User's Manual

ManualsBrandsNortel Networks ManualsAmplified PhoneNortel Networks Amplified Phone 2212

Nortel Communication Server 1000

Nortel Networks Communication Server 1000 Release 4.5

WLAN Handset 2212

Installation and Configuration for VPN

Document Number: 553-3001-229

Document Release: Standard 1.00

Date: November 2005

Year Publish FCC TM

Produced in Canada

Information is subject to change without notice. Nortel Networks reserves the right to make changes in design

or components as progress in engineering and manufacturing may warrant.

Nortel, Nortel (Logo), the Globemark, This is the Way, This is Nortel (Design mark), SL-1, Meridian 1, and

Succession are trademarks of Nortel Networks.

Title page

Summary of content (64 pages)

PAGE 1
Title page Nortel Communication Server 1000 Nortel Networks Communication Server 1000 Release 4.5 WLAN Handset 2212 Installation and Configuration for VPN Document Number: 553-3001-229 Document Release: Standard 1.00 Date: November 2005 Year Publish FCC TM Copyright © Nortel Networks Limited 2005 All Rights Reserved Produced in Canada Information is subject to change without notice.
PAGE 2
PAGE 3
4 Page 3 of 62 Revision history November 2005 Standard 1.00. This document is a new NTP issued to support Communication Server 1000 Release 4.5.
PAGE 4
Page 4 of 62 553-3001-229 Standard 1.
PAGE 5
6 Page 5 of 62 Contents List of procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 7 How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 About this document . . . . . . . . . . . . . . . . . . . . . . . 11 Subject .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Applicable systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Intended audience . . . . . . . . . . . . . . .
PAGE 6
Page 6 of 62 553-3001-229 Contents Introduction .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 The DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Checking connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 DHCP relay .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 IP address pool configuration . . . . . . . . . . . .
PAGE 7
8 Page 7 of 62 List of procedures Procedure 1 Configuring the VPN router . . . . . . . . . . . . . . . . . . . . . . 19 Procedure 2 Installing licence keys . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Procedure 3 Disabling the DHCP server . . . . . . . . . . . . . . . . . . . . . . . 29 Procedure 4 Enabling the DHCP relay . . . . . . . . . . . . . . . . . . . . . . . . 31 Procedure 5 Configuring an IP address pool . . . . . . . . . . . . . . . . . . .
PAGE 8
Page 8 of 62 List of procedures Procedure 11 Configuring the second interface . . . . . . . . . . . . . . . . . 48 Procedure 12 Configuring the firewall . . . . . . . . . . . . . . . . . . . . . . . . . 52 Procedure 13 Configuring the WLAN Handset 2212 using the cradle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Procedure 14 Configuring the WLAN Handset 2212 using the screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 9
10 Page 9 of 62 How to get help This section explains how to get help for Nortel products and services. Getting Help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
PAGE 10
Page 10 of 62 How to get help Outside North America, go to the following Web site to obtain the phone number for your region: www.nortel.com/callus Getting Help from a specialist by using an Express Routing Code To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: www.nortel.
PAGE 11
14 Page 11 of 62 About this document This document is a global document. Contact your system supplier or your Nortel representative to verify that the hardware and software described are supported in your area. Subject This document describes the installation and configuration of a WLAN Handset 2212 on a Virtual Private Network. Note on legacy products and releases This NTP contains information about systems, components, and features that are compatible with Nortel Communication Server 1000 Release 4.
PAGE 12
Page 12 of 62 About this document • Communication Server 1000M Multi Group (CS 1000M MG) • Communication Server 1000E (CS 1000E) • Meridian 1 PBX 11C Chassis • Meridian 1 PBX 11C Cabinet • Meridian 1 PBX 51C • Meridian 1 PBX 61C • Meridian 1 PBX 81 • Meridian 1 PBX 81C Note: When upgrading software, memory upgrades may be required on the Signaling Server, the Call Server, or both. System migration When particular Meridian 1 systems are upgraded to run CS 1000 Release 4.
PAGE 13
About this document Page 13 of 62 • Communication Server 1000M and Meridian 1: Large System Upgrade Procedures (553-3021-258) • Communication Server 1000S: Upgrade Procedures (553-3031-258) • Communication Server 1000E: Upgrade Procedures (553-3041-258) Intended audience This document is intended for individuals responsible for installing, configuring, operating, and maintaining the WLAN Handset 2212.
PAGE 14
Page 14 of 62 About this document • Meridian 1 PBX 61C • Meridian 1 PBX 81 • Meridian 1 PBX 81C Related information This section lists information sources that relate to this document. Online To access Nortel documentation online, click the Technical Documentation link under Support & Training on the Nortel home page: www.nortel.com CD-ROM To obtain Nortel documentation on CD-ROM, contact your Nortel customer representative. 553-3001-229 Standard 1.
PAGE 15
18 Page 15 of 62 Overview Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Code and key code requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Scope of this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 16
Page 16 of 62 Overview IMPORTANT! The latest software version is required to support the features described in this document. Code and key code requirements Before configuring the WLAN Handset 2212, you must ensure the various components are using the proper versions of software. Table 2 lists the components and software versions: Table 2 Required components and software versions Component Software Version WLAN Handset 2212 097.060 WLAN IP Telephony Manager 2245 17x.
PAGE 17
Overview Page 17 of 62 The configuration in this document This document describes the configuration of the supported architecture shown in Figure 1.
PAGE 18
Page 18 of 62 Overview IMPORTANT! The figures in this document are examples of the types and format of the information required for a specific step. Substitute information for your site accordingly. 553-3001-229 Standard 1.
PAGE 19
28 Page 19 of 62 Getting started Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Configuring the Contivity VPN router . . . . . . . . . . . . . . . . . . . . . . . . . 19 Installing the Licence Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 20
Page 20 of 62 Getting started 5 Click on the + beside Ports. The Ports list expands. 6 Right click Communications Ports (COM 1) and select Properties. The Communications Ports (COM 1) Properties window appears. 7 Select the Port Settings tab. 8 Ensure the settings are configured as shown in Figure 2. Figure 2 COM1 settings 9 Connect to the wireless gateway through the console cable. 10 Access the wireless gateway using Hyper Terminal.
PAGE 21
Getting started Page 21 of 62 Figure 3 Main Menu 12 Enter 1.
PAGE 22
Page 22 of 62 Getting started Figure 4 Interface menu 13 Enter 0. The Private - Trusted Interface window appears, as shown in Figure 5 Figure 5 Private - Trusted Interface 14 Enter the following: a. 553-3001-229 Management IP Address Standard 1.
PAGE 23
Getting started b. Interface IP Address c. Subnet Mask Page 23 of 62 15 Enter R to go back to the Main Menu. 16 Enter 3. The Default Private Route Menu appears, as shown in Figure 6 Figure 6 Default Private Route Menu 17 Enter A. 18 Enter a static route to point all the traffic to the default gateway in the Please enter the new gateway address field. 19 Enter a cost in the Please enter the cost field. The default value is 1. 20 Enter R to return to the Main Menu.
PAGE 24
Page 24 of 62 Getting started 22 Check the connectivity. a. Log back into your system. b. Open a command line window. c. Ping the gateway. If you are able to ping the gateway, the VPN router is configured properly. 23 Open Microsoft Internet Explorer. 24 Enter the Management IP address of the VPN router in the Address bar. 25 Click Manage Switch. The IP Services Gateway home page appears, as shown in Figure 7 on page 25. 553-3001-229 Standard 1.
PAGE 25
Getting started Page 25 of 62 Figure 7 IP Services Gateway home page 26 Enter your login and password. You can now carry out any required administrative duties.
PAGE 26
Page 26 of 62 Getting started Installing the Licence Keys Use Procedure 2 to install licence keys. IMPORTANT! The Contivity Stateful Firewall key must be installed for the solution to work. Procedure 2 Installing licence keys 1 In the Contivity Secure IP Services Gateway navigator, select ADMIN > Licence Keys. 2 The Key Installation window appears, as shown in Figure 8. Figure 8 Key Installation 3 553-3001-229 Enter the licence keys in the appropriate fields. Standard 1.
PAGE 27
Getting started 4 Page 27 of 62 Click OK.
PAGE 28
Page 28 of 62 553-3001-229 Getting started Standard 1.
PAGE 29
32 Page 29 of 62 DHCP options Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 The DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Checking connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 DHCP relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 30
Page 30 of 62 DHCP options Figure 9 DHCP Server options 2 Clear the DHCP Enabled Server check box. 3 Click OK. End of Procedure Checking connectivity Test the connectivity for possible routing errors. Open the Console port and ping the DHCP Server, WLAN Application Gateway 2246 and the PBX. 553-3001-229 Standard 1.
PAGE 31
DHCP options Page 31 of 62 DHCP relay Use Procedure 4 to enable the DHCP Relay. Procedure 4 Enabling the DHCP relay 1 In the Contivity Secure IP Services Gateway navigator, select SERVERS > DHCP Relay. The DHCP Relay Options window appears, as shown in Figure 10. Figure 10 DHCP Relay options 2 Select Enabled. Note: Ensure that you add appropriate routes in your network so that the DHCP response from the DHCP server reaches the VPN router. 3 Click OK.
PAGE 32
Page 32 of 62 553-3001-229 DHCP options Standard 1.
PAGE 33
36 Page 33 of 62 IP address pool configuration Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 IP address pools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Proxy ARP and tunnel-to-tunnel traffic . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 34
Page 34 of 62 IP address pool configuration Figure 11 Add an IP address pool 2 Click Add. The Address Pool Information window appears, as shown in Figure 12. Figure 12 Address pool details 553-3001-229 3 Enter a Starting IP Address. 4 Enter an Ending IP Address. Standard 1.
PAGE 35
IP address pool configuration 5 Enter a Subnet Mask. 6 Select New. 7 Enter a name for the new pool in the text box. 8 Click Apply to save the details. 9 Click OK. Page 35 of 62 The User IPaddr window appears, as shown in Figure 13. Figure 13 Address pool Proxy ARP and tunnel-to-tunnel traffic Use Procedure 6 to enable proxy ARP and tunnel-to-tunnel traffic.
PAGE 36
Page 36 of 62 IP address pool configuration Figure 14 Forwarding options 2 In the Proxy ARP section, select the route type you want to enable. 3 Select Allow End User to End User. 4 Click OK. End of Procedure 553-3001-229 Standard 1.
PAGE 37
44 Page 37 of 62 IPsec options and groups Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 IPsec global variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 WLAN Handset 2212 group definition. . . . . . . . . . . . . . . . . . . . . . . . . 39 WLAN Handset 2212 group IPsec variables . . . . . . . . . . . . . . . . . . . .
PAGE 38
Page 38 of 62 IPsec options and groups Figure 15 IPsec global variables 553-3001-229 Standard 1.
PAGE 39
IPsec options and groups Page 39 of 62 2 Select all the options in the Authentication, Encryption, and IKE Encryption and Diffie-Hellmann Group sections. 3 Click OK. End of Procedure WLAN Handset 2212 group definition Use Procedure 8 to create a WLAN Handset 2212 group. Procedure 8 Defining a WLAN Handset 2212 group 1 In the Contivity Secure IP Services Gateway navigator, select PROFILES > Groups. The Add Groups window appears, as shown in Figure 17 on page 40 Figure 16 Add groups 2 Click Add.
PAGE 40
Page 40 of 62 IPsec options and groups Figure 17 Group details 4 Click Apply. 5 Click OK. End of Procedure WLAN Handset 2212 group IPsec variables Use Procedure 9 to set IPsec variables for a WLAN Handset 2212 group. Procedure 9 Setting IPsec variables for a WLAN Handset 2212 group 1 In the Contivity Secure IP Services Gateway navigator, select PROFILES > Groups. The Add Groups window appears, as shown in Figure 18 on page 41. 553-3001-229 Standard 1.
PAGE 41
IPsec options and groups Page 41 of 62 Figure 18 Add groups 2 Click Edit next to the group for which you want to set the variables. The IPsec Variables window appears. The Connectivity section is shown in Figure 19 on page 42; the IPsec section is shown in Figure 20 on page 43.
PAGE 42
Page 42 of 62 IPsec options and groups Figure 19 IPsec variables - Connectivity section 3 553-3001-229 Configure the Connectivity variables. a. Click Configure in the Connectivity section. b. If you intend to use the same unit, set Number of Logins to 1. c. Enter an ID for the Address Pool Name. Standard 1.
PAGE 43
IPsec options and groups Page 43 of 62 Figure 20 IPsec variables - IPsec section WLAN Handset 2212 Installation and Configuration for VPN
PAGE 44
Page 44 of 62 IPsec options and groups 4 Configure the IPsec variables. a. Click Configure in the IPsec section. b. Enable the following items (indicated by arrows in Figure 20 on page 43): c.
PAGE 45
56 Page 45 of 62 Users, interface and firewall configuration Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 User accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Second interface configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Firewall configuration . . . . . . . . . . . . . . . . . . . . . .
PAGE 46
Page 46 of 62 Users, interface and firewall configuration Figure 21 Adding users 2 Click Add User, as indicated by the arrow. The Users Details window appears, as shown in Figure 22 on page 47 553-3001-229 Standard 1.
PAGE 47
Users, interface and firewall configuration Page 47 of 62 Figure 22 User details 3 In the General section, enter a First and Last name. 4 Select the Group to which the user will belong. 5 In the User Accounts section, enter a User ID and Password. 6 Re-enter the password. 7 Click OK.
PAGE 48
Page 48 of 62 Users, interface and firewall configuration Second interface configuration Use Procedure 11 to configure the second interface. Procedure 11 Configuring the second interface 1 In the Contivity Secure IP Services Gateway navigator, select SYSTEM > Users. The Second Interface window appears, as shown in Figure 23. Figure 23 Configuring second interface 2 Click Configure (as indicated by the arrow). The Second Interface detail window appears, as shown in Figure 24 on page 49.
PAGE 49
Users, interface and firewall configuration Page 49 of 62 Figure 24 Second interface details 3 In the Configuration section, select Private for Interface Type. 4 In the 802.1Q section, select Disabled for State. 5 Reboot the computer for the settings to take effect. Note: The need to reboot may depend on the router model as there may be a spare private interface on the model. 6 Once the computer has rebooted, reload the second interface window.
PAGE 50
Page 50 of 62 Users, interface and firewall configuration Figure 25 Cancel acquisition 7 Click Cancel acquisition. The Second Interface page reloads as shown in Figure 26 on page 51. 553-3001-229 Standard 1.
PAGE 51
Users, interface and firewall configuration Page 51 of 62 Figure 26 Select protocol 8 Select IP in the Select Protocol list. 9 Click Apply.
PAGE 52
Page 52 of 62 Users, interface and firewall configuration Firewall configuration Use Procedure 12 configure the firewall. Procedure 12 Configuring the firewall 1 In the Contivity Secure IP Services Gateway navigator, select SERVICES > Firewall/NAT. The Firewall Options window appears, as shown in Figure 27. Figure 27 Firewall options 553-3001-229 2 Select Contivity Firewall. 3 Select Contivity Stateful Firewall. 4 Clear Contivity Interface Filter. 5 Clear Interface NAT.
PAGE 53
Users, interface and firewall configuration 7 Page 53 of 62 Click OK. Note: Do not leave this step for later as mobile clients will be unable to get an IP address via DHCP. 8 After the wireless gateway has rebooted, click Manage Policies (as indicated by the arrow). 9 Enter the login and password you entered when you created the user account in “User accounts” on page 45. The Firewall Policies window appears, as shown in Figure 28. Figure 28 Firewall policies 10 Click New.
PAGE 54
Page 54 of 62 Users, interface and firewall configuration Figure 29 New policy 11 Enter a name for the new firewall policy. 12 Click OK. The new policy is created and the Firewall Policy-Edit window appears, as shown in “Edit firewall policy” on page 54. Figure 30 Edit firewall policy 13 Select the Override Rules tab. 553-3001-229 Standard 1.
PAGE 55
Users, interface and firewall configuration Page 55 of 62 14 Right-click in the tab and select Add New Rule. A set of default rules is created on the tab as shown in Figure 31. Figure 31 Override Rules 15 Select the Default Rules tab. 16 Right-click in the tab and select Add New Rule. A set of default rules is created on the tab as shown in Figure 32 Figure 32 Default Rules 17 Select Manager > CSF/NAT. 18 Click Yes to exit 19 Click Yes to save the changes, and return to the Firewall Options page.
PAGE 56
Page 56 of 62 Users, interface and firewall configuration 21 Click OK. End of Procedure 553-3001-229 Standard 1.
PAGE 57
62 Page 57 of 62 Handset configuration Contents This section contains information on the following topics: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Configuring the handset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Introduction This section describes how to configure the WLAN Handset 2212.
PAGE 58
Page 58 of 62 Handset configuration Procedure 13 Configuring the WLAN Handset 2212 using the cradle 1 Before you begin, do the following: a. Remove the battery before placing the handset in the cradle b. Connect the serial cable to the COM port. c. Load the latest software (0.60 or later) on the telephone. The configuration cradle only works with Phase II software (0.60 or later). 2 Decompress the configuration cradle file (version 2.11.02) to a folder on the hard drive.
PAGE 59
Handset configuration Page 59 of 62 Figure 34 Config Cradle with VPN Settings 6 Click Save. End of Procedure Handset screen method Use Procedure 14 to configure the WLAN Handset 2212 using the screen method. Procedure 14 Configuring the WLAN Handset 2212 using the screen 1 Turn on the handset. 2 To access the Configuration menu, press the green key and red key simultaneously, then release the green key first. The Configuration menu appears on the display, as shown in Figure 35 on page 60.
PAGE 60
Page 60 of 62 Handset configuration Figure 35 Configuration menu 3 4 5 6 7 Set the Licence Option. a. Select Phone Config > License Option. b. Enter 010 using the keypad on the handset. c. Select Save. Set the Terminal Type. a. Select Phone Config > License Option. b. Select i2004. c. Select Save. Set the DHCP IP address. a. Select Network Config > IP Addresses > Use DHCP. b. Select OK. Set the VPN Server IP address. a.
PAGE 61
Handset configuration 8 9 b. Set Mode to Aggressive. c. Select OK. Page 61 of 62 Set your password. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP > Preshared Key > Alphanumeric. b. Enter your password. c. Select Save. Set the Phase 1 authentication parameters. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 1 - ISAKMP. b. Select Diffie-Hellman > Group 1. c. Select OK. d.
PAGE 62
Page 62 of 62 Handset configuration b. Select Init Contact. c. Click OK. d. Select Nortel features. e. Click OK. 13 Set the Phase 2 authentication parameters. a. Select Network Config > Security > Static Entry > VPN > VPN Client IP > IKE Mode Config > Phase 2 - ESP. b. Select Auth. Hash > SHA1. c. Click OK. d. Select Encryption > 3DES. e. Click OK. 14 Set IP address and subnet. a.
PAGE 63
PAGE 64
Family Product Manual Contacts Copyright FCC notice Trademarks Document number Product release Document release Date Publish Nortel Communication Server 1000 WLAN Handset 2212 Installation and Configuration for VPN Copyright © Nortel Networks Limited 2005 All Rights Reserved Information is subject to change without notice. Nortel Networks reserves the right to make changes in design or components as progress in engineering and manufacturing may warrant.