall using the two mounting brackets on the bottom of the appliance We recommend that you use the two round or pan head screws 1 Install two screw...

Page 10: ...into an AC outlet and the other end into the power receptacle on the 4500 Make sure that the power and status LEDs shown in Figure 1 1 as A and B are solid green after a short while WARNING Always con...

Page 11: ...e Subnet Mask 7 Perform the following steps in the Network Settings section Set the Default Gateway to the upstream router s IP address Set the Primary DNS Server and Secondary DNS Server to the prima...

Page 12: ...ory default will erase all configuration changes B Power LED Off Power switch is off or no power from the AC outlet Solid Green Power is supplied to the unit C Disk Activity LED Off No disk activity F...

Page 13: ...on The serial port uses a baud rate of 9600 8 data bits 1 stop bit and no parity Call out Description A Power Inlet Accepts a 3 pin Shroud Female connector of a power cord with 3 pin Shroud Male conne...

Page 14: ...nvironmental specifications for the system Connecting the Power and Cables 1 Connect one end of an Ethernet cable to local LAN port Port 1 of the 5300 This port can be seen as F in Figure 1 3 Connect...

Page 15: ...wing steps in the WAN Interface Settings section Choose Static IP Address Set the IP Address to an IP address that is within the subnet of your firewall s DMZ Note The IP address may be a private IP a...

Page 16: ...e WAN port of the VPN Concentrator to the DMZ network or port of the firewall as shown in Figure 1 6 The WAN port should be assigned to a private IP address RFC 1918 or an IP address that can be used...

Page 17: ...unnels A maximum of 10 simultaneous SSL VPN tunnels can be licensed on the 4500 A maximum of 100 simultaneous SSL VPN tunnels can be licensed on the 5300 WARNING If ShoreTel VPN phones will be deploye...

Page 18: ...a remote phone The database can be populated by the administrators using the GUI If the MAC address of a remote phone is not found in this database then the SSL VPN connection request is rejected MAC...

Page 19: ...2 Other Features Contact Center Administrator Manual 15 History Log A history log of all connection requests is maintained which includes information such as success and failure of sessions establishm...

Page 20: ...Other Features Chapter2 16...

Page 21: ...root directory of the FTP server 2 Make sure that the pub e_4500 and pub e_5300lf directories exist under the root directory of the FTP server 3 To upgrade VPN Concentrator 4500 obtain the image files...

Page 22: ...hen be displayed VPN Concentrator 4500 supports a maximum of 10 SSL VPN sessions and VPN Concentrator 5300 supports a maximum of 100 SSL VPN sessions Additional licenses can be obtained by following t...

Page 23: ...d in further configuration of the device 3 3 Configuration 1 If the LAN network has sub networks that need to be accessed through the VPN Concentrator then choose Route submenu of System submenu of Co...

Page 24: ...can be entered by separating the IP addresses with spaces The system sends the syslog data to the default syslog port 514 which can not be changed Please obtain the IP address of the server from Shore...

Page 25: ...he system Please use caution when adjusting the ethernet link rate as incompatible rate setting may render the device unreachable Parameter Description LAN Ethernet Link rate can be set to the followi...

Page 26: ...be adjusted to reduce the latency introduced by large data packets on a slower link If the WAN upstream bandwidth is less than 256 Kbps the MTU size is automatically reduced to 800 bytes The default...

Page 27: ...tor can route data between multiple broadcast domains that it is a member of The VPN Concentrator 4500 can also do port based VLANs which enables it to tag untagged data coming from a port Parameter D...

Page 28: ...new VLAN IP Address IP address of the VPN Concentrator in the broadcast domain associated with the VLAN ID being created Network Mask Network mask of the broadcast domain for the new VLAN LAN Port Mem...

Page 29: ...SL VPN sessions will be terminated at that point The main configuration page is divided into the following sections Global Configuration LDAP Configuration Stunnel Firewall Configuration Proxy ARP Con...

Page 30: ...specified in number of seconds By default this feature is disabled and if enabled Stunnel Server Tunnel Timeout will be set to a default value of 86400 seconds Stunnel Server Tunnel Timeout Timeout v...

Page 31: ...nable or disable the LDAP authentication feature to authenticate the username and password of the SSL VPN client A valid LDAP Server IP Address must be configured to enable this feature By default LDA...

Page 32: ...d Max Clients parameter value By default this list is empty If you have added some value in IP pool range it will only become effective after the next restart of Stunnel Note Remove addresses from the...

Page 33: ...r of Username Passwords that can be registered at a time is 1000 The maximum length allowed for both Username and Password is 16 characters Empty strings are not allowed for both Username and Password...

Page 34: ...ate MAC Addresses cannot be configured If MAC Blacklist validation is enabled then MAC Blacklist validation is done prior to MAC Whitelist validation To add or delete MAC addresses from the database c...

Page 35: ...addresses are allowed Duplicate MAC Addresses cannot be configured If MAC Whitelist validation is enabled MAC Whitelist validation is done after MAC Blacklist validation To add or delete MAC addresse...

Page 36: ...s well as how to authenticate with this device Two methods are provided 1 Via MAC Address specific IP Phone configuration files 2 Manual configuration using the Phone User Interface The latter method...

Page 37: ...ots if set to 1 This will force password entry after all power on events but will permit auto matic restoration of dropped links without user intervention Sources are MAN CFG Default is 0 VpnPwPrompt...

Page 38: ...his is the port number on the VPN concentrator that the phone will connect to Press the key to accept the default value or use the digit keys to enter a different port number followed by the key to co...

Page 39: ...Chapter 3 Configuration VPN Concentrator Installation and Configuration Guide 33 This procedure allows for a turn key installation of remote phones with minimal user intervention...

Page 40: ...Configuration Chapter3 34...

Page 41: ...rface CLI can be used to troubleshoot the system Sometimes both GUI and CLI need to be used to debug the problem Logging into the GUI system has been explained earlier in Section 1 2 1 5 and Section 1...

Page 42: ...oth GUI and CLI Following screenshot displays the network information such as routing tables link status and interface status Please make sure that all links and interfaces are up and running and all...

Page 43: ...suing the ifconfig command 4 1 2 Network Connectivity Once all the physical and logical interfaces are up and running then network connectivity can be checked by using the ping command traceroute comm...

Page 44: ...2 2 2 icmp_seq 2ttl 53time 45 6ms 64bytesfrom4 2 2 2 icmp_seq 3ttl 53time 45 6ms 4 2 2 2pingstatistics 4packetstransmitted 4packetsreceived 0 packet loss round tripmin avg max 44 7 45 6 46 5ms Note St...

Page 45: ...the packets for a given SSL VPN connection 1 Identify the PPP session associated with a given phone by obtaining the IP address of the phone from the Active Sessions by using its MAC address Once the...

Page 46: ...Tools and Troubleshooting Chapter4 40...

Reviews:

No comments

Related manuals for VPN Concentrator 4500

Brand: D-Link Pages: 8

Brand: D-Link Pages: 12

Brand: KAS Pages: 2

Brand: Quintum Pages: 4

Q gateway 5.5 direct

Brand: QUNDIS Pages: 80

Brand: System Sensor Pages: 10

Brand: Nomadix Pages: 204

Brand: ZyXEL Communications Pages: 2

Brand: McQuay Pages: 52

AirLink PinPoint X

Brand: Sierra Wireless Pages: 62

Fieldgate SWG70

Brand: WirelessHART Pages: 124

Brand: Technicolor - Thomson Pages: 52

ThingPark Partner

Brand: Actility Pages: 4

Brand: Zhone Pages: 151

Brand: ViewSonic Pages: 54

Brand: Fanvil Pages: 70

Brand: Technicolor Pages: 114

Brand: TECOM Pages: 30

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands