ページ1に含まれる内容の要旨
Nortel VPN Gateway
User Guide
Release: 7.1
Document Revision: 02.01
www.nortel.com
NN46120-104 216368-G
.
ページ2に含まれる内容の要旨
Nortel VPN Gateway Release: 7.1 Publication: NN46120-104 Document status: Standard Document release date: 14 April 2008 Copyright © 2007-2008 Nortel Networks All Rights Reserved. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any pro
ページ3に含まれる内容の要旨
3 . Contents Preface 7 Who Should Use This Book 8 Related documentation 9 Product Names 10 How This Book Is Organized 11 Typographic Conventions 13 How to Get Help 14 Getting help from the Nortel Web site 14 Getting help over the phone from a Nortel Solutions Center 14 Getting help from a specialist by using an Express Routing Code 14 Getting help through a Nortel distributor or reseller 14 Introducing the VPN Gateway 15 SSL Acceleration 16 VPN 17 Hardware Platforms 18 Feature List 19 Introducin
ページ4に含まれる内容の要旨
4 Upgrading the NVG Software 73 Performing Minor/Major Release Upgrades 74 Managing Users and Groups 79 User Rights and Group Membership 80 Adding a New User 81 Changing a Users Group Assignment 86 Changing a Users Password 88 Deleting a User 91 Certificates and Client Authentication 93 Generating and Submitting a CSR Using the CLI 94 Adding Certificates to the NVG 99 Update Existing Certificate 107 Configure a Virtual SSL Server to Require a Client Certificate 108 Generating client certificates
ページ5に含まれる内容の要旨
Licensing 5 Cannot download the NetDirect Zipped file from client PC 171 System Diagnostics 172 Unable to download NetDirect from VPN server 175 Supported Ciphers 177 Cipher List Formats 179 Modifying a Cipher List 180 Supported Cipher Strings and Meanings 181 The SNMP Agent 183 Supported MIBs 184 Supported Traps 189 Syslog Messages 191 List of Syslog Messages 192 Syslog Messages in Alphabetical Order 209 222 License Information 223 HSM Security Policy 233 Definition of Key Codes 253 Syntax Desc
ページ6に含まれる内容の要旨
6 Nortel VPN Gateway User Guide NN46120-104 02.01 Standard 14 April 2008 Copyright © 2007-2008 Nortel Networks .
ページ7に含まれる内容の要旨
7 . Preface This User’s Guide describes how to perform basic configuration and maintenance of the Nortel VPN Gateway (NVG). Nortel VPN Gateway User Guide NN46120-104 02.01 Standard 14 April 2008 Copyright © 2007-2008 Nortel Networks .
ページ8に含まれる内容の要旨
8 Preface Who Should Use This Book This User’s Guide is intended for network installers and system administrators engaged in configuring and maintaining a network. It assumes that you are familiar with Ethernet concepts and IP addressing. Nortel VPN Gateway User Guide NN46120-104 02.01 Standard 14 April 2008 Copyright © 2007-2008 Nortel Networks .
ページ9に含まれる内容の要旨
Licensing 9 Related documentation For full documentation on installing and using the many features available in the VPN Gateway software, see the following manuals: • VPN Gateway 7.1 Command Reference (part number 216369-F, April 2008) Describes each command in detail. The commands are listed per menu, according to the order they appear in the Command Line Interface (CLI). VPN Gateway 6.0 Application Guide for SSL Acceleration (part number 216370-D, April 2008) Provides examples on how to conf
ページ10に含まれる内容の要旨
10 Preface Product Names The software described in this manual runs on several different hardware models. Whenever the generic terms Nortel VPN Gateway, VPN gateway or NVG are used in the documentation, the following hardware models are implied: Nortel VPN Gateway 3050 (NVG 3050) Nortel VPN Gateway 3070 (NVG 3070) Nortel SSL VPN Module 1000 (SVM 1000) Nortel SSL Accelerator 310-FIPS (ASA 310-FIPS) The integrated SSL Accelerator (SSL processor) on the Nortel 2424-SSL switch Nortel VPN
ページ11に含まれる内容の要旨
11 How This Book Is Organized The chapters in this book are organized as follows: Users Guide “Introducing the VPN Gateway” (page 15) provides an overview of the major features of the VPN Gateway, including its physical layout and the basic concepts of its operation. “Introducing the ASA 310-FIPS” (page 27) provides information about the ASA 310 equipped with HSM cards, as well as information about the available security modes and the concept of iKey authentication. “Initial Setup” (page 35) des
ページ12に含まれる内容の要旨
12 Preface “Syslog Messages” (page 191), contains a list of all syslog messages that can be sent to a syslog server that is added to the NVG system configuration. “License Information” (page 223) provides licensing information for the software used in this product. “HSM Security Policy” (page 233) provides detailed information about the ® security policy of the CryptoSwift HSM card that comes installed in the ASA 310-FIPS. “Definition of Key Codes” (page 253) provides information about how to co
ページ13に含まれる内容の要旨
13 Typographic Conventions The following table describes the typographic styles used in this book. Table 1 Typographic Conventions Typeface or Meaning Example Symbol This type is used for names of View thereadme.tx AaBbCc123 commands, files, and directories used t file. within the text. Main# It also depicts on-screen computer output and prompts. This bold type appears in command AaBbCc123 examples. It shows text that must be Main# sys typed in exactly as shown.
ページ14に含まれる内容の要旨
14 Preface How to Get Help This section explains how to get help for Nortel products and services. Getting help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: https://www.nortel.com/support/ This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. From this site, you can: download software, documentation, and product bulletins for answers to technic
ページ15に含まれる内容の要旨
15 . Introducing the VPN Gateway The Nortel VPN Gateway (NVG) software includes two major functionality groups: SSL Acceleration VPN These features can be used separately or be combined. This User’s Guide covers the basic tasks that need to be completed irrespective of which feature you wish to deploy. Nortel VPN Gateway User Guide NN46120-104 02.01 Standard 14 April 2008 Copyright © 2007-2008 Nortel Networks .
ページ16に含まれる内容の要旨
16 Introducing the VPN Gateway SSL Acceleration The VPN Gateway can function as a peripheral Secure Sockets Layer (SSL) offload platform that attaches to a Nortel Application Switch or a comparable switch from another vendor. (The VPN Gateway can also operate in standalone mode, i.e. without being connected to a switch.) The VPN Gateway performs a TCP three-way handshake with the client through the Nortel Application Switch and performs all the SSL encryption and decryption for the session. Comb
ページ17に含まれる内容の要旨
Getting help through a Nortel distributor or reseller 17 VPN The VPN feature supports remote access to intranet or extranet resources (applications, mail, files, intranet web pages) through a secure connection. What information should be accessible to the remote user after login is determined by access rules (ACLs). The intranet’s resources can be accessed in clientless mode, transparent mode or both: From any computer connected to the Internet (clientless mode). The remote user connects to th
ページ18に含まれる内容の要旨
18 Introducing the VPN Gateway Hardware Platforms The VPN Gateway software is supported on the following hardware platforms: Nortel VPN Gateway 3050 and 3070 Nortel SSL VPN Module 1000 Nortel SSL Accelerator 310 and 410 Nortel SSL Accelerator 310-FIPS, with FIPS-compliant Hardware Security Module (HSM). See “Introducing the ASA 310-FIPS” (page 27). Nortel 2424-SSL Application Switch For a detailed technical specification of the hardware platforms, see the "Specifications" appendix in t
ページ19に含まれる内容の要旨
Software Features 19 Feature List Software Features Web Portal Web Portal interface for remote users accessing the VPN Gateway in clientless mode, that is, through the browser. Corporate resources available to users as preconfigured group links or accessible through the Portal tabs. Support for native Telnet and SSH (including X11 forwarding) access to intranet servers through terminal Java applet (available on the Portal’s Advanced tab). Support for handling plugins, Flash and Java appl
ページ20に含まれる内容の要旨
20 Introducing the VPN Gateway Transparent Mode Access Access to intranet resources in transparent mode, that is, without going through the Web Portal, is accomplished using Windows VPN clients installed on the client PCs. In this mode, remote users will experience network access as if sitting within the local area network. The following VPN clients are available: Nortel SSL VPN client (TDI and LSP version). Nortel IPsec VPN client (formerly the Contivity VPN client). Not supported on the AS