Instruction/ maintenance manual of the product Version 4.3 3Com
Go to page of 171
3Com® T elecomm uting Module User Manual V er sion 4.3.
3Com® T elecomm uting Module User Manual: V ersion 4.3 Part Number BET A Published December 2005 3Com Corporation, 350 Campus Drive, Marlbor ough MA 01752-3064 Copyright © 2005, 3Com Corporation.
T ab le of Contents Part I. Intr oduction to 3Com VCX IP T elecommuting Module ............................................................................. i 1. Introduction to 3Com VCX IP T elecommuting Module .......................................
P ar t I. Introduction to 3Com VCX IP T elecomm uting Module.
Chapter 1. Intr oduction to 3Com VCX IP T elecommuting Module Some of the functions of 3Com VCX IP T elecommuting Module are: • SIP proxy: Forwarding of SIP requests. • Protection against such attacks as address spoofing. • Logging/alarm locally on the T elecommuting Module, via email and/or via syslog.
Chapter 1. Intr oduction to 3Com VCX IP T elecommuting Module Fig 1. T elecommuting Module in DMZ configuration. DMZ/LAN Configuration Using this configuration, the T elecommuting Module is located on the DMZ of your firew all, and connected to it with one of the interfaces.
Chapter 1. Intr oduction to 3Com VCX IP T elecommuting Module • Select an IP address for the T elecommuting Module on your network. • The network interfaces are mark ed with 1 and 2. These numbers correspond to the physical interfaces eth0 and eth1 respectiv ely , the latter which should be use in the installation program.
Chapter 1. Intr oduction to 3Com VCX IP T elecommuting Module When the T elecommuting Module is configured, the firew all connected to it must also be reconfigured (for the DMZ and DMZ/LAN T elecommuting Module T ypes). • Allow UDP and TCP traf fic in the port interv al used for media streams by the T elecommuting Module, and port 5060.
Chapter 2. Installing 3Com VCX IP T elecommuting Module Installation There are three ways to install an 3Com VCX IP T elecommuting Module: using a serial cable, using a diskette or perform a magic ping.
Chapter 2. Installing 3Com VCX IP T elecommuting Module • Ping this IP address to giv e the T elecommuting Module its new IP address. Y ou should recei ve a ping reply if the address distribution w as successful. • Configure the rest through a web bro wser .
Chapter 2. Installing 3Com VCX IP T elecommuting Module Then enter a password for the T elecommuting Module. This is the password you use in your web browser to access and change the T elecommuting Module’ s configuration. Finally , you can reset all other configuration if you want to.
Chapter 2. Installing 3Com VCX IP T elecommuting Module T elecommuting Module). The network mask determines the number of computers that can act as configuration computers. Network number [0.0.0.0]: 10.47.2.0 Netmask/bits [255.255.255.0]: 255.255.255.
Chapter 2. Installing 3Com VCX IP T elecommuting Module Y ou ha ve now entered the follo wing configuration Network configuration inside: Physical de vice name: eth0 IP address: 192.168.150.2 Netmask: 255.255.255.0 Deactiv ate other interfaces: no Computer allowed to configure from: IP address: 192.
Chapter 2. Installing 3Com VCX IP T elecommuting Module Follo wing is a sample run of the installation program on the diskette. Basic unit installation program version 4.3 Press return to keep the default v alue Network configuration inside: Physical de vice name[eth0]: IP address [0.
Chapter 2. Installing 3Com VCX IP T elecommuting Module Static routing: The network allo wed to configure from is not on a network local to this unit. Y ou must configure a static route to it. Gi ve the IP address of the router on the network this unit is on.
Chapter 2. Installing 3Com VCX IP T elecommuting Module Remember to loc k up the T elecommuting Module The T elecommuting Module is a computer with special software, and must be protected from unauthorized physical access just as other computers performing critical tasks.
Chapter 3. Configuring 3Com VCX IP T elecommuting Module Y ou connect to your 3Com VCX IP T elecommuting Module by entering its name or IP address in the Location box of your web browser . Logging on Before you can configure the T elecommuting Module, you must enter your administrator username and password or RADIUS username and password.
Chapter 3. Configuring 3Com VCX IP T elecommuting Module Note: Y ou will not be logged out automatically just by directing your web bro wser to a different web address. Y ou should log out using the button to mak e the browser forget your username and passw ord.
Chapter 3. Configuring 3Com VCX IP T elecommuting Module Basic Configuration Under Basic Configuration , select T elecommuting Module T ype and the name of the T elecommuting Module. Y ou also enter IP addresses for gate way and DNS server . Here you also configure if the T elecommuting Module should interact with a RADIUS or an SNMP server .
Chapter 3. Configuring 3Com VCX IP T elecommuting Module logging wanted under Logging . This is also where the logs of traf fic through the T elecommuting Module are viewed. When the configuration is complete, apply it. Go to Sa ve/Load Configuration under Administration .
Chapter 3. Configuring 3Com VCX IP T elecommuting Module Y ou can sa ve the preliminary configuration to a file on your work station (the computer that is running your web browser). Select Sa ve to local file on the Sa ve/Load Configuration page.
Chapter 3. Configuring 3Com VCX IP T elecommuting Module T elecomm uting Module IP address IP addresses are written as four groups of numbers with dots between them. The numbers must be between 0 and 255 (inclusiv e); for example, 192.168.129.17. Mask/Bits The binary system uses the numbers 0 and 1 to represent numbers.
Chapter 3. Configuring 3Com VCX IP T elecommuting Module See appendix C, Lists of Reserved Ports, ICMP T ypes and Codes, and Internet Protocols, for more information on netmasks. Name queries in 3Com VCX IP T elecomm uting Module A T elecommuting Module should be as independent of other computers as possible.
P ar t II. How T o In the How T o part, you find step-by-step descriptions for many common configurations for the T elecommuting Module. Y ou also find references to rele vant chapters in Part III, Description of 3Com VCX IP T elecommuting Module settings.
Chapter 4. Ho w T o Configure SIP 3Com VCX IP T elecommuting Module provides a lot of SIP possibilities. In this chapter , the most common SIP setups are setup with step-by-step instructions for the configuration.
Chapter 4. How T o Configur e SIP Surr oundings T o make the T elecommuting Module aware of the network structure, the networks defined abo ve should be listed on the Surroundings page. One effect of this is that tra ffic between two users on dif ferent networks, or between one of the listed networks and a network not listed here, is N A T :ed.
Chapter 4. How T o Configur e SIP Routing On the Routing page, you can enter the SIP server managing your SIP domain. Enter the name or IP address of the SIP server under Outbound pr oxy . If you enter the server name here, all SIP traf fic from the inside will be directed to this server , regardless of where it is bound to.
Chapter 4. How T o Configur e SIP Here are the settings needed for this. It is assumed that the T elecommuting Module already has a network configuration. Only the additional SIP settings are listed. Netw orks and Computers The T elecommuting Module must know the netw ork structure to be able to function properly .
Chapter 4. How T o Configur e SIP Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP e vent logging. Routing If the SIP server is located on a N A T ed network, all SIP traf fic from the outside will be directed to the T elecommuting Module, which must know where to forw ard it.
Chapter 4. How T o Configur e SIP If the SIP server is an LCS (Li ve Communications Server) or some other serv er that does not accept more than one V ia header in SIP packets, you must enter the SIP server IP address in the Remov e VIA headers table.
Chapter 4. How T o Configur e SIP Here are the settings needed for this. It is assumed that the T elecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on.
Chapter 4. How T o Configur e SIP Basic Configuration If no other SIP routing information is entered, the T elecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration .
Chapter 4. How T o Configur e SIP Here are the settings needed for this. It is assumed that the T elecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on.
Chapter 4. How T o Configur e SIP make the T elecommuting Module strip SIP packets of extra V ia headers when it sends those packets to the server , and add the V ia headers when the response packets are receiv ed.
Chapter 4. How T o Configur e SIP Here are the settings needed for this. It is assumed that the T elecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on.
Chapter 4. How T o Configur e SIP Basic Configuration If no other SIP routing information is entered, the T elecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration .
Chapter 4. How T o Configur e SIP Routing If the SIP server is located on a N A T ed network, all SIP traf fic from the outside will be directed to the T elecommuting Module, which must know where to forw ard it.
Chapter 4. How T o Configur e SIP Basic Configuration If no other SIP routing information is entered, the T elecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration .
P ar t III. Description of 3Com VCX IP T elecomm uting Module Settings This part contains complete descriptions of settings in 3Com VCX IP T elecommuting Module.
Chapter 5. The Serial Console Some settings are av ailable without having to log on the web interf ace, but instead connecting to the T elecommuting Module console via the serial cable.
Chapter 5. The Serial Console 3. Become a failo ver team member Make this T elecommuting Module member of a failover team. 4. Leave failo ver team and become standalone Make this T elecommuting Module leave its failo ver team. 5. Wipe email logs Remov e all log messages queued to be sent by e-mail.
Chapter 5. The Serial Console Deactivate other interfaces If the T elecommuting Module has been used one or more interfaces are acti ve. Select here if all interfaces b ut the one selected abov e should be deactiv ated. Y ou can activ ate them again via the web GUI.
Chapter 5. The Serial Console Static routing: The network allo wed to configure from is not on a network local to this unit. Y ou must configure a static route to it. Gi ve the IP address of the router on the network this unit is on. The IP address of the router [0.
Chapter 5. The Serial Console Load preliminary configuration The configuration file selected here will be uploaded as a preliminary configuration. The permanent configuration will not be affected. T o load the configuration, select this alternative and then start the transfer in your terminal program.
Chapter 5. The Serial Console yes will make the T elecommuting Module reboot, remove all current configuration and apply the ne w settings. It will then wait for configuration from the other team member . no will make the T elecommuting Module start over again asking for ne w settings, starting with the dedicated interface.
Chapter 6. Basic Configuration Under Basic Configuration , you configure: • T elecommuting Module T ype • The name of the T elecommuting Module • The computers and networks from which the T e.
Chapter 6. Basic Configuration P olicy For Ping T o the T elecommuting Module Here, you specify how the T elecommuting Module should reply to ping packets to its IP addresses. Y ou can choose between Never r eply to ping , Only reply to ping fr om the same interface and Reply to ping to all IP addresses .
Chapter 6. Basic Configuration IP address Shows the IP address of the DNS name or IP address you entered in the previous field. DNS Servers Here, you configure DNS servers for the T elecommuting Module.
Chapter 6. Basic Configuration For each network interf ace, you also specify whether or not the T elecommuting Module can be configured via this network interface. Y ou also select what kind of authentication will be performed for the users trying to access the web interface.
Chapter 6. Basic Configuration Configuration via HTTP Select which IP address and port the T elecommuting Module administrator should direct her web browser to when HTTP is used for T elecommuting Module configuration. Y ou can select from the T elecommuting Module IP addresses configured on the Interface pages under Network .
Chapter 6. Basic Configuration Range The Range shows all IP addresses from w hich the T elecommuting Module can be configured. The range is calculated from the configuration under DNS name or network addr ess and Netmask/Bits . Check that the correct information was entered in the DNS name or network addr ess and Netmask/Bits fields.
Chapter 6. Basic Configuration RADIUS server Enter the DNS name or IP address for the RADIUS serv er used for authentication. In IP address , the IP address of the serv er is shown. It is updated whene ver Look up all IP addresses again is pressed, or the DNS name or IP address field is changed.
Chapter 6. Basic Configuration NAS-Identifier Y ou can enter a special identifier into this field. All characters except space are allo wed according to the T elecommuting Module, but your RADIUS serv er may have some restrictions on the identifier .
Chapter 6. Basic Configuration Cancel Rev erts all of the above fields to their pre vious configuration. Look up all IP addresses a gain Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page.
Chapter 6. Basic Configuration Contact person Enter the name of the contact person for this 3Com VCX IP T elecommuting Module. This information is sent with the parameter list as reply to an SNMP request from the server . Node location Enter the location of the T elecommuting Module.
Chapter 6. Basic Configuration Create Enter the number of new ro ws you want to add to the table, and then click on Cr eate . SNMP v3 In SNMP version 3, the authentication is managed through the serv er sending a username and an (in most cases) encrypted password to the T elecommuting Module, which verifies the validity of them.
Chapter 6. Basic Configuration T rap sending Select if trap sending (at boot and failed SNMP authentication) should be On or Off . T rap receiver Enter the IP address, or a name in the DNS, of the server to which the T elecommuting Module should send traps.
Chapter 6. Basic Configuration Look up all IP addresses a gain Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page.
Chapter 6. Basic Configuration Expire in The expiration time defines ho w many days the certificate will last. Default time is 365 days, one year . Common Name Here, you enter the host name or IP address of the T elecommuting Module. Email address Enter the email address of the T elecommuting Module administrator .
Chapter 6. Basic Configuration Organization The name of the organization/compan y owning the T elecommuting Module. Organizational Unit The department using the T elecommuting Module.
Chapter 6. Basic Configuration Information Information about this certificate, such as the signing CA and expiration date. Delete Row If you select this box, the row is deleted when you click on Add new rows or Sa ve . Create Enter the number of new ro ws you want to add to the table, and then click on Cr eate .
Chapter 6. Basic Configuration On your firew all, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for R TP traffic between the T elecommuting Module and the Internet. The other interface is connected to your internal network.
Chapter 6. Basic Configuration Change T elecommuting Module T ype to Select a new T elecommuting Module T ype here. Change type Press the Change type button to set the ne w T elecommuting Module T ype. This setting, like others, must be applied on the Sa ve/Load Configuration page before it affects the T elecommuting Module functionality .
Chapter 7. Netw ork Configuration Under Network , you configure: • Network groups which are used for the T elecommuting Module configuration • The T elecommuting Module’ s IP addresses on all.
Chapter 7. Network Configuration Subgr oup An already defined group can be used as a subgroup to ne w groups. Select the old group here and leave the fields for DNS name empty . Select ’-’ as Interface/VLAN . If you don’t want to use a subgroup, select ’-’ here.
Chapter 7. Network Configuration Save Sav es the Networks and Computers configuration to the preliminary configuration. Cancel Clears and resets all fields in ne w rows and reset changes in old ro ws.
Chapter 7. Network Configuration Name A name for this IP address. Y ou can use this name when configuring the administration IP address. This name is only used internally in the T elecommuting Module. DNS name or IP address The name/IP address of the T elecommuting Module on this network interface on this directly connected netw ork.
Chapter 7. Network Configuration Name Enter the name of your alias. This name is only used internally in the T elecommuting Module. DNS name or IP address Enter the IP address of this alias, or a name in the DNS. If you enter a DNS name instead of an IP address, you must enter the IP address of a DNS server on the Basic Configuration page.
Chapter 7. Network Configuration Routed network Enter the DNS name or IP address of the routed network under DNS name or network addr ess . The IP address of the routed network is sho wn under Network address . In the Netmask field, enter the netmask of the network.
Chapter 7. Network Configuration Name The name of this VLAN. The name is only used in the T elecommuting Module web interface to help you keep track of the different VLANs. Interface Select an interface for this VLAN. VLAN id Enter a VLAN id. A VLAN id is just a number .
Chapter 7. Network Configuration Ph ysical device This tells the physical de vice name of the network interface. The physical interface eth0 corresponds to Netw ork Interface 1, and eth1 corresponds to Network Interf ace 2. T ype Here the speed options for the interface are sho wn.
Chapter 7. Network Configuration Netw ork Select a network. The alternati ves are the networks you defined on the Networks and Computers page. Delete Row If you select this box, the row is deleted when you click on Add new rows or Sa ve . Create Enter the number of new ro ws you want to add to the table, and then click on Cr eate .
Chapter 8. SIP Services SIP (Session Initiation Protocol) is a protocol for creating and terminating v arious media stream sessions over an IP network. It is for example use d for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination of a session with one or more participants.
Chapter 8. SIP Services SIP Servers T o Monitor Y our T elecommuting Module can be made to monitor SIP servers, to check that the y are alive. The information is used by the T elecommuting Module when SIP signaling should be passed on to the server in question.
Chapter 8. SIP Services Log class f or SIP signaling For each SIP packet, the T elecommuting Module generates a message, containing the sender and receiv er of the packet and what type of packet it is.
Chapter 8. SIP Services Select whether the T elecommuting Module should accept Refer-T o headers without angle brackets, but containing question marks. The recommended setting is Only allow Refer -T o ? with angle brackets . Remo ve VIA headers Some SIP servers won’ t accept requests with more than one V ia header .
Chapter 8. SIP Services Delete Row If you select this box, the row is deleted when you click on Add new rows , Sa ve , or Look up all IP addresses again .
Chapter 8. SIP Services Here, you select if SIP URL encryption should be used or not. Expires header Some SIP clients don’t understand the e xpires: parameter in the Contact header .
Chapter 8. SIP Services The Record-Route header makes all subsequent SIP signaling for this session to be routed via the T elecommuting Module ev en if it is not the shortest route. Here, you select to add Record-Route headers for outbound requests or not.
Chapter 8. SIP Services Accept TCP Marked As TLS When a TLS accelerator is used, SIP packets can be sent to the T elecommuting Module via TCP , but the packet content will look as if TLS was used. Select if TCP packets with TLS content should be accepted.
Chapter 8. SIP Services Note: If more than one Messenger client performs file transfer through the T elecommuting Module at the same time, they could end up sending to each other’ s peers instead of their own. An attack er could possibly use this to intercept transfered files; don’t use this mechanism to transfer sensisti ve data.
Chapter 8. SIP Services Timeout for registrations Enter the timeout (in seconds) before a registration becomes obsolete. When the timeout is reached, the re gistrar discards the registration. Allowed n umber of users Enter the maximum number of users allo wed to register in the SIP registrar .
Chapter 8. SIP Services Allowed n umber of concurrent sessions Enter the number of concurrent SIP sessions which the T elecommuting Module should handle. Leav e the field empty to allow as man y sessions as there are SIP traversal licenses on the T elecommuting Module (number displayed inside parantheses).
Chapter 8. SIP Services Example: If the Base retransmission timeout is 0.5 seconds and the Maximum number of r etransmissions is 6, the INVITE requests will be sent with interv als of 0.
Chapter 8. SIP Services Select two IP addresses out of the ones assigned to the T elecommuting Module under Directly Connected Networks and Alias on the interface pages. Note: for the STUN server to w ork properly , you need to select IP addresses which the clients can reach.
Chapter 9. SIP T raffic SIP (Session Initiation Protocol) is a protocol for creating and terminating v arious media stream sessions over an IP network. It is for example use d for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination of a session with one or more participants.
Chapter 9. SIP T raffic Method Enter the name of the SIP method. This should be the name used in RFC 3261. T raffic to Here, you select the direction of the traf fic. Local domains means that traffic to Local SIP Domains of this T elecommuting Module is affected by this ro w .
Chapter 9. SIP T raffic Domain or IP address Enter the domain name or IP address of the external SIP proxy . P or t Enter the port number of the external SIP proxy . If no port number is entered, the T elecommuting Module will make a DNS query for an SR V record.
Chapter 9. SIP T raffic Domain Enter the domain name of the SIP domain. Relay to Enter the IP address for the SIP registrar handling the domain. Y ou can also enter a DNS name for the SIP registrar , if it has a DNS-resolvable ho st name, even if the SIP domain is not possible to look up in DNS.
Chapter 9. SIP T raffic Session Status Y ou can monitor the current SIP acti vity . The tables are updated when you select the page or reload it. Registered Users Here the currently registered users are listed. User The SIP address of the registered user .
Chapter 10. Administration Under Administration, you • apply your configuration • define administrator users and change their passwords • sav e the preliminary configuration to file • load.
Chapter 10. Administration Sav e configuration saves your preliminary configuration to the permanent configuration and puts it into use. Continue testing shows a ne w page with only the other two b uttons. Revert cancels this test of the pr eliminary configuration without saving.
Chapter 10. Administration Abort All Edits Abort all edits copies the permanent configuration to the preliminary configuration. All changes made in the preliminary configuration are deleted. Reload Factory Configuration The factory configuration is the standard configuration that is deli vered with a T elecommuting Module.
Chapter 10. Administration P assw ord For the ’admin’ Account The admin user is predefined. That user can make changes, load configurations, apply configurations and log on the T elecommuting Module via the serial cable. Y ou can’t remo ve this user or change its privile ges, only change its password.
Chapter 10. Administration Account T ype Select what privile ges this user should hav e. Full Access means that the user can make an y changes to the configuration. This is the same privileges as t he admin user has in the web GUI, but only the admin user can log on via the serial cable.
Chapter 10. Administration Log out If your user has full access to the web interface, you can log out other users. Ho wev er, if you do not change their password (or change the Account type to Of f), they can just log on again. Upgrade Read these instructions carefully before upgrading.
Chapter 10. Administration Step 4 When you hav e pressed T ry the upgrade and the T elecommuting Module has rebooted, you will see two buttons on top of ev ery web page: Accept upgrade and Abort upgrade . Now , you can choose to make the upgrade permanent or to rev ert to the old version.
Chapter 10. Administration Edit Column Select if all, some or none of the T elecommuting Module tables should hav e an Edit column. If you select that some tables hav e an Edit column, you also enter the size required to add the Edit column. Alwa ys have an Edit column Regardless of the table size, all tables will ha ve an Edit column.
Chapter 10. Administration The Time zone field sho ws the current time zone setting. Change time zone by selecting one in the left-hand box and press the Change time zone button. Change Date and Time Manually Here you change the T elecommuting Module clock manually .
Chapter 10. Administration Synchr oniz e time with NTP Here, select if NTP synchronizing should be enabled or not. Enter servers to sync with in the table belo w . DNS name or IP address The name/IP address of the NTP server to which the T elecommuting Module should connect.
Chapter 10. Administration Reboot Y our 3Com VCX IP T elecommuting Module When this button is pressed, the T elecommuting Module will immediately reboot.
Chapter 11. Logging 3Com VCX IP T elecommuting Module can log different types of traf fic, attempts to connect and other ev ents. Y ou can select to hav e the logs stored on the T elecommuting Module’ s local hard drive, in w hich case they can be queried.
Chapter 11. Logging you can select allowed, un-N A T :ed packets only . IP Address Selection Y ou can limit the selection by specifying certain IP addresses. In these fields, enter a single IP address (e. g., 10.3.27.3), a range of IP addresses (e. g.
Chapter 11. Logging A to B Packets from A to B match es. B to A Packets from B to A match es. Between A&B Packets from A to B, or from B to A, matches. not this combination Packets that do not match th e given combination of A and B are sho wn in the log.
Chapter 11. Logging Time Limits Y ou can limit the selection by a time interv al. The date is written as a year with two or four digits, month (01-12) and day (01-31).
Chapter 11. Logging The rows sho w the date and time, type of protocol, from interface, computer and port, to interface, computer and port, ICMP type for ICMP traf fic, flags, whether the packet was accepted, rejected or discarded, and the reason for this.
Chapter 11. Logging Once ev ery minute the load on all interfaces is scanned and sav ed to a local file. Every file contains 240 samples and a file generation consists of 42 files. The first generation of files contains samples for the last week (approximately).
Chapter 11. Logging interface will generate one graph per interface. Y ou can also select to view only VPN traf fic. Direction Select one or more of Sent , Received and Sent+Recei ved . Each selection generates a separate graph in the diagram. V alue Select maximum, av erage or minimum value of each sample period.
Chapter 11. Logging Resour ce Monitoring Y our T elecommuting Module can send SNMP traps when usage passes certain le vels. Set the lev els on this page. The trap receiv ers are configured on the SNMP page. For each usage, there is an Alarm by and a Resume by le vel.
Chapter 11. Logging The T elecommuting Module also produces log messages for SIP-related and VPN-related ev ents as well as administrator ev ents (when the administrator logs on or when a setting is changed). Here, you configure what will happen to these log messages.
Chapter 11. Logging W arnings Log class f or hard ware error s Some T elecommuting Modules hav e hardware monitoring, and will generate log messages when the hardware fails in some way .
Chapter 11. Logging Log class f or IPsec key negotiation Here, you set the log class for ne w negotiations of IPsec connections keys. Log class f or IKE and NA T -T packets Here, you set the log class for the packets used for IKE ke y negotiations and for N A T -T packets.
Chapter 11. Logging Log class f or SIP packets The T elecommuting Module logs all SIP packets (one SIP packet is man y lines). Select a log class for the SIP packets. Log class f or SIP debug messa g es The T elecommuting Module logs a lot of status messages, for example the SIP initiation phase of a reboot.
Chapter 11. Logging Name Here, you giv e the log class a Name . Log locally? Select to sav e log messages to a local file on the T elecommuting Module. Locally saved logs can be searched on the Display Log page. Y es will cause the log messages using this log class to be sa ved to file.
Chapter 11. Logging SMTP Server Here, you set an SMTP server for the log messages that the T elecommuting Module generates. This server will send the email messages to the email addresses set on the Log Classes page.
Chapter 12. F ailo ver The 3Com VCX IP T elecommuting Module failov er function makes it possible to hav e a hot standby unit which always has the current configuration and which automatically tak es over when the acti ve unit goes do wn. The two units become a failover team .
Chapter 12. F ailover • Go to the F ailover Settings page and select the interface which should be directly connected to the other T elecommuting Module as Dedicated interface to use . Check the Dedicated network to see that it doesn’t clash with any of your internal netw orks.
Chapter 12. F ailover DNS name or network ad dress In the DNS name or network addr ess field, enter the DNS name or IP address of the dedicated network. Network ad dress Shows the IP address of the DNS name or network address you entered in the pre vious field.
Chapter 12. F ailover Look up all IP addresses a gain Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page.
Chapter 12. F ailover F ailover Status Here are the settings used by the T elecommuting Module for failov er communication. T ype A T elecommuting Module can be Standalone or a T eam member . Dedicated interface If the T elecommuting Module is a member of a failov er team, the interface used for failov er communication is shown here.
Chapter 12. F ailover 2. Change type of the Active T elecommuting Module on the Failov er Settings page by pressing the Deactivate failover b utton. If you want to replace a unit in the failo ver team, you must first split the team and then make a ne w one.
Chapter 13. T ools Under T ools , you find handy tools to troubleshoot the T elecommuting Module setup. P acket Capture 3Com VCX IP T elecommuting Module has a built-in packet capturer which can produce pcap trace files.
Chapter 13. T ools Pr otocol/P or t Selection Y ou can limit the selection by specifying certain protocols. All IP protocols No restriction regarding protocols. TCP/UDP When selecting TCP or UDP , you can choose all packets or pack ets to certain ports only .
Chapter 13. T ools only those matching certain criteria. In the type and code fields, you can enter a single number (e. g., 5), a range of numbers (e. g., 5-10), a list of numbers and ranges, separated by commas (e. g., 5, 10-20) or nothing at all. If the field is empty , any type or code will match.
Chapter 14. Fire wall and Client Configuration Additional configuration for the fire wall and the SIP clients is required to make the T elecommuting Module work properly . The amount and nature of the configuration depends on which T elecommuting Module T ype was selected.
Chapter 14. F ir ewall and Client Configuration • N A T between the T elecommuting Module and the Internet must not be used. • N A T between the T elecommuting Module and the internal networks must not be used.
Chapter 14. F ir ewall and Client Configuration SIP c lients The SIP clients on the internal network should ha ve the T elecommuting Module’ s IP address on that network as their outgoing SIP proxy and registrar .
P ar t IV . Appendices In the appendices, you find more thorough information about Internet and computer security , such as descriptions of Internet services and lists of Internet protocols.
Appendix A. More About SIP The SIP pr otocol SIP (Session Initiation Protocol), defined in RFC 3261 (with v arious extensions), handles creation, modification and termination of various medi a stream sessions over an IP network. It is for e xample used for Internet telephone calls and distribution of video streams.
Appendix A. Mor e About SIP often opens up certain protocols and ports in adv ance, but now you don’ t know which ports to open. T o handle SIP through a firew all which doesn’t understand the SIP concept, all ports must be open all the time, which would mak e the firew all somewhat unnecessary .
Appendix B. T r oubleshooting T roubleshooting the T elecommuting Module largely consists of checking the hardware (the T elecommuting Module, the network connectors, ...) and checking the T elecommuting Module log. The log is usually an excellent tool in finding out why the T elecommuting Module does not do what you wanted it to do.
Appendix B. T roubleshooting • Check that the (on the Logging Configuration page). A call is established, b ut there is no v oice • If you use a DMZ T elecommuting Module T ype, check on the Surroundings page that you ha ve separated the clients into correct networks.
Appendix B. T roubleshooting The T elecommuting Module is unaccessib le for some time when trying to apply a configuration There is something in the new configuration that does not allow you to access the web configuration interface. • Check the log to see if your access attempts reached the T elecommuting Module.
Appendix C. Lists of Reserved P or ts, ICMP T ypes and Codes, and Internet Protocols The following lists discuss the most important ports and the server services that belong to them, and the different types of ICMP messages. Client programs usually use ports between 1024 and 65535.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols Name P or t/protocol Description www-http 80/udp WWW kerberos 88/tcp K erberos kerberos 88/udp K erberos pop2 109/tcp PostOffice V .2 pop3 110/tcp PostOffice V .3 sunrpc 111/tcp RPC 4.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols Name P or t/protocol Description at-echo 204/udp AppleT alk Echo at-5 205/tcp AppleT alk at-5 205/udp AppleT alk at.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols Name P or t/protocol Description mount 635/udp NFS Mount Service pcnfs 640/udp PC-NFS DOS Authentication bwnfs 650/.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols T ype Name Reference 3 Destination Unreachable [RFC792] 4 Source Quench [RFC792] 5 Redirect [RFC792] 6 Alternate Ho.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols ICMP type Name Code Description 5 Source Route Failed 6 Destination Network Unkno wn 7 Destination Host Unknown 8 S.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols ICMP type Name Code Description 35 Mobile Registration Request 36 Mobile Registration Reply Internet pr otocols and their number s The following table lists co mmon Internet protocols and their protocol numbers.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols Protocol n umber Keyw ord Protocol 64 SA T -EXP AK SA TNET and Backroom EXP AK 65 KR YPTOLAN Kryptolan 66 R VD MIT .
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols 1-set bits Mask IP address class 13 255.248.0.0 5 14 255.252.0.0 6 15 255.254.0.0 7 16 255.255.0.0 0 17 255.255.128.0 1 18 255.255.192.0 2 19 255.255.224.0 3 20 255.255.
Appendix C. Lists of Reserved P orts, ICMP T ypes and Codes, and Internet Pr otocols Class IP intervals 7 0-1 2-3 4-5 6-7 8-9 10-11 ... 254-255 8 0 1 2 3 4 5 ... 255 Y ou could ha ve a large network, for e xample 130.234.128.0/18, which is interpreted from the tables as all IP addresses from 130.
Appendix D . Definitions of terms AFS, Andrew File System AFS is a more secure way of distrib uting file systems over a network. If files are mounted o ver the Internet, AFS is fairly secure.
Appendix D. Definitions of terms request a domain called, for instance, service. Belo w , we hav e ‘Company Inc., ’ which consists of three departments: A sales department, a service department, and a computer department. The computer department is divided into an IBM section and a Unisys section.
Appendix D. Definitions of terms 192.165.122.42. Sev eral IP addresses are required to connect sev eral computers in a network; one for each computer . IP addresses were previously d ivided into A networks, B networks and C netw orks, but that terminology is now considered obsolete.
Appendix D. Definitions of terms N A T N A T (Network Address T ranslation), also known as masquerading, is a way to hide a netw ork from outside computers. Used with firew alls to hide the computers on the internal network from the rest of the world.
Appendix D. Definitions of terms T wo NTP servers communicating with each other use port 123 and the UDP protocol. Open W indows Open W indows is a windo w system that is used by sev eral work stations. A similar window system is the X W indow System, which Open W indows is based on.
Appendix D. Definitions of terms Relay When the local network is connected to the Internet through a fire wall, all types of services are usually blocked. It is as if the network is not connected to the Internet. Relays can then be set up to allo w certain services, such as the WWW , to pass through under controlled circumstances.
Appendix D. Definitions of terms Static Routing A fixed path for the contact between computers. W ith a static routing, traffic cannot be redirected to another path if the connection is broken. This would require dynamic routing, for e xample, with RIP .
Appendix E. License Conditions 3Com VCX IP T elecommuting Module contains third party software that is subject to the follo wing license agreements. T o fulfill the license conditions, we must either.
Appendix E. License Conditions 1. This License applies to any program or other w ork which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Appendix E. License Conditions b) Accompany it with a written of fer , valid for at least three years, to gi ve any third party , for a charge no more than your cost of physically performing source di.
Appendix E. License Conditions 9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who pla.
Appendix E. License Conditions Preamble The licenses for most software are designed to take a way your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Appendix E. License Conditions The precise terms and conditions for copying, distrib ution and modification follow . Pay close attention to the difference between a "w ork based on the library" and a "work that uses the library".
Appendix E. License Conditions License, and its terms, do not apply to those sections when you distribute them as separate w orks. But when you distribute the same sections as part of a whole which is.
Appendix E. License Conditions Y ou must gi ve prominent notice with each copy of the work that the Library is used in it and that the Library and its use are cov ered by this License.
Appendix E. License Conditions 11. Each time you redistribute the Library (or an y work based on the Library), the recipient automatically receiv es a license from the original licensor to copy , distribute, link with or modify the Library subject to these terms and conditions.
Appendix E. License Conditions 17. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LA W OR A GREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY O THER P AR TY WHO MA Y MODIFY AND/OR REDISTRIBUTE THE LIBR.
Appendix E. License Conditions USE, D A T A OR PR OFITS, WHETHER IN AN ACTION OF CONTRA CT , NEGLIGENCE OR OTHER TOR TIOUS A CTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTW ARE.
Appendix E. License Conditions The MIT license T erms Copyright (c) 1998 Free Software F oundation, Inc. Permission is hereby granted, free of charge, to an y person obtaining a copy of this software .
Appendix E. License Conditions 4. The names "OpenSSL T oolkit" and "OpenSSL Project" must not be used to endorse or promote products deriv ed from this software without prior written permission. For written permission, please contact openssl-core@openssl.
Appendix E. License Conditions jsew ard@acm.org (mailto:jse ward@acm.org) The lilo license T erms LILO program code, documentation and auxiliary programs are Copyright 1992-1998 W erner Almesberger .
Appendix E. License Conditions 3. Cavium Netw orks’ name may not be used to endorse or promote products derived from this softw are without specific prior written permission. This Software,including technical data,may be subject to U.S. e xport control laws, including the U.
Appendix F . Obtaining Suppor t for Y our 3Com Pr oducts 3Com offers product re gistration, case management, and repair services through eSupport.3com.com. Y ou must hav e a user name and password to access these services, which are described in this appendix.
Appendix F . Obtaining Support for Y our 3Com Products T elephone T echnical Support and Repair T o obtain telephone support as part of your warranty and other service benefits, you must first register your product at: http://eSupport.
Appendix F . Obtaining Support for Y our 3Com Products Country T elephone Number Country T elephone Number Italy 199 161346 U.K. 0870 909 3266 Y ou can also obtain support in this region using this URL: http://emea.
Inde x accounts for administration, 90 administration, 90 AFS, 140 alarm, 98 e-mail errors, 107 hardware errors, 107 RADIUS errors, 107 SNMP errors, 107 Andrew File System, 140 apply configuration, 1.
interoperability SIP , 71 IP , 142 IP address, 18, 141 log selection, 99 reserved, 139 via serial console, 37 IP intervals, 137 IP policy , 42 Kerberos, 140 LGPL, 150 license conditions, 147 limited t.
dynamic, 141 of SIP traffic, 83 static, 146 sav e configuration, 17, 88 via serial console, 39 secret RADIUS, 47 Secure Shell, 145 serial console, 36 basic configuration, 37 main menu, 36 serial nu.
An important point after buying a device 3Com Version 4.3 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought 3Com Version 4.3 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data 3Com Version 4.3 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, 3Com Version 4.3 you will learn all the available features of the product, as well as information on its operation. The information that you get 3Com Version 4.3 will certainly help you make a decision on the purchase.
If you already are a holder of 3Com Version 4.3, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime 3Com Version 4.3.
However, one of the most important roles played by the user manual is to help in solving problems with 3Com Version 4.3. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device 3Com Version 4.3 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center