1. Home
    2. /
  2. Manuals
    3. /
  3. Adtran
    4. /
  4. NetVanta 2100
    5. /
  5. 12
Page 56 / 210 Scroll up to view Page 51 - 55
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
56
© 2002 ADTRAN, Inc.
61200361L1-1E
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
LAN > C
ONFIGURATION
> E
NABLE
NAT
The
E
NABLE
NAT
radio button provides control to enable or disable NAT for the policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
LAN > C
ONFIGURATION
> NAT N
AME
The
NAT N
AME
drop down menu lists all entries from the NAT table. To manually define the NAT out pool
address here, select
O
THER
and enter the out pool IP address in the text boxes below the drop down menu.
Enabling NAT on a To LAN inbound policy applies a Reverse NAT filtering scheme to incoming traffic
received on this policy by the NetVanta 2000 series.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
LAN > C
ONFIGURATION
> S
ECURITY
Since access policy and VPN policy selectors are created separately and act independently, the
S
ECURITY
radio button configures the NetVanta 2000 series to check for the existence of a VPN policy for all the
network traffic governed by this access policy. If any traffic that would pass this access policy would be
sent in the clear, that is, not over an already defined VPN policy, an error will be generated to notify the
user.
Changing the Priority of a Policy
You can change the access policy priority by two ways: You can do simple priority corrections by using the
up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table.
Clicking the up or down button increases or decreases the priority of the access policy with respect to its
neighboring policies.
Alternative way can be used for major priority corrections. Select the policy whose priority you want to
change by entering its Rule ID in the text box located after
P
LACE
R
ULE
tab. This is located at the end of
the policy table.
Then use the
B
EFORE
/A
FTER
radio button in combination with Rule ID text box following this radio button
to decide the new place in the table for this policy, and click the
I
NSERT
button.
The policy will be moved to the new place in the table.
Not selecting the
S
ECURITY
option may allow insecure data transmission through the
NetVanta 2000 series.
If insecure data transmission is allowed because a VPN policy is removed after the
S
ECURITY
option has been performed on an access policy, no user notification will be
given. To ensure data security, verify each access policy after VPN changes are made.
Page 57 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
57
Checking Policy Statistics
Select the policy whose statistics you want to check from the access policy table and click the
L
OG
button.
This will display the policy statistics page.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN
The From LAN Policy Configuration page is displayed by clicking
A
CCESS
P
OLICIES
: F
ROM
LAN
in the
menu list on the left side of the display window. From LAN outbound policies apply to all data received by
the NetVanta 2000 series on the Corporate Network Interface (LAN).
The From LAN Policy Configuration page displays a list of all current policies and provides an easy way
to organize them using the
R
ULE
ID
field.
Before creating a new From LAN outbound policy decide the appropriate priority for the policy.
All
policies are displayed in descending order according to priority. Using the
A
DD
drop down menu
containing
BEFORE
,
AFTER
,
BEGINNING
, and
END
options, configure the placement of the policy and
click the
A
DD
button. The Internet Access Policy Configuration page is displayed. A discussion of the
fields found on the Internet Access Policy Configuration page follows the figure.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> R
ULE
ID
The
R
ULE
ID
number is a system-wide unique policy ID generated by the NetVanta 2000 series when a new
access policy is created.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> P
OLICY
C
LASS
The
P
OLICY
C
LASS
field is populated automatically by the NetVanta 2000 series using the current policy
class (VPN, Corporate Inbound, Corporate Outbound).
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> S
OURCE
/D
ESTINATION
The
S
OURCE
IP/D
ESTINATION
IP
displays the source and destination IP addresses used for the policy. All IP
records previously defined in the IP table will appear in this drop down menu. Select the predefined IP
record, or choose
O
THER
and define the source/destination IP using the IP and Mask Bits text boxes below
the drop down menu.
A
NY
option in this menu represents all valid IP addresses in the Internet address
space.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> D
ESTINATION
P
ORT
The
D
ESTINATION
P
ORT
drop down menu lists all definitions made in the services table. Choose one of the
predefined destination port entries, or choose
O
THER
and define the destination port or port range using the
text boxes below the drop down menu. To define a single port, enter the desired port value in the port range
start text box and leave the port range text box empty.
A
NY
option in this menu represents the complete port
range from 1 to 65535.
Page 58 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
58
© 2002 ADTRAN, Inc.
61200361L1-1E
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> P
ROTOCOL
T
YPE
The
P
ROTOCOL
T
YPE
drop down menu selects the transport protocol for this access policy. If the desired
transport protocol is not listed in the menu, choose
O
THER
and enter the desired IP based transport protocol
number in the text box below the drop down menu.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> A
CTION
T
YPE
The
A
CTION
T
YPE
menu defines the policy as a Permit or Deny policy. Permit policies allow traffic matched
by the policy selectors to pass through and Deny policies blocks that traffic.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> T
IME
S
CHEDULE
U
SED
The
T
IME
S
CHEDULE
U
SED
menu attaches a predefined time schedule to the Permit type access policy. This
activates the policy only in the time windows defined in the selected time schedule.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> E
NABLE
L
OG
The
E
NABLE
L
OG
radio button selectively enables or disables event logging for the access policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> E
NABLE
NAT
The
E
NABLE
NAT
radio button provides control to enable or disable NAT for the policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> NAT N
AME
The
NAT N
AME
drop down menu lists all entries from the NAT table. To manually define the NAT out pool
address here, select
O
THER
and enter the out pool IP address in the text boxes below the drop down menu.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
LAN > C
ONFIGURATION
> S
ECURITY
Since access policy and VPN policy selectors are created separately and act independently, the
S
ECURITY
radio button configures the NetVanta 2000 series to check for the existence of a VPN policy for all the
network traffic governed by this access policy. If any traffic that would pass this access policy would be
sent in the clear, that is, not over an already defined VPN policy, an error will be generated to notify the
user.
Not selecting the
S
ECURITY
option may allow insecure data transmission through the
NetVanta 2000 series.
If insecure data transmission is allowed because a VPN policy is removed after the
S
ECURITY
option has been performed on an access policy, no user notification will be
given. To ensure data security, verify each access policy after VPN changes are made.
Page 59 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
59
Changing the Priority of a Policy
You can change the access policy priority by two ways: You can do simple priority corrections by using the
up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table.
Clicking the up or down button increases or decreases the priority of the access policy with respect to its
neighboring policies.
Alternative way can be used for major priority corrections. Select the policy whose priority you want to
change by entering its Rule ID in the text box located after
P
LACE
R
ULE
tab. This is located at the end of
the policy table.
Then use the
B
EFORE
/A
FTER
radio button in combination with Rule ID text box following this radio button
to decide the new place in the table for this policy, and click the
I
NSERT
button.
The policy will be moved to the new place in the table.
Default Access Policies
By default, the NetVanta 2000 series has eight corporate outbound policies configured for accessing
popular Internet services from corporate network. With these default access policies any host in the
corporate network can access the specified services on any host in the Internet. You can modify these
policies to suite your network access policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ
The To DMZ Policy Configuration page is displayed by clicking
A
CCESS
P
OLICIES
: T
O
DMZ
in the menu list on
the left side of the display window. To DMZ Inbound policies apply to all data received by the NetVanta 2000
series that is to be transmitted out the DMZ Interface.
The To DMZ Policy Configuration page displays a list of all current policies and provides an easy way to
organize them using the
R
ULE
ID
field.
Before creating a new To DMZ inbound policy decide the appropriate priority for the policy.
All policies
are displayed in descending order according to priority. Using the
A
DD
drop down menu containing
BEFORE
,
AFTER
,
BEGINNING
, and
END
options, configure the placement of the policy and click the
A
DD
button. The Internet Access Policy Configuration page is displayed. A discussion of the fields found
on the Internet Access Policy Configuration page follows.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> R
ULE
ID
The
R
ULE
ID
number is a system-wide unique policy ID generated by the NetVanta 2000 series when a new
access policy is created.
Default access policies have NAT enabled.
Page 60 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
60
© 2002 ADTRAN, Inc.
61200361L1-1E
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> P
OLICY
C
LASS
The
P
OLICY
C
LASS
field is populated automatically by the NetVanta 2000 series using the current policy
class (VPN, Corporate Inbound, Corporate Outbound).
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> S
OURCE
IP
The
S
OURCE
IP
displays the source addresses of incoming traffic used for the policy. All IP records
previously defined in the IP table will appear in this drop down menu. Select the predefined IP record, or
choose
O
THER
and define the source IP using the IP and Mask Bits text boxes below the drop down menu.
A
NY
option in this menu represents all valid IP addresses in the Internet address space.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> D
ESTINATION
IP
The
D
ESTINATION
IP
displays the destination IP addresses of incoming traffic used for the policy. All IP
records previously defined in the IP table will appear in this drop down menu. Select the predefined IP
record, or choose
O
THER
and define the destination IP using the IP and Mask Bits text boxes below the
drop down menu.
A
NY
option in this menu represents all valid IP addresses in the Internet address space.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> D
ESTINATION
P
ORT
The
D
ESTINATION
P
ORT
drop down menu lists all definitions made in the services table. Choose one of the
predefined destination port entries, or choose
O
THER
and define the destination port or port range using the
text boxes below the drop down menu. To define a single port, enter the desired port value in the port range
start text box and leave the port range text box empty.
A
NY
option in this menu represents the complete port
range from 1 to 65535.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> P
ROTOCOL
T
YPE
The
P
ROTOCOL
T
YPE
drop down menu selects the transport protocol for this access policy. If the desired
transport protocol is not listed in the menu, choose
O
THER
and enter the desired IP based transport protocol
number in the text box below the drop down menu.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> A
CTION
T
YPE
The
A
CTION
T
YPE
menu defines the policy as a Permit or Deny policy. Permit policies allow traffic matched
by the policy selectors to pass through and Deny policies blocks that traffic.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> T
IME
S
CHEDULE
U
SED
The
T
IME
S
CHEDULE
U
SED
menu attaches a predefined time schedule to the Permit type access policy. This
activates the policy only in the time windows defined in the selected time schedule.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZN > C
ONFIGURATION
> E
NABLE
L
OG
The
E
NABLE
L
OG
radio button selectively enables or disables event logging for the access policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> E
NABLE
NAT
The
E
NABLE
NAT
radio button provides control to enable or disable NAT for the policy.

Rate

4 / 5 based on 1 vote.

Popular Adtran Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top