Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
31323334353637383940
Chapter 4 Troubleshooting Routers and Embedded Systems VPN-1/FireWall-1 configuration for a Nortel (Bay Networks) BayRS router
Advanced Technical Reference Guide 4.1 June 2000 33
Licenses
The license for the embedded system capabilities is installed only on the Management Module – NOT on the
router.
Problems and bugs
Sometimes there are no log entries: Additional putkeysandfwstop/fwstart at the
VPN-1/FireWall-1 Management, as well as boots to the router, usually fix this.
Anti-Spoofing: As mentioned in “configuration Manager” under “To configure a Nortel router with
VPN-1/FireWall-1”), interface names should be manually modified.
The router is not displayed on System Status: Caused by not selecting Platform FireWall Interfaces. The
Management displays that a policy had been installed, but it has no effect. In this case, the policy is
accepted by the router, but there are no FireWalled interfaces on which to install the policy.
To configure an SNMP password on a Nortel (Bay) Router
To enable VPN-1/FireWall-1 to correctly communicate with the Nortel (Bay) router via SNMP, do the
following during configuration:
On the Nortel Site Manager:
1. Select the router you would like to configure (there is a small window which lists all the routers the Site
Manager "knows" about).
2. From the Site Manager Menu bar, choose Tools Configuration Manager Dynamic. This will open a
Configuration Manager window, which lets you configure a specific router.
3. Save the current configuration file (File Save As somename.cfg), so you'll be able to return to this state
at a later time, by simply booting the router with this configuration file.
4. On the configuration Manager choose Protocols IP SNMP Communities. This will open a window called
"SNMP Community List".
5. On the SNMP Community List Window, choose Community Add Community, to add your own
community, giving it READ/WRITE permissions.
6. Select the new community that you've defined in step 5, and choose Community Managers. This will open
the Managers window. In this window, add the IP address of the VPN-1/FireWall-1 machine.
7. Exit the "Managers" and the SNMP Community List windows (Don't erase the "Public" default community
yet. Do it later).
8. In the Configuration Manager, save your definition in a file, preferably with the ".cfg" suffix (File Save
As).
To enable VPN-1/FireWall-1 to correctly communicate with the Nortel (Bay) router via SNMP, make sure that
the following steps are performed during configuration:
In the VPN-1/FireWall-1 GUI
1. Open the Network Objects Manager, and define the router. The definitions should be as follows:
Type = Router
Location = Internal
Vendor = Bay Networks
FireWall-1 = Not Installed