User`s guide
Table Of Contents
- Ascend Customer Service
- How to use this guide
- What you should know
- Documentation conventions
- How to use the on-board software
- Manual set
- Configuring WAN Connections
- Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Parameters that affect the routing table
- Static and dynamic routes
- Configuring static routes
- Specifying default routes on a per-user basis
- Enabling the Pipeline to use dynamic routing
- Route preferences
- Viewing the routing table
- Fields in the routing table
- Removing down routes to a host
- Identifying Temporary routes in the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
- IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
- Dial-in user DNS server assignments
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
- Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
- Configuring the Pipeline as a Bridge
- Defining Filters and Firewalls
- Setting Up Pipeline Security
- Pipeline System Administration
- Pipeline 75 Voice Features
- IDSL Implementations
- APP Server utility
- About the APP Server utility
- APP Server installation and setup
- Configuring the Pipeline to use the APP server
- Using App Server with Axent SecureNet
- Creating banner text for the password prompt
- Installing and using the UNIX APP Server
- Installing and using the APP Server utility for DO...
- Installing and using the APP Server utility for Wi...
- Installing APP Server on a Macintosh
- Troubleshooting
- Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
- Untitled
Setting Up Pipeline Security
Using security cards
Pipeline User’s Guide Preliminary January 30, 1998 7-17
Filters can also be used to prevent remote users from accessing information on
your local network, even if they know how to “spoof” a local source address that
would enable them to get past a filter. For example, you can define a filter that
drops inbound packets whose source address is on the local network or the
loopback address.
Each filter consists of an ordered list of conditions (“rules”) based on either IP-
specific or protocol-independent information. For an IP filter, you can filter
packets based on any combination of the following elements:
• Source address
• Destination address
• Protocol number
• Source port
• Destination port
• A flag indicating if a TCP session is established
For a protocol-independent filter, you can specify data values and masks that the
Pipeline uses when determining whether to drop or forward packets.
(For information about how to organize and create Filter profiles, refer to
Chapter 6, “Defining Filters and Firewalls.”)
Using security cards
A secure network site can be set up to change its password after a number of
minutes or hours. An external authentication server such as a Security Dynamics
(ACE) or Enigma Logic (Safeword) server changes the password and relies on a
combination of a Personal ID (PIN) and a code generated by security card that
must be in the possession of the user. A liquid crystal display on the security card
shows the code that enables access to the secure network only at that time.
For secure sites the Pipeline is a client of a central-site device, such as MAX
4000, which acts as a network access server (NAS). The NAS is a client of a
RADIUS server, which in turn is a client of the ACE or Safeword server.
Figure 7-1 shows one example security card environment. The user dialing in
through a Pipeline unit is a client of the Pipeline, which in turn is a client of the