Page 61 / 210 Scroll up to view Page 56 - 60
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
61
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> NAT N
AME
The
NAT N
AME
drop down menu lists all entries from the NAT table. To manually define the NAT out pool
address here, select
O
THER
and enter the out pool IP address in the text boxes below the drop down menu.
Enabling NAT on a To DMZ inbound policy applies a Reverse NAT filtering scheme to incoming traffic
received on this policy by the NetVanta 2000 series.
> P
OLICIES
> A
CCESS
P
OLICIES
: T
O
DMZ > C
ONFIGURATION
> S
ECURITY
Since access policy and VPN policy selectors are created separately and act independently, the
S
ECURITY
radio button configures the NetVanta 2000 series to check for the existence of a VPN policy for all the
network traffic governed by this access policy. If any traffic that would pass this access policy would be
sent in the clear, that is, not over an already defined VPN policy, an error will be generated to notify the
user.
Changing the Priority of a Policy
You can change the access policy priority by two ways: You can do simple priority corrections by using the
up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table.
Clicking the up or down button increases or decreases the priority of the access policy with respect to its
neighboring policies.
Alternative way can be used for major priority corrections. Select the policy whose priority you want to
change by entering its Rule ID in the text box located after
P
LACE
R
ULE
tab. This is located at the end of
the policy table.
Then use the
B
EFORE
/A
FTER
radio button in combination with Rule ID text box following this radio button
to decide the new place in the table for this policy, and click the
I
NSERT
button.
The policy will be moved to the new place in the table.
Checking Policy Statistics
Select the policy whose statistics you want to check from the access policy table and click the
L
OG
button.
This will display the policy statistics page.
Not selecting the
S
ECURITY
option may allow insecure data transmission through the
NetVanta 2000 series.
If insecure data transmission is allowed because a VPN policy is removed after the
S
ECURITY
option has been performed on an access policy, no user notification will be
given. To ensure data security, verify each access policy after VPN changes are made.
Page 62 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
62
© 2002 ADTRAN, Inc.
61200361L1-1E
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ
The From DMZ Policy Configuration page is displayed by clicking
A
CCESS
P
OLICIES
: F
ROM
DMZ
in the
menu list on the left side of the display window. From DMZ outbound policies apply to all data received by
the NetVanta 2000 series on the DMZ interface.
The From LAN Policy Configuration page displays a list of all current policies and provides an easy way
to organize them using the
R
ULE
ID
field.
Before creating a new From DMZ outbound policy decide the appropriate priority for the policy.
All
policies are displayed in descending order according to priority. Using the
A
DD
drop down menu
containing
BEFORE
,
AFTER
,
BEGINNING
, and
END
options, configure the placement of the policy and
click the
A
DD
button. The Internet Access Policy Configuration page is displayed. A discussion of the
fields found on the Internet Access Policy Configuration page follows the figure.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> R
ULE
ID
The
R
ULE
ID
number is a system-wide unique policy ID generated by the NetVanta 2000 series when a new
access policy is created.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> P
OLICY
C
LASS
The
P
OLICY
C
LASS
field is populated automatically by the NetVanta 2000 series using the current policy
class (VPN, To/From LAN, To/From DMZ).
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> S
OURCE
/D
ESTINATION
The
S
OURCE
IP/D
ESTINATION
IP
displays the source and destination IP addresses used for the policy. All IP
records previously defined in the IP table will appear in this drop down menu. Select the predefined IP
record, or choose
O
THER
and define the source/destination IP using the IP and Mask Bits text boxes below
the drop down menu.
A
NY
option in this menu represents all valid IP addresses in the Internet address
space.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> D
ESTINATION
P
ORT
The
D
ESTINATION
P
ORT
drop down menu lists all definitions made in the services table. Choose one of the
predefined destination port entries, or choose
O
THER
and define the destination port or port range using the
text boxes below the drop down menu. To define a single port, enter the desired port value in the port range
start text box and leave the port range text box empty.
A
NY
option in this menu represents the complete port
range from 1 to 65535.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> P
ROTOCOL
T
YPE
The
P
ROTOCOL
T
YPE
drop down menu selects the transport protocol for this access policy. If the desired
transport protocol is not listed in the menu, choose
O
THER
and enter the desired IP based transport protocol
number in the text box below the drop down menu.
Page 63 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
63
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> A
CTION
T
YPE
The
A
CTION
T
YPE
menu defines the policy as a Permit or Deny policy. Permit policies allow traffic matched
by the policy selectors to pass through and Deny policies blocks that traffic.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> T
IME
S
CHEDULE
U
SED
The
T
IME
S
CHEDULE
U
SED
menu attaches a predefined time schedule to the Permit type access policy. This
activates the policy only in the time windows defined in the selected time schedule.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> E
NABLE
L
OG
The
E
NABLE
L
OG
radio button selectively enables or disables event logging for the access policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> E
NABLE
NAT
The
E
NABLE
NAT
radio button provides control to enable or disable NAT for the policy.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> NAT N
AME
The
NAT N
AME
drop down menu lists all entries from the NAT table. To manually define the NAT out pool
address here, select
O
THER
and enter the out pool IP address in the text boxes below the drop down menu.
> P
OLICIES
> A
CCESS
P
OLICIES
: F
ROM
DMZ > C
ONFIGURATION
> S
ECURITY
Since access policy and VPN policy selectors are created separately and act independently, the
S
ECURITY
radio button configures the NetVanta 2000 series to check for the existence of a VPN policy for all the
network traffic governed by this access policy. If any traffic that would pass this access policy would be
sent in the clear, that is, not over an already defined VPN policy, an error will be generated to notify the
user.
Not selecting the
S
ECURITY
option may allow insecure data transmission through the
NetVanta 2000 series.
If insecure data transmission is allowed because a VPN policy is removed after the
S
ECURITY
option has been performed on an access policy, no user notification will be
given. To ensure data security, verify each access policy after VPN changes are made.
Page 64 / 210
Section 4, User Interface Guide
NetVanta 2000 Series System Manual
64
© 2002 ADTRAN, Inc.
61200361L1-1E
Changing the Priority of a Policy
You can change the access policy priority by two ways: You can do simple priority corrections by using the
up (-) and down (¯) buttons, which are located at the end columns of each policy in the access policy table.
Clicking the up or down button increases or decreases the priority of the access policy with respect to its
neighboring policies.
Alternative way can be used for major priority corrections. Select the policy whose priority you want to
change by entering its Rule ID in the text box located after
P
LACE
R
ULE
tab. This is located at the end of
the policy table.
Then use the
B
EFORE
/A
FTER
radio button in combination with Rule ID text box following this radio button
to decide the new place in the table for this policy, and click the
I
NSERT
button.
The policy will be moved to the new place in the table.
Default Access Policies
By default, the NetVanta 2000 series has eight corporate outbound policies configured for accessing
popular Internet services from corporate network. With these default access policies any host in the
corporate network can access the specified services on any host in the Internet. You can modify these
policies to suite your network access policy.
> P
OLICIES
> VPN
When adding a VPN policy, decide its priority. By default, new VPN policies will be added with the least
priority (i.e., at the end of the VPN policy table).
For setting the priority of a new VPN policy, select the
AFTER
or
BEFORE
option from the drop down
A
DD
menu. Enter the existing VPN policy name to use as the placing guide for the newly added VPN
policy.
VPN policies may be added using either manual or automatic key management.
Deleting A VPN Policy
Select he VPN policy you want to delete from the VPN policy table and click the
D
ELETE
button. This will
bring up the VPN policy delete confirmation dialog.
Default access policies have NAT enabled.
Page 65 / 210
NetVanta 2000 Series System Manual
Section 4, User Interface Guide
61200361L1-1E
© 2002 ADTRAN, Inc.
65
If you answer affirmative to this dialog by clicking
Y
ES
, the VPN policy will be removed.
Editing A VPN Policy
Select the VPN policy you want to edit from the VPN policy table and click
M
ODIFY
button. This brings the
selected VPN policy in the edit mode.
Here you can make the desired changes to the VPN policy.
Viewing A VPN Policy
Select the VPN policy you want to view from the VPN policy table. Click on the
S
HOW
button. This shows
the selected VPN policy in non-editable form.
This VPN policy view does not show any keying information.
Changing Priority of A VPN Policy
Similar to access policies you can change the priority of VPN policy by two ways: You can do simply
priority corrections by using the up (-) and down (¯) buttons, which are located at the end columns of each
policy in the VPN policy table. Clicking the up or down button increases or decreases the priority of the
access policy with respect to its neighboring policies.
Alternative way can be used for major priority corrections. Select the policy whose priority you want to
change by entering its policy name in the text box located after
P
LACE
tab. This is located at the end of the
policy table.
Then use the drop down menu with
BEFORE/AFTER
options and the next VPN policy-name text box to
define the new place for this VPN policy in the table. Click the
OK
button.
The VPN policy will be moved to the new place in the table.
To configure security policy you have to select the choice
Y
ES
in the
A
CCESS
P
OLICIES
.
If there are secure communications active using this VPN policy, they may get disrupted.
If there are secure communications active using this VPN policy, they may get disrupted
due to the changes in the VPN policy parameters.
If the access policies are wider than IPsec policies the traffic which doesn't falls in the
range will be passed through as plain packets.

Rate

4 / 5 based on 1 vote.

Popular Adtran Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top