3Com VCX IP Telecommuting Module Getting started Guide
Com VCX IP Telecommuting Module: Getting started Guide Part Number BETA Published April 2009 3Com Corporation, 350 Campus Drive, Marlborough MA 01752-3064 Copyright © 2005, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
Table of Contents Part I. Installation of the 3Com VCX IP Telecommuting Module ...................................i 1. Introduction................................................................................................................ 1 2. Overview of the Installation....................................................................................... 3 3. Installing 3Com VCX IP Telecommuting Module .................................................... 5 Part II.
ii
Part I. Installation of the 3Com VCX IP Telecommuting Module This document will help you to get started with your 3Com VCX IP Telecommuting Module. It contains the necessary information to configure your Telecommuting Module. Additional information about managing your 3Com VCX IP Telecommuting Module can be found in the Reference Guide.
Chapter 1. Introduction What is a Telecommuting Module? A Telecommuting Module is a device which processes traffic under the SIP protocol (see RFC 3261). The Telecommuting Module receives SIP requests, processes them according to the rules you have set up, and forwards them to the receiver. The Telecommuting Module connects to an existing enterprise firewall through a DMZ port, enabling the transmission of SIP-based communications without affecting firewall security.
Chapter 1. Introduction Fig 1. Telecommuting Module in DMZ configuration. DMZ/LAN Configuration Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it with one of the interfaces. The other interfaces are connected to your internal networks. The Telecommuting Module can handle several networks on the internal interface even if they are hidden behind routers.
Chapter 2. Overview of the Installation • Now you can see the main page of 3Com VCX IP Telecommuting Module. Click on the Telecommuting Module Type link and select the configuration for your Telecommuting Module. The types are described on the corresponding help page. • Go to the Basic Configuration page and enter a DNS server. See also the Basic Configuration section. • Go to the Access Control page and make settings for the configuration of the Telecommuting Module.
Chapter 2. Overview of the Installation • Allow UDP and TCP traffic in the port interval used for media streams by the Telecommuting Module, and port 5060. This traffic must be allowed to all networks which should be reached by SIP traffic. See also the chapter titled Firewall and Client Configuration, for information on configuring the firewall and the SIP clients.
Chapter 3. Installing 3Com VCX IP Telecommuting Module Installation There are three ways to install an 3Com VCX IP Telecommuting Module: using a serial cable, using a diskette or perform a magic ping. Installation with a serial cable or a diskette requires being at the same place as the Telecommuting Module, but will give more options for the start configuration.
Chapter 3. Installing 3Com VCX IP Telecommuting Module • Connect the Telecommuting Module to your workstation with the enclosed serial cable. • Plug in the power cord and turn the Telecommuting Module on. • Wait while the Telecommuting Module boots up. • Log on from your workstation. • Run the installation program (see following instructions). • Connect the network cables to the network interfaces. • Configure the rest through a web browser.
Chapter 3. Installing 3Com VCX IP Telecommuting Module • The other way is as a number between 0 and 32. An IP address has 32 bits, where the number of the network mask indicates how many bits are used in the network’s addresses. The rest of the bits identifies the computer on the network. Now, you can select to deactivate any network interfaces. Select y to deactivate all interfaces but the one you just configured.
Chapter 3. Installing 3Com VCX IP Telecommuting Module If you choose to allow only one computer to configure the Telecommuting Module, you are asked for the IP address (the mask is set automatically). IP address [0.0.0.0]: 10.47.2.240 If this IP address is not on the same network as the IP address of the Telecommuting Module, you are asked for the router. Enter the IP address of the router on the network where the Telecommuting Module is connected.
Chapter 3. Installing 3Com VCX IP Telecommuting Module Password []: Finally, you are asked if you want to reset other configuration. Other configuration Do you want to reset the rest of the configuration? (y/n) [n] If you answer n, nothing is removed. If you answer y, you have three alternatives to select from: 1. Clear as little as possible. This is the alternative that is used if you answer n to the question above.
Chapter 3. Installing 3Com VCX IP Telecommuting Module Now, finish configuration of the Telecommuting Module from the computer/computers specified in the installation program. Installation with a diskette These steps are performed when installing with a diskette: • Select an IP address and store it on the installation diskette as described below. • Insert the installation diskette into the Telecommuting Module’s floppy drive. • Plug in the power cord and turn the Telecommuting Module on.
Chapter 3. Installing 3Com VCX IP Telecommuting Module Basic unit installation program version 4.6.5 Press return to keep the default value Network configuration inside: Physical device name[eth0]: IP address [0.0.0.0]: 10.47.2.242 Netmask/bits [255.255.255.0]: 255.255.0.0 Deactivate other interfaces? (y/n) [n] Computers from which configuration is allowed: You can select either a single computer or a network.
Chapter 3. Installing 3Com VCX IP Telecommuting Module If the network or partial network is not directly connected to the Telecommuting Module, you must enter the IP address of the router leading to that network. Then enter the network’s address and mask. Static routing: The network allowed to configure from is not on a network local to this unit. You must configure a static route to it. Give the IP address of the router on the network this unit is on. The IP address of the router [0.0.0.0]: 10.47.3.
Chapter 3. Installing 3Com VCX IP Telecommuting Module Note that the diskette contains a command to erase certain parts of the configuration during boot when the diskette is inserted. Make sure to eject it once the Telecommuting Module has booted up to avoid future loss of data. If you happen to forget the administrator password for the Telecommuting Module, you can insert the diskette into the Telecommuting Module again and boot it.
Chapter 3.
Part II. Configuring 3Com VCX IP Telecommuting Module These chapters contain information about how to configure your 3Com VCX IP Telecommuting Module, once it has been installed. All configuration is made through the web interface of the Telecommuting Module. The configuration described in these chapters is basic for making the Telecommuting Module work. For descriptions of more advanced Telecommuting Module functions, please refer to the User Manual.
Chapter 4. Network Configuration First, the Telecommuting Module must be configured to be aware of the network in which it operates. This is performed on the Network Configuration pages. The important pages for getting started are Telecommuting Module Type, Interface (Network Interface 1 and 2), Default Gateway, Networks and Computers and (for the DMZ Telecommuting Module Type) Surroundings.
Chapter 4. Network Configuration DMZ/LAN Configuration Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it with one of the interfaces. The other interfaces are connected to your internal networks. The Telecommuting Module can handle several networks on the internal interface even if they are hidden behind routers. This configuration is used to enhance the data throughput, since the traffic only needs to pass your firewall once.
Chapter 4. Network Configuration The Telecommuting Module derives information about your network topology from the interface configuration. Telecommuting Module Type configuration Current Telecommuting Module Type Shows which type is currently active. Change Telecommuting Module Type to Select a new Telecommuting Module Type here. Change type Press the Change type button to set the new Telecommuting Module Type.
Chapter 4. Network Configuration Physical device Physical device tells the physical device name of the network interface. Status Specify if this network interface is On or Off. If the interface is off, all configuration on this page is ignored, and the Telecommuting Module will behave as if this interface wasn’t present. Interface name The network Interface name is only used internally in the Telecommuting Module, e. g. when configuring Networks and Computers.
Chapter 4. Network Configuration Name A name for this IP address. You can use this name when configuring VPN. This name is only used internally in the Telecommuting Module. DNS Name Or IP Address The name/IP address of the Telecommuting Module on this network interface on this directly connected network. If a name is entered, you must enter the IP address for a name server on the Basic Configuration page. IP address Shows the IP address of the DNS Name Or IP Address you entered in the previous field.
Chapter 4. Network Configuration Alias 3Com VCX IP Telecommuting Module can use extra IP addresses, aliases, on its interfaces. All alias IP addresses must belong to one of the Directly Connected Networks you have specified. Aliases are necessary for setting up a STUN server. If the interface obtains its IP address dynamically, no aliases can be defined. Name Enter the name of your alias. This name is only used internally in the Telecommuting Module.
Chapter 4. Network Configuration Delete Row If you select this box, the row is deleted when you click on Create new rows, Save, or Look up all IP addresses again. Create Enter the number of new rows you want to add to the table, and then click on Create. Static Routing If there is a router between the Telecommuting Module and a computer network which the Telecommuting Module is serving, you must name the router and the network here. The table is sorted by network number and network mask.
Chapter 4. Network Configuration Create Enter the number of new rows you want to add to the table, and then click on Create. Save Saves all Interface configuration to the preliminary configuration. Cancel Clears and resets all fields in new rows and resets changes in old rows. Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page. This button will only be visible if a DNS server has been configured.
Chapter 4. Network Configuration Dynamic If an interface will receive its IP address from a DHCP server, the Telecommuting Module will get its default gateway from the server. In this case, select the corresponding IP address here. DNS Name Or IP Address Enter the DNS name or IP address for the default gateway. If an interface will receive its IP address from a DHCP server, the Telecommuting Module will get its default gateway from the server. In this case, leave this field empty.
Chapter 4. Network Configuration DNS Name Or IP Address Enter the DNS name or IP address for the reference host. The reference host must be located on the other side of the default gateway. IP address Shows the IP address of the DNS Name Or IP Address you entered in the previous field. Delete Row If you select this box, the row is deleted when you click on Create new rows, Save, or Look up all IP addresses again. Create Enter the number of new rows you want to add to the table, and then click on Create.
Chapter 4. Network Configuration Name Enter a name for the group of computers. You can use this name when you change configuration on the pages mentioned above. A group can consist of several rows of IP addresses or series of IP addresses. By clicking on the plus sign beside the name, you add more rows where you can specify more IP addresses for this group. Subgroup An already defined group can be used as a subgroup to new groups. Select the old group here and leave the fields for DNS name empty.
Chapter 4. Network Configuration Upper Limit DNS Name Or IP Address Here, enter the last DNS name/IP address of the network or group. For computers in an IP range that you want to give a network name, enter the last IP address in the seriesrange. The IP address in Upper Limit must be at least as high as the one in Lower Limit. If this field is left empty, only the IP address in Lower Limit is used. If you use a subgroup, leave this field empty.
Chapter 4. Network Configuration Surroundings State the topology around the Telecommuting Module on this page. Which type of topology is needed depends on which Telecommuting Module Type was selected. Surroundings Settings in the Surroundings table are only required when the Telecommuting Module has been made the DMZ (or LAN) type. The Telecommuting Module must know what the networks around it looks like.
Chapter 4. Network Configuration Delete Row If you select this box, the row is deleted when you click on Create new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. Data Interfaces Settings in the Data Interfaces table are only required when the Telecommuting Module has been made the WAN type.
Chapter 4. Network Configuration Basic Configuration On the Basic Configuration page, general settings for the Telecommuting Module are made. The most important one for getting started is the DNS server. General Name of this Telecommuting Module Here, you can give your 3Com VCX IP Telecommuting Module a name. The name of the Telecommuting Module is displayed in the title bar of your web browser. This can be a good idea if you administer several Telecommuting Modules.
Chapter 4. Network Configuration Ping is a way of finding out whether a computer is working. See appendix C of the User Manual for further information on ping. DNS Servers Here, you configure DNS servers for the Telecommuting Module. The servers are used in the order they appear in this table, which means that the Telecommuting Module uses the top server to resolve DNS records until it doesn’t reply. Only then is server number two contacted. No.
Chapter 4. Network Configuration Save Saves the Basic Configuration configuration to the preliminary configuration. Cancel Reverts all the above fields to their previous configuration. Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered above.
Chapter 4.
Chapter 5. SIP Configuration SIP (Session Initiation Protocol) is a protocol for creating and terminating various media stream sessions over an IP network. It is for example used for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination of a session with one or more participants. The protocol makes it possible for the participants to agree on what media types they should share.
Chapter 5. SIP Configuration Transport Select which SIP signaling transports should be allowed on this port. Comment Enter a comment to remind yourself why you added the port. Delete Row If you select this box, the row is deleted when you click on Create new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. Provisioning Relay Remote phones usually need to access your PBX for provisioning.
Chapter 5. SIP Configuration Public IP address for NATed Telecommuting Module Sometimes, the Telecommuting Module is located behind a NAT box that is not SIP-aware. This will make signaling go awry, with the result that in many cases there will be voice in only one direction. This can be corrected by entering the public IP address that the Telecommuting Module will appear to have.
Chapter 5. SIP Configuration Transport Select the transport to be monitored on that host. This should be the transport to use for SIP signaling. Delete Row If you select this box, the row is deleted when you click on Create new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. SIP Logging The same settings can also be found on the Logging Configuration page under Logging.
Chapter 5. SIP Configuration Log class for SIP errors The Telecommuting Module sends a message if there are any SIP errors. Select a log class for these log messages. Log class for SIP media messages The Telecommuting Module creates log messages about when media streams are set up and torn down. Select a log class for these messages. Log class for SIP debug messages The Telecommuting Module logs a lot of status messages, for example the SIP initiation phase of a reboot.
Chapter 5. SIP Configuration Domain Enter the domain name of the SIP domain. This domain is compared to the domain in the Request-URI of the incoming SIP packet. You can’t enter a domain that was entered in the Local SIP Domains table. Relay To DNS Name Or IP Address Enter the IP address for the SIP server handling the domain. You can also enter a DNS name for the SIP server, if it has a DNS-resolvable host name, even if the SIP domain is not possible to look up in DNS.
Chapter 5. SIP Configuration Delete Row If you select this box, the row is deleted when you click on Create new rows, Save, or Look up all IP addresses again. Create Enter the number of new groups and rows you want to add to the table, and then click on Create. Filtering On the Filtering page you select the MIME types you want to let through, if the Telecommuting Module should forward any other SIP traffic than just IP telephony or instant messages.
Chapter 5. SIP Configuration Delete Row If you select this box, the row is deleted when you click on Create new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. Default Policy For SIP Requests Select what to do with SIP requests that do not match any of the Proxy Rules.
Chapter 5. SIP Configuration Allow Select if the Telecommuting Module should allow (On) or reject (Off) this content type in SIP signaling. Delete Row If you select this box, the row is deleted when you click on Create new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create.
Chapter 5. SIP Configuration When you select this, the Telecommuting Module makes no checks of incoming SIP URIs. It becomes possible in theory to trick the Telecommuting Module to send SIP packets anywhere, so security is drastically reduced. Keep username in URIs will make the Telecommuting Module keep the original username pare of the Contact URI, and only replace the domain part.
Chapter 5. SIP Configuration You also specify which IP address the Telecommuting Module will use when it forwards this SIP signaling to the server on the LAN. In this way, the trunk signaling and remote client signaling will be separated for the PBX. IP Address for Remote Clients Select which IP address remote clients connect to. This can be the same IP address as is used by the SIP provider, but then you need to select a different signaling port below.
Chapter 5. SIP Configuration Media Route Usually, media is always sent via the Telecommuting Module when the Remote NAT Traversal feature is used. For clients behind the same NAT, media can be made to go directly between the clients, to lower the Telecommuting Module and network load.
Chapter 6. Administration of the Telecommuting Module You also need to configure who can access the Telecommuting Module web interface. This is done on the Access Control page under Basic Configuration. Remember that the configuration you see in the web interface (preliminary configuration) isn’t necessarily the work configuration (permanent configuration) of the Telecommuting Module. When all configuration is made in the web interface, it must be applied.
Chapter 6. Administration of the Telecommuting Module User Authentication For Web Interface Access Select the mode of administrator authentication for logins via the web interface: Local users, via a RADIUS database, or a choice between the two alternatives at login (Local users or RADIUS database). Local administrator users and their passwords are defined on the User Administration page under Administration.
Chapter 6. Administration of the Telecommuting Module Configuration via HTTP Select which IP address and port the Telecommuting Module administrator should direct her web browser to when HTTP is used for Telecommuting Module configuration. You can select from the Telecommuting Module IP addresses configured on the Interface pages under Network Configuration. You can use different IP addresses for HTTP, HTTPS, and SSH configuration.
Chapter 6. Administration of the Telecommuting Module No. The No. field determines the order of the lines. The order is important in deciding what is logged and warned for. The Telecommuting Module uses the first line that matches the configuration traffic. Perhaps you want to configure the Telecommuting Module so that configuration traffic from one specific computer is simply logged while traffic from the rest of that computer’s network is both logged and generates alarms.
Chapter 6. Administration of the Telecommuting Module SSH Check the check box if this computer/network should be allowed to configure the Telecommuting Module via SSH. HTTP Check the check box if this computer/network should be allowed to configure the Telecommuting Module via HTTP. HTTPS Check the check box if this computer/network should be allowed to configure the Telecommuting Module via HTTPS.
Chapter 6. Administration of the Telecommuting Module Cancel Reverts all the above fields to their previous configuration. Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page. This button will only be visible if a DNS server has been configured.
Chapter 6. Administration of the Telecommuting Module Save configuration saves your preliminary configuration to the permanent configuration and puts it into use. Continue testing shows a new page with only the other two buttons. Revert cancels this test of the preliminary configuration without saving. If you do not press any button within the time limit, the Telecommuting Module will revert to the old permanent configuration, just as if you had pressed Revert.
Chapter 6. Administration of the Telecommuting Module Load from diskette Insert the diskette with the saved configuration into the Telecommuting Module’s floppy drive and press Load from diskette. Do not remove the diskette until the light on the floppy drive goes out. The contents of the diskette are now loaded in the preliminary configuration. Save to local file Press Save to local file to save the preliminary configuration to the file you have selected.
Chapter 6. Administration of the Telecommuting Module Revert to Old Configurations You can revert to old configurations of the Telecommuting Module, either back to the last configuration successfully applied, or to the configuration delivered with your Telecommuting Module from the factory. Abort All Edits Abort all edits copies the permanent configuration to the preliminary configuration. All changes made in the preliminary configuration are deleted.
Chapter 6.
Chapter 7. Firewall and Client Configuration Additional configuration for the firewall and the SIP clients is required to make the Telecommuting Module work properly. The amount and nature of the configuration depends on which Telecommuting Module Type was selected.
Chapter 7. Firewall and Client Configuration • Let through TCP traffic between the Internet (all high ports) and the Telecommuting Module (ports 1024-32767). You must allow traffic in both directions. • Let through TCP traffic between the internal networks (all high ports) and the Telecommuting Module (ports 1024-32767). You must allow traffic in both directions.
Chapter 7. Firewall and Client Configuration The Firewall The firewall to which the Telecommuting Module is connected should have the following configuration: SIP over UDP • Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (port 5060). You must allow traffic in both directions. • Let through UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval for media streams which was set on the Basic Settings page).
Chapter 7. Firewall and Client Configuration The SIP clients SIP clients will use the Telecommuting Module as their outgoing SIP proxy and as their registrar (if they can’t be configured with the domain only). If you don’t want to use the Telecommuting Module as the registrar, you should point the clients to the SIP registrar you want to use.
Index apply configuration, 52 authentication of administrator, 48 backup, 53 Basic configuration SIP, 35 CLI file save to, 54 upload, 54 configuration apply, 52 IP address, 48 permanent, 4 preliminary, 4 use protocol, 48 via HTTPS, 49 configuration computers, 49 configuration interface, 47 Content types, 42 default domain, 31 default gateway, 24 directly connected networks, 20 DMZ type, 17 configuration of DNS server, 58 configuration of firewall, 57 configuration of SIP clients, 58 DMZ/LAN type, 18 c
