Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
41424344454647484950
Chapter 5 Troubleshooting Open Security Extension Introduction
Advanced Technical Reference Guide 4.1 June 2000 42
Troubleshooting Open Security Extension
Introduction
Open Security Extension is a product that enables a VPN/FireWall management module to generate and
download Access Lists and configure security for routers (3com, Nortel, Microsoft RRAS (Steelhead), and
Cisco) and Integrated FireWall (Cisco PIX).
This chapter provides additional information about Routers, not covered in the User Guides.
A VPN/FireWall management module can manage Access Lists for the following third-party routers and
devices. Any number of routers and devices can be managed:
Bay Networks Routers: version 7.x - 12.x
Cisco Routers: IOS version 9,10,11,12
Note that version 12 is only for VPN-1/FireWall-1 4.1
Cisco PIX Firewall: version 3.0, 4.0, 4.1x
Note that Open Security Extension supports only two
PIX interfaces: the internal and external interfaces.
3Com Netbuilder: version 9.x
Microsoft Routing and Remote Access Service
RRAS (SteelHead) for Windows NT Server 4.0
Nortel (Bay) Routers: Configuration and Problem Resolution
When creating access list for Nortel router, be aware that Nortel router access lists always include an implicit
final rule that accepts all communications (any, any, accept). You must explicitly define a final rule in the Rule
Base that drops all communications not described by the other rules (Any / Any / Drop)
To configure an SNMP password on a Nortel (Bay) Router
To enable VPN-1/FireWall-1 to correctly communicate with the Bay router via SNMP, do the following during
configuration:
On the Nortel Site Manager:
1. Select the router you would like to configure (there is a small window which lists all the routers the Site
Manager "knows" about).
2. From the Site Manager Menu bar, choose Tools Configuration Manager Dynamic. This will open a
Configuration Manager window, which lets you configure a specific router.
3. Save the current configuration file (File Save As somename.cfg), so you'll be able to return to this state
at a later time, by simply booting the router with this configuration file.
4. On the configuration Manager choose Protocols IP SNMP Communities. This will open a window called
"SNMP Community List".
5. On the SNMP Community List Window, choose Community Add Community, to add your own
community, giving it READ/WRITE permissions.
6. Select the new community that you've defined in step 5, and choose Community Managers. This will open
the Managers window. In this window, add the IP address of the VPN-1/FireWall-1 machine.