beautypg.com

Panasonic 7 User Manual

Page 64

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

Every Nortel VPN Router 1010, 1050, and 1100 must have a distinct IP address
that is visible from the NOC subnet. A NOC can assign any address reachable

from a NOC network to a Nortel VPN Router 1010, 1050, or 1100. BOQS
configures NAT on the NOC tunnel to translate the address specified in the

“Branch office switch manage NAT IP address” and “management address from

branch office private subnet.” If the field is empty, the NOC must use an actual

management address to access the Nortel VPN Router 1010, 1050, or 1100.

Because the NOC tunnel uses static routing, all Nortel VPN Router 1010, 1050,

and 1100 devices must be configured with a static route to the NOC private

network. The NOC private address and NOC private mask fields are where a
BOQS user enters this information. This information is the same for all Nortel
VPN Router 1010, 1050, and 1100 devices.

You must provision the NOC switch to accept control tunnel connections from the
branch office. Because static routing is used in control tunnels, you do not have to

enable routing protocols on the NOC switch. Use the following guidelines:

All responder tunnels should be created in one group or in subgroups of one

group for easy management. Connection Name of the tunnel should
correspond to NOC tunnel name and created in an enabled state with local
filter set to Permit All.

Text Pre-Shared Key should be selected as the IPSEC authentication method,

Initiator ID set to the value of Control Tunnel Name, and Text Pre-Shared Key

should be equal to Control Tunnel password.

Select Static routing. Accessible local networks should be added. All

networks from which the Nortel VPN Router1010, 1050, or 1100 will be
managed must be on that list.

NAT Local option should NOT be used.

Accessible Remote Networks should contain one address subnet (mask equal
to 255.255.255.255) with Nortel VPN Router 1010, 1050, or 1100

Management IP. Nortel VPN Router 1010, 1050, or 1100 Management IP is
either explicitly provided in the field “Branch office switch manage NAT IP

address” or if this field is left empty, it is the second address from the subnet
specified in the Branch Office Private IP Address and Mask fields.

64 Chapter 3 Setting up the Nortel VPN Router 1010, 1050, and 1100

NN46110-500