Page 2 - Trademarks
2 NN47922-301 NN47922-301 Copyright © Nortel 2005–2006 All rights reserved. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without e...
Page 3 - Contents
3 Nortel Business Secure Router 222 — Fundamentals Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
Page 7 - Preface; Before you begin; italic text
Preface 7 Nortel Business Secure Router 222 — Fundamentals Preface This Quick Start Guide provides instructions for installing and configuring your Nortel Business Secure Router 222 as an Office Gateway for your network. After completing this guide, you can access the Internet securely through your ...
Page 8 - Related publications
8 Preface NN47922-301 Related publications For more information about using the Nortel Business Secure Router 222, refer to the following publication: • Configuring and Troubleshooting the Nortel Business Secure Router 222 (317517-A) DNS domain name server ENET Ethernet IP Internet Protocol ISP Inte...
Page 9 - Hard-copy technical manuals; . Find the product for which you; How to get help
Preface 9 Nortel Business Secure Router 222 — Fundamentals Hard-copy technical manuals You can print selected technical manuals and release notes free, directly from the Internet. Go to www.nortel.com/documentation . Find the product for which you need documentation. Then locate the specific categor...
Page 10 - AC Power Adapter Specifications; Use only power supplies listed in the user instructions.
10 Preface NN47922-301 AC Power Adapter Specifications Use only power supplies listed in the user instructions. Phihong, Model PSA21R-180 Note: Not to remove the plug and plug into a wall outlet by itself; always attach the plug to the power supply first before insert into the wall. Leader, Model MU...
Page 11 - Table 1
Chapter 1 Introducing the Business Secure Router 11 Nortel Business Secure Router 222 — Fundamentals Chapter 1Introducing the Business Secure Router The Nortel Business Secure Router 222 is the ideal secure gateway for all data passing between the Internet and the LAN. By integrating Network Address...
Page 13 - To keep the Business Secure Router operating at optimal
Chapter 2 Hardware installation 13 Nortel Business Secure Router 222 — Fundamentals Chapter 2Hardware installation Caution: To keep the Business Secure Router operating at optimal internal temperature, keep the bottom, sides, and rear clear of obstructions and away from the exhaust of other equipmen...
Page 14 - Table 2
14 Chapter 2 Hardware installation NN47922-301 2.1 Front panel Table 2 Front panel details LABEL DESCRIPTION Step 1: 1-4 Connect a computer to one of these ports with an Ethernet cable. These ports are auto-negotiating (can connect at 10 or 100Mb/s) and auto-sensing (automatically adjusts to the typ...
Page 15 - Table 3
Chapter 2 Hardware installation 15 Nortel Business Secure Router 222 — Fundamentals 2.2 Rear panel Table 3 Rear panel details LABEL DESCRIPTION Step 3 POWER Connect the included power adaptor (use only this adapter) to this power socket. After you have made the connections, connect the power cable t...
Page 17 - Nortel Business Secure
Chapter 3 Setting up your computer IP address 17 Nortel Business Secure Router 222 — Fundamentals Chapter 3Setting up your computer IP address The BSR222 is already set up to assign your computer an IP address. Use this section to set up your computer to receive an IP address or assign it a static I...
Page 18 - Click; Advanced; . Remove any previously installed gateways in the IP Settings; OK; to go back to the Internet Protocol TCP/IP Properties screen.
18 Chapter 3 Setting up your computer IP address NN47922-301 Nortel recommends that you do not use a static IP address in the same range as the Business Secure Router DHCP server address pool (192.168.1.2 to 192.168.1.33 by default). 6 Click Advanced . Remove any previously installed gateways in the...
Page 19 - Checking your computer IP address; Nortel Business Secure Router 222 Configuration — Basics
Chapter 3 Setting up your computer IP address 19 Nortel Business Secure Router 222 — Fundamentals 7 Click Obtain DNS server address automatically if you do not know your DNS server IP address(es). a If you know your DNS server IP addresses, click Use the following DNS server addresses , and type the...
Page 21 - Nortel Business; Accessing your Business Secure Router via the WebGUI
Chapter 4 Configuring your Business Secure Router 21 Nortel Business Secure Router 222 — Fundamentals Chapter 4Configuring your Business Secure Router Choose one of these methods to access and configure the Business Secure Router. This guide shows you how to use the WebGUI wizard only. See Nortel Bu...
Page 22 - Apply; . Alternatively click; Ignore; to proceed
22 Chapter 4 Configuring your Business Secure Router NN47922-301 3 Nortel recommends you change the default password! Enter a new password, retype it to confirm it and click Apply . Alternatively click Ignore to proceed to the main menu if you do not want to change the password now.
Page 24 - Using the wizard to configure for internet access; Select; WIZARD; to display the first wizard screen.
24 Chapter 4 Configuring your Business Secure Router NN47922-301 4.2 Using the wizard to configure for internet access 1 Select WIZARD to display the first wizard screen.
Page 25 - System Name; Internet Account
Chapter 4 Configuring your Business Secure Router 25 Nortel Business Secure Router 222 — Fundamentals System Name is for identification purposes. Enter the name of your computer in the System Name field, to easily identify your computer. The Domain Name entry defines the domain name that is passed o...
Page 26 - Internet connection with ethernet; Standard; or a Road Runner ISP version. You need your; User Name; and; Login Server IP Address; for some Road Runner ISP versions.
26 Chapter 4 Configuring your Business Secure Router NN47922-301 Internet connection with ethernet This variation is shown when the WAN port is used as a regular Ethernet. Choose either Standard or a Road Runner ISP version. You need your User Name , Password and Login Server IP Address for some Roa...
Page 27 - Internet connection with PPPoE; PPPoE
Chapter 4 Configuring your Business Secure Router 27 Nortel Business Secure Router 222 — Fundamentals Internet connection with PPPoE Point-to-Point Protocol over Ethernet ( PPPoE ) also functions as a dial-up connection. Therefore, you also need a username and password and possibly the PPPoE service...
Page 28 - Internet connection with PPTP; Choose; PPTP; if your service provider uses a DSL terminator with PPTP log on.
28 Chapter 4 Configuring your Business Secure Router NN47922-301 Internet connection with PPTP Choose PPTP if your service provider uses a DSL terminator with PPTP log on. The Business Secure Router must have a static IP address in this case. You need a log on name, associated password, the PPTP ser...
Page 29 - WAN IP address assignment
Chapter 4 Configuring your Business Secure Router 29 Nortel Business Secure Router 222 — Fundamentals Click Next to continue. 3 Fill in the fields and click Finish to save and complete the wizard setup. WAN IP address assignment Select Get automatically from ISP if your ISP did not assign you a fixe...
Page 30 - System DNS servers; Test your internet connection
30 Chapter 4 Configuring your Business Secure Router NN47922-301 System DNS servers Select From ISP if your ISP dynamically assigns DNS server information (and the Business Secure Router's WAN IP address). The right field displays the (read-only) DNS server IP address that the ISP assigns. If you ch...
Page 31 - General Notes; General; Default Address Mapping Rules When First Enable NAT Full Feature.
Chapter 5 User Notes 31 Nortel Business Secure Router 222 — Fundamentals Chapter 5User Notes General Notes There are some router functions that, although performing as expected, might cause some confusion. These are summarized below. General 1 Default Address Mapping Rules When First Enable NAT Full...
Page 32 - Firewall; Note: Firewall rules do not apply to IPSec tunnels.; NAT
32 Chapter 5 User Notes NN47922-301 5 Clicking Sound The Business Secure Router will click once every two minutes until an ADSL line is connected. Firewall 1 Address Range Validation In the firewall rules, the router does not confirm when given an address range, that the second address is higher tha...
Page 33 - User Name Restrictions
Chapter 5 User Notes 33 Nortel Business Secure Router 222 — Fundamentals If a VPN Client user account is de-activated, deleted, or changed, and that user is currently connected, the connection is not automatically dropped. To drop the connection, the administrator needs to disconnect the user using ...
Page 34 - IKE Encryption must be Triple DES with Diffie-Hellman Group 2.; Security; Exporting or Saving Self-Signed Certificate; Routing; RIP Version Advertisement Control
34 Chapter 5 User Notes NN47922-301 When defining a Client Termination account for another Business Secure Router that will connect using Contivity Client Emulation, the following configuration is required: • Encryption must be Triple DES with SHA1 integrity, or Triple DES with MD5 integrity. • IKE ...
Page 35 - Advanced Router Configuration; Setting up the router when the system has a server; Select 'Nailed Up' if the tunnel should not be closed while not in use.
Chapter 5 User Notes 35 Nortel Business Secure Router 222 — Fundamentals Both RIP-1 and RIP-2 Advanced Router Configuration The following notes are intended to help with advanced router configuration. Setting up the router when the system has a server 1 If you are using a Full-Feature NAT configurat...
Page 36 - Repeat these steps at the other end of the branch.; Adding IP telephony to a multi-site network; Create a tunnel to the remote site, as described above.
36 Chapter 5 User Notes NN47922-301 2 Repeat these steps at the other end of the branch. Note: If VPN Client Termination is used on these sites, the client termination address range will need to be included in the tunnel policies in order for the VPN clients to see the other site. Adding IP telephon...
Page 37 - Create a tunnel between the sites, as described above.; Allowing remote management of a LAN-connected BCM50; Create the appropriate NAT server rules to add the BCM50.
Chapter 5 User Notes 37 Nortel Business Secure Router 222 — Fundamentals 2 Create a tunnel between the sites, as described above. 3 Create an H.323 trunk between the BCM50s, as per the BCM50 User Guide. Configuring the router to act as a Nortel VPN Server (Client Termination) 1 Under VPN / Client Te...
Page 38 - Create the appropriate Firewall rules to add BCM50 access.; Setting up the router for guest access; Define a subnet for the corporate equipment.; Preventing heavy data traffic from impacting telephone calls
38 Chapter 5 User Notes NN47922-301 Note: In DHCP Server mode, the BCM50 IP address will be the lowest address in the pool. 2 Create the appropriate Firewall rules to add BCM50 access. Go to FIREWALL / Summary, and create two WAN-to-LAN firewall rules: One rule allowing access from allowed remote co...
Page 39 - Setting Up a Remote Office with a UNIStim IP Telephone; On the remote office BCM50a Integrated Router, do the following:
Chapter 5 User Notes 39 Nortel Business Secure Router 222 — Fundamentals 1 Determine your actual WAN up-stream bandwidth by connecting to a web site such as http://myvoipspeed.visualware.com/. 2 On BANDWIDTH MANAGEMENT / Summary, activate WAN bandwidth management, and fill in your actual uplink spee...
Page 40 - Inter-Operability With Third-Party Routers; VPN Connections With Cisco Routers
40 Chapter 5 User Notes NN47922-301 Inter-Operability With Third-Party Routers VPN Connections With Cisco Routers When establishing a VPN Client tunnel or Branch Office Tunnel between the Business Secure Router and a Cisco router, the following configuration rules should be followed: 1 Ensure that t...
Page 41 - Problem: You cannot ping any computer on the LAN; “3.1 Static or dynamic
Chapter 6 Troubleshooting 41 Nortel Business Secure Router 222 — Fundamentals Chapter 6Troubleshooting Problem: None of the LEDs turn on when you turn on the Business Secure Router Make sure that you have the correct power adapter connected to the Business Secure Router and that it is plugged in to ...
Page 42 - Problem: You cannot get a WAN IP address from the ISP; Wizard; Problem: You cannot access the Internet
42 Chapter 6 Troubleshooting NN47922-301 Problem: You cannot get a WAN IP address from the ISP The WAN IP is provided after the ISP verifies the MAC address, hostname or user ID. Find out the verification method used by your ISP and configure the corresponding fields. If the ISP checks the WAN MAC a...
