User`s guide

ManualsBrandsAscend ManualsComputer equipmentPipeline

201

202

203

204

205

206

207

208

209

210

Table Of Contents

Ascend Customer Service
How to use this guide
What you should know
Documentation conventions
How to use the on-board software
- Changing parameter values
- Saving or discarding your changes
Manual set
Configuring WAN Connections
- About Wide Area Network (WAN) connections
- Link encapsulation
- Nailed groups
- How calls are initiated
- How calls are answered
- Data compression options
- The Answer profile
- Connection profiles
- Configuring Frame Relay connections
Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
  - How IP addresses are assigned
  - Configuring DHCP services
- Dial-in user DNS server assignments
  - Configuring DNS servers in the Ethernet profile
  - Configuring DNS servers in the Connection profile
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
Configuring the Pipeline as a Bridge
- Introduction to Ascend bridging
- Enabling bridging
- Managing the bridge table
- Configuring bridged connections
Defining Filters and Firewalls
- Introduction to filters
- Overview of Filter profiles
- Example filters
- Working with predefined call filters
- Display unwanted dial-out packets
- Secure Access Firewalls
- Filter persistence
  - Background on firewall and filter persistence
  - Filter persistence and Connection profiles
Setting Up Pipeline Security
- Recommended security measures
- Pipeline Security profiles
- Connection security
- Using filters to secure the network
- Using security cards
Pipeline System Administration
- Overview of administration functions
- Activating administrative privileges
- Configuring administration options
- Using the Pipeline status windows
- Performing system administration operations
- Using the terminal server interface
  - Invoking and quitting the terminal server interfac...
  - Terminal server commands
- Accessing a local Pipeline via Telnet
Pipeline 75 Voice Features
- About the integrated services of ISDN
- How your ISDN service affects voice features
  - Ordering supplementary voice services
  - Ordering voice features
- How outgoing voice calls are handled
- How incoming voice calls are handled
- Support for 2-channel calls on one SPID
  - Configuring a 2-channel, single SPID call
- Support for outgoing 3.1K audio calls
  - How 3.1K audio calls work
  - Configuring 3.1K audio call
- EAZ Terminal ID for Germany
IDSL Implementations
- ISDN Digital Subscriber Line (IDSL)
- Configuring an IDSL connection
- Making voice calls over IDSL
APP Server utility
- About the APP Server utility
- APP Server installation and setup
Troubleshooting
- Cabling problems: Rule these out first
- Common problems and their solutions
- Problems configuring the Pipeline
- ISDN BRI interface problems
  - Bridge/router problems
- Problems accessing the remote network
  - Check the installation
  - Configuration problems
Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
Untitled

Defining Filters and Firewalls

Filter persistence

Pipeline User’s Guide Preliminary January 30, 1998 6-37

A persistent filter or firewall is maintained even when its associated connection

becomes inactive. Additionally, the filter or firewall can be applied when an

additional session becomes associated with a connection, as is the case with

additional channels of an MPP connection.

Note:

Firewalls need to use persistence to work correctly, but filters do not need

to use persistence to work as designed.

Filter persistence and Connection profiles

Connection profiles describe different contact sites. Perhaps, for a small office,

one profile would apply to a corporate home office, and another profile would

apply to an Internet service provider. In each case, the Pipeline user would like to

use the Secure Access Firewall capability to prevent unauthorized incursions into

the local network by others.

With dial-on-demand and automatic call timeout, the dynamic firewall

capabilities of Secure Access Firewall would prevent in-progress TCP sessions

(such as Telnet or Rlogin) from proceeding after a call termination and restart

(due to inactivity, for example). Without persistence, a new firewall is

constructed when a call starts up with no knowledge of any TCP sessions in

progress, and consequently would block packets for those sessions when starting

the line back up. This has the effect of rendering the in-progress Telnet (or

Rlogin, etc.) sessions inoperative, possibly destroying work in progress that is

dependent on them.

Filter persistence is a way to tell the Pipeline to keep a firewall around even after

the call is terminated. When a new call is placed to (or is received from) the same

station, the Pipeline remembers the original firewall and uses it as if the call had

never been terminated. Thus, the user can continue working without loss.

Conversely, there may be times when a single Connection profile is used for

several different sites. This might be the case if you use the same Connection

Profile to describe multiple different callers. In this case, you do not want the

filters and firewalls to be persistent, since the Pipeline cannot know if calls are

arriving from the same users.