Adtran NetVanta 2100 Router Manual PDF (Setup & Configuration Guide)

Page 51 / 210 Scroll up to view Page 46 - 50

NetVanta 2000 Series System Manual

Section 4, User Interface Guide

61200361L1-1E

51

> P

OLICIES

> M

ANAGE

L

ISTS

> U

SER

G

ROUPS

The User Groups table allows you to classify your network user community into multiple sets of similar

users. Access and VPN policies can be created for a specific user group and members can be

added/removed dynamically. For example, a user wants to access the Internet from the corporate network

or vice versa and is required to login to the ADVANTA 2100 box first. Once the login is successful, the

ADVANTA 2100 finds the user group for the new user. The NetVanta 2000 series then makes a copy of the

user group's network access and VPN policies and activates them for the user's IP address.

The User Groups table is displayed by clicking on the

U

SER

G

ROUPS

hyperlink shown as a Manage Lists

submenu in the menu list on the left side of the display window. Refer to DLP-013,

Defining a User Group

in the NetVanta

for more details.

> P

OLICIES

> M

ANAGE

L

ISTS

> U

SER

G

ROUPS

> G

ROUP

N

AME

The

G

ROUP

N

AME

field defines an alphanumeric string (up to 20 characters) used as the name of the user

group.

> P

OLICIES

> M

ANAGE

L

ISTS

> U

SER

G

ROUPS

> A

UTHENTICATION

T

YPE

The

A

UTHENTICATION

T

YPE

checkbox allows you to set the authentication type for the selected user group

for either HTTP or IKE. Enabling this option allows all users belonging to this user group to login to the

ADVANTA 2100 and activate their policies. If this checkbox is left unchecked, the user group is disabled

and members of the group cannot login to the NetVanta 2000 series.

> P

OLICIES

> M

ANAGE

L

ISTS

> U

SER

G

ROUPS

> IKE P

OLICY

N

AME

The

IKE P

OLICY

N

AME

drop down menu displays a list of all available IKE policies.

> P

OLICIES

> M

ANAGE

L

ISTS

> IP A

DDRESS

The IP Address table is used to save frequently used IP addresses. To display the IP Address table, click on

the IP Address hyperlink shown as a Manage Lists submenu in the menu list on the left side of the display

window. Refer to DLP-015,

Using the IP Address Component Table

for more details.

> P

OLICIES

> M

ANAGE

L

ISTS

> IP A

DDRESS

> IP N

AME

The

IP N

AME

field defines an alphanumeric string (up to 64 characters) used as the identifier for the IP

address group.

If

A

UTHENTICATION

T

YPE

is set to

IKE

, a specific IKE policy must be selected in the

IKE

P

OLICY

N

AME

field.

Page 52 / 210

Section 4, User Interface Guide

NetVanta 2000 Series System Manual

52

61200361L1-1E

> P

OLICIES

> M

ANAGE

L

ISTS

> IP A

DDRESS

> A

DDRESS

C

ATEGORY

The

A

DDRESS

C

ATEGORY

field configures the IP address group to be an IP

R

ANGE

, an IP

S

UBNET

, a

S

INGLE

IP address, or

A

NY

IP address.

An IP

R

ANGE

is a set of IP addresses defined by start and end addresses. To add an IP

R

ANGE

, enter the start

IP Address in the

IP A

DDRESS

1

field and the end address in the

IP A

DDRESS

2

field.

An IP

S

UBNET

is a set of IP addresses defined by a network address and subnet mask. To add an IP

S

UBNET

,

enter the network address in the

IP A

DDRESS

1

field and the subnet mask in the

IP A

DDRESS

2

field.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

ERVICES

The Services table defines the transport protocol options and configuration parameters. The Services table

is displayed by clicking on the

S

ERVICES

hyperlink shown as a Manage Lists submenu in the option list on

the left side of the display window. Refer to DLP-016,

Adding a Service to the Services Component Table

for more details.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

ERVICES

> S

ERVICE

N

AME

The

S

ERVICE

N

AME

field defines an alphanumeric string (up to 20 characters) used as the display name for

the service.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

ERVICES

> P

ROTOCOL

T

YPE

The

P

ROTOCOL

radio button allows you to define the transport protocol used by this service.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

ERVICES

> S

ERVICE

P

ORT

The

P

ORT

N

UMBER

field defines the port number used by this service.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

The Time Schedule table is used to define weekly time schedules to use when defining policies. To display

the Time Schedule table, click on the

S

CHEDULE

hyperlink shown as a Manage List submenu in the menu

list on the left side of the display window.

To add a new time schedule record to the Time Schedule table, click the

A

DD

button in the Time Schedule

dialog box. The Time Window Configuration page is displayed. A discussion of the fields listed on the

Time Window Configuration page follows.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

> W

INDOW

N

AME

The

W

INDOW

N

AME

field defines an alphanumeric string (up to 20 characters) used as the identifying name

of the time schedule record.

To add a

S

INGLE

IP Address, enter the specific address in the

IP A

DDRESS

1

field.

Page 53 / 210

NetVanta 2000 Series System Manual

Section 4, User Interface Guide

61200361L1-1E

53

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

> O

PTION

1, 2, 3

The

O

PTION

(1-3)

field allows you to define up to three distinct time windows in a week.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

> W

ORKING

D

AYS

The

W

ORKING

D

AYS

drop down menus define the start and end days of the time interval for the selected

option.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

> O

PEN

H

RS

AND

M

INS

The

O

PEN

H

RS

& M

INS

drop down menus define the beginning of the time interval in hours and minutes on

each week day configured in the

W

ORKING

D

AY

s field.

> P

OLICIES

> M

ANAGE

L

ISTS

> S

CHEDULE

> C

LOSE

H

RS

AND

M

INS

The

C

LOSE

H

RS

& M

INS

drop down menus define the end of the time interval in hours and minutes on each

week day configured in the

W

ORKING

D

AYS

field.

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT

The NAT table is displayed by clicking on the NAT hyperlink shown as a Manage Lists submenu in the

option list on the left side of the display window.

To add a new NAT filter scheme to the NAT table, click the

A

DD

button found in the NAT Configuration

dialog box. The NAT Configuration page is displayed. A discussion of the fields on the NAT Configuration

page follows.

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT > NAT N

AME

The

NAT N

AME

field defines an alphanumeric string (up to 20 characters) assigned to this NAT content

filtering scheme.

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT > M

ANY

TO

O

NE

M

APPING

- F

ROM

LAN P

OLICY

Many to One Mapping configures the NetVanta 2000 series to use the defined NAT parameters on all

traffic associated with the particular From LAN policy that references the NAT record. To NAT all policy

specific traffic to a specific public IP address, enter the IP address in the

NAT IP A

DDRESS

field. To NAT

all policy traffic to the IP address associated with a particular interface, select the interface name from the

Dynamic Interface drop down menu. Enabling NAT on the From LAN policy and selecting the NAT name

from the drop down menu will activate the NAT configuration.

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT > M

ANY

TO

O

NE

M

APPING

- T

O

LAN P

OLICY

Many to One Mapping configures the NetVanta 2000 series to use the defined NAT parameters on all

traffic associated with the particular To LAN policy that references the NAT record. To Reverse NAT all

policy specific traffic to a specific private IP address, enter the IP address in the

NAT IP A

DDRESS

field.

Enabling NAT on the To LAN policy and selecting the NAT name from the drop down menu will activate

the NAT configuration.

Page 54 / 210

Section 4, User Interface Guide

NetVanta 2000 Series System Manual

54

61200361L1-1E

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT > O

NE

TO

O

NE

M

APPING

- F

ROM

LAN P

OLICY

One to One Mapping configures the NetVanta 2000 series to perform NAT on traffic (associated with a

particular policy) that originates from a specified range of IP addresses. One to One NAT requires a

specified range of public IP addresses to use while performing NAT. Enter the range of private IP

addresses to NAT in the Source Range fields. Enter the range of public IP addresses to be used while

performing NAT in the Destination Range fields.

Enabling NAT on the LAN Outbound policy and selecting the NAT name from the drop down menu will

activate the NAT configuration.

> P

OLICIES

> M

ANAGE

L

ISTS

> NAT > O

NE

TO

O

NE

M

APPING

- T

O

LAN P

OLICY

One to One Mapping configures the NetVanta 2000 series to perform NAT on traffic (associated with a

particular policy) that originates from a specified range of IP addresses. One to One NAT requires a

specified rate of public IP addresses to use while performing NAT. Enter the range of public IP addresses

to NAT in the Source Range fields. Enter the range of private IP addresses to be used while performing

NAT in the Destination Range fields.

Enabling NAT on the To LAN policy and selecting the NAT name from the drop down menu will activate

the NAT configuration.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN

The To LAN Policy Configuration page is displayed by clicking

A

CCESS

P

OLICIES

: T

O

LAN

in the menu list on

the left side of the display window. To LAN Inbound policies apply to all data received by the NetVanta 2000

series that is to be transmitted out the Corporate Network Interface (LAN).

The To LAN Policy Configuration page displays a list of all current policies and provides an easy way to

organize them using the

R

ULE

ID

field.

Before creating a new To LAN inbound policy decide the appropriate priority for the policy.

All policies

are displayed in descending order according to priority. Using the

A

DD

drop down menu containing

BEFORE

,

AFTER

,

BEGINNING

, and

END

options, configure the placement of the policy and click the

A

DD

button. The Internet Access Policy Configuration page is displayed. A discussion of the fields found

on the Internet Access Policy Configuration page follows.

The number of IP address in the specified Source and Destination Range fields must match

for One to One Mapping.

The number of IP address in the specified Source and Destination Range fields must match

for One to One Mapping.

Page 55 / 210

NetVanta 2000 Series System Manual

Section 4, User Interface Guide

61200361L1-1E

55

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> R

ULE

ID

The

R

ULE

ID

number is a system-wide unique policy ID generated by the NetVanta 2000 series when a new

access policy is created.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> P

OLICY

C

LASS

The

P

OLICY

C

LASS

field is populated automatically by the NetVanta 2000 series using the current policy

class (VPN, Corporate Inbound, Corporate Outbound).

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> S

OURCE

IP

The

S

OURCE

IP

displays the source addresses of incoming traffic used for the policy. All IP records

previously defined in the IP table will appear in this drop down menu. Select the predefined IP record, or

choose

O

THER

and define the source IP using the IP and Mask Bits text boxes below the drop down menu.

A

NY

option in this menu represents all valid IP addresses in the Internet address space.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> D

ESTINATION

IP

The

D

ESTINATION

IP

displays the destination IP addresses of incoming traffic used for the policy. All IP

records previously defined in the IP table will appear in this drop down menu. Select the predefined IP

record, or choose

O

THER

and define the destination IP using the IP and Mask Bits text boxes below the

drop down menu.

A

NY

option in this menu represents all valid IP addresses in the Internet address space.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> D

ESTINATION

P

ORT

The

D

ESTINATION

P

ORT

drop down menu lists all definitions made in the services table. Choose one of the

predefined destination port entries, or choose

O

THER

and define the destination port or port range using the

text boxes below the drop down menu. To define a single port, enter the desired port value in the port range

start text box and leave the port range text box empty.

A

NY

option in this menu represents the complete port

range from 1 to 65535.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> P

ROTOCOL

T

YPE

The

P

ROTOCOL

T

YPE

drop down menu selects the transport protocol for this access policy. If the desired

transport protocol is not listed in the menu, choose

O

THER

and enter the desired IP based transport protocol

number in the text box below the drop down menu.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> A

CTION

T

YPE

The

A

CTION

T

YPE

menu defines the policy as a Permit or Deny policy. Permit policies allow traffic matched

by the policy selectors to pass through and Deny policies blocks that traffic.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> T

IME

S

CHEDULE

U

SED

The

T

IME

S

CHEDULE

U

SED

menu attaches a predefined time schedule to the Permit type access policy. This

activates the policy only in the time windows defined in the selected time schedule.

> P

OLICIES

> A

CCESS

P

OLICIES

: T

O

LAN > C

ONFIGURATION

> E

NABLE

L

OG

The

E

NABLE

L

OG

radio button selectively enables or disables event logging for the access policy.

Rate

Popular Adtran Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share