beautypg.com

Panasonic 7 User Manual

Page 76

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

76 Chapter 4 Configuring user tunnels

The Nortel VPN Router associates all remote users with a group, which dictates

the attributes that are assigned to a remote user session. A group can even consist

of a single user, thereby creating a personal connection.

The Nortel VPN Router organizes groups in a hierarchical manner. At the top of

the hierarchy is the base group. The base group \Base contains the default

characteristics that each new group inherits. You add additional groups to the

hierarchy as children of the base group.

The Nortel VPN Router takes precautions against unauthorized users potentially

hacking tunneled information when the Nortel VPN Router is operating in split
tunnel mode. The primary precaution is to drop packets that do not have the IP

address that is assigned to the tunnel connection as its source address. For

example, you establish a PPP dial-up connection to the Internet with an IP address
of 192.168.21.3. When you start the tunneled connection to a Nortel VPN Router,
you are assigned a tunnel IP address of 192.192.192.192. Now, any packets that

attempt to pass through the tunnel connection with a source IP address of

192.168.21.3 (or any address other than 192.192.192.192) are dropped.

Furthermore, you can enable filters on the Nortel VPN Router to limit the protocol
types that can pass through a tunneled connection.

Note: PPP multilink is not supported with branch office tunnels. It is

only supported with end user tunnels.

* •

Password aging does not work for administrator accounts. Also, the following are

client-specific password management symptoms:

If you are using the IPsec client, you are warned three times that there will be

an impending password expiration. You should change the password

immediately. IPsec clients using versions earlier than 1.5.2 do not receive a
password expiration warning.

If you are using the PPTP client with the Connection Manager, the
Connection Manager generates an impending password expiration warning.

Other clients (L2TP and L2F) and PPTP client users who are not using the

Connection Manager have no warning and no longer can log on. You must
contact your system administrator if this happens. In this case, the Nortel
VPN Router is unable to notify the client because it has no actual control over

the client. With PPTP, use the Connection Manager to establish a connection.
With L2TP or L2F, set the Password Maximum Age to zero (never expires).

NN46110-500

See also other documents in the category Panasonic Hardware: