User`s guide
Table Of Contents
- Ascend Customer Service
- How to use this guide
- What you should know
- Documentation conventions
- How to use the on-board software
- Manual set
- Configuring WAN Connections
- Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Parameters that affect the routing table
- Static and dynamic routes
- Configuring static routes
- Specifying default routes on a per-user basis
- Enabling the Pipeline to use dynamic routing
- Route preferences
- Viewing the routing table
- Fields in the routing table
- Removing down routes to a host
- Identifying Temporary routes in the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
- IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
- Dial-in user DNS server assignments
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
- Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
- Configuring the Pipeline as a Bridge
- Defining Filters and Firewalls
- Setting Up Pipeline Security
- Pipeline System Administration
- Pipeline 75 Voice Features
- IDSL Implementations
- APP Server utility
- About the APP Server utility
- APP Server installation and setup
- Configuring the Pipeline to use the APP server
- Using App Server with Axent SecureNet
- Creating banner text for the password prompt
- Installing and using the UNIX APP Server
- Installing and using the APP Server utility for DO...
- Installing and using the APP Server utility for Wi...
- Installing APP Server on a Macintosh
- Troubleshooting
- Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
- Untitled
Setting Up Pipeline Security
Connection security
7-12 Preliminary January 30, 1998 Pipeline User’s Guide
Authentication protocols
Password Authentication Protocol (PAP) and Challenge Handshake
Authentication Protocol (CHAP) require Point-to-Point Protocol (PPP)
encapsulation. These authentication protocols apply to PPP, Multilink PPP (MP),
and Multichannel PPP (MP+) connections to the Pipeline. Both sides of the
connection must support the same protocol.
PAP provides a simple way for a peer to establish its identity in a two-way
handshake when initially establishing a link. It sends passwords in the clear, so it
is not a very strong authentication method. PAP provides baseline security when
your system interoperates with equipment from other vendors.
CHAP is a stronger authentication method than PAP. During the establishing of
the initial link, CHAP verifies the identity of a peer through a three-way
handshake. It sends passwords encrypted by means of a one-way hash
function. This use of an incrementally changing identifier and a variable
challenge value protects against playback attack.
MS-CHAP is supported to work with DES and MD4 encryption in Windows NT
environments only. The Pipeline can authenticate a Windows NT system and a
Windows NT system can authenticate a Pipeline.
Note:
In addition to this type of authentication, there are other parameters, such
as Telco and Session options, that affect whether the Pipeline is able to build the
connection. For example, if the AnsOrig parameter is set to prevent incoming
calls, the Pipeline will never reach the stage of authenticating an incoming call
using that profile.
Name and password verification
During authentication, the calling device often requires the Pipeline unit’s name
and password as well. The Pipeline name is specified in the System profile. The
Send PW parameter is a password sent to the calling device.
If the Ethernet > Answer > Recv Auth parameter is set to Either, the Pipeline uses
PAP, CHAP, or MS-CHAP, depending on what the caller supports. If it is set just
to a specific authentication protocol, the Pipeline rejects any password not sent
with the assigned authentication protocol.