Nortel Networks BSR222 User Manual

Chapter 5 User Notes

33

Nortel Business Secure Router 222 — Fundamentals

If a VPN Client user account is de-activated, deleted, or changed, and that user is
currently connected, the connection is not automatically dropped. To drop the
connection, the administrator needs to disconnect the user using the 'Disconnect'
function in the VPN/SA Monitor GUI. This is consistent with other Nortel
Contivity products.

2

User Name Restrictions

User names are limited to a maximum length of 63 characters.

3

VPN Client Account Password Restrictions

The password for a VPN Client user cannot contain the single- or double-quote
characters.

4

IP Pool Address Overlap

When defining multiple VPN Client Termination IP pools, the router uses the IP
Subnet mask, and not the pool size, to determine if the pools are overlapping. The
subnet mask of each pool should be appropriate for the size of the VPN Client
Termination IP pool.

5

VPN Client Termination - Failure In Specific Addressing Situation

If the Client has an assigned IP address that is the same as the IP address assigned
for the Client Tunnel, the connection will fail to be established.

6

VPN Client Termination - Configuration Restrictions

This router has some restrictions when compared to larger Contivity Routers
(1000 Series and above). In particular,

VPN Clients cannot be added to the LAN subnet. They must have addresses
outside of the LAN subnet.

VPN Clients can have dynamically assigned IP addresses, or they can have a
statically assigned addresses. However, the router does not support both
modes at once. All addresses must either be dynamically assigned, or they
must all be statically assigned.

7

Establishing a Client Tunnel From One Business Secure Router to Another