3Com Version 4.3 - Manual

Chapter 1. Introduction to 3Com VCX IP Telecommuting Module When the Telecommuting Module is configured, the firewall connected to it must also be reconfigured (for theDMZ and DMZ/LAN Telecommuting Module Types). • Allow UDP and TCP traffic in the port interval used for media streams by the Telecomm...

Chapter 2. Installing 3Com VCX IPTelecommuting Module Installation There are three ways to install an 3Com VCX IP Telecommuting Module: using a serial cable, using a diskette orperform a magic ping. Installation with a serial cable or a diskette requires being at the same place as the Telecommuting ...

Chapter 2. Installing 3Com VCX IP Telecommuting Module • Ping this IP address to give the Telecommuting Module its new IP address. You should receive a ping reply if theaddress distribution was successful. • Configure the rest through a web browser. Installation with a serial cable These steps are p...

Chapter 2. Installing 3Com VCX IP Telecommuting Module You have now entered the following configuration Network configuration inside: Physical device name: eth0IP address: 192.168.150.2Netmask: 255.255.255.0Deactivate other interfaces: no Computer allowed to configure from: IP address: 192.168.128.3...

Chapter 2. Installing 3Com VCX IP Telecommuting Module Static routing:The network allowed to configure from is not on a network local to thisunit. You must configure a static route to it. Give theIP address of the router on the network this unit is on. The IP address of the router [0.0.0.0]: 10.47.3...

Chapter 2. Installing 3Com VCX IP Telecommuting Module Remember to lock up the Telecommuting Module The Telecommuting Module is a computer with special software, and must be protected from unauthorized physicalaccess just as other computers performing critical tasks. A locked up Telecommuting Module...

Chapter 3. Configuring 3Com VCX IPTelecommuting Module You connect to your 3Com VCX IP Telecommuting Module by entering its name or IP address in the Location boxof your web browser. Logging on Before you can configure the Telecommuting Module, you must enter your administrator username and password...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module Note: You will not be logged out automatically just by directing your web browser to a different web address. Youshould log out using the button to make the browser forget your username and password. Navigation There is a menu for quick navigat...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module Basic Configuration Under Basic Configuration, select Telecommuting Module Type and the name of the Telecommuting Module. Youalso enter IP addresses for gateway and DNS server. Here you also configure if the Telecommuting Module shouldinteract ...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module logging wanted under Logging. This is also where the logs of traffic through the Telecommuting Module areviewed. When the configuration is complete, apply it. Go to Save/Load Configuration under Administration. SelectApply configuration. Now th...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module You can save the preliminary configuration to a file on your work station (the computer that is running your webbrowser). Select Save to local file on the Save/Load Configuration page. A saved configuration can be loaded to the preliminary conf...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module Telecommuting Module IP address IP addresses are written as four groups of numbers with dots between them. The numbers must be between 0 and255 (inclusive); for example, 192.168.129.17. Mask/Bits The binary system uses the numbers 0 and 1 to re...

Chapter 3. Configuring 3Com VCX IP Telecommuting Module See appendix C, Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols, for more information onnetmasks. Name queries in 3Com VCX IP Telecommuting Module A Telecommuting Module should be as independent of other computers as possi...

Chapter 4. How To Configure SIP 3Com VCX IP Telecommuting Module provides a lot of SIP possibilities. In this chapter, the most common SIPsetups are setup with step-by-step instructions for the configuration. DMZ Telecommuting Module, SIP server on the outside The simplest SIP scenario is when the S...

Chapter 4. How To Configure SIP Surroundings To make the Telecommuting Module aware of the network structure, the networks defined above should be listed onthe Surroundings page. One effect of this is that traffic between two users on different networks, or between one of the listed networks anda ne...

Chapter 4. How To Configure SIP Routing On the Routing page, you can enter the SIP server managing your SIP domain. Enter the name or IP address of theSIP server under Outbound proxy. If you enter the server name here, all SIP traffic from the inside will be directed to this server, regardless of wh...

Chapter 4. How To Configure SIP Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP eventlogging. Routing If the SIP server is located on a NATed network, all SIP traffic from the outside will be directed to theTelecommuting Module, whic...

Chapter 4. How To Configure SIP If the SIP server is an LCS (Live Communications Server) or some other server that does not accept more than oneVia header in SIP packets, you must enter the SIP server IP address in the Remove VIA headers table. This willmake the Telecommuting Module strip SIP packet...

Chapter 4. How To Configure SIP Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains inDNS. DNS servers are entered on the Basic Configuration page under Basic Configuration. Save/Load Configuration Finally, go to the Save/L...

Chapter 4. How To Configure SIP Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains inDNS. DNS servers are entered on the Basic Configuration page under Basic Configuration. Save/Load Configuration Finally, go to the Save/L...

Chapter 5. The Serial Console Some settings are available without having to log on the web interface, but instead connecting to theTelecommuting Module console via the serial cable. Here, the settings available from the console are listed. The serial console is a text user interface which requires a...

Chapter 5. The Serial Console 3. Become a failover team member Make this Telecommuting Module member of a failover team. 4. Leave failover team and become standalone Make this Telecommuting Module leave its failover team. 5. Wipe email logs Remove all log messages queued to be sent by e-mail. 6. Set...

Chapter 5. The Serial Console Deactivate other interfaces If the Telecommuting Module has been used one or more interfaces are active. Select here if all interfaces but theone selected above should be deactivated. You can activate them again via the web GUI. Configuration computers Enter here the co...

Chapter 5. The Serial Console Static routing:The network allowed to configure from is not on a network local to thisunit. You must configure a static route to it. Give theIP address of the router on the network this unit is on. The IP address of the router [0.0.0.0]: 10.47.3.1 Network address [10.47...

Chapter 5. The Serial Console Load preliminary configuration The configuration file selected here will be uploaded as a preliminary configuration. The permanent configurationwill not be affected. To load the configuration, select this alternative and then start the transfer in your terminal program....

Chapter 5. The Serial Console yes will make the Telecommuting Module reboot, remove all current configuration and apply the new settings. It will then wait for configuration from the other team member. no will make the Telecommuting Module start over again asking for new settings, starting with the ...

Chapter 6. Basic Configuration Under Basic Configuration, you configure: • Telecommuting Module Type • The name of the Telecommuting Module • The computers and networks from which the Telecommuting Module can be administered • Policies for ping packets and unwanted packets • Default domain • Default...

Chapter 6. Basic Configuration Policy For Ping To the Telecommuting Module Here, you specify how the Telecommuting Module should reply to ping packets to its IP addresses. You can choosebetween Never reply to ping, Only reply to ping from the same interface and Reply to ping to all IP addresses.Only...

Chapter 6. Basic Configuration IP address Shows the IP address of the DNS name or IP address you entered in the previous field. DNS Servers Here, you configure DNS servers for the Telecommuting Module. The servers are used in the order they appear inthis table, which means that the Telecommuting Mod...

Chapter 6. Basic Configuration For each network interface, you also specify whether or not the Telecommuting Module can be configured via thisnetwork interface. You also select what kind of authentication will be performed for the users trying to access the web interface. To further increase securit...

Chapter 6. Basic Configuration Configuration via HTTP Select which IP address and port the Telecommuting Module administrator should direct her web browser to whenHTTP is used for Telecommuting Module configuration. You can select from the Telecommuting Module IPaddresses configured on the Interface...

Chapter 6. Basic Configuration Range The Range shows all IP addresses from which the Telecommuting Module can be configured. The range iscalculated from the configuration under DNS name or network address and Netmask/Bits. Check that the correctinformation was entered in the DNS name or network addr...

Chapter 6. Basic Configuration RADIUS server Enter the DNS name or IP address for the RADIUS server used for authentication. In IP address, the IP address of the server is shown. It is updated whenever Look up all IP addresses again ispressed, or the DNS name or IP address field is changed. Port The...

Chapter 6. Basic Configuration NAS-Identifier You can enter a special identifier into this field. All characters except space are allowed according to theTelecommuting Module, but your RADIUS server may have some restrictions on the identifier. Contact IP Address Select the IP address from which the...

Chapter 6. Basic Configuration Cancel Reverts all of the above fields to their previous configuration. Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the BasicConfiguration page. Configuration of a RADIUS server In this secti...

Chapter 6. Basic Configuration Contact person Enter the name of the contact person for this 3Com VCX IP Telecommuting Module. This information is sent withthe parameter list as reply to an SNMP request from the server. Node location Enter the location of the Telecommuting Module. This information is...

Chapter 6. Basic Configuration Create Enter the number of new rows you want to add to the table, and then click on Create. SNMP v3 In SNMP version 3, the authentication is managed through the server sending a username and an (in most cases)encrypted password to the Telecommuting Module, which verifi...

Chapter 6. Basic Configuration Trap sending Select if trap sending (at boot and failed SNMP authentication) should be On or Off. Trap receiver Enter the IP address, or a name in the DNS, of the server to which the Telecommuting Module should send traps. Ifyou enter a DNS name instead of an IP addres...

Chapter 6. Basic Configuration Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the BasicConfiguration page. Certificates Here, you create X.509 certificates for the Telecommuting Module, to be used for authentication in variou...

Chapter 6. Basic Configuration Expire in The expiration time defines how many days the certificate will last. Default time is 365 days, one year. Common Name Here, you enter the host name or IP address of the Telecommuting Module. Email address Enter the email address of the Telecommuting Module adm...

Chapter 6. Basic Configuration Organization The name of the organization/company owning the Telecommuting Module. Organizational Unit The department using the Telecommuting Module. Serial number If you generate more than one certificate with the same information, and you want to give them separate n...

Chapter 6. Basic Configuration Information Information about this certificate, such as the signing CA and expiration date. Delete Row If you select this box, the row is deleted when you click on Add new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on...

Chapter 6. Basic Configuration On your firewall, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for RTP trafficbetween the Telecommuting Module and the Internet. The other interface is connected to your internal network.The Telecommuting Module can handle several net...

Chapter 6. Basic Configuration Change Telecommuting Module Type to Select a new Telecommuting Module Type here. Change type Press the Change type button to set the new Telecommuting Module Type. This setting, like others, must beapplied on the Save/Load Configuration page before it affects the Telec...

Chapter 7. Network Configuration Under Network, you configure: • Network groups which are used for the Telecommuting Module configuration • The Telecommuting Module’s IP addresses on all network interfaces • Routings for the networks so that computers behind routers can be contacted • VLAN settings ...

Chapter 7. Network Configuration Subgroup An already defined group can be used as a subgroup to new groups. Select the old group here and leave the fieldsfor DNS name empty. Select ’-’ as Interface/VLAN. If you don’t want to use a subgroup, select ’-’ here. Lower Limit DNS Name Or IP Address Enter t...

Chapter 7. Network Configuration Save Saves the Networks and Computers configuration to the preliminary configuration. Cancel Clears and resets all fields in new rows and reset changes in old rows. Interface (Network Interface 1 and 2) There is a menu selection for each network interface (Network In...

Chapter 7. Network Configuration Name A name for this IP address. You can use this name when configuring the administration IP address. This name isonly used internally in the Telecommuting Module. DNS name or IP address The name/IP address of the Telecommuting Module on this network interface on th...

Chapter 7. Network Configuration Name Enter the name of your alias. This name is only used internally in the Telecommuting Module. DNS name or IP address Enter the IP address of this alias, or a name in the DNS. If you enter a DNS name instead of an IP address, you mustenter the IP address of a DNS ...

Chapter 7. Network Configuration Routed network Enter the DNS name or IP address of the routed network under DNS name or network address. The IP address of the routed network is shown under Network address. In the Netmask field, enter the netmask of the network. Router The name or IP address of the ...

Chapter 7. Network Configuration Name The name of this VLAN. The name is only used in the Telecommuting Module web interface to help you keep trackof the different VLANs. Interface Select an interface for this VLAN. VLAN id Enter a VLAN id. A VLAN id is just a number. All packets for this VLAN is th...

Chapter 7. Network Configuration Network Select a network. The alternatives are the networks you defined on the Networks and Computers page. Delete Row If you select this box, the row is deleted when you click on Add new rows or Save. Create Enter the number of new rows you want to add to the table,...

Chapter 8. SIP Services SIP (Session Initiation Protocol) is a protocol for creating and terminating various media stream sessions over an IPnetwork. It is for example used for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination ...

Chapter 8. SIP Services SIP Servers To Monitor Your Telecommuting Module can be made to monitor SIP servers, to check that they are alive. The information isused by the Telecommuting Module when SIP signaling should be passed on to the server in question. This is usefulwhen a domain resolves to seve...

Chapter 8. SIP Services Log class for SIP signaling For each SIP packet, the Telecommuting Module generates a message, containing the sender and receiver of thepacket and what type of packet it is. Select a log class for these log messages. Log class for SIP packets The Telecommuting Module logs all...

Chapter 8. SIP Services Select whether the Telecommuting Module should accept Refer-To headers without angle brackets, but containingquestion marks. The recommended setting is Only allow Refer-To ? with angle brackets. Remove VIA headers Some SIP servers won’t accept requests with more than one Via ...

Chapter 8. SIP Services Delete Row If you select this box, the row is deleted when you click on Add new rows, Save, or Look up all IP addressesagain. Create Enter the number of new rows you want to add to the table, and then click on Create. Preserve username When registering a SIP client on one sid...

Chapter 8. SIP Services Here, you select if SIP URL encryption should be used or not. Expires header Some SIP clients don’t understand the expires: parameter in the Contact header. To set the expiration time for thoseclients, you can make the Telecommuting Module add to REGISTER request replies an E...

Chapter 8. SIP Services The Record-Route header makes all subsequent SIP signaling for this session to be routed via the TelecommutingModule even if it is not the shortest route. Here, you select to add Record-Route headers for outbound requests or not. Force Record-Route For All Requests Here, you ...

Chapter 8. SIP Services Accept TCP Marked As TLS When a TLS accelerator is used, SIP packets can be sent to the Telecommuting Module via TCP, but the packetcontent will look as if TLS was used. Select if TCP packets with TLS content should be accepted. The recommended setting is not to accept them. ...

Chapter 8. SIP Services Note: If more than one Messenger client performs file transfer through the Telecommuting Module at the sametime, they could end up sending to each other’s peers instead of their own. An attacker could possibly use this tointercept transfered files; don’t use this mechanism to...

Chapter 8. SIP Services Timeout for registrations Enter the timeout (in seconds) before a registration becomes obsolete. When the timeout is reached, the registrardiscards the registration. Allowed number of users Enter the maximum number of users allowed to register in the SIP registrar. Leave the ...

Chapter 8. SIP Services Allowed number of concurrent sessions Enter the number of concurrent SIP sessions which the Telecommuting Module should handle. Leave the field empty to allow as many sessions as there are SIP traversal licenses on the Telecommuting Module(number displayed inside parantheses)...

Chapter 8. SIP Services Example: If the Base retransmission timeout is 0.5 seconds and the Maximum number of retransmissions is 6,the INVITE requests will be sent with intervals of 0.5 s, 1 s, 2 s, 4 s, 8 s, and 16 s. Maximum number of retransmissions for non-INVITE requests When the Telecommuting M...

Chapter 8. SIP Services Select two IP addresses out of the ones assigned to the Telecommuting Module under Directly ConnectedNetworks and Alias on the interface pages. Note: for the STUN server to work properly, you need to select IP addresses which the clients can reach. In normalcircumstances, thi...

Chapter 9. SIP Traffic SIP (Session Initiation Protocol) is a protocol for creating and terminating various media stream sessions over an IPnetwork. It is for example used for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination o...

Chapter 9. SIP Traffic Domain or IP address Enter the domain name or IP address of the external SIP proxy. Port Enter the port number of the external SIP proxy. If no port number is entered, the Telecommuting Module will make a DNS query for an SRV record. If a portnumber is entered, it will query f...

Chapter 9. SIP Traffic Domain Enter the domain name of the SIP domain. Relay to Enter the IP address for the SIP registrar handling the domain. You can also enter a DNS name for the SIP registrar,if it has a DNS-resolvable host name, even if the SIP domain is not possible to look up in DNS. Under Po...

Chapter 9. SIP Traffic Session Status You can monitor the current SIP activity. The tables are updated when you select the page or reload it. Registered Users Here the currently registered users are listed. User The SIP address of the registered user. The address looks like name@domain, where name i...

Chapter 10. Administration Under Administration, you • apply your configuration • define administrator users and change their passwords • save the preliminary configuration to file • load a saved configuration • view the configuration • reboot your 3Com VCX IP Telecommuting Module • restart the SIP ...

Chapter 10. Administration Save configuration saves your preliminary configuration to the permanent configuration and puts it into use. Continue testing shows a new page with only the other two buttons. Revert cancels this test of the preliminary configuration without saving. If you do not press any...

Chapter 10. Administration Abort All Edits Abort all edits copies the permanent configuration to the preliminary configuration. All changes made in thepreliminary configuration are deleted. Reload Factory Configuration The factory configuration is the standard configuration that is delivered with a ...

Chapter 10. Administration Password For the ’admin’ Account The admin user is predefined. That user can make changes, load configurations, apply configurations and log on theTelecommuting Module via the serial cable. You can’t remove this user or change its privileges, only change itspassword. Old p...

Chapter 10. Administration Account Type Select what privileges this user should have. Full Access means that the user can make any changes to the configuration. This is the same privileges as the adminuser has in the web GUI, but only the admin user can log on via the serial cable. Backup/Restore Co...

Chapter 10. Administration Log out If your user has full access to the web interface, you can log out other users. However, if you do not change theirpassword (or change the Account type to Off), they can just log on again. Upgrade Read these instructions carefully before upgrading. You find version...

Chapter 10. Administration Step 4 When you have pressed Try the upgrade and the Telecommuting Module has rebooted, you will see two buttonson top of every web page: Accept upgrade and Abort upgrade. Now, you can choose to make the upgrade permanent or to revert to the old version. You can check thec...

Chapter 10. Administration Edit Column Select if all, some or none of the Telecommuting Module tables should have an Edit column. If you select that sometables have an Edit column, you also enter the size required to add the Edit column. Always have an Edit column Regardless of the table size, all t...

Chapter 10. Administration The Time zone field shows the current time zone setting. Change time zone by selecting one in the left-hand boxand press the Change time zone button. Change Date and Time Manually Here you change the Telecommuting Module clock manually. When you change time here, there wil...

Chapter 10. Administration Synchronize time with NTP Here, select if NTP synchronizing should be enabled or not. Enter servers to sync with in the table below. DNS name or IP address The name/IP address of the NTP server to which the Telecommuting Module should connect. IP address Shows the IP addre...

Chapter 10. Administration Reboot Your 3Com VCX IP Telecommuting Module When this button is pressed, the Telecommuting Module will immediately reboot. All active sessions, including SIP sessions, will be torn down at the reboot. Restart the SIP Module When this button is pressed, the SIP module of t...

Chapter 11. Logging 3Com VCX IP Telecommuting Module can log different types of traffic, attempts to connect and other events. Youcan select to have the logs stored on the Telecommuting Module’s local hard drive, in which case they can bequeried. When the Telecommuting Module’s hard drive gets full,...

Chapter 11. Logging you can select allowed, un-NAT:ed packets only. IP Address Selection You can limit the selection by specifying certain IP addresses. In these fields, enter a single IP address (e. g., 10.3.27.3), a range of IP addresses (e. g., 10.3.27.1-10.3.28.254), anIP address followed by a n...

Chapter 11. Logging A to B Packets from A to B matches. B to A Packets from B to A matches. Between A&B Packets from A to B, or from B to A, matches. not this combination Packets that do not match the given combination of A and B are shown inthe log. If you, for example, want to search for all p...

Chapter 11. Logging Time Limits You can limit the selection by a time interval. The date is written as a year with two or four digits, month (01-12) and day (01-31). The optional punctuationbetween year, month and day must be dash (-). Time is written as two digits for the hour, two digits for the m...

Chapter 11. Logging The rows show the date and time, type of protocol, from interface, computer and port, to interface, computer andport, ICMP type for ICMP traffic, flags, whether the packet was accepted, rejected or discarded, and the reason forthis. For TCP traffic, and for UDP traffic which is s...

Chapter 11. Logging Resource Monitoring Your Telecommuting Module can send SNMP traps when usage passes certain levels. Set the levels on this page.The trap receivers are configured on the SNMP page. For each usage, there is an Alarm by and a Resume by level. When the usage hits the Alarm by level, ...

Chapter 11. Logging The Telecommuting Module also produces log messages for SIP-related and VPN-related events as well asadministrator events (when the administrator logs on or when a setting is changed). Here, you configure what willhappen to these log messages. Inbound traffic Log class for non-SI...

Chapter 11. Logging Warnings Log class for hardware errors Some Telecommuting Modules have hardware monitoring, and will generate log messages when the hardware failsin some way. Here, you select a log class for these messages. Log class for email errors If the Telecommuting Module is unable to send...

Chapter 11. Logging Log class for IPsec key negotiation Here, you set the log class for new negotiations of IPsec connections keys. Log class for IKE and NAT-T packets Here, you set the log class for the packets used for IKE key negotiations and for NAT-T packets. As they both usethe same port on th...

Chapter 11. Logging Log class for SIP packets The Telecommuting Module logs all SIP packets (one SIP packet is many lines). Select a log class for the SIPpackets. Log class for SIP debug messages The Telecommuting Module logs a lot of status messages, for example the SIP initiation phase of a reboot...

Chapter 11. Logging Name Here, you give the log class a Name. Log locally? Select to save log messages to a local file on the Telecommuting Module. Locally saved logs can be searched on theDisplay Log page. Yes will cause the log messages using this log class to be saved to file. No will cause the l...

Chapter 11. Logging SMTP Server Here, you set an SMTP server for the log messages that the Telecommuting Module generates. This server will sendthe email messages to the email addresses set on the Log Classes page. If the connection between theTelecommuting Module and the SMTP server isn’t working, ...

Chapter 12. Failover The 3Com VCX IP Telecommuting Module failover function makes it possible to have a hot standby unit whichalways has the current configuration and which automatically takes over when the active unit goes down. The twounits become a failover team. This function requires that one i...

Chapter 12. Failover • Go to the Failover Settings page and select the interface which should be directly connected to the otherTelecommuting Module as Dedicated interface to use. Check the Dedicated network to see that it doesn’t clashwith any of your internal networks. • Press the Create new team ...

Chapter 12. Failover DNS name or network address In the DNS name or network address field, enter the DNS name or IP address of the dedicated network. Network address Shows the IP address of the DNS name or network address you entered in the previous field. Netmask/bits Netmask/bits is the netmask th...

Chapter 12. Failover Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the BasicConfiguration page. Reference Hosts The standby unit in the failover pair can become active if a network interface on the active unit is faulty, as ...

Chapter 12. Failover Failover Status Here are the settings used by the Telecommuting Module for failover communication. Type A Telecommuting Module can be Standalone or a Team member. Dedicated interface If the Telecommuting Module is a member of a failover team, the interface used for failover comm...

Chapter 13. Tools Under Tools, you find handy tools to troubleshoot the Telecommuting Module setup. Packet Capture 3Com VCX IP Telecommuting Module has a built-in packet capturer which can produce pcap trace files. Thissniffer will capture all IP packets according to your selections, even those you ...

Chapter 13. Tools Protocol/Port Selection You can limit the selection by specifying certain protocols. All IP protocols No restriction regarding protocols. TCP/UDP When selecting TCP or UDP, you can choose all packets or packets to certain ports only. In these fields, you can enter a single port num...

Chapter 13. Tools only those matching certain criteria. In the type and code fields, you can enter a single number (e. g., 5), a range of numbers (e. g., 5-10), a list ofnumbers and ranges, separated by commas (e. g., 5, 10-20) or nothing at all. If the field is empty, any type or codewill match. Se...

Chapter 14. Firewall and Client Configuration Additional configuration for the firewall and the SIP clients is required to make the Telecommuting Module workproperly. The amount and nature of the configuration depends on which Telecommuting Module Type wasselected. The DMZ type Using the DMZ type, t...

Chapter 14. Firewall and Client Configuration • NAT between the Telecommuting Module and the Internet must not be used. • NAT between the Telecommuting Module and the internal networks must not be used. The SIP clients SIP clients will use the Telecommuting Module as their outgoing SIP proxy and as ...

Chapter 14. Firewall and Client Configuration SIP clients The SIP clients on the internal network should have the Telecommuting Module’s IP address on that network astheir outgoing SIP proxy and registrar. Other The DNS server used must have a record for the SIP domain, which states that the Telecom...

Appendix A. More About SIP The SIP protocol SIP (Session Initiation Protocol), defined in RFC 3261 (with various extensions), handles creation, modification andtermination of various media stream sessions over an IP network. It is for example used for Internet telephone callsand distribution of vide...

Appendix A. More About SIP often opens up certain protocols and ports in advance, but now you don’t know which ports to open. To handle SIPthrough a firewall which doesn’t understand the SIP concept, all ports must be open all the time, which would makethe firewall somewhat unnecessary. A firewall t...

Appendix B. Troubleshooting Troubleshooting the Telecommuting Module largely consists of checking the hardware (the TelecommutingModule, the network connectors, ...) and checking the Telecommuting Module log. The log is usually an excellenttool in finding out why the Telecommuting Module does not do...

Appendix B. Troubleshooting • Check that the (on the Logging Configuration page). A call is established, but there is no voice • If you use a DMZ Telecommuting Module Type, check on the Surroundings page that you have separated theclients into correct networks. Clients that can reach each other with...

Appendix C. Lists of Reserved Ports, ICMPTypes and Codes, and Internet Protocols The following lists discuss the most important ports and the server services that belong to them, and the differenttypes of ICMP messages. Client programs usually use ports between 1024 and 65535. There are also lists o...

Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Name Port/protocol Description mount 635/udp NFS Mount Service pcnfs 640/udp PC-NFS DOS Authentication bwnfs 650/udp BW-NFS DOS Authentication flexlm 744/tcp Flexible License Manager flexlm 744/udp Flexible License Man...

Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Type Name Reference 3 Destination Unreachable [RFC792] 4 Source Quench [RFC792] 5 Redirect [RFC792] 6 Alternate Host Address [JBP] 7 Unassigned [JBP] 8 Echo [RFC792] 9 Router Advertisement [RFC1256] 10 Router Solicitat...

Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols ICMP type Name Code Description 35 Mobile Registration Request 36 Mobile Registration Reply Internet protocols and their numbers The following table lists common Internet protocols and their protocol numbers. All these...

Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Protocol number Keyword Protocol 64 SAT-EXPAK SATNET and Backroom EXPAK 65 KRYPTOLAN Kryptolan 66 RVD MIT Remote Virtual Disk Protocol 68 any distributed file system 69 SAT-MON SATNET Monitoring 70 VISA VISA Protocol 7...

Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Class IPintervals 7 0-1 2-3 4-5 6-7 8-9 10-11 ... 254-255 8 0 1 2 3 4 5 ... 255 You could have a large network, for example 130.234.128.0/18, which is interpreted from the tables as all IPaddresses from 130.234.128.0 t...

Appendix D. Definitions of terms AFS, Andrew File System AFS is a more secure way of distributing file systems over a network. If files are mounted over the Internet,AFS is fairly secure. Normally, AFS uses Kerberos for security management. ARP ARP, Address Resolution Protocol, is a protocol for map...

Appendix E. License Conditions 3Com VCX IP Telecommuting Module contains third party software that is subject to the following licenseagreements. To fulfill the license conditions, we must either attach the source code with the software, or send a written offer,valid at least three years, to give a ...

Appendix E. License Conditions 9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicitgeographical distribution limitation excluding...

Appendix E. License Conditions 17. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THELIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANYGENERAL, SPECIAL, INCIDENTAL OR CONSEQUE...

Appendix E. License Conditions USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHERTORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OFTHIS SOFTWARE. Python Imaging Library Terms The Python Imaging Library is Copyright (c) 1997-2001 by Secret Labs AB...

Appendix E. License Conditions The MIT license Terms Copyright (c) 1998 Free Software Foundation, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associateddocumentation files (the "Software"), to deal in the Software without restriction...

Appendix E. License Conditions 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please [email protected] (mailto:openssl-core@openssl...

Appendix E. License Conditions [email protected] (mailto:[email protected]) The lilo license Terms LILO program code, documentation and auxiliary programs are Copyright 1992-1998 Werner Almesberger. Allrights reserved. Redistribution and use in source and binary forms of parts of or the whole original o...

Appendix E. License Conditions 3. Cavium Networks’ name may not be used to endorse or promote products derived from this software without specific prior written permission. This Software,including technical data,may be subject to U.S. export control laws, including the U.S. ExportAdministration Act ...

Appendix F. Obtaining Support for Your 3ComProducts 3Com offers product registration, case management, and repair services through eSupport.3com.com. You musthave a user name and password to access these services, which are described in this appendix. Register Your Product to Gain Service Benefits T...

Appendix F. Obtaining Support for Your 3Com Products Telephone Technical Support and Repair To obtain telephone support as part of your warranty and other service benefits, you must first register your productat: http://eSupport.3com.com/ When you contact 3Com for assistance, please have the followi...

Appendix F. Obtaining Support for Your 3Com Products Country Telephone Number Country Telephone Number Italy 199 161346 U.K. 0870 909 3266 You can also obtain support in this region using this URL: http://emea.3com.com/support/email.html Latin America - Telephone Technical Support and Repair Country...

Index accounts for administration, 90 administration, 90AFS, 140alarm, 98 e-mail errors, 107hardware errors, 107RADIUS errors, 107SNMP errors, 107 Andrew File System, 140apply configuration, 16, 87ARP, 140authentication of administrator, 45via RADIUS, 47 backup, 17, 88Basic configuration SIP, 69via ...