Beruflich Dokumente
Kultur Dokumente
PUNJAB COLLEGE OF
ENGINEERING & TECHNOLOGY
[Affiliated to Punjab Technical University]
“VPN
TECHNOLOGY”
An Integral Part
Of Networking
CERTIFICATE
project work has not been submitted earlier for the award of any degree or diploma
Date: Signature of
the Guide
For Tulip
Telecom Ltd.
Self Certificate
the partial fulfillment of the requirements for the award of the degree of
DARSHAN PATHAK.
The matter embodied in this project work has not been submitted earlier for award
PRAVESH
510031259
ACKNOWLEDGEMENT
This Industrial Training project is not the result of only my hard work but
there are so many peoples are involved in this project. I greatly and heartily thanks
to all of them for their contribution in this project. Special thanks to my talented and
polite guides Mr. Anurag Sood, Mr. Darshan Pathak & Mr. Bhanu Sharma without
them the my training would not be successful. They worked on this project as
developmental editor and advisor and offered their help generously when needed in
every aspect of my training. Thanks for their technical help for scrutinizing every
problem I faced during this tenure of training. To the guide colleges who has done
more than I can guess to keep this project in order and on schedule. I wish them
luck with their lives, and hope we will meet soon in a future project.
Finally, this project is completed with the Bless of Almighty God and my Parents
affections and my faith in God.
PREFACE
This work has been done as a part of industrial training. This Purpose of industrial
training is to familiarize the students with the present working environment in
country and outside
To provide the students with the opportunity to study the latest technical trends
those have been established as well as one that what they are learning during the
period of industrial training will certainly help them to develop their potential and
technical skills.
What adds to the company’s credibility is the quality of the network it has
been successful in providing to the interiors of many states. Tulip’s worth
mentioning Akshaya project in Malappuram district of Kerala is based on
last mile connectivity model which provides an area wide data connectivity
network with an always-on internet model that runs on fiber and reaches
connectivity to the last mile on wireless in much less cost and time.
According to a Frost and Sullivan report, Tulip Telecom is the largest
MPLS VPN service provider with a market share of 28%.
Tulip was also short-listed as one of the 6 finalists in the Asia Innovation
Awards by the Wall Street Journal at GES Singapore for its innovative use
of wireless on the Last Mile
Tulip Connect
We provide both inter-city as well as intra-city connectivity based upon the clients’
requirements.
Tulip inter-city network is based on optical fiber cable provided by multiple service
providers. The network is created in mesh architecture so that if any link does fail,
there are multiple alternate routes available. Consequently, Tulip network has an
inbuilt redundancy and provides the highest levels of uptime. In addition, Tulip has
expanded its network reach to more than 300 cities in India and thus we can provide
you connectivity anywhere in India.
The last mile connectivity is entirely based on wireless, using radio frequency
technology in Point-to-Point and Point-to-Multipoint applications. Licensed
frequencies are in major cities to overcome the interference issues.
Our list of clients includes prestigious companies like the largest banks, service
providers, media companies, government enterprises, call centers / BPO's and
corporates.
Rural Connectivity
Tulip IT Services was selected as the service provider for Malappuram after
they came up with a cost-effective and terrain-friendly last-mile solutions for
the Akshaya Internet community centres housed there.
All the options for connectivity, like fiber, cable and leased line, were
explored by the state. Given the undulating hilly and highly vegetated terrain
of the place, wireless emerged as the most feasible option in terms of cost
and logistics in the deployment of the network.
each other.
2) Virtual: it ia virtual because hosts are not physically connected but,
is configured privately only for their usage which is actually not true.
Using VPN connectivity Client can access directly to all remote location
same as they would have accessed it while physically present there.
INTRODUCTION TO VPN
The World has changed a lot in the last couple of decades. Instead of
simply dealing with local or regional concerns, many businesses now
have to think about global markets and logistics. Many companies
have facilities spread out across the country or around the world, and
there is one thing that all of them need: A way to maintain fast, secure
and reliable communication wherever their offices are.
Basically, a VPN is a private network that uses a public network (usually the
Internet) to connect remote sites or users together. Instead of using a
dedicated, real-world connection such as leased line, a VPN uses "virtual"
connections routed through the Internet from the company's private network
to the remote site or employee. In this article, you will gain a fundamental
understanding of VPNs, and learn about basic VPN components,
technologies, tunneling and security.
WHAT MAKES A VPN ?
• Security
• Reliability
• Scalability
• Network management
• Policy management
TYPES OF VPN
Examples of the three types of VPN
2) Site-to-Site VPN
1) INTERNET VPN
2) INTRANET VPN
Remote-Access VPN
.
Site-to-Site VPN
As we know that security is very important for any system in such way VPN
system is also uses many security techniques. A well-designed VPN uses
several methods for keeping your connection and data secure:
• Firewalls
• Encryption
• IPSec
• AAA Server
FIREWALLS
A Firewall provides a strong barrier between your private network and the
Internet. You can set firewalls to restrict the number of open ports, what
type of packets are passed through and which protocols are allowed
through. Some VPN products, such as CISCO 1700 series router, can be
upgraded to include firewall capabilities by running the appropriate Cisco
IOS on them. You should already have a good firewall in place before you
implement a VPN, but a firewall can also be used to terminate the VPN
sessions
ENCRYPTION
Encryption is the process of taking all the data that one computer is sending
to another and encoding it into a form that only the other computer will be
able to decode. Most Computer encryption techniques belong to one of two
categories:
• Symmetric-key encryption
• Public-key encryption
•
IPSec
Internet Protocol Security Protocol (IPSec) provides enhanced security
features such as better encryption algorithms and more comprehensive
authentication.
IPSec has two encryption modes: tunnel and transport. Tunnel encrypts
the header and the payload of each packet while transport only encrypts the
payload. Only systems that are IPSec compliant can take advantage of this
protocol. Also, all devices must use a common key and the firewalls of each
network must have very similar security policies set up. IPSec can encrypt
data between various devices, such as:
• Router to router
• Firewall to router
• PC to router
• PC to server
AAA Servers
AAA (authentication, authorization and accounting) servers are used for
more secure access in a remote-access VPN environment. When a request
to establish a session comes in from a dial-up client, the request is proxied
to the AAA server. AAA then checks the following:
The accounting information is especially useful for tracking client use for
security auditing, billing or reporting purposes.
CONCEPT OF TUNNELING
Most VPNs rely on tunneling to create a private network that reaches
across the Internet. Essentially, tunneling is the process of placing an entire
packet within another packet and sending it over a network. The protocol of
the outer packet is understood by the network and both points, called
tunnel interfaces, where the packet enters and exits the network.
Tunneling has amazing implications for VPNs. For example, you can place
a packet that uses a protocol not supported on the Internet (such as
NetBeui) inside an IP packet and send it safely over the Internet. Or you
could put a packet that uses a private (non-routable) IP address inside a
packet that uses a globally unique IP address to extend a private network
over the Internet.
A Tunneling Demonstration
Site-to-Site Tunneling
Remote-Access Tunneling
In a remote-access VPN, tunneling normally takes place using PPP. Part of
the TCP/IP stack, PPP is the carrier for other IP protocols when
communicating over the network between the host computer and a remote
system. Remote-access VPN tunneling relies on PPP.
Each of the protocols listed below were built using the basic structure of
PPP and are used by remote-access VPNs.
5 .3 GHZ R AD W I N
JA N AKP U RI
PITAMP.
5.3 G HZ, IN FINE T
G H ITTO R N I 2 .7 GH Z 1 3G H Z
A IRSP AN
Lajp atN ag ar
W ITCO M
2.7 G HZ,
FIBE R A IRS P A N
RF BA CK UP
TU LIP OKH LA
M E TRO E TH E RN E T 5 .3 GH Z
R A DW IN
N FC
R aje ndr apla c e CP
RA JIN D RA PL A CE
LIFE CYCLE OF VPN CONNECTIVITY
1. CUSTOMER REQUIRMENT.
2. SURVEY
Every system has a life cycle so as that VPN too have a life cycle the life
cycle of any VPN begins with customer requirement face. Generally the
requirement of the customer is of two types
a) If a company has one or more remote locations that they wish to join in a
single private network, they can create an intranet VPN to connect LAN to
LAN
Depending on the requirement tulip send its sales person for further queries.
Like that of the bandwidth required, what kind of data transfer will it be
voice or simple file transfer, or he wants to run a application like SAP or
other. Sales officer tells the approximations of the link installation. And he
forwards a report to the back office for the survey report. Then afterwards
the project manager decides the team size to implement the different links .
The followed is the details of all the work performed at both client as
well as Tulip Side.
4) VOIP PHONES
5) VIDEO CONFRENSING
New Installation :
3) Frequency Interference.
4) Conflicting IP.
INSPECTION OF CPE :
Firepro deliver Point-to-Multipoint and point-to-point solutions for both licensed and unlicensed spectrums. We also
provide breakthrough in self-install, scalability, Non-Line-Of-Sight (NLOS) coverage, State of the art QoS, Video, VoIP
and various other applications.....
BSR
The BSR, installed at the Base Station, is an encased outdoor radio module
providing a 9 pin D-type port for
RS-232 serial interface and a 15 pin D-type port for data, synchronization,
and power interfaces. The BSR is available in two models: BSR with an
integral antenna (BSR 900 MHz TDD V-pol); BSR with two N-type ports
(displayed below) for attaching up to two external antennas (BSR 900 MHz
TDD Dual Ext).
SPR
The SPR is an encased CPE outdoor radio module providing access to a 15 pin D-
type port for Ethernet, serial, and power interfaces. The SPR model is available in
two models: SPR with an integral antenna (SPRL
900MHz TDD V-pol) and SPR with an N-type port for attaching an external antenna
(SPR 900MHz TDD Ext).
Site preparation and planning
1. Minimum obstructions (e.g. buildings) in the radio path between the Base
Station radio (i.e. BSR) and the
subscriber radios (i.e. SPR/IDR).
- The root mean square (RMS) delay spread at the Base Station is
substantially higher.
Pole Mounting
The BSR and SPR can be pole mounted to avoid radio wave obstructions
between BSR and SPR. The
supplied pole-mounting bracket is designed to support the BSR/SPR on a
round pole of 45mm diameter.
2. Attach the clamping bracket to the mounting bracket using two M8-stainless steel
bolts.
3. Attach the Clamping bracket to the pole by placing the two U-bolts around the pole,
and then inserting the U-bolt through the Clamping bracket and securing it by screwing
the two bolts on the U-bolt.
4. Adjust the vertical position of the BSR/SPR. Lock the BSR/SPR at the desired position
by inserting the locking bolt in the desired position. Once the correct angle has been set
both bolts must be tightened to lock the BSR/SPR bracket in place.
5. Adjust the BSR/SPR horizontal position by rotating the BSR/SPR about the pole, and
then tightens the Ubolt.BSR/SPR positioning is obtained in two planes by adjustment of
the mounting bracket assembly as shown
in the figure below.
Cabling
5
BSR-to-BSDU Cabling
The BSR interfaces with the provider’s backbone through the BSDU (or
SDA). The BSR connects to the BSDU using a CAT 5 cable. (The BSR-
to-SDA cabling is the same as SPR-to-SDA cabling.
Cable connection
1. Connect the 15-pin D-type male connector to the BSR’s 15-pin port.
2. Connect the 15-pin D-type male connector, at the other end of the CAT
5 cable, to one of the BSDU’s 15-pin D-type ports labeled BSR, located on
the BSDU’s rear panel.
SPR-to-SDA Cabling
The SPR interfaces with the subscriber’s Ethernet network (LAN) through
the SDA. The SPR connects to the SDA using a CAT 5 cable.
6
Cable connection
1. Connect the 15-pin D-type male connector, at one end of the CAT 5
cable, to the SPR’s 15-pin port.
2. Connect the 15-pin D-type male connector, at the other end of the CAT
5 cable, to the SDA’s 15-pinD-type
Software Installation
Hardware requirements:
To successfully establish an air and network link between the BSR and
SPRs/IDRs, the following initial configuration settings (using WipConfig)
must exist:
Default settings:-
Airspan’s factory default settings for the AS WipLL devices are listed in the
following table:
BSR Initialization
--Air MAC Address: enter the BSR’s Air MAC address (0x0000
through 0xFFFF), e.g. 0x1200
--Frequency Table ID: enter frequency table number used by BSR
(0 through 63)
8. On the toolbar, click the Write button.
9. On the toolbar, click the Reset button to reset the BSR; A Warning
message box appears.
10. Click Yes to confirm BSR reset.
The figure below displays the BSR configured in the bridge mode.
SPR Initialization
The figure below displays the SPR/IDR configured in the bridge mode.
Analyzing the RF Spectrum
Before setting up your wireless link between Base Station and subscribers,
Airspan recommends analyzing the RF spectrum at the
Base Station to select only clear frequency channels (i.e. without
interferences) for building a frequency table for the wireless transmission.
Airspan recommends using frequencies that are approximately 28, 20, and
12 dB above interference levels to effectively operate in 8- (4 Mbps/3
Mbps), 4-(2 Mbps), and 2-level FSK (1.33 Mbps/1 Mbps), respectively.
Before you can start analyzing the spectrum, you need to define various
parameters in the Spectrum Analyzer.
The Spectrum Analyzer results are plotted on the graph as well as displayed
in the Results table (to access the Results table simply click the Results
tab).
9
Configuring PC’s IP Address
1.Define PC’s (i.e. Ethernet card) IP address so that it’s in same subnet as
the BSR/BSDU.
2.Configure PC’s default gateway with the IP address of the BSR, or with
the IP address of a router if oneexists between the PC and BSR.
4. Select the Use the Following IP Address option, and then enter the
following fields:
--IP Address: PC’s IP address, e.g. 10.0.0.2
--Subnet Mask: PC’s subnet mask address, which must be the same
as the BSR/BSDU (e.g.
255.255.255.0) so that the PC is in the same subnet as the
BSR/BSDU
--Default Gateway: PC’s default gateway, which can be the BSR’s IP
address (e.g. 10.0.0.10), or if a
router exists behind the BSR, then the router’s IP address
5. Click OK.
10
Establishing Link Using WIP manage
Once you have initialized the BSR and SPR/IDR using WipConfig, you need
to add various WipManage elements to establish a viable air and network
link between the BSR and SPR/IDR.
Adding a BS group:-
To add a BS Group:
1. In the Database Tree, right-click , and then from the shortcut menu,
2. In the Group Name field, enter a name for the BS Group, e.g.
“Manhattan_1”, and then click OK.
Adding a BS:-
You can now add a Base Station (BS) to the BS Group you added in the
previous subsection.
To add a BS:
1. In the Database Tree, click the (e.g. “Manahattan_1”) branch to which
you want to add the BS.
2. In the BSs Map view (in the right pane), right-click an empty area, and then from the
shortcut menu choose Add BS; The BS Add dialog box appears.
3. In the BS Name field, enter a name for the BS, e.g. “Times Square”, and then click
OK.
Adding a BSR
To add a BSR:
1. In the Database Tree, double-click the (e.g. “Times Square”) branch.
2. Right-click one of the six blue rectangles in the same row as the BSDU to
which you want to add the BSR, and then from the shortcut menu, choose
Add BSR; The BSR-Add dialog box appears.
3. Click OK; The SPR index #2 icon appears green, as shown below,
indicating that a viable air and network link exists with the SPR/IDR. You
can now manage the SPR/IDR.
Testing BSR/SPR Network Link:-
You can test the BSR-SPR/IDR link by pinging the SPR/IDR from a PC
located behind the BSR.
1.From the PC (IP address 10.0.0.2) behind the BSR, open an MS-DOS
prompt and use the ping – t command to ping the SPR/IDR (IP address
10.0.0.20), e.g. ping 10.0.0.20 – t.
Installation of Radwin Modem
Application
Site A Site B
PBX PBX
Up to 80 km (50 miles)
E1/T1 E1/T1
E1/T1 E1/T1
LAN LAN
Figure1-1. TypicalApplication
Features
Wireless Link
WinLink-1000 delivers up to 48 Mbps data rate for Ethernet and E1/T1 traffic. The
systemsupports a variety of spectrum bands and can be configured to operate in
any channel on the band with a carrier step resolution of 5 MHz.
WinLink-1000 operation complie s with E T S I,C S A and the FCC 47CF R Part 15 and
subpartC and E requirements.
LAN Interface
The WinLink-1000 LAN port provide s 10/100B aseT interfaces with
autonegotiation and transparent VLAN support. Traffic handling is provided by a
MAC-levelself-learningbridge.
TDM Interface
WinLink-1000 System
WinLink-1000 system compris e sthe following units:
Outdoor Unit (ODU): The ODU has 2 configurations:ODU with integrated
antenna and ODU with N-Type connector for connection to an external antenna.
Both ODU types have the same interface to the IDU. The ODU with integrated
antenna has an enclosedaluminum frame with a front sealedplastic cover,
containing an integrated transceiverwith an antenna,RF module,
modem and standardinterfaces.
The ODU is attachedto a mast using a special mounting kit, which is supplied with
the unit.
Indoor Unit (IDU): There are two types of IDU cages . IDU-E that is a plastic
box of ½ x 19 in. and IDU-C that is basedon a metal 19in. box addressthe
carrier-classapplications.IDU is the interface unit between the ODU and the
user. It converts100–240 VAC to -48VDC, and feeds the ODU by it. The IDU
does not store any configuration data. Therefore,there is no need for additional
configuration of the WinLink-1000 system when replacingan IDU.
For the IDU, allow at least90 cm (36 in) of frontal clearancefor operatingand
maintenanceaccessibility.Allow at least10 cm (4 in) clearanceat the rear of the
unit for signal lines and interface cables.
The ambient operatingtemperature should be –45C to 60C/-49F to 140F
(ODU), or -5 C to 45C/23F to 113F (IDU) at a relative humidity of up to
90%, non-condensing.
Package Contents
• Winlink-1000 Managerinstallation CD
IDU-E P ackageContents:
• IDU-E
• 110V/240V adaptor
• SpareR J-45connector
• For DC model, -48 VDC with 3-pin terminal block connector (green)
• SpareR J-45connector
3. Connectingpower.
2. Attach the ODU unit to the mast. Referto for the ODU mounting instructions.
4. Attach the ODU cable to the R J-45connector. Refer to for the connector
pinout.
5. Securethe cablesto the mast or brackets using provided UV-rated cable ties.
The ODU cable conducts all the user traffic between the IDU and the ODU. The
ODU cable also provides -48 VDC supply to the ODU. The maximum length for
one leg of the ODU cable is 100m (328 ft) in accordance with10/100Base T
standards.
ODU cable is supplied pre-assembl
ed with RJ-45 connectors,at the length
specified when ordering. If the ODU cable w as not ordered, use Cat. 5e shielded
cable, the wiring specificationsare given in
1. Route the cable from the ODU location into the building, leaving some spare.
Securethe cable along its path.
2. Connect the ODU cable to the R J-45connector on the IDU panel designated
WAN. illustratesa typical panel of the IDU-E and IDU-C.
1. Connect the 2-pin plug of the AC/DC converterto the 2-pin DC power
connector on the IDU-E rear panel.
2. Connect the AC/DC converter 3-prong plug to mains outlet.
For AC power model, connect the AC cable 3-prong plug to mains outlet.
For DC power model, connect to DC supply on the rack (male connector for
the terminal block is included).
• Processor:Pentium 3 or higher
• Network: 10/100BaseTNIC
2. If the installation does not start automatically, run WinLink.exe from the CD-
ROM drive.
3. Follow the on screeninstructionsof the installationwizard to complete setup
of the WinLink-1000 Managementprogram in the desired location.
1. From the Start menu, point to Programs, point to WinLInk Manager, and then
click WinLinkManager.
The password/IP requestdialog appears .
Installationand definition of all parameters are applied to both sidesof the link.
1. Verify that the management station is properly connectedto the sam eLAN a s
the IDU, and the WinLink Manager application is running.
2. In the toolbar, click the Link Installation button. The
Installationwizard open
Figure. Link Installation Wizard
Notes
4. Enter a S S ID(SystemID) minimum of eight characters. The ID
is initially
factory set.
Both site sof a link must always have the sam enumber
8. Click Next.
The ChannelSelectdialog box appears
The Manual option allows you a User defined channel, within the
systemfrequency band.
Selectinga new channelcau s esthe systemquality to change.The quality
bar showsthe adjustment until the systemfinds the best quality link.
10. Click Next.
E1/T1 – Select the E1/T1 field, if you intend to transmit E 1/T1 data
andEthernetdata.The EthernetBW field show sthe remaining bandwidth in
Mbpsavailable for Ethernet. The available bandwidth depends on the
number of E1/T1ports selected.
When the wirelesslink is established between the site A and site B units,
the Link Status indication bar of the Main menu is within the green area.
18. Verify that the radio signal strength (RS S ) in the Main menu is
according to expected results.
There are various types of routers, but the best is delivered by the
CISCO Company. It has various types of series in itself, which is
shown below :
1) THE 800
2) THE 1800
3) THE 2800
4) THE 3800
COMMANDS:
Router(config-line)# Ctrl-Z
Router#
Router>enable
Router#config
Router(config)#hostname N115-7206
N115-7206(config-if)no shutdown
N115-7206(config-if)ctrl-z
N115-7206#config
N115-7206(config-if)#no shutdown
N115-7206(config-if)#ctrl-z
N115-7206#config
N115-7206(config)#router rip
N115-7206(config-router)#network 192.168.155.0
N115-7206(config-router)#network 192.168.150.0
N115-7206(config-router)#ctrl-z
N115-7206#show ip protocols
N115-7206#ping 192.168.150.1
N115-7206#config
N115-7206(config)#ctrl-z
N115-7206#ping archie.au
N115-7206#config
N115-7206#exit
Configuration Mode
Configuration mode has a set of submodes that you use for modifying
interface settings, routing protocol settings, line settings, and so forth.
Use caution with configuration mode because all changes you enter
take effect immediately.
To enter configuration mode, enter the command configure terminal
and exit by pressing Ctrl-Z.
Note:
Almost every configuration command also has a no form. In general,
use the no form to disable a feature or function. Use the command
without the keyword no to re-enable a disabled feature or to enable a
feature that is disabled by default. For example, IP routing is enabled
by default. To disable IP routing, enter the no ip routing command
and enter ip routing to re-enable it.
Getting Help
In any command mode, you can get a list of available commands by
entering a question mark (?).
Router>?
To obtain a list of commands that begin with a particular character
sequence, type in those characters followed immediately by the
question mark (?).
Router#co?
configure connect copy
To list keywords or arguments, enter a question mark in place of a
keyword or argument. Include a space before the question mark.
Router#configure ?
memory Configure from NV memory
network Configure from a TFTP network host
terminal Configure from the terminal
You can also abbreviate commands and keywords by entering just
enough characters to make the command unique from other
commands. For example, you can abbreviate the show command to
sh.
Configuration Files
Any time you make changes to the router configuration, you must
save the changes to memory because if you do not they will be lost if
there is a system reload or power outage. There are two types of
configuration files: the running (current operating) configuration and
the startup configuration.
Use the following privileged mode commands to work with
configuration files.
• configure terminal – modify the running configuration manually from
the terminal.
• show running-config – display the running configuration.
• show startup-config – display the startup configuration.
• copy running-config startup-config – copy the running configuration
to the startup configuration.
• copy startup-config running-config – copy the startup configuration
to the running configuration.
• erase startup-config – erase the startup-configuration in NVRAM.
• copy tftp running-config – load a configuration file stored on a Trivial
File Transfer Protocol (TFTP) server into the running configuration.
• copy running-config tftp – store the running configuration on a TFTP
server.
IP Address Configuration
Tunneling
Most VPNs rely on tunneling to create a private network that reaches
across the Internet. Essentially, tunneling is the process of placing an
entire packet within another packet and sending it over a network.
The protocol of the outer packet is understood by the network and
both points, called tunnel interfaces, where the packet enters and
exits the network.
Tunneling has amazing implications for VPNs. For example, you can
place a packet that uses a protocol not supported on the Internet
(such as NetBeui) inside an IP packet and send it safely over the
Internet. Or you could put a packet that uses a private (non-routable)
IP address inside a packet that uses a globally unique IP address to
extend a private network over the Internet.
Tunneling: Site-to-Site
Tunneling: Remote-Access
As the link is installed its now the time to test the link as every
instrument has a testing cycle in VPN connectivity we too have a
testing cycle. We use Netpersec for testing the load. If the link is
taking adequate amount of load link is handed over to the
customer other wise we move back for further quality
improvement of the link.
FIREWALL
Introduction
Requirements
Connectivity
b) Configure ISP1 Settings. This is the port where we need to terminate internet
bandwidth &
configure the port with logical configurations given.
e) Now go to wan mode and select use only nat under Network translation and Under
port mode
select use only single wan port1 (wan1)
f) Now click under Secuirty-> Firewall Rules -> LanWan Rules
Add the service by allowing any service or particular service as per the requirement.
The services will work from top to down.
g) Click On Security->Firewall->Attack check and check the box of Respond the ping to internet
ports.
If you are not selectign this then the you were not able to ping the ports.
h) Click on Security->Block Sites->
click yes for content filtering. If you are using no then you cannot block the websites. Enable the
proxy/java/activex/cookies if you want else you can leave that part. Under Apply keywords
blocking
select all the clicks and enable them.
For blocking websites you can use the dot(.) operator which means you are denying any type of
website. Under trusted domain you can enter the domain which you want user can access.
In the test setup I am only permitting www.cisco.com domain rest will be denied.
Monitoring Firewall
a) Click on Monitoring->Diagnostic tab and you will access basic troubleshooting tools.
b) Under Monitoring->Firewall Logs and Email , we can add the syslog server ip address and
fetch the
logs.
Remote Management
Click Administarion-> Remote Management -> Allow remote management and you canprovide
access as per your ease
Note:- By default all the lan ports are of group 1 part. You can change the geoups as per users.
If you want to restrict internal LAN users from access to certain sites on the Internet, you can use
the VPN firewall’s Content Filtering and Web Components filtering. By default, these features
are
disabled; all requested traffic from any Web site is allowed. If you enable one or more of these
features and users try to access a blocked site, they will see a “Blocked by NETGEAR” message.
Several types of blocking are available:
VIDEO CONFRENSING
Introducing the VSX Series
Your Polycom video conferencing system is a state-of-the-art visual
collaboration tool. With crisp, clean video and crystal-clear sound, VSX
systems provide natural video conferencing interaction through the
most
advanced video communications technology.
VSX Models
This section describes the standard components that come with the
VSX Series
systems. For technical specifications and detailed descriptions of
features
available for VSX models, please refer to the product literature
available at
www.polycom.com. Models with additional options are also available.
For
more information, please contact your Polycom distributor.
This guide covers instructions for the following models.
1-2
VSX 5000 Set-top System
The VSX 6000A systems are entry-level video conferencing systems for
IP and
SIP networks only.
VSX 7000s Set-top Systems
2. Place the system in the desired location, with the rounded front
portion
hanging over the front of the monitor or shelf. Leave enough space to
work, so that you can connect the cables easily.
3. Remove the packaging collar from around the VSX system camera.
Positioning Component Systems
The VSX 7000e and VSX 8000 systems are designed to be placed on a
tabletop
or in an equipment rack.
If you received a network interface module with your system, you may
find it
convenient to install it before positioning the system. Refer to the
installation
sheet that you received with the network interface module.
Feet
Introducing the VSX Series
Networks
This guide covers network types used worldwide. Please note that not
all
network types are available in all countries.
Getting the Network Ready
Before you begin configuring the network options, you must make sure
your
network is ready for video conferencing.
To begin, refer to the Preparing Your Network for Video Conferencing
document,
available at www.polycom.com/videodocumentation. This document
contains information you need to prepare your network, such as
worksheets
that will help you order ISDN.
Network Connectivity Checklist
You will need this information to make and receive video calls at your
site:
Connecting to the LAN
You must connect the system to a LAN to:
• Make IP calls
• Access VSX Web
If... This information:
Should be provided by
your:
Your system is using a
static IP address
IP address IP Network Service Provider
or system administrator
System name System administrator
Administrator’s Guide for the VSX Series
2-2
• Use People+Content IP
• Update system software using the Polycom Softupdate program
Configuring LAN Properties
To configure LAN properties:
1. Go to System > Admin Settings > LAN Properties.
2. Configure these settings:
Setting Description
Connect to my
LAN
Specifies whether the system is part of the LAN.
Changing this setting causes the system to restart.
Host Name Indicates the system’s DNS name.
Changing this setting causes the system to restart.
IP Address Specifies how the system obtains an IP address.
• Obtain IP address automatically — Select if the
system gets an IP address from the DHCP server on the
LAN.
• Enter IP address manually — Select if the IP address
will not be assigned automatically.
Changing this setting causes the system to restart.
Your IP Address
is
or
Use the Following
IP Address
If the system obtains its IP address automatically, this area
displays the IP address currently assigned to the system.
If you selected Enter IP Address Manually, enter the IP
address here. Changing the IP address causes the system
to restart.
Domain Name Displays the domain name currently assigned to the system.
If the system does not automatically obtain a domain name,
enter one here.
Networks
2-3
3. Select and configure these settings:
Setting Description
DNS Servers Displays the DNS servers currently assigned to the system.
If the system does not automatically obtain a DNS server address,
enter up to four DNS servers here.
Changing this setting causes the system to restart.
Default
Gateway
Displays the gateway currently assigned to the system.
If the system does not automatically obtain a gateway IP address,
enter one here.
Changing this setting causes the system to restart.
Subnet Mask Displays the subnet mask currently assigned to the system.
If the system does not automatically obtain a subnet mask, enter
one here.
Changing this setting causes the system to restart.
WINS Server Displays the WINS server currently assigned to the system.
If the system does not automatically obtain a WINS server IP
address, enter one here.
Changing this setting causes the system to restart.
WINS
Resolution
Sends a request to the WINS server for WINS name resolution.
LAN Speed Specify the LAN speed to use. Note that the speed you choose
must be supported by the switch.
Choose Auto to have the network switch negotiate the speed
automatically. If you choose 10 Mbps or 100 Mbps, you must also
select a duplex mode.
Note: Be sure that the device and the switch settings match.
Typically, selecting Auto for both is sufficient. The LAN Speed
setting for the VSX system and the switch must match. Polycom
strongly recommends that you do not select Auto for either just
the VSX system or just the switch; the settings for both must be
the same.
Changing this setting causes the system to restart.
Duplex Mode Specify the Duplex mode to use. Note that the Duplex mode
you
choose must be supported by the switch.
Choose Auto to have the network switch negotiate the Duplex
mode automatically.
Changing this setting causes the system to restart.
Administrator’s Guide for the VSX Series
2-4
Configuring the VSX System to Use SCCP
When the VSX system is configured to use SCCP for calls, you can call
another
SCCP-enabled system by entering the system’s extension on the Place
a Call
screen.
To configure the VSX system to use SCCP:
1. On the Cisco CallManager, provision a SCCP extension for each VSX
system.
2. On the VSX System, go to System > Admin Settings > Network
> Call
Preference, and enable Enable SCCP.
3. On the VSX System, go to System > Admin Settings > General
Settings>
System Settings > Call Settings, and set Auto-Answer Point-to-
Point to Yes.
4. On the VSX System, go to System > Admin Settings > Network
> SCCP
Settings, and configure these settings on the Cisco CallManager
screen:
Polycom VSX software release 8.6.2 supporting the Cisco SCCP protocol has
been
certified with Cisco CallManager 4.2(3) and 5.1(1). Additionally, Polycom has
successfully deployed VSX software version 8.6.2 with other versions of the
Cisco
CallManager, including versions 4.1(x) and 5.0(x).
Polycom will work with joint customers in deploying the Polycom/Cisco solution
on
Cisco CallManager 4.1(3) and higher. For pre-sales support, please contact your
Polycom sales representative. For post-sales support, please refer to Polycom
Global Services at www.polycom.com.
Setting Description
CallManager
Address
Specifies the IP address of the Cisco CallManager.
Auto Discover
TFTP Address
Allows the system to discover the Primary, Secondary, and
Tertiary TFTP server addresses. When you choose this
setting, the system restarts and the fields are populated.
TFTP Server
Address
Allows you to specify the Primary, Secondary, and Tertiary
TFPT server addresses manually.
Local Extension Displays the extension assigned to this system by the Cisco
CallManager.
Networks
Configuring the Cisco CallManager for Use with the VSX
System
To support SCCP video calls, you must install a video plug-in on the
Cisco
CallManager server. Signed and unsigned plug-ins are available for
Cisco
CallManager at
http://www.polycom.com/resource_center/1,,pw-17246,FF.html.
You must also configure the Video Extensions in the Cisco CallManager.
To
place multipoint video calls using the Conference feature, the Cisco
CallManager needs to be provisioned with video bridge resources.
To install the video plug-in:
1. On the Cisco CallManager server, double-click the plug-in file to
start the
installation.
2. Follow the instructions on the wizard screens to complete the
installation.
3. Restart the system to activate the plug-in you just installed.
To configure the Cisco CallManager:
1. In the Cisco CallManager, go to the Phone Configuration >
Directory
Number Configuration screen.
2. Provision these settings for each Polycom Video Extension:
— Maximum Number of Calls: 1
— Busy Trigger: 1
After you have configured the VSX system and installed the plug-in,
you can
place SCCP calls.
Introduction
This document provides you with the information on installation,
configuration and operation of
the MP-124 24-port, MP-108 8-port, MP-104 4-port and MP-102 2-port
VoIP media gateways. As
these units have similar functionality, except for the number of
channels and some minor
features, they are referred to collectively as the MP-1xx. Prior
knowledge of regular telephony
and data networking concepts is required.
Gateway Description
The MediaPack MP-1xx Series Analog VoIP gateways are cost-effective,
cutting edge technology
solutions, providing superior voice quality and optimized packet voice
streaming (voice, fax and
data traffic) over the same IP network. These gateways use the award-
winning, field-proven
Digital Signal Processing (DSP) voice compression technology used in
other MediaPack and
TrunkPackTM series products.
The MP-1xx gateways incorporate up to 24 analog ports for connection,
either directly to an
enterprise PBX (MP-10x/FXO), to phones, or to fax (MP-1xx/FXS),
supporting up to 24
simultaneous VoIP calls.
Additionally, the MP-1xx units are equipped with a 10/100 Base-TX
Ethernet port for connection
to the network.
The MP-1xx gateways are best suited for small to medium size
enterprises, branch offices or for
residential media gateway solutions.
The MP-1xx gateways enable Users to make free local or international
telephone/fax calls
between the distributed company offices, using their existing
telephones/fax. These calls are
routed over the existing network ensuring that voice traffic uses
minimum bandwidth.
The MP-1xx gateways are very compact devices that can be installed
as a desk-top unit (refer to
Section or on the wall or in a 19-inch rack
The MP-1xx gateways support H.323 ITU or SIP protocols, enabling the
deployment of "voice
over IP" solutions in environments where each enterprise or residential
location is provided with a
simple media gateway.
This provides the enterprise with a telephone connection (e.g., RJ-11),
and the capability to
transmit the voice and telephony signals over a packet network.
The MP-124 supports up to 24 analog telephone loop start FXS ports,
shown in Figure
4. Select the coder (i.e., vocoder) that best suits your VoIP system
requirements. The default
coder is: G.7231 30 msec. To program the entire list of coders you
want the MP-1xx to use,
click the button on the left side of the ‘1st Coder’ field; the drop-down
list for the 2nd to 5th
coders appear. Select coders according to your system requirements.
Note that coders
higher on the list are preferred and take precedence over coders lower
on the list.
5. To program the Tel to IP Routing table, press the arrow button next
to ‘Tel to IP Routing
Table’. For information on how to configure the Tel to IP Routing table,
6. To program the Endpoint Phone Number table, press the arrow
button next to ‘Endpoint
Phone Numbers’. For information on how to configure the Endpoint
Phone Number table,
7. Click the Reset button and click OK in the prompt; The MP-1xx
applies the changes and
restarts. This takes approximately 1 minute to complete. When the MP-
1xx has finished
restarting, the Ready and LAN LEDs on the front panel are lit green.
You are now ready to start using the VoIP gateway. To prevent
unauthorized access to the MP-
1xx, it is recommended that you change the username and password
that are used to access the
.
MP-1xx H.323
to IP Routing Table
The Tel to IP Routing Table is used to route incoming Tel calls to IP
addresses. This routing table
associates a called / calling telephone number’s prefixes with a
destination IP address or with an
FQDN (Fully Qualified Domain Name). When a call is routed through
the VoIP gateway
(Gatekeeper isn’t used), the called and calling numbers are compared
to the list of prefixes on the
IP Routing Table (up to 50 prefixes can be configured); Calls that
match these prefixes are sent
to the corresponding IP address. If the number dialed does not match
these prefixes, the call is
not made.
When using a Gatekeeper, you do not need to configure the Tel to IP
Routing Table. However, if
you want to use fallback routing when communication with
Gatekeepers is lost, or to use the
‘Filter Calls to IP’ and ‘IP Security’ features or to assign IP profiles, you
need to configure the IP
Routing Table.
Note that for the Tel to IP Routing table to take precedence over a
Gatekeeper for routing calls,
set the parameter ‘PreferRouteTable’ to 1. The gateway checks the
'Destination IP Address' field
in the 'Tel to IP Routing' table for a match with the outgoing call. Only if
a match is not found, a
Gatekeeper is used.
Possible uses for Tel to IP Routing can be as follows:
• Can fallback to internal routing table if there is no communication
with the Gatekeepers.
• Call Restriction – (when Gatekeeper isn’t used), reject all outgoing
Tel IP calls that are
associated with the destination IP address: 0.0.0.0.
• IP Security – When the IP Security feature is enabled
(SecureCallFromIP = 1), the VoIP
gateway accepts only those IP Tel calls with a source IP address
identical to one of the IP
addresses entered in the Tel to IP Routing Table.
• Filter Calls to IP – When a Gatekeeper is used, the gateway checks
the Tel IP routing table
before a telephone number is routed to the Gatekeeper. If the number
is not allowed (number
isn’t listed or a Call Restriction routing rule was applied), the call is
released.
• Assign Profiles to destination address (also when a Gatekeeper is
used).
• Alternative Routing – (When Gatekeeper isn’t used) an alternative IP
destination for
telephone number prefixes is available. To associate an alternative IP
address to called
telephone number prefix, assign it with an additional entry (with a
different IP address), or
use an FQDN that resolves to two IP addresses. Call is sent to the
alternative destination
when one of the following occurs:
No ping to the initial destination is available, or when poor QoS (delay
or packet loss,
calculated according to previous calls) is detected, or when a DNS host
name is not
resolved. For detailed information on Alternative Routing, refer to
Section 8.4 on page
When a release reason that is defined in the ‘Reasons for Alternative
Tel to IP Routing’
table is received. For detailed information on the ‘Reasons for
Alternative Routing
Tables’
Tip: Tel to IP routing can be performed either before or after applying
the number
manipulation rules. To control when number manipulation is done, set
the
‘Tel to IP Routing Mode’ parameter
To configure the Tel to IP Routing table, take these 6 steps:
1. Open the ‘Tel to IP Routing’ screen (Protocol Management menu
> Routing Tables
submenu > Tel to IP Routing option); the ‘Tel to IP Routing’ screen is
displayed .
2. In the ‘Tel to IP Routing Mode’ field, select the Tel to IP routing
mode
3. In the ‘Routing Index' drop-down list, select the range of entries that
you want to edit.
4. Configure the Tel to IP Routing table according to
5. Click the Submit button to save your changes.
6. To save the changes so they are available after a power fail refer to
Section
BIBLIOGRAPHY
• Company magazine
2. Introduction to VPN
3. Link installation
5. Airspan modems
6. Radwin modems
7. Routers
8. Video confrensing
9. Voip phones
10.Firewall