Nortel C251 Скачать руководство пользователя страница 27 | Manualshive

Страница: 27 / 55

background image

Conti vit y 251 ABOT D eployment

Version 1. 0

April 26, 2004

3.7.2 Changing VPI & VCI

To gain access to internet, the VPI & VCI number must be configured to match the number
provided by your local ADSL ISP. In this case, both CO office and Office_6 have VPI & VCI as
0/35.
The window below shows the default setting of C251, and the VPI value should be changed to be
0, and the rest fields should be kept as default.

«
...
25
26
27
28
29
...
»

Содержание C251

Страница 1: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 Technical Configuration Guide Contivity 251 ABOT Deployment using Web GUI Version 1 0 ...

Страница 2: ...nd recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks Inc The software described in this document is furnished under a license agreement and may be used o...

Страница 3: ...S AND MINIMUM CHANGESUT 13 TU2 11 1UT TUReset to factory defaultUT 14 TU2 11 2UT TUUsing the Reset ButtonUT 14 TU2 11 3UT TUUploading a Configuration File via Console PortUT 14 TU2 12UT TUPROVIDE END USERS WITH INSTRUCTIONSUT 14 TU2 13UT TUDOWNLOADING CONFIGURATION FILES FROM CO LAB TO REMOTE C251UT 15 TU3 UT TUCONTIVITY C251 DEPLOYMENT EXAMPLEUT 16 TU3 1UT TUABC VPN DEPLOYMENTTASKSUT 16 TU3 2UT T...

Страница 4: ...TU3 10 1UT TUChange VPI VCI number before savingUT 49 TU3 10 2UT TUHow to change VPI VCI numberUT 50 TU3 11UT TUSTART DEPLOYMENTUT 50 TU3 11 1UT TUBO Office 6 deployment setup User ClientUT 51 TU3 11 2UT TUDownload the configuration file to BO Office 6UT 51 TU3 11 3UT TURepeat the procedure to the rest BOsUT 52 TU4 UT TUREFERENCE DOCUMENTATION UT 53 TU5 UT TUAPPENDIX A TERMINOLOGYUT 54 List of Fig...

Страница 5: ...es to allow non technical end users to create IPSec VPN user tunnels between C251 and Contivity gateway in CO The user tunnels are then used by technical personal in CO to gain controls of remote C251 for further downloading prepared configuration files in order to complete the complex ABOT configurations For simplicity the terms of Contivity and Contivity Secure IP Services Gateway are used inter...

Страница 6: ...etworks or large enterprise deployments C251 supports up to five VPN Branch Office Tunnel BOT connections simultaneously and integrates four high speed 10 100Mbps LAN ports and one high speed ADSL port into a single package The ADSL port supports downstream transmission rates up to 8Mbps and upstream transmission rates up to 832Kbps C251 support two types of VPN connection Branch Office Tunnel BOT...

Страница 7: ...el to a remote Contivity Gateway it is also called Hard Client Hard Client uses the IPSec protocol and supports a simple VPN rule It provides easy configuration and can be setup by non technical end users Then CO technical personals can use client tunnel connection to gain remote control and perform further configurations on C200 e g ABOT firewall NAT and etc By default the Client Emulation is con...

Страница 8: ...vantage of standard copper loops telephone lines to provide high speed Internet always on access ADSL has its downstream capacity higher than its upstream capacity E g Contivity 251 ADSL supports downstream rates up to 8Mbps and upstream rates up to 832Kbps ADSL uses signal frequencies above those used by voice or fax so the data signal does not interfere with telephone signal In SOHO site data tr...

Страница 9: ...configuration Testing the ABOT tunnel using PING This method is assuming that CO technical resources have taken training classes of Nortel Contivity products 2 1 Planning your VPN Network Before deployment the VPN network should be planned first Network planning includes various tasks such as determining Network topology network size branch office locations CO location Contivity VPN device models ...

Страница 10: ...ti mode G DMT ETSI Used mostly in Europe CU251 U R2 ADSL over ISDN Tone 29 63 125 270KHz Multi mode G DMT ETSI Used in Germanywith Deutsche Telecom 2 2 3 In areas where ADSL service is not available In the areas where ADSL service is not available consider using C221 over satellite based Internet service or over Broadband High speed internet access service E g DIRECWAY provide satellite based Inte...

Страница 11: ...cheme for ABOT Initiator ID With aggressive negotiation mode the C251 uses Initiator ID to establish ABOT to remote gateway The Initiator ID on the C251 is configured in the content field as a DNS domain name or E mail address The DNS domain name or E mail address in the Local ID Type field is used only for identification purposes and does not need to be a real domain name or e mail address If you...

Страница 12: ...successful deployments are CO gateway is able to access to Internet and has a fixed IP assigned by ISP PCs with Microsoft Windows and Internet Explorer C251 is able to access to the Internet via ADSL connection CO technical personal were trained to have knowledge of Nortel Contivity products If your budget allows you may want to build a controlled lab environment to simulate ADSL ISP To do so you ...

Страница 13: ...public interface When connecting to an ISP a dynamic public IP address will be assigned by ISP This default configuration allows end users to access to the Internet in a plug and play fashion The C251 hard client is designed as a 3DES client and uses 3DES SHA to connect to the CO Contivity user group This method is the most secure algorithm of SA offered in this release The C251 has a default WAN ...

Страница 14: ...nortelnetworks com index html unzip it and save it in a folder Turn off the Contivity 251 begin a terminal emulation software session and turn on the Contivity 251 again When you see the message Press Any key to enter Debug Mode within 3 seconds press any key to enter debug mode Enter atlc after Enter Debug Mode message Wait for Starting XMODEM upload message before activating Xmodem upload on you...

Страница 15: ...he pre built configuration file to the remote C251 using the GUI maintenance Restore tool or using FTP command When the download is completed the remote C251 will activate the new configuration file and reboot automatically After rebooting a Ping from the C251 to the Contivity gateway will bring up the ABOT tunnel Verify the connection by bi direction pings Repeat the same procedure for each site ...

Страница 16: ...ology draw order equipments and services and obtain information from ISP Setup CO LAB Configure Contivity gateway C1100 Pre build five BO config files in CO Send startup instructions to each BO Deployment ABOT coordinate with BO Download config files from CO to BO 3 2 Network planning Network topology hub spoke 1x C1100 gateway 6xC251 Annex A Connectivity C251 configure one active ABOT and one ina...

Страница 17: ...ervice for CO and static IP 24 1 61 69 20 obtain VPI VCI number for each location Office 6 and CO has 0 35 and the reset are 8 35 CO NOC Internet UABC VPN Topology BO 2 Name C251_Office_2 KEY Contivity IP addr 192 168 12 0 24 Initial ID office2 214 123 2222 V04_80 124 C1100 gateway 192 168 3 1 priv if 192 168 3 2 mgt DHCP server 192 168 3 0 24 ABOT responder Ip pool 172 16 55 1 10 BO 5 Name C251_O...

Страница 18: ... named as S4 and they both running Microsoft Windows XP and configured with dynamic IP Figure 6 ABC Company CO LAB PSTN phone line Cable Modem Veriz on PSTN ADSL Public interface gw 24 1 61 69 24 24 1 48 1 1 gw private interface 192 168 3 1 DHCP server 192 168 3 3 254 IP Pool 172 16 55 1 10 ABO T initiato responde Internet VPI VCI 0 35 UABC Company CO LAB UC251 C1100 tunneling Uover live Internet ...

Страница 19: ...dresses for management and private interface address and mask are determined during the phase of Network planning Slot 0 Port 1 Private LAN Management IP Address 192 168 3 2 Subnet Mask 255 255 255 0 Interface IP Address 192 168 3 1 Subnet Mask 255 255 255 0 3 Configure public interface must obtain IP address and mask from ISP Slot 1 Port 1 Public LAN IP Address 24 1 61 69 Subnet Mask 255 255 240 ...

Страница 20: ...HCP server ranging as 192 168 3 0 24 Config t ip dhcp server pool network 192 168 3 0 mask 255 255 255 0 included address 192 168 3 3 192 168 3 30 exit service dhcp enable exit 6 Renew PC IP address On the PC open a DOS command window then issue the following commands to release and renew the IP address Ipconfig release Ipconfig renew To open a DOS command window go to Start Run then type the name...

Страница 21: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 3 set IPSec connectivity with ip pool c251client and keep the rest as default ...

Страница 22: ...c parameter for interworking with C251 Client Emulation To interwork with the C251 client keep IPSec parameters as factory default The only change is to enable triple DES with group 2 since C251 client emulation is being designed as a 3DES client in the current release ...

Страница 23: ...Contivity userID is 251 the user group is for VPN connection by C251 hard clients 3 6 3 Configure Branch Office Group for C1100 1 add Branch Office c251abot for C251 ABOT connections add connection office6 972 123 6666 under group c251abot define connection type as responder and add each connection per site ...

Страница 24: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 2 Configure Initiator ID pre shared Key Contivity local and remote network ...

Страница 25: ...tory default V04_80 124 shown below 3 7 Pre build configuration file for BO C251_Office_6 Tasks Build one Client tunnel and test Build one ABOT tunnel and test Save the configuration file rom 0 to the PC disk and rename the file as office6 972 123 6666rom 0 Before configuration make sure that the C251 is reset to Factory default And the software is at least of VE251_2 1 0 0 007 ...

Страница 26: ...ower on C251 and connect PC to the Contivity 251 private LAN and connect phone line to DSL port Using front LED to check connectivity C251 has default IP address of 192 168 1 1 the default DHCP IP range is 192 168 1 3 254 24 and the default Password is setup Make sure the PC is configured with dynamic IP Start IE on PC and launch Web GUI of C251 using its default address of Uhttp 192 168 1 1U logi...

Страница 27: ...nternet the VPI VCI number must be configured to match the number provided by your local ADSL ISP In this case both CO office and Office_6 have VPI VCI as 0 35 The window below shows the default setting of C251 and the VPI value should be changed to be 0 and the rest fields should be kept as default ...

Страница 28: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 The screen below shows the changed VPI click next to continue Keep all fields in this window as default shown below Click next to continue ...

Страница 29: ...April 26 2004 3 7 3 Changing LAN IP addresses and DHCP server IP Change default IP of LAN and DHCP from 192 168 1 0 24 to 192 168 16 0 24 for C251_Office_6 Click change LAN configuration to continue Don t click Save Setting button at this point ...

Страница 30: ...1 will be updated and you will lose the connection between the PC and the C251 for a while Wait a couple of minutes to give C251 time to save the new configuration Then Power OFF and Power ON C251 by using the power button on its rear panel After rebooting C251 will assign the PC with a new IP address of 192 168 16 x The connection between PC and C251 resumes To continue the configuration open WEB...

Страница 31: ...trouble of accessing to Internet check the C251 front panel to make sure that the DSL LED is solid green To diagnose ATM connection using the following steps Go to Main Maintenance diagnostic DSL Line Click ATM Loopback Test If your VPI VCI is configured correctly and if your phone line has been configured with ADSL service by your ISP the ATM test should pass and give you a message of ATM Loopbac...

Страница 32: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 3 7 6 Configure VPN Client Tunnel Go to VPN Setup ...

Страница 33: ...Conti vity251 ABOT D eployment Version 1 0 April 26 2004 Click No 1 to build a VPN Client In pull down menu select Contivity Client ...

Страница 34: ...004 Filling informations as shown and check Active then click Apply Note the user name password and gateway address should be found in your network planning sheet When the VPN is configured it is not active To start the Client tunnel click Connect button ...

Страница 35: ...heck VPN Client Tunnel status To check connection status click Back then select Monitor 3 7 7 1 Check C251 VPN Client tunnel status using VPN SA Monitor For a success connection VPN SA Monitor should show similar status fields as below Empty field indicates failure ...

Страница 36: ...rsion 1 0 April 26 2004 3 7 7 2 Check C251 VPN Client tunnel status using System Log For a success connection the System LOG should record similar connection events as below See below By default log is off You must setup to receive log ...

Страница 37: ...esponder cookie 60DCF56217C6C5CF IKE encryption Triple DES with Diffie Hellman group 2 MODP 1024 bit prime IKE Keepalive Contivity Client keepalive IPSec tunnel mode security associations established ESP 56 bit DES CBC HMAC MD5 outbound SPI 0x5C32CF37 software session 14 packets sent ESP 56 bit DES CBC HMAC MD5 inbound SPI 0xC9F66 software session 14 packets successfully received 0 packets truncat...

Страница 38: ... Applying group filter permit all 04 19 2004 03 39 28 0 Security 13 Session IPSEC No Access Network Access Network Passed 4 14 165 142 04 19 2004 03 39 28 0 Security 11 Session IPSEC 251 3 authorized 04 19 2004 03 39 28 0 Security 12 Session IPSEC 251 3 physical addresses remote 4 14 165 142 local 24 1 61 69 04 19 2004 03 39 28 0 Security 12 Session IPSEC 251 3 assigned IP address 172 16 55 10 mas...

Страница 39: ...ms TTL 126 Reply from 192 168 3 9 bytes 32 time 30ms TTL 126 Reply from 192 168 3 9 bytes 32 time 32ms TTL 126 Reply from 192 168 3 9 bytes 32 time 29ms TTL 126 Reply from 192 168 3 9 bytes 32 time 29ms TTL 126 Reply from 192 168 3 9 bytes 32 time 28ms TTL 126 Reply from 192 168 3 9 bytes 32 time 29ms TTL 126 Reply from 192 168 3 9 bytes 32 time 28ms TTL 126 Ping statistics for 192 168 3 9 Packets...

Страница 40: ...72 16 55 10 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 20ms Maximum 30ms Average 25ms FTP Telnet and HTTP The C251 can be remotely manage on PC S3 the host behind C1100 using FTP 172 16 55 10 Telnet 172 16 55 10 http 172 16 55 10 ...

Страница 41: ...ion 1 0 April 26 2004 3 7 9 Configure VPN ABOT Go to Main Menu VPN then select 2 and filling the following service data for C251_Offic_6 Aggressive mode DNS office6 972 123 6666 My IP 0 0 0 0 Pre shared key Contivity Gatew ay 24 1 61 69 ...

Страница 42: ...The C251 does not allow ABOT to be active when Client emulation tunnel is activated To activate BO you must de activate client emulation tunnel first 3 7 9 1 Configure Static routing Build an ABOT tunnel using static routing Click Apply to active the configuration ...

Страница 43: ... sending ping packets from BO to the CO LAN behind C1100 On PC S4 issue ping commands as shown below C ping t 192 168 3 1 Pinging 192 168 3 1 with 32 bytes of data Request timed out Request timed out Reply from 192 168 3 1 bytes 32 time 32ms TTL 63 Reply from 192 168 3 1 bytes 32 time 27ms TTL 63 Reply from 192 168 3 1 bytes 32 time 28ms TTL 63 Reply from 192 168 3 1 bytes 32 time 29ms TTL 63 Repl...

Страница 44: ... 165 142 IKE 3 01 01 2000 00 48 20 Send HASH 4 14 165 142 24 1 61 69 IKE 4 01 01 2000 00 48 20 Adjust TCP MSS to 0 4 14 165 142 24 1 61 69 IKE 5 01 01 2000 00 48 19 Recv HASH SA NONCE KE ID ID 24 1 61 69 4 14 165 142 IKE 6 01 01 2000 00 48 19 IKE Packet Retransmit 4 14 165 142 24 1 61 69 IKE 7 01 01 2000 00 48 18 IKE Negotiation is in process 4 14 165 142 24 1 61 69 IKE 8 01 01 2000 00 48 15 Start...

Страница 45: ...rsion 1 0 April 26 2004 3 7 13 VPN SA Monitor When ABOT tunnel is up and activation you should be able to see the tunnel connection status algorithm and private LAN information See below screen shot 3 7 14 ABOT Session status on C1100 ...

Страница 46: ...C office6 972 123 6666 attempting login 04 19 2004 04 09 24 0 Security 01 Session IPSEC office6 972 123 6666 has no active sessions 04 19 2004 04 09 24 0 Security 01 Session IPSEC office6 972 123 6666 office6 972 123 6666 has no active accounts 04 19 2004 04 09 24 0 ISAKMP 02 Oakley Aggressive Mode proposal accepted from office6 972 123 6666 4 14 165 142 04 19 2004 04 09 25 0 ISAKMP 02 Initial Con...

Страница 47: ...2004 04 09 26 0 DHCP Relay Table 00 Circuit config node for interface 192 168 16 0 inserted 04 19 2004 04 09 29 0 Security 11 Session network IPSEC 192 168 16 0 255 255 255 0 attempting login 04 19 2004 04 09 29 0 Security 11 Session network IPSEC 192 168 16 0 255 255 255 0 logged in from gateway 4 14 165 142 04 19 2004 04 09 29 0 Security 12 Session IPSEC office6 972 123 6666 5 physical addresses...

Страница 48: ... 3 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 20ms Maximum 30ms Average 22ms C Documents and Settings Administrator ipconfig Windows 2000 IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Address 192 168 3 9 Subnet Mask 255 255 255 0 Default Gateway 192 168 3 1 C Documents and Settings Administrator ...

Страница 49: ...build the reset of C251 configuration files There is one exception that if a BO using different VPI VCI other than 0 35 you have to change them to correct ones before saving the configuration file 3 10 Prepare Configuration files for BO using different VPI VCI Since ABC CO and Office 6 have the same VPI VCI as 0 35 and the rest of Branch Offices have VPI VCI as 8 35 one more step should be taken b...

Страница 50: ... data for that BO and leave the reset fields unchanged Click apply button to save the change 3 11 Start Deployment What information do you need to provide to your BO non technical customer for setting up the ClientTunnel how to change VPI VCI if their ISP has different number other than 8 35 how to setup Client tunnel and how to start the client tunnel service data ...

Страница 51: ...figuration file to BO Office 6 When connection is up technician in CO download prepared configuration file to Office 6 using FTP The config file is stored on C office6 972 123 6666rom 0 During FTP turn on binary and must use rom 0 as remote file name C251 will automatically reboot from the configuration of office6 972 123 6666rom 0 After rebooting Office 6 will have a new management IP address new...

Страница 52: ...972 123 6666rom 0 rom 0 200 Port command okay 150 Opening data connection for STOR rom 0 226 File received OK ftp 106496 bytes sent in 16 60Seconds 6 42Kbytes sec ftp quit 251 Goodbye for writing flash 3 11 3 Repeat the procedure to the rest BOs Using the same procedure to deploy the rest of BOs ...

Страница 53: ...ocument Title Publication Number Description Contivity 221 ABOT Technical Configuration Guide for Deployments using Web GUI Engineering Technical Publication Contivity 251 VPN Switch User s Guide 317516 Technical Publication Contivity 251 Annex A ADSL VPN Switch Release Notes 317519 Release Notes Contivity 251 VPN Switch Quick Start Guide 317515 Technical Publication ...

Страница 54: ...Central Office Contivity Legacy Gateway Legacy Contivity devices exclude 100 200 400 DHCP Dynamic Host Configuration Protocol DNS Domain Name System DSL Digital Subscribe Line DSLAM Digital Subscriber Line Access Multiplexer ISDN Integrated Synchronous Digital System ISP Internet Service Provider NOC Network Operation Center NTP Nortel Technical Publication POTS Plain Old Telephone System Private ...

Страница 55: ...ccurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks Inc The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license Tradema...

Отзывы:

Нет отзывов

Похожие инструкции для C251

Бренд: Jetter Страницы: 35

Бренд: Zhone Страницы: 7

Бренд: Zhone Страницы: 1

Бренд: M86 Security Страницы: 46

Emulator MCU Board for 38D5 Group M38D59T-RLFS

Бренд: Renesas Страницы: 4

Бренд: Zonet Страницы: 53

Бренд: National Instruments Страницы: 130

Speedway Revolution

Бренд: impinj Страницы: 60

Бренд: ADS Technologies Страницы: 1

Бренд: ICP DAS USA Страницы: 62

Бренд: Tait Страницы: 8

Бренд: C4i Страницы: 5

Бренд: THOMSON Страницы: 212

Бренд: MSNswitch Страницы: 2

Бренд: OPTO 22 Страницы: 28

Бренд: SilverStone Страницы: 28

Бренд: Idis Страницы: 18

Бренд: TANDBERG Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды