WLAN Handset 2212 Installation and Configuration for VPN

Similar documents
Solution Integration Guide for Multimedia Communication Server 5100/WLAN/Blackberry Enterprise Server

Configuration of an IPSec VPN Server on RV130 and RV130W

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Solution Integration Guide for Multimedia Communication Server 5100 Release 4.0 and AudioCodes

Defining IPsec Networks and Customers

FAQ about Communication

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

VPN Auto Provisioning

Release Notes. Network Resource Manager 1.0 NRM 1.0

Configuring VPN from Proventia M Series Appliance to Symantec 5310 Systems

Nortel Network Resource Manager Fundamentals. Release: NRM 2.1 Document Revision: NN

Communication Server 1000S Upgrade Procedures

Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI

NN Nortel Communication Server 1000 Linux Platform Base and Applications Installation and Commissioning

! encor e networks TM

Nortel Network Resource Manager Fundamentals. Release: NRM 2.0 Document Revision: NN

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Configuring VPNs in the EN-1000

Main Office Configuration for Survivable Remote Gateway 50 Configuration Guide

VPNC Scenario for IPsec Interoperability

Nortel Business Secure Router 222 Fundamentals. BSR222 Business Secure Router

Cradlepoint to Palo Alto VPN Example. Summary. Standard IPSec VPN Topology. Global Leader in 4G LTE Network Solutions

Virtual Tunnel Interface

Nortel Communication Server 1000 Nortel Converged Office Fundamentals. Release: 7.0 Document Revision:

Case 1: VPN direction from Vigor2130 to Vigor2820

Call Center Management Information System CC MIS Getting Started Guide (Supervisor Interface)

NN Nortel Communication Server 1000 Linux Platform Base and Applications Installation and Commissioning

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

Configuring a Hub & Spoke VPN in AOS

! encor e networks TM

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

Configuring Remote Access IPSec VPNs

NetVanta Series Quick Start Guide L2-13B May Network Diagram. Unpacking and Inspecting the System. Unit.

VPN Configuration Guide. Cisco ASA 5500 Series

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Chapter 6 Virtual Private Networking

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

Service Managed Gateway TM. Configuring IPSec VPN

Use Shrew Soft VPN Client to Connect with IPSec VPN Server on RV130 and RV130W

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

OpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM

Internet. SonicWALL IP Cisco IOS IP IP Network Mask

Configuring a VPN Using Easy VPN and an IPSec Tunnel, page 1

VPN Configuration Guide LANCOM

How to Configure a Site-to-Site IPsec IKEv1 VPN Tunnel

VPN Configuration Guide. NETGEAR FVG318 / FVS318G / FVS336G / FVS338 / DGFV338 FVX538 / SRXN3205 / SRX5308 / ProSecure UTM Series

Upgrade Guide. BCM Business Communications Manager

Efficient SpeedStream 5861

DFL-210, DFL-800, DFL-1600 How to setup IPSec VPN connection with DI-80xHV

Abstract. Avaya Solution & Interoperability Test Lab

Quick Note 65. Configure an IPSec VPN tunnel between a TransPort WR router and an Accelerated SR router. Digi Technical Support 7 June 2018

VPN Configuration Guide. NETGEAR FVS318v3

SMC 2450 Secure Multimedia Controller 1.0 Command Reference. Release: 7.0 Document Revision: NN

BCM 4.0 Personal Call Manager User Guide. BCM 4.0 Business Communications Manager

Configuration Summary

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network

Nortel Communication Server 1000 Fiber Remote Multi-IPE Interface Fundamentals. Release: 7.0 Document Revision:

Nortel Communication Server 1000 Using the DMC DECT Manager. Release: 7.0 Document Revision: NN

LP-1521 Wideband Router 123 Manual L VPN Configuration between two LP-1521`s with Dynamic IP.

Integration Guide. Oracle Bare Metal BOVPN

Table of Contents 1 IKE 1-1

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

BCM50 Telset Administration Guide. BCM Business Communications Manager

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

User Manual. SSV Remote Access Gateway. Web ConfigTool

Virtual Private Networks

SR 2330 / 4134 IPSec with NAT-T Interoperability with Avaya 1120/1140E IP Deskphone / Live Customer Solution Technical Configuration Guide

Chapter 5 Virtual Private Networking

LAN to LAN IPsec Tunnel Between a Cisco VPN 3000 Concentrator and Router with AES Configuration Example

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

How to Configure an IPsec VPN to an AWS VPN Gateway with BGP

SLE in Virtual Private Networks

IPsec NAT Transparency

The EN-4000 in Virtual Private Networks

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Remote Connectivity for SAP Solutions over the Internet Technical Specification

HOW TO CONFIGURE AN IPSEC VPN

BCM50 Telset Administration Guide. BCM Business Communications Manager

Digi Application Guide Configure VPN Tunnel with Certificates on Digi Connect WAN 3G

Configuration Guide Barracuda NG Firewall. TheGreenBow IPsec VPN Client. Written by: TheGreenBow TechSupport Team Company:

Google Cloud VPN Interop Guide

DSL-G624T. Wireless ADSL Router. If any of the above items is missing, please contact your reseller. This product can be set up using any

Configuring LAN-to-LAN IPsec VPNs

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

TopGlobal MB8000 VPN Solution

IP Office Technical Tip

Appendix B NETGEAR VPN Configuration

Chapter 8 Lab Configuring a Site-to-Site VPN Using Cisco IOS

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Connecting the DI-804V Broadband Router to your network

Configuration Guide SuperStack 3 Firewall L2TP/IPSec VPN Client

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

VPN Setup for CNet s CWR g Wireless Router

How to create the IPSec VPN between 2 x RS-1200?

Transcription:

Title page Nortel Communication Server 1000 Nortel Networks Communication Server 1000 Release 4.5 WLAN Handset 2212 Installation and Configuration for VPN Document Number: 553-3001-229 Document Release: Standard 1.00 Date: November 2005 Year Publish FCC TM Copyright Nortel Networks Limited 2005 All Rights Reserved Produced in Canada Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. Nortel, Nortel (Logo), the Globemark, This is the Way, This is Nortel (Design mark), SL-1, Meridian 1, and Succession are trademarks of Nortel Networks.

4 Revision history Page 3 of 62 November 2005 Standard 1.00. This document is a new NTP issued to support Communication Server 1000 Release 4.5. WLAN Handset 2212 Installation and Configuration for VPN

Page 4 of 62 553-3001-229 Standard 1.00 November 2005

6 Contents Page 5 of 62 List of procedures.......................... 7 How to get help............................ 9 About this document....................... 11 Subject.................................................. 11 Applicable systems........................................ 11 Intended audience......................................... 13 Conventions.............................................. 13 Related information........................................ 14 Overview................................. 15 Contents................................................. 15 Introduction.............................................. 15 Code and key code requirements............................. 16 Scope of this document..................................... 16 Getting started............................. 19 Contents................................................. 19 Introduction.............................................. 19 Configuring the Contivity VPN router......................... 19 Installing the Licence Keys.................................. 26 DHCP options............................. 29 Contents................................................. 29 WLAN Handset 2212 Installation and Configuration for VPN

Page 6 of 62 Contents Introduction.............................................. 29 The DHCP server......................................... 29 Checking connectivity..................................... 30 DHCP relay.............................................. 31 IP address pool configuration................ 33 Contents................................................ 33 Introduction.............................................. 33 IP address pools.......................................... 33 Proxy ARP and tunnel-to-tunnel traffic........................ 35 IPsec options and groups................... 37 Contents................................................ 37 Introduction.............................................. 37 IPsec global variables...................................... 37 WLAN Handset 2212 group definition........................ 39 WLAN Handset 2212 group IPsec variables.................... 40 Users, interface and firewall configuration..... 45 Contents................................................ 45 Introduction.............................................. 45 User accounts............................................ 45 Second interface configuration............................... 48 Firewall configuration...................................... 52 Handset configuration...................... 57 Contents................................................ 57 Introduction.............................................. 57 Configuring the handset.................................... 57 553-3001-229 Standard 1.00 November 2005

8 List of procedures Page 7 of 62 Procedure 1 Configuring the VPN router...................... 19 Procedure 2 Installing licence keys.......................... 26 Procedure 3 Disabling the DHCP server....................... 29 Procedure 4 Enabling the DHCP relay........................ 31 Procedure 5 Configuring an IP address pool................... 33 Procedure 6 Enabling proxy ARP and tunnel-to-tunnel traffic..... 35 Procedure 7 Setting IPsec global variables.................... 37 Procedure 8 Defining a WLAN Handset 2212 group............. 39 Procedure 9 Setting IPsec variables for a WLAN Handset 2212 group........................................ 40 Procedure 10 Adding a user account.......................... 45 WLAN Handset 2212 Installation and Configuration for VPN

Page 8 of 62 List of procedures Procedure 11 Configuring the second interface................. 48 Procedure 12 Configuring the firewall......................... 52 Procedure 13 Configuring the WLAN Handset 2212 using the cradle........................................ 58 Procedure 14 Configuring the WLAN Handset 2212 using the screen........................................ 59 553-3001-229 Standard 1.00 November 2005

10 How to get help Page 9 of 62 This section explains how to get help for Nortel products and services. Getting Help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. More specifically, the site enables you to: download software, documentation, and product bulletins search the Technical Support Web site and the Nortel Knowledge Base for answers to technical issues sign up for automatic notification of new software and documentation for Nortel equipment open and manage technical support cases Getting Help over the phone from a Nortel Solutions Center If you don t find the information you require on the Nortel Technical Support Web site, and have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center. In North America, call 1-800-4NORTEL (1-800-466-7835). WLAN Handset 2212 Installation and Configuration for VPN

Page 10 of 62 How to get help Outside North America, go to the following Web site to obtain the phone number for your region: www.nortel.com/callus Getting Help from a specialist by using an Express Routing Code To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: www.nortel.com/erc Getting Help through a Nortel distributor or reseller If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller. 553-3001-229 Standard 1.00 November 2005

14 About this document Page 11 of 62 This document is a global document. Contact your system supplier or your Nortel representative to verify that the hardware and software described are supported in your area. Subject Applicable systems This document describes the installation and configuration of a WLAN Handset 2212 on a Virtual Private Network. Note on legacy products and releases This NTP contains information about systems, components, and features that are compatible with Nortel Communication Server 1000 Release 4.5 software. For more information on legacy products and releases, click the Technical Documentation link under Support & Training on the Nortel home page: www.nortel.com This document applies to the following systems: Communication Server 1000S (CS 1000S) Communication Server 1000M Chassis (CS 1000M CH) Communication Server 1000M Cabinet (CS 1000M CA) Communication Server 1000M Half Group (CS 1000M HG) Communication Server 1000M Single Group (CS 1000M SG) WLAN Handset 2212 Installation and Configuration for VPN

Page 12 of 62 About this document Communication Server 1000M Multi Group (CS 1000M MG) Communication Server 1000E (CS 1000E) Meridian 1 PBX 11C Chassis Meridian 1 PBX 11C Cabinet Meridian 1 PBX 51C Meridian 1 PBX 61C Meridian 1 PBX 81 Meridian 1 PBX 81C Note: When upgrading software, memory upgrades may be required on the Signaling Server, the Call Server, or both. System migration When particular Meridian 1 systems are upgraded to run CS 1000 Release 4.5 software and configured to include a Signaling Server, they become CS 1000M systems. Table 1 lists each Meridian 1 system that supports an upgrade path to a CS 1000M system. Table 1 Meridian 1 systems to CS 1000M systems This Meridian 1 system... Meridian 1 PBX 11C CH Meridian 1 PBX 11C CA Meridian 1 PBX 51C Meridian 1 PBX 61C Meridian 1 PBX 81 Meridian 1 PBX 81C Maps to this CS 1000M system CS 1000M CH CS 1000M CA CS 1000M Half Group CS 1000M Single Group CS 1000M Multi Group CS 1000M Multi Group For more information, see one or more of the following NTPs: Communication Server 1000M and Meridian 1: Small System Upgrade Procedures (553-3011-258) 553-3001-229 Standard 1.00 November 2005

Intended audience Conventions About this document Page 13 of 62 Communication Server 1000M and Meridian 1: Large System Upgrade Procedures (553-3021-258) Communication Server 1000S: Upgrade Procedures (553-3031-258) Communication Server 1000E: Upgrade Procedures (553-3041-258) This document is intended for individuals responsible for installing, configuring, operating, and maintaining the WLAN Handset 2212. Terminology In this document, the following systems are referred to generically as system : Communication Server 1000M (CS 1000M) Communication Server 1000E (CS 1000E) Communication Server 1000S (CS 1000S) Meridian 1 The following systems are referred to generically as Small System : Communication Server 1000M Chassis (CS 1000M CH) Communication Server 1000M Cabinet (CS 1000M CA) Meridian 1 PBX 11C Chassis Meridian 1 PBX 11C Cabinet The following systems are referred to generically as Large System : Communication Server 1000M Half Group (CS 1000M HG) Communication Server 1000M Single Group (CS 1000M SG) Communication Server 1000M Multi Group (CS 1000M MG) Meridian 1 PBX 51C WLAN Handset 2212 Installation and Configuration for VPN

Page 14 of 62 About this document Related information Meridian 1 PBX 61C Meridian 1 PBX 81 Meridian 1 PBX 81C This section lists information sources that relate to this document. Online To access Nortel documentation online, click the Technical Documentation link under Support & Training on the Nortel home page: www.nortel.com CD-ROM To obtain Nortel documentation on CD-ROM, contact your Nortel customer representative. 553-3001-229 Standard 1.00 November 2005

18 Overview Page 15 of 62 Contents This section contains information on the following topics: Introduction.............................................. 15 Code and key code requirements............................. 16 Scope of this document..................................... 16 Assumptions........................................... 16 The configuration in this document......................... 17 Introduction The WLAN Handset 2212 is a mobile handset for workplace IP telephone systems. The handset operates over an 802.11b wireless Ethernet LAN providing users a wireless Voice Over IP (VoIP) extension. By seamlessly integrating with the Nortel IP telephony system, handset users are provided with high-quality mobile voice communications throughout the workplace. The handset gives users the freedom to roam throughout the workplace while providing all the features and functionality of an IP desk telephone. The WLAN Handset 2212 provides a wireless extension to the Nortel Meridian 1 and CS 1000 VoIP solutions. The handset supports the UNIStim protocol, a proprietary protocol developed by Nortel for communication between a Nortel IP telephone and a Nortel PBX. The handsets reside on the wireless LAN with other wireless devices using Direct Sequence Spread Spectrum (DSSS) radio technology. The handset radio transmits and receives packets at up to 11Mb/s. WLAN Handset 2212 Installation and Configuration for VPN

Page 16 of 62 Overview IMPORTANT! The latest software version is required to support the features described in this document. Code and key code requirements Before configuring the WLAN Handset 2212, you must ensure the various components are using the proper versions of software. Table 2 lists the components and software versions: Table 2 Required components and software versions Component Software Version WLAN Handset 2212 097.060 WLAN IP Telephony Manager 2245 17x.022 Contivity VPN Router V04_90.301 router can be any model requires Firewall licence key code CS 1000 or Meridian 1 PBX CS 1000 Release 4.0 or higher Scope of this document Assumptions The following assumptions are made in this document: The wireless infrastructure has been configured and is available. The PBX has been configured. The WLAN IP Telephony Manager 2245 has been configured. The DHCP server has been programmed and configured to provide the correct IP address. 553-3001-229 Standard 1.00 November 2005

Overview Page 17 of 62 The configuration in this document Figure 1 Thin AP L2 Away from VPN Router This document describes the configuration of the supported architecture shown in Figure 1. WLAN Handset 2212 Installation and Configuration for VPN

Page 18 of 62 Overview IMPORTANT! The figures in this document are examples of the types and format of the information required for a specific step. Substitute information for your site accordingly. 553-3001-229 Standard 1.00 November 2005

28 Getting started Page 19 of 62 Contents This section contains information on the following topics: Introduction.............................................. 19 Configuring the Contivity VPN router......................... 19 Installing the Licence Keys.................................. 26 Introduction This section describes how to install and configure the WLAN Handset 2212 for Virtual Private Network (VPN). Configuring the Contivity VPN router After attaching the console to your PC, use Procedure 1 to configure the VPN router. Procedure 1 Configuring the VPN router 1 Select Start > Control Panel. 2 Double click on System. The System Properties window appears. 3 Select the Hardware tab. 4 Click Device Manager. The Device Manager window appears. WLAN Handset 2212 Installation and Configuration for VPN

Page 20 of 62 Getting started 5 Click on the + beside Ports. The Ports list expands. 6 Right click Communications Ports (COM 1) and select Properties. The Communications Ports (COM 1) Properties window appears. 7 Select the Port Settings tab. 8 Ensure the settings are configured as shown in Figure 2. Figure 2 COM1 settings 9 Connect to the wireless gateway through the console cable. 10 Access the wireless gateway using Hyper Terminal. 11 Enter the username and password in the Contivity 1050 Hyper Terminal window. The Main Menu window appears, as shown in Figure 3 on page 21 553-3001-229 Standard 1.00 November 2005

Getting started Page 21 of 62 Figure 3 Main Menu 12 Enter 1. The Interface Menu window appears, as shown in Figure 4 on page 22 WLAN Handset 2212 Installation and Configuration for VPN

Page 22 of 62 Getting started Figure 4 Interface menu 13 Enter 0. The Private - Trusted Interface window appears, as shown in Figure 5 Figure 5 Private - Trusted Interface 14 Enter the following: a. Management IP Address 553-3001-229 Standard 1.00 November 2005

Getting started Page 23 of 62 b. Interface IP Address c. Subnet Mask 15 Enter R to go back to the Main Menu. 16 Enter 3. The Default Private Route Menu appears, as shown in Figure 6 Figure 6 Default Private Route Menu 17 Enter A. 18 Enter a static route to point all the traffic to the default gateway in the Please enter the new gateway address field. 19 Enter a cost in the Please enter the cost field. The default value is 1. 20 Enter R to return to the Main Menu. 21 Enter E to exit and save the configuration. WLAN Handset 2212 Installation and Configuration for VPN

Page 24 of 62 Getting started 22 Check the connectivity. a. Log back into your system. b. Open a command line window. c. Ping the gateway. If you are able to ping the gateway, the VPN router is configured properly. 23 Open Microsoft Internet Explorer. 24 Enter the Management IP address of the VPN router in the Address bar. 25 Click Manage Switch. The IP Services Gateway home page appears, as shown in Figure 7 on page 25. 553-3001-229 Standard 1.00 November 2005

Getting started Page 25 of 62 Figure 7 IP Services Gateway home page 26 Enter your login and password. You can now carry out any required administrative duties. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN

Page 26 of 62 Getting started Installing the Licence Keys Use Procedure 2 to install licence keys. IMPORTANT! The Contivity Stateful Firewall key must be installed for the solution to work. Procedure 2 Installing licence keys 1 In the Contivity Secure IP Services Gateway navigator, select ADMIN > Licence Keys. 2 The Key Installation window appears, as shown in Figure 8. Figure 8 Key Installation 3 Enter the licence keys in the appropriate fields. 553-3001-229 Standard 1.00 November 2005

Getting started Page 27 of 62 4 Click OK. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN

Page 28 of 62 Getting started 553-3001-229 Standard 1.00 November 2005

32 DHCP options Page 29 of 62 Contents This section contains information on the following topics: Introduction.............................................. 29 The DHCP server......................................... 29 Checking connectivity...................................... 30 DHCP relay.............................................. 31 Introduction The DHCP server This section describes how to set the DHCP options. Depending on the model of the VPN router, the DHCP server may already be disabled. Use Procedure 3 to disable the DHCP Server if necessary. Procedure 3 Disabling the DHCP server 1 In the Contivity Secure IP Services Gateway navigator, select SERVERS > DHCP. The DHCP Servers window appears, as shown in Figure 9 on page 30. WLAN Handset 2212 Installation and Configuration for VPN

Page 30 of 62 DHCP options Figure 9 DHCP Server options 2 Clear the DHCP Enabled Server check box. 3 Click OK. Checking connectivity End of Procedure Test the connectivity for possible routing errors. Open the Console port and ping the DHCP Server, WLAN Application Gateway 2246 and the PBX. 553-3001-229 Standard 1.00 November 2005

DHCP options Page 31 of 62 DHCP relay Use Procedure 4 to enable the DHCP Relay. Procedure 4 Enabling the DHCP relay 1 In the Contivity Secure IP Services Gateway navigator, select SERVERS > DHCP Relay. The DHCP Relay Options window appears, as shown in Figure 10. Figure 10 DHCP Relay options 2 Select Enabled. Note: Ensure that you add appropriate routes in your network so that the DHCP response from the DHCP server reaches the VPN router. 3 Click OK. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN

Page 32 of 62 DHCP options 553-3001-229 Standard 1.00 November 2005

36 IP address pool configuration Page 33 of 62 Contents This section contains information on the following topics: Introduction.............................................. 33 IP address pools........................................... 33 Proxy ARP and tunnel-to-tunnel traffic........................ 35 Introduction IP address pools This section describes how to configure an IP address pool and enable proxy ARP and tunnel-to-tunnel traffic. Use Procedure 5 to configure an IP address pool. Procedure 5 Configuring an IP address pool 1 In the Contivity Secure IP Services Gateway window, select SERVERS > User IPaddr. The User IPaddr window appears, as shown in Figure 11 on page 34. WLAN Handset 2212 Installation and Configuration for VPN

Page 34 of 62 IP address pool configuration Figure 11 Add an IP address pool 2 Click Add. The Address Pool Information window appears, as shown in Figure 12. Figure 12 Address pool details 3 Enter a Starting IP Address. 4 Enter an Ending IP Address. 553-3001-229 Standard 1.00 November 2005

IP address pool configuration Page 35 of 62 5 Enter a Subnet Mask. 6 Select New. 7 Enter a name for the new pool in the text box. 8 Click Apply to save the details. 9 Click OK. The User IPaddr window appears, as shown in Figure 13. Figure 13 Address pool Proxy ARP and tunnel-to-tunnel traffic Use Procedure 6 to enable proxy ARP and tunnel-to-tunnel traffic. Procedure 6 Enabling proxy ARP and tunnel-to-tunnel traffic 1 In the Contivity Secure IP Services Gateway navigator, select SYSTEM > Forwarding. The Forwarding window appears, as shown in Figure 14 on page 36 WLAN Handset 2212 Installation and Configuration for VPN

Page 36 of 62 IP address pool configuration Figure 14 Forwarding options 2 In the Proxy ARP section, select the route type you want to enable. 3 Select Allow End User to End User. 4 Click OK. End of Procedure 553-3001-229 Standard 1.00 November 2005

44 IPsec options and groups Page 37 of 62 Contents This section contains information on the following topics: Introduction.............................................. 37 IPsec global variables...................................... 37 WLAN Handset 2212 group definition......................... 39 WLAN Handset 2212 group IPsec variables.................... 40 Introduction IPsec global variables This section describes how to work with IPsec details. Use Procedure 7 to set IPsec global variables. Procedure 7 Setting IPsec global variables 1 In the Contivity Secure IP Services Gateway navigator, select SERVERS > IPsec. The IPsec Global Variables window appears, as shown in Figure 15 on page 38 WLAN Handset 2212 Installation and Configuration for VPN

Page 38 of 62 IPsec options and groups Figure 15 IPsec global variables 553-3001-229 Standard 1.00 November 2005

IPsec options and groups Page 39 of 62 2 Select all the options in the Authentication, Encryption, and IKE Encryption and Diffie-Hellmann Group sections. 3 Click OK. End of Procedure WLAN Handset 2212 group definition Use Procedure 8 to create a WLAN Handset 2212 group. Procedure 8 Defining a WLAN Handset 2212 group 1 In the Contivity Secure IP Services Gateway navigator, select PROFILES > Groups. The Add Groups window appears, as shown in Figure 17 on page 40 Figure 16 Add groups 2 Click Add. 3 Enter a Group Name and select a Parent Group. The Group details window appears, as shown in Figure 17 on page 40. WLAN Handset 2212 Installation and Configuration for VPN

Page 40 of 62 IPsec options and groups Figure 17 Group details 4 Click Apply. 5 Click OK. End of Procedure WLAN Handset 2212 group IPsec variables Use Procedure 9 to set IPsec variables for a WLAN Handset 2212 group. Procedure 9 Setting IPsec variables for a WLAN Handset 2212 group 1 In the Contivity Secure IP Services Gateway navigator, select PROFILES > Groups. The Add Groups window appears, as shown in Figure 18 on page 41. 553-3001-229 Standard 1.00 November 2005

IPsec options and groups Page 41 of 62 Figure 18 Add groups 2 Click Edit next to the group for which you want to set the variables. The IPsec Variables window appears. The Connectivity section is shown in Figure 19 on page 42; the IPsec section is shown in Figure 20 on page 43. WLAN Handset 2212 Installation and Configuration for VPN

Page 42 of 62 IPsec options and groups Figure 19 IPsec variables - Connectivity section 3 Configure the Connectivity variables. a. Click Configure in the Connectivity section. b. If you intend to use the same unit, set Number of Logins to 1. c. Enter an ID for the Address Pool Name. 553-3001-229 Standard 1.00 November 2005

Figure 20 IPsec variables - IPsec section IPsec options and groups Page 43 of 62 WLAN Handset 2212 Installation and Configuration for VPN

Page 44 of 62 IPsec options and groups 4 Configure the IPsec variables. a. Click Configure in the IPsec section. b. Enable the following items (indicated by arrows in Figure 20 on page 43): User name and Password ESP - Triple DES with SHA1 Integrity ESP - Triple DES with MD5 Integrity ESP - 56-bit DES with SHA1 Integrity ESP - 56-bit DES with MD5 Integrity AM - Authentication Only (HMAC-SHA1) AM - Authentication Only (HMAC-MD5) 56-bit DES with Group 1 (768-bit prime) Triple DES with Group 2 (1024-bit prime) Accept ISAKMP Initial Contact Payload c. Disable the following (indicated by arrows in Figure 20 on page 43): Accept Forward Secrecy Compression End of Procedure 553-3001-229 Standard 1.00 November 2005

56 Users, interface and firewall configuration Page 45 of 62 Contents This section contains information on the following topics: Introduction.............................................. 45 User accounts............................................ 45 Second interface configuration............................... 48 Firewall configuration...................................... 52 Introduction User accounts This section describes how add user accounts, configure the second interface, and configure the firewall. Use Procedure 10 to add a user account. Procedure 10 Adding a user account 1 In the Contivity Secure IP Services Gateway navigator, select PROFILES > Users. The Users window appears, as shown in Figure 21 on page 46. WLAN Handset 2212 Installation and Configuration for VPN

Page 46 of 62 Users, interface and firewall configuration Figure 21 Adding users 2 Click Add User, as indicated by the arrow. The Users Details window appears, as shown in Figure 22 on page 47 553-3001-229 Standard 1.00 November 2005

Users, interface and firewall configuration Page 47 of 62 Figure 22 User details 3 In the General section, enter a First and Last name. 4 Select the Group to which the user will belong. 5 In the User Accounts section, enter a User ID and Password. 6 Re-enter the password. 7 Click OK. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN

Page 48 of 62 Users, interface and firewall configuration Second interface configuration Use Procedure 11 to configure the second interface. Procedure 11 Configuring the second interface 1 In the Contivity Secure IP Services Gateway navigator, select SYSTEM > Users. The Second Interface window appears, as shown in Figure 23. Figure 23 Configuring second interface 2 Click Configure (as indicated by the arrow). The Second Interface detail window appears, as shown in Figure 24 on page 49. 553-3001-229 Standard 1.00 November 2005

Figure 24 Second interface details Users, interface and firewall configuration Page 49 of 62 3 In the Configuration section, select Private for Interface Type. 4 In the 802.1Q section, select Disabled for State. 5 Reboot the computer for the settings to take effect. Note: The need to reboot may depend on the router model as there may be a spare private interface on the model. 6 Once the computer has rebooted, reload the second interface window. WLAN Handset 2212 Installation and Configuration for VPN

Page 50 of 62 Users, interface and firewall configuration Figure 25 Cancel acquisition 7 Click Cancel acquisition. The Second Interface page reloads as shown in Figure 26 on page 51. 553-3001-229 Standard 1.00 November 2005

Figure 26 Select protocol Users, interface and firewall configuration Page 51 of 62 8 Select IP in the Select Protocol list. 9 Click Apply. End of Procedure WLAN Handset 2212 Installation and Configuration for VPN

Page 52 of 62 Users, interface and firewall configuration Firewall configuration Use Procedure 12 configure the firewall. Procedure 12 Configuring the firewall 1 In the Contivity Secure IP Services Gateway navigator, select SERVICES > Firewall/NAT. The Firewall Options window appears, as shown in Figure 27. Figure 27 Firewall options 2 Select Contivity Firewall. 3 Select Contivity Stateful Firewall. 4 Clear Contivity Interface Filter. 5 Clear Interface NAT. 6 Clear Contivity Tunnel Filter. 553-3001-229 Standard 1.00 November 2005

Users, interface and firewall configuration Page 53 of 62 7 Click OK. Note: Do not leave this step for later as mobile clients will be unable to get an IP address via DHCP. 8 After the wireless gateway has rebooted, click Manage Policies (as indicated by the arrow). 9 Enter the login and password you entered when you created the user account in User accounts on page 45. The Firewall Policies window appears, as shown in Figure 28. Figure 28 Firewall policies 10 Click New. The New Policy window appears, as shown in Figure 29 on page 54 WLAN Handset 2212 Installation and Configuration for VPN

Page 54 of 62 Users, interface and firewall configuration Figure 29 New policy 11 Enter a name for the new firewall policy. 12 Click OK. The new policy is created and the Firewall Policy-Edit window appears, as shown in Edit firewall policy on page 54. Figure 30 Edit firewall policy 13 Select the Override Rules tab. 553-3001-229 Standard 1.00 November 2005

Users, interface and firewall configuration Page 55 of 62 14 Right-click in the tab and select Add New Rule. A set of default rules is created on the tab as shown in Figure 31. Figure 31 Override Rules 15 Select the Default Rules tab. 16 Right-click in the tab and select Add New Rule. A set of default rules is created on the tab as shown in Figure 32 Figure 32 Default Rules 17 Select Manager > CSF/NAT. 18 Click Yes to exit 19 Click Yes to save the changes, and return to the Firewall Options page. 20 Select the policy you created starting at step 11 from the Policy list in the Firewall/NAT Policy section. WLAN Handset 2212 Installation and Configuration for VPN

Page 56 of 62 Users, interface and firewall configuration 21 Click OK. End of Procedure 553-3001-229 Standard 1.00 November 2005

62 Handset configuration Page 57 of 62 Contents This section contains information on the following topics: Introduction.............................................. 57 Configuring the handset.................................... 57 Introduction Configuring the handset This section describes how to configure the WLAN Handset 2212. There are two ways to configure the WLAN Handset 2212: Using the configuration cradle This method is preferred for bulk configurations. Using the handset screen Configuration cradle method Use Procedure 13 on page 58 to configure the WLAN Handset 2212 using the cradle method. WLAN Handset 2212 Installation and Configuration for VPN

Page 58 of 62 Handset configuration Procedure 13 Configuring the WLAN Handset 2212 using the cradle 1 Before you begin, do the following: a. Remove the battery before placing the handset in the cradle b. Connect the serial cable to the COM port. c. Load the latest software (0.60 or later) on the telephone. The configuration cradle only works with Phase II software (0.60 or later). 2 Decompress the configuration cradle file (version 2.11.02) to a folder on the hard drive. 3 Double-click on PhoneConfig.exe in the folder. The Config Cradle window appears, as shown in Figure 33. The settings for the telephone are grouped into three main categories: System, Group, and User. User is the default group for the settings at startup and this should be sufficient for a few phones. For larger deployments, planning will be required for the settings. Figure 33 Config Cradle window 4 Place the handset in the cradle. 5 Click Read Phone on the configuration tool. The tool is populated with the VPN settings as shown in Figure 34 on page 59. 553-3001-229 Standard 1.00 November 2005

Handset configuration Page 59 of 62 Figure 34 Config Cradle with VPN Settings 6 Click Save. Handset screen method End of Procedure Use Procedure 14 to configure the WLAN Handset 2212 using the screen method. Procedure 14 Configuring the WLAN Handset 2212 using the screen 1 Turn on the handset. 2 To access the Configuration menu, press the green key and red key simultaneously, then release the green key first. The Configuration menu appears on the display, as shown in Figure 35 on page 60. WLAN Handset 2212 Installation and Configuration for VPN

Page 60 of 62 Handset configuration Figure 35 Configuration menu 3 Set the Licence Option. a. Select Phone Config > License Option. b. Enter 010 using the keypad on the handset. c. Select Save. 4 Set the Terminal Type. a. Select Phone Config > License Option. b. Select i2004. c. Select Save. 5 Set the DHCP IP address. a. Select Network Config > IP Addresses > Use DHCP. b. Select OK. 6 Set the VPN Server IP address. a. Select Network Config > Security > Static Entry > VPN > VPN Server IP. b. Enter 010.010.010.011. c. Select OK. 7 Set Mode. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP. 553-3001-229 Standard 1.00 November 2005

Handset configuration Page 61 of 62 b. Set Mode to Aggressive. c. Select OK. 8 Set your password. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Preshared Key > Alphanumeric. b. Enter your password. c. Select Save. 9 Set the Phase 1 authentication parameters. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP. b. Select Diffie-Hellman > Group 1. c. Select OK. d. Select Auth. Hash > SHA1. e. Click OK. f. Select Encryption > 3DES. g. Click OK. 10 Set Key ID. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Local ID > Key ID. b. Enter the key ID. c. Click Save. 11 Set Phase 1 Lifetime. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Lifetime (sec). b. Enter 2678400. c. Click Save. 12 Set Phase 1 Options. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Options. WLAN Handset 2212 Installation and Configuration for VPN

Page 62 of 62 Handset configuration b. Select Init Contact. c. Click OK. d. Select Nortel features. e. Click OK. 13 Set the Phase 2 authentication parameters. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 2 - ESP. b. Select Auth. Hash > SHA1. c. Click OK. d. Select Encryption > 3DES. e. Click OK. 14 Set IP address and subnet. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 2 - ESP > Remote Network. b. Select IP Address. c. Set the IP address to that of the VPN router. d. Click Save. e. Select IP Subnet. f. Set the IP subnet to that of the VPN router. g. Click Save. 15 Set Phase 2 Lifetime. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 2 - ESP > Lifetime (sec). b. Enter 2678400. c. Click Save. End of Procedure 553-3001-229 Standard 1.00 November 2005

Family Product Manual Contacts Copyright FCC notice Trademarks Document number Product release Document release Date Publish Nortel Communication Server 1000 WLAN Handset 2212 Installation and Configuration for VPN Copyright Nortel Networks Limited 2005 All Rights Reserved Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant. Nortel, Nortel (Logo), the Globemark, This is the Way, This is Nortel (Design mark), SL-1, Meridian 1, and Succession are trademarks of Nortel Networks. Publication number: 553-3001-229 Document release: Standard 1.00 Date: November 2005 Produced in Canada

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback