3Com® Telecommuting Module User Manual Version 4.
3Com® Telecommuting Module User Manual: Version 4.3 Part Number BETA Published December 2005 3Com Corporation, 350 Campus Drive, Marlborough MA 01752-3064 Copyright © 2005, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
Table of Contents Part I. Introduction to 3Com VCX IP Telecommuting Module ............................................................................. i 1. Introduction to 3Com VCX IP Telecommuting Module .................................................................................1 2. Installing 3Com VCX IP Telecommuting Module..........................................................................................5 3. Configuring 3Com VCX IP Telecommuting Module ....................................
Part I.
Chapter 1. Introduction to 3Com VCX IP Telecommuting Module Some of the functions of 3Com VCX IP Telecommuting Module are: • SIP proxy: Forwarding of SIP requests. • Protection against such attacks as address spoofing. • Logging/alarm locally on the Telecommuting Module, via email and/or via syslog. • Managing several logical/directly-connected networks and several network connections/physical networks. • Administration of the Telecommuting Module through a web browser using http or https.
Chapter 1. Introduction to 3Com VCX IP Telecommuting Module Fig 1. Telecommuting Module in DMZ configuration. DMZ/LAN Configuration Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it with one of the interfaces. The other interface is connected to your internal network. The Telecommuting Module can handle several networks on the internal interface even if they are hidden behind routers.
Chapter 1. Introduction to 3Com VCX IP Telecommuting Module • Select an IP address for the Telecommuting Module on your network. • The network interfaces are marked with 1 and 2. These numbers correspond to the physical interfaces eth0 and eth1 respectively, the latter which should be use in the installation program. • Plug in the power cord and turn on the Telecommuting Module. • Wait while the Telecommuting Module boots up. • Connect the network cables to the network interfaces.
Chapter 1. Introduction to 3Com VCX IP Telecommuting Module When the Telecommuting Module is configured, the firewall connected to it must also be reconfigured (for the DMZ and DMZ/LAN Telecommuting Module Types). • Allow UDP and TCP traffic in the port interval used for media streams by the Telecommuting Module, and port 5060. This traffic must be allowed to all networks which should be reached by SIP traffic.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Installation There are three ways to install an 3Com VCX IP Telecommuting Module: using a serial cable, using a diskette or perform a magic ping. Installation with a serial cable or a diskette requires being at the same place as the Telecommuting Module, but will give more options for the start configuration.
Chapter 2. Installing 3Com VCX IP Telecommuting Module • Ping this IP address to give the Telecommuting Module its new IP address. You should receive a ping reply if the address distribution was successful. • Configure the rest through a web browser. Installation with a serial cable These steps are performed when installing with a serial cable: • Connect the Telecommuting Module to your workstation with a null modem serial cable. • Plug in the power cord and turn the Telecommuting Module on.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Then enter a password for the Telecommuting Module. This is the password you use in your web browser to access and change the Telecommuting Module’s configuration. Finally, you can reset all other configuration if you want to. Following is a sample run of the installation program. 3Com VCX IP Telecommuting Module Administration 1. Basic configuration 2. Save/Load configuration 3. Become a failover team member 4.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Telecommuting Module). The network mask determines the number of computers that can act as configuration computers. Network number [0.0.0.0]: 10.47.2.0 Netmask/bits [255.255.255.0]: 255.255.255.0 If the network or partial network is not directly connected to the Telecommuting Module, you must enter the IP address of the router leading to that network. Then enter the network’s address and mask.
Chapter 2. Installing 3Com VCX IP Telecommuting Module You have now entered the following configuration Network configuration inside: Physical device name: eth0 IP address: 192.168.150.2 Netmask: 255.255.255.0 Deactivate other interfaces: no Computer allowed to configure from: IP address: 192.168.128.3 Password: eeyore The rest of the configuration is kept.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Following is a sample run of the installation program on the diskette. Basic unit installation program version 4.3 Press return to keep the default value Network configuration inside: Physical device name[eth0]: IP address [0.0.0.0]: 10.47.2.242 Netmask/bits [255.255.255.0]: 255.255.0.0 Deactivate other interfaces? (y/n) [n] Computers from which configuration is allowed: You can select either a single computer or a network.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Static routing: The network allowed to configure from is not on a network local to this unit. You must configure a static route to it. Give the IP address of the router on the network this unit is on. The IP address of the router [0.0.0.0]: 10.47.3.1 Network address [10.47.0.0]: 10.10.0.0 Netmask [255.255.255.0]: Then enter a password. Password []: Finally, you are asked if you want to reset other configuration.
Chapter 2. Installing 3Com VCX IP Telecommuting Module Remember to lock up the Telecommuting Module The Telecommuting Module is a computer with special software, and must be protected from unauthorized physical access just as other computers performing critical tasks. A locked up Telecommuting Module protects against: • connecting to the console • connecting a keyboard and monitor • changing the administrator password using the installation diskette.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module You connect to your 3Com VCX IP Telecommuting Module by entering its name or IP address in the Location box of your web browser. Logging on Before you can configure the Telecommuting Module, you must enter your administrator username and password or RADIUS username and password. The admin user is predefined with complete administration privileges.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module Note: You will not be logged out automatically just by directing your web browser to a different web address. You should log out using the button to make the browser forget your username and password. Navigation There is a menu for quick navigation to all configuration pages. On top of the page, you also see the name of the Telecommuting Module. Site Map The Site Map is the first page displayed when you have logged on the Telecommuting Module.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module Basic Configuration Under Basic Configuration, select Telecommuting Module Type and the name of the Telecommuting Module. You also enter IP addresses for gateway and DNS server. Here you also configure if the Telecommuting Module should interact with a RADIUS or an SNMP server. Administration Under Administration, you store or load a configuration.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module logging wanted under Logging. This is also where the logs of traffic through the Telecommuting Module are viewed. When the configuration is complete, apply it. Go to Save/Load Configuration under Administration. Select Apply configuration. Now the new configuration is tested. Save it permanently if it works satisfactorily. If the configuration is not satisfactory, select Revert or restart the Telecommuting Module. The old configuration will remain.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module You can save the preliminary configuration to a file on your work station (the computer that is running your web browser). Select Save to local file on the Save/Load Configuration page. A saved configuration can be loaded to the preliminary configuration. Use Browse to search your local computer or enter path and file name in the box. When you have chosen the file you want to load, select Load from local file on the Save/Load Configuration page.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module Telecommuting Module IP address IP addresses are written as four groups of numbers with dots between them. The numbers must be between 0 and 255 (inclusive); for example, 192.168.129.17. Mask/Bits The binary system uses the numbers 0 and 1 to represent numbers. A binary digit is called a bit. Eight bits in the binary system can represent numbers from 0 to 255.
Chapter 3. Configuring 3Com VCX IP Telecommuting Module See appendix C, Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols, for more information on netmasks. Name queries in 3Com VCX IP Telecommuting Module A Telecommuting Module should be as independent of other computers as possible. At the same time, the person who changes the configuration of the Telecommuting Module may want to use names for the computers instead of IP addresses.
Part II. How To In the How To part, you find step-by-step descriptions for many common configurations for the Telecommuting Module. You also find references to relevant chapters in Part III, Description of 3Com VCX IP Telecommuting Module settings.
Chapter 4. How To Configure SIP 3Com VCX IP Telecommuting Module provides a lot of SIP possibilities. In this chapter, the most common SIP setups are setup with step-by-step instructions for the configuration. DMZ Telecommuting Module, SIP server on the outside The simplest SIP scenario is when the SIP server is managed by someone else, and the Telecommuting Module SIP function is only used to traverse NAT.
Chapter 4. How To Configure SIP Surroundings To make the Telecommuting Module aware of the network structure, the networks defined above should be listed on the Surroundings page. One effect of this is that traffic between two users on different networks, or between one of the listed networks and a network not listed here, is NAT:ed.
Chapter 4. How To Configure SIP Routing On the Routing page, you can enter the SIP server managing your SIP domain. Enter the name or IP address of the SIP server under Outbound proxy. If you enter the server name here, all SIP traffic from the inside will be directed to this server, regardless of where it is bound to. Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains in DNS.
Chapter 4. How To Configure SIP Here are the settings needed for this. It is assumed that the Telecommuting Module already has a network configuration. Only the additional SIP settings are listed. Networks and Computers The Telecommuting Module must know the network structure to be able to function properly. On the Networks and Computers page, you define all networks which the Telecommuting Module should serve and which are not reached through the default gateway of the firewall.
Chapter 4. How To Configure SIP Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP event logging. Routing If the SIP server is located on a NATed network, all SIP traffic from the outside will be directed to the Telecommuting Module, which must know where to forward it. One way to do this is to enter the SIP domain in the DNS Override For SIP Requests table on the Routing page, to link the SIP server IP address to the name.
Chapter 4. How To Configure SIP If the SIP server is an LCS (Live Communications Server) or some other server that does not accept more than one Via header in SIP packets, you must enter the SIP server IP address in the Remove VIA headers table. This will make the Telecommuting Module strip SIP packets of extra Via headers when it sends those packets to the server, and add the Via headers when the response packets are received.
Chapter 4. How To Configure SIP Here are the settings needed for this. It is assumed that the Telecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP event logging. Interoperability If Windows Messenger is used for SIP communication, you need to set a parameter on the Interoperability page. Set lr=true status to On under Loose routing.
Chapter 4. How To Configure SIP Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration. Save/Load Configuration Finally, go to the Save/Load Configuration page under Administration and apply the new settings by pressing Apply configuration.
Chapter 4. How To Configure SIP Here are the settings needed for this. It is assumed that the Telecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP event logging. Routing If the SIP server is located on a NATed network, all SIP traffic from the outside will be directed to the Telecommuting Module, which must know where to forward it.
Chapter 4. How To Configure SIP make the Telecommuting Module strip SIP packets of extra Via headers when it sends those packets to the server, and add the Via headers when the response packets are received. Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration.
Chapter 4. How To Configure SIP Here are the settings needed for this. It is assumed that the Telecommuting Module already has a network configuration. Only the additional SIP settings are listed. Basic Go to the Basic page under SIP Services and turn the SIP module on. Here you also select log classes for SIP event logging. Interoperability If Windows Messenger is used for SIP communication, you need to set a parameter on the Interoperability page. Set lr=true status to On under Loose routing.
Chapter 4. How To Configure SIP Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration. Save/Load Configuration Finally, go to the Save/Load Configuration page under Administration and apply the new settings by pressing Apply configuration.
Chapter 4. How To Configure SIP Routing If the SIP server is located on a NATed network, all SIP traffic from the outside will be directed to the Telecommuting Module, which must know where to forward it. One way to do this is to enter the SIP domain in the DNS Override For SIP Requests table on the Routing page, to link the SIP server IP address to the name. The Telecommuting Module will look up the domain here instead of in the DNS server, and send the SIP traffic to the correct IP address.
Chapter 4. How To Configure SIP Basic Configuration If no other SIP routing information is entered, the Telecommuting Module must be able to look up SIP domains in DNS. DNS servers are entered on the Basic Configuration page under Basic Configuration. Save/Load Configuration Finally, go to the Save/Load Configuration page under Administration and apply the new settings by pressing Apply configuration.
Part III. Description of 3Com VCX IP Telecommuting Module Settings This part contains complete descriptions of settings in 3Com VCX IP Telecommuting Module. The descriptions are grouped in the same way as they are in the user interfaces.
Chapter 5. The Serial Console Some settings are available without having to log on the web interface, but instead connecting to the Telecommuting Module console via the serial cable. Here, the settings available from the console are listed. The serial console is a text user interface which requires a terminal software on your workstation, such as Hyperterm in Windows.
Chapter 5. The Serial Console 3. Become a failover team member Make this Telecommuting Module member of a failover team. 4. Leave failover team and become standalone Make this Telecommuting Module leave its failover team. 5. Wipe email logs Remove all log messages queued to be sent by e-mail. 6. Set password Set a new password for the admin user. q. Exit admin Log out from the admin program. Basic configuration Use Basic configuration to give the Telecommuting Module a start configuration.
Chapter 5. The Serial Console Deactivate other interfaces If the Telecommuting Module has been used one or more interfaces are active. Select here if all interfaces but the one selected above should be deactivated. You can activate them again via the web GUI. Configuration computers Enter here the computers from which it is allowed to configure the Telecommuting Module. The computers entered here are the only ones allowed to access the web GUI.
Chapter 5. The Serial Console Static routing: The network allowed to configure from is not on a network local to this unit. You must configure a static route to it. Give the IP address of the router on the network this unit is on. The IP address of the router [0.0.0.0]: 10.47.3.1 Network address [10.47.0.0]: 10.10.0.0 Netmask [255.255.255.0]: Enter the IP address of the router and the network to which the configuration computers are connected.
Chapter 5. The Serial Console Load preliminary configuration The configuration file selected here will be uploaded as a preliminary configuration. The permanent configuration will not be affected. To load the configuration, select this alternative and then start the transfer in your terminal program. Load both configurations and apply The configuration file selected here will be uploaded as both the preliminary and the permanent configuration.
Chapter 5. The Serial Console yes will make the Telecommuting Module reboot, remove all current configuration and apply the new settings. It will then wait for configuration from the other team member. no will make the Telecommuting Module start over again asking for new settings, starting with the dedicated interface. abort will abort the failover configuration and return to the main menu without changing any settings on the Telecommuting Module.
Chapter 6.
Chapter 6. Basic Configuration Policy For Ping To the Telecommuting Module Here, you specify how the Telecommuting Module should reply to ping packets to its IP addresses. You can choose between Never reply to ping, Only reply to ping from the same interface and Reply to ping to all IP addresses.
Chapter 6. Basic Configuration IP address Shows the IP address of the DNS name or IP address you entered in the previous field. DNS Servers Here, you configure DNS servers for the Telecommuting Module. The servers are used in the order they appear in this table, which means that the Telecommuting Module uses the top server to resolve DNS records until it doesn’t reply. Only then is server number two contacted. No. The DNS servers are used in the order they are presented in the table.
Chapter 6. Basic Configuration For each network interface, you also specify whether or not the Telecommuting Module can be configured via this network interface. You also select what kind of authentication will be performed for the users trying to access the web interface. To further increase security, the Telecommuting Module can only be configured from one or a few computers that are accessed from one of these interfaces. Enter the IP address or addresses that can configure the Telecommuting Module.
Chapter 6. Basic Configuration Configuration via HTTP Select which IP address and port the Telecommuting Module administrator should direct her web browser to when HTTP is used for Telecommuting Module configuration. You can select from the Telecommuting Module IP addresses configured on the Interface pages under Network. You can use different IP addresses for HTTP and HTTPS configuration.
Chapter 6. Basic Configuration Range The Range shows all IP addresses from which the Telecommuting Module can be configured. The range is calculated from the configuration under DNS name or network address and Netmask/Bits. Check that the correct information was entered in the DNS name or network address and Netmask/Bits fields. Log Class Here, you enter what log class the Telecommuting Module should use to log the configuration traffic to the Telecommuting Module’s web server.
Chapter 6. Basic Configuration RADIUS server Enter the DNS name or IP address for the RADIUS server used for authentication. In IP address, the IP address of the server is shown. It is updated whenever Look up all IP addresses again is pressed, or the DNS name or IP address field is changed. Port The official port for RADIUS is UDP port 1812. However, several RADIUS servers use port 1645, so you may have to change the port number either on the RADIUS server or in the table.
Chapter 6. Basic Configuration NAS-Identifier You can enter a special identifier into this field. All characters except space are allowed according to the Telecommuting Module, but your RADIUS server may have some restrictions on the identifier. Contact IP Address Select the IP address from which the Telecommuting Module should make connections to RADIUS servers. A convenient choice of address is one on the interface closest to the RADIUS server.
Chapter 6. Basic Configuration Cancel Reverts all of the above fields to their previous configuration. Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page. Configuration of a RADIUS server In this section it is assumed that you know how to configure your RADIUS server. Consult your RADIUS manual for details. Add the Telecommuting Module as a client in the RADIUS server.
Chapter 6. Basic Configuration Contact person Enter the name of the contact person for this 3Com VCX IP Telecommuting Module. This information is sent with the parameter list as reply to an SNMP request from the server. Node location Enter the location of the Telecommuting Module. This information is sent with the parameter list as reply to an SNMP request from the server.
Chapter 6. Basic Configuration Create Enter the number of new rows you want to add to the table, and then click on Create. SNMP v3 In SNMP version 3, the authentication is managed through the server sending a username and an (in most cases) encrypted password to the Telecommuting Module, which verifies the validity of them. Here, you select if the Telecommuting Module should accept access via v3, and select the authentication and encryption used for the SNMP reuqests.
Chapter 6. Basic Configuration Trap sending Select if trap sending (at boot and failed SNMP authentication) should be On or Off. Trap receiver Enter the IP address, or a name in the DNS, of the server to which the Telecommuting Module should send traps. If you enter a DNS name instead of an IP address, you must enter the IP address of a DNS server on the Basic Configuration page. IP address shows the IP address of the DNS name or IP address you entered in the previous field.
Chapter 6. Basic Configuration Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page. Certificates Here, you create X.509 certificates for the Telecommuting Module, to be used for authentication in various applications, like when configuration over HTTPS is performed. On this page you also upload CA certificates to the Telecommuting Module. For the base Telecommuting Module, CA certificates are not used.
Chapter 6. Basic Configuration Expire in The expiration time defines how many days the certificate will last. Default time is 365 days, one year. Common Name Here, you enter the host name or IP address of the Telecommuting Module. Email address Enter the email address of the Telecommuting Module administrator. Country code Here, you enter the country code - not the top domain - for the country where the Telecommuting Module is located. The country code for the USA is US.
Chapter 6. Basic Configuration Organization The name of the organization/company owning the Telecommuting Module. Organizational Unit The department using the Telecommuting Module. Serial number If you generate more than one certificate with the same information, and you want to give them separate names and treat them as different certificates, you need to give them different serial number. Enter a serial number for this certificate here. Challenge password Enter a password.
Chapter 6. Basic Configuration Information Information about this certificate, such as the signing CA and expiration date. Delete Row If you select this box, the row is deleted when you click on Add new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. Save Saves all Certificates configuration to the preliminary configuration. Cancel Clears and resets all fields in new rows and resets changes in old rows.
Chapter 6. Basic Configuration On your firewall, you need to open the SIP port (normally UDP port 5060) and a range of UDP ports for RTP traffic between the Telecommuting Module and the Internet. The other interface is connected to your internal network. The Telecommuting Module can handle several networks on the internal interface even if they are hidden behind routers. No networks on other interfaces on the firewall can be handled.
Chapter 6. Basic Configuration Change Telecommuting Module Type to Select a new Telecommuting Module Type here. Change type Press the Change type button to set the new Telecommuting Module Type. This setting, like others, must be applied on the Save/Load Configuration page before it affects the Telecommuting Module functionality.
Chapter 7. Network Configuration Under Network, you configure: • Network groups which are used for the Telecommuting Module configuration • The Telecommuting Module’s IP addresses on all network interfaces • Routings for the networks so that computers behind routers can be contacted • VLAN settings • The Telecommuting Module network environment (only for the DMZ type) Networks and Computers Here, you name groups of computers and networks.
Chapter 7. Network Configuration Subgroup An already defined group can be used as a subgroup to new groups. Select the old group here and leave the fields for DNS name empty. Select ’-’ as Interface/VLAN. If you don’t want to use a subgroup, select ’-’ here. Lower Limit DNS Name Or IP Address Enter the DNS name or IP address of the network or computer. For computers in an IP range that you want to give a network name, enter the first IP address in the range.
Chapter 7. Network Configuration Save Saves the Networks and Computers configuration to the preliminary configuration. Cancel Clears and resets all fields in new rows and reset changes in old rows. Interface (Network Interface 1 and 2) There is a menu selection for each network interface (Network Interface 1 and 2) on the Telecommuting Module. Select a page to make configuration for that interface. There is also a page where configuration for all interfaces can be viewed and changed.
Chapter 7. Network Configuration Name A name for this IP address. You can use this name when configuring the administration IP address. This name is only used internally in the Telecommuting Module. DNS name or IP address The name/IP address of the Telecommuting Module on this network interface on this directly connected network. IP address Shows the IP address of the DNS name or IP address you entered in the previous field.
Chapter 7. Network Configuration Name Enter the name of your alias. This name is only used internally in the Telecommuting Module. DNS name or IP address Enter the IP address of this alias, or a name in the DNS. If you enter a DNS name instead of an IP address, you must enter the IP address of a DNS server on the Basic Configuration page. IP address Shows the IP address of the DNS name or IP address you entered in the previous field.
Chapter 7. Network Configuration Routed network Enter the DNS name or IP address of the routed network under DNS name or network address. The IP address of the routed network is shown under Network address. In the Netmask field, enter the netmask of the network. Router The name or IP address of the router that will be used for routing to the network. If there are several routers between the Telecommuting Module and the network, fill in the router closest to the Telecommuting Module.
Chapter 7. Network Configuration Name The name of this VLAN. The name is only used in the Telecommuting Module web interface to help you keep track of the different VLANs. Interface Select an interface for this VLAN. VLAN id Enter a VLAN id. A VLAN id is just a number. All packets for this VLAN is then marked with this number, enabling all network devices to recognize and route packets for the VLAN. Status The status for this VLAN.
Chapter 7. Network Configuration Physical device This tells the physical device name of the network interface. The physical interface eth0 corresponds to Network Interface 1, and eth1 corresponds to Network Interface 2. Type Here the speed options for the interface are shown. MAC address The MAC address of the interface. Active Shows if the interface is activated or not. Link Here you can see if the interface has physical link to the network.
Chapter 7. Network Configuration Network Select a network. The alternatives are the networks you defined on the Networks and Computers page. Delete Row If you select this box, the row is deleted when you click on Add new rows or Save. Create Enter the number of new rows you want to add to the table, and then click on Create. Save Saves all Surroundings configuration to the preliminary configuration. Cancel Clears and resets all fields in new rows and resets changes in old rows.
Chapter 8. SIP Services SIP (Session Initiation Protocol) is a protocol for creating and terminating various media stream sessions over an IP network. It is for example used for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination of a session with one or more participants. The protocol makes it possible for the participants to agree on what media types they should share.
Chapter 8. SIP Services SIP Servers To Monitor Your Telecommuting Module can be made to monitor SIP servers, to check that they are alive. The information is used by the Telecommuting Module when SIP signaling should be passed on to the server in question. This is useful when a domain resolves to several individual hosts; the Telecommuting Module will know immediately if one of them is down, which will speed up the call connection.
Chapter 8. SIP Services Log class for SIP signaling For each SIP packet, the Telecommuting Module generates a message, containing the sender and receiver of the packet and what type of packet it is. Select a log class for these log messages. Log class for SIP packets The Telecommuting Module logs all SIP packets (one SIP packet is many lines). Select a log class for the SIP packets.
Chapter 8. SIP Services Select whether the Telecommuting Module should accept Refer-To headers without angle brackets, but containing question marks. The recommended setting is Only allow Refer-To ? with angle brackets. Remove VIA headers Some SIP servers won’t accept requests with more than one Via header. To be able to communicate via these servers, you can select to remove all Via headers but one in requests to those servers.
Chapter 8. SIP Services Delete Row If you select this box, the row is deleted when you click on Add new rows, Save, or Look up all IP addresses again. Create Enter the number of new rows you want to add to the table, and then click on Create. Preserve username When registering a SIP client on one side of the Telecommuting Module to a SIP server on the other side, the Contact header is normally rewritten.
Chapter 8. SIP Services Here, you select if SIP URL encryption should be used or not. Expires header Some SIP clients don’t understand the expires: parameter in the Contact header. To set the expiration time for those clients, you can make the Telecommuting Module add to REGISTER request replies an Expires header with the expires value in it. Select to Always add Expires header, Never add Expires header, or Add Expires header if the request contained one.
Chapter 8. SIP Services The Record-Route header makes all subsequent SIP signaling for this session to be routed via the Telecommuting Module even if it is not the shortest route. Here, you select to add Record-Route headers for outbound requests or not. Force Record-Route For All Requests Here, you select if the Telecommuting Module should add a Record-Route header to all requests received by the Telecommuting Module, which should be passed on to another client/server.
Chapter 8. SIP Services Accept TCP Marked As TLS When a TLS accelerator is used, SIP packets can be sent to the Telecommuting Module via TCP, but the packet content will look as if TLS was used. Select if TCP packets with TLS content should be accepted. The recommended setting is not to accept them. Allow Large UDP Packets Sometimes, the SIP signaling UDP packets get larger than the standard allows.
Chapter 8. SIP Services Note: If more than one Messenger client performs file transfer through the Telecommuting Module at the same time, they could end up sending to each other’s peers instead of their own. An attacker could possibly use this to intercept transfered files; don’t use this mechanism to transfer sensistive data. Here, you select to turn Open port 6891 On or Off. Recommended setting is Off.
Chapter 8. SIP Services Timeout for registrations Enter the timeout (in seconds) before a registration becomes obsolete. When the timeout is reached, the registrar discards the registration. Allowed number of users Enter the maximum number of users allowed to register in the SIP registrar. Leave the field empty to allow as many registrations as there are SIP user licenses on the Telecommuting Module (number displayed inside parantheses). You can purchase additional SIP user licenses from your retailer.
Chapter 8. SIP Services Allowed number of concurrent sessions Enter the number of concurrent SIP sessions which the Telecommuting Module should handle. Leave the field empty to allow as many sessions as there are SIP traversal licenses on the Telecommuting Module (number displayed inside parantheses). You can purchase additional SIP traversal licenses from your retailer. Requests You can configure timeouts for the different functions of the Telecommuting Module SIP module here.
Chapter 8. SIP Services Example: If the Base retransmission timeout is 0.5 seconds and the Maximum number of retransmissions is 6, the INVITE requests will be sent with intervals of 0.5 s, 1 s, 2 s, 4 s, 8 s, and 16 s. Maximum number of retransmissions for non-INVITE requests When the Telecommuting Module sends out a request which is not an INVITE request, it will wait for a reply until the Base retransmission timeout and then start to retransmit the request.
Chapter 8. SIP Services Select two IP addresses out of the ones assigned to the Telecommuting Module under Directly Connected Networks and Alias on the interface pages. Note: for the STUN server to work properly, you need to select IP addresses which the clients can reach. In normal circumstances, this means that only public IP addresses can be used. STUN ports Enter the ports to use for the STUN server. These ports, on the IP addresses selected, will not be available for anything else.
Chapter 9. SIP Traffic SIP (Session Initiation Protocol) is a protocol for creating and terminating various media stream sessions over an IP network. It is for example used for Internet telephone calls and distribution of video streams. SIP takes care of the initiation, modification and termination of a session with one or more participants. The protocol makes it possible for the participants to agree on what media types they should share.
Chapter 9. SIP Traffic Method Enter the name of the SIP method. This should be the name used in RFC 3261. Traffic to Here, you select the direction of the traffic. Local domains means that traffic to Local SIP Domains of this Telecommuting Module is affected by this row. Other domains means that traffic to all domains which are not Local SIP Domains of this Telecommuting Module is affected by this row. Both means that this row affects all traffic for the method, regardless of where the traffic is bound.
Chapter 9. SIP Traffic Domain or IP address Enter the domain name or IP address of the external SIP proxy. Port Enter the port number of the external SIP proxy. If no port number is entered, the Telecommuting Module will make a DNS query for an SRV record. If a port number is entered, it will query for an A record. Delete Row If you select this box, the row is deleted when you click on Add new rows, Save, or Look up all IP addresses again.
Chapter 9. SIP Traffic Domain Enter the domain name of the SIP domain. Relay to Enter the IP address for the SIP registrar handling the domain. You can also enter a DNS name for the SIP registrar, if it has a DNS-resolvable host name, even if the SIP domain is not possible to look up in DNS. Under Port, enter the port on which the SIP registrar listens for SIP traffic. The standard port is 5060 (5061 for TLS).
Chapter 9. SIP Traffic Session Status You can monitor the current SIP activity. The tables are updated when you select the page or reload it. Registered Users Here the currently registered users are listed. User The SIP address of the registered user. The address looks like name@domain, where name is a user name or a telephone number, and domain is a domain name or an IP address. Registered from The IP address of the computer from which the user registered.
Chapter 10.
Chapter 10. Administration Save configuration saves your preliminary configuration to the permanent configuration and puts it into use. Continue testing shows a new page with only the other two buttons. Revert cancels this test of the preliminary configuration without saving. If you do not press any button within the time limit, the Telecommuting Module will revert to the old permanent configuration, just as if you had pressed Revert.
Chapter 10. Administration Abort All Edits Abort all edits copies the permanent configuration to the preliminary configuration. All changes made in the preliminary configuration are deleted. Reload Factory Configuration The factory configuration is the standard configuration that is delivered with a Telecommuting Module. Click on this button to load this configuration into the preliminary configuration. The permanent configuration is not affected.
Chapter 10. Administration Password For the ’admin’ Account The admin user is predefined. That user can make changes, load configurations, apply configurations and log on the Telecommuting Module via the serial cable. You can’t remove this user or change its privileges, only change its password. Old password Enter the old password for the admin user. New password, Confirm password Enter the new password in both fields.
Chapter 10. Administration Account Type Select what privileges this user should have. Full Access means that the user can make any changes to the configuration. This is the same privileges as the admin user has in the web GUI, but only the admin user can log on via the serial cable. Backup/Restore Config means that the user can download the configuration to file, and upload a configuration file to the Telecommuting Module. The user is also allowed to apply configurations.
Chapter 10. Administration Log out If your user has full access to the web interface, you can log out other users. However, if you do not change their password (or change the Account type to Off), they can just log on again. Upgrade Read these instructions carefully before upgrading. You find version upgrades for 3Com VCX IP Telecommuting Module at http://eSupport.3com.com/. The upgrade is signed with GNU Privacy Guard.
Chapter 10. Administration Step 4 When you have pressed Try the upgrade and the Telecommuting Module has rebooted, you will see two buttons on top of every web page: Accept upgrade and Abort upgrade. Now, you can choose to make the upgrade permanent or to revert to the old version. You can check the configuration, but no changes can be done before the upgrade is permanent. If the Telecommuting Module is rebooted before the upgrade is made permanent, it will revert to the old version.
Chapter 10. Administration Edit Column Select if all, some or none of the Telecommuting Module tables should have an Edit column. If you select that some tables have an Edit column, you also enter the size required to add the Edit column. Always have an Edit column Regardless of the table size, all tables will have an Edit column. Sometimes have an Edit column Only the tables of the size entered below will have an Edit column.
Chapter 10. Administration The Time zone field shows the current time zone setting. Change time zone by selecting one in the left-hand box and press the Change time zone button. Change Date and Time Manually Here you change the Telecommuting Module clock manually. When you change time here, there will be a time gap in the log files (if you change time forwards) or the same time will be shown twice (if you change time backwards). N.B.
Chapter 10. Administration Synchronize time with NTP Here, select if NTP synchronizing should be enabled or not. Enter servers to sync with in the table below. DNS name or IP address The name/IP address of the NTP server to which the Telecommuting Module should connect. IP address Shows the IP address of the DNS name or IP address you entered in the previous field. Delete Row If you select this box, the row is deleted when you click on Add new rows, Save, or Look up all IP addresses again.
Chapter 10. Administration Reboot Your 3Com VCX IP Telecommuting Module When this button is pressed, the Telecommuting Module will immediately reboot. All active sessions, including SIP sessions, will be torn down at the reboot. Restart the SIP Module When this button is pressed, the SIP module of the Telecommuting Module will restart and all SIP registrations will be removed. All active SIP sessions will be torn down and all SIP registrations will be removed at the restart.
Chapter 11. Logging 3Com VCX IP Telecommuting Module can log different types of traffic, attempts to connect and other events. You can select to have the logs stored on the Telecommuting Module’s local hard drive, in which case they can be queried. When the Telecommuting Module’s hard drive gets full, it removes the oldest data to make space for saving new data.
Chapter 11. Logging you can select allowed, un-NAT:ed packets only. IP Address Selection You can limit the selection by specifying certain IP addresses. In these fields, enter a single IP address (e. g., 10.3.27.3), a range of IP addresses (e. g., 10.3.27.1-10.3.28.254), an IP address followed by a netmask (e. g.,10.3.27.0/24), a combination of these, or nothing at all. If a field is empty, all IP addresses are selected.
Chapter 11. Logging A to B B to A Between A&B not this combination Packets from A to B matches. Packets from B to A matches. Packets from A to B, or from B to A, matches. Packets that do not match the given combination of A and B are shown in the log. If you, for example, want to search for all packets to a web server, but not packets on the "normal" client and server ports in your environment, fill in the form like this: ICMP ICMP packets contain a type field and a code field.
Chapter 11. Logging Time Limits You can limit the selection by a time interval. The date is written as a year with two or four digits, month (01-12) and day (01-31). The optional punctuation between year, month and day must be dash (-). Time is written as two digits for the hour, two digits for the minute and possibly two digits for the second, although the seconds can be left out. The optional punctuation between hours, minutes and seconds must be colon (:) or period (.).
Chapter 11. Logging The rows show the date and time, type of protocol, from interface, computer and port, to interface, computer and port, ICMP type for ICMP traffic, flags, whether the packet was accepted, rejected or discarded, and the reason for this. For TCP traffic, and for UDP traffic which is session managed, only the connection packet is displayed. SIP media streams are not logged. The Telecommuting Module’s own IP address is displayed in the log with a purple background color.
Chapter 11. Logging Once every minute the load on all interfaces is scanned and saved to a local file. Every file contains 240 samples and a file generation consists of 42 files. The first generation of files contains samples for the last week (approximately). Every new file generation is created by merging two consecutive samples, enabling the storing of samples for the double time period in the same disk space.
Chapter 11. Logging interface will generate one graph per interface. You can also select to view only VPN traffic. Direction Select one or more of Sent, Received and Sent+Received. Each selection generates a separate graph in the diagram. Value Select maximum, average or minimum value of each sample period. If viewing load for time periods within the last week, all three selections will result in the same graph. Unit Select between displaying packets/second or bits/second.
Chapter 11. Logging Resource Monitoring Your Telecommuting Module can send SNMP traps when usage passes certain levels. Set the levels on this page. The trap receivers are configured on the SNMP page. For each usage, there is an Alarm by and a Resume by level. When the usage hits the Alarm by level, the Telecommuting Module sends a trap about this and locks the trap sending for that usage, which means that as long as the level stays high, no more traps are sent.
Chapter 11. Logging The Telecommuting Module also produces log messages for SIP-related and VPN-related events as well as administrator events (when the administrator logs on or when a setting is changed). Here, you configure what will happen to these log messages.
Chapter 11. Logging Warnings Log class for hardware errors Some Telecommuting Modules have hardware monitoring, and will generate log messages when the hardware fails in some way. Here, you select a log class for these messages. Log class for email errors If the Telecommuting Module is unable to send email messages, for example, if the mail server won’t reply, the Telecommuting Module generates a log message. Here, you select a log class for these messages.
Chapter 11. Logging Log class for IPsec key negotiation Here, you set the log class for new negotiations of IPsec connections keys. Log class for IKE and NAT-T packets Here, you set the log class for the packets used for IKE key negotiations and for NAT-T packets. As they both use the same port on the Telecommuting Module, it will log both using the same log class.
Chapter 11. Logging Log class for SIP packets The Telecommuting Module logs all SIP packets (one SIP packet is many lines). Select a log class for the SIP packets. Log class for SIP debug messages The Telecommuting Module logs a lot of status messages, for example the SIP initiation phase of a reboot. Select a log class for these messages.
Chapter 11. Logging Name Here, you give the log class a Name. Log locally? Select to save log messages to a local file on the Telecommuting Module. Locally saved logs can be searched on the Display Log page. Yes will cause the log messages using this log class to be saved to file. No will cause the log messages not to be saved on the Telecommuting Module and thus also not possible to search under Display Log. Syslog Syslog sends log messages to a syslog server.
Chapter 11. Logging SMTP Server Here, you set an SMTP server for the log messages that the Telecommuting Module generates. This server will send the email messages to the email addresses set on the Log Classes page. If the connection between the Telecommuting Module and the SMTP server isn’t working, an error message will be shown on this page, and be logged according to the log class set on the Logging Configuration page.
Chapter 12. Failover The 3Com VCX IP Telecommuting Module failover function makes it possible to have a hot standby unit which always has the current configuration and which automatically takes over when the active unit goes down. The two units become a failover team. This function requires that one interface on the Telecommuting Module is dedicated for failover and can’t be used for anything else. Note: This means that failover can only be used when the Telecommuting Module is used in DMZ mode.
Chapter 12. Failover • Go to the Failover Settings page and select the interface which should be directly connected to the other Telecommuting Module as Dedicated interface to use. Check the Dedicated network to see that it doesn’t clash with any of your internal networks. • Press the Create new team button to create a new failover team with this Telecommuting Module as its first member. This will cause a reboot.
Chapter 12. Failover DNS name or network address In the DNS name or network address field, enter the DNS name or IP address of the dedicated network. Network address Shows the IP address of the DNS name or network address you entered in the previous field. Netmask/bits Netmask/bits is the netmask that will be used to specify the size of the dedicated network. You must use a netmask of at most 30 (255.255.255.252).
Chapter 12. Failover Look up all IP addresses again Looks up the IP addresses for all DNS names on this page in the DNS servers you entered on the Basic Configuration page. Reference Hosts The standby unit in the failover pair can become active if a network interface on the active unit is faulty, as opposed to the case when the entire unit is down. For the Telecommuting Module to detect a faulty interface, it needs to be aware of some reference hosts which it should be able to contact.
Chapter 12. Failover Failover Status Here are the settings used by the Telecommuting Module for failover communication. Type A Telecommuting Module can be Standalone or a Team member. Dedicated interface If the Telecommuting Module is a member of a failover team, the interface used for failover communication is shown here. Dedicated network If the Telecommuting Module is a member of a failover team, the network used for failover communication is shown here.
Chapter 12. Failover 2. Change type of the Active Telecommuting Module on the Failover Settings page by pressing the Deactivate failover button. If you want to replace a unit in the failover team, you must first split the team and then make a new one.
Chapter 13. Tools Under Tools, you find handy tools to troubleshoot the Telecommuting Module setup. Packet Capture 3Com VCX IP Telecommuting Module has a built-in packet capturer which can produce pcap trace files. This sniffer will capture all IP packets according to your selections, even those you can’t see in the log (like RTP packets). The Telecommuting Module capturer needs to be manually activated and deactivated.
Chapter 13. Tools Protocol/Port Selection You can limit the selection by specifying certain protocols. All IP protocols No restriction regarding protocols. TCP/UDP When selecting TCP or UDP, you can choose all packets or packets to certain ports only. In these fields, you can enter a single port number (32), a range of port numbers (1-1023), a list of port numbers and ranges separated by commas (53, 1024-65535) or nothing at all. If the field is empty, any port will match.
Chapter 13. Tools only those matching certain criteria. In the type and code fields, you can enter a single number (e. g., 5), a range of numbers (e. g., 5-10), a list of numbers and ranges, separated by commas (e. g., 5, 10-20) or nothing at all. If the field is empty, any type or code will match. See appendix G, Lists of ports, ICMP and protocols, for more information on ICMP types and codes.
Chapter 14. Firewall and Client Configuration Additional configuration for the firewall and the SIP clients is required to make the Telecommuting Module work properly. The amount and nature of the configuration depends on which Telecommuting Module Type was selected.
Chapter 14. Firewall and Client Configuration • NAT between the Telecommuting Module and the Internet must not be used. • NAT between the Telecommuting Module and the internal networks must not be used. The SIP clients SIP clients will use the Telecommuting Module as their outgoing SIP proxy and as their registrar (if they can’t be configured with the domain only). If you don’t want to use the Telecommuting Module as the registrar, you should point the clients to the SIP registrar you want to use.
Chapter 14. Firewall and Client Configuration SIP clients The SIP clients on the internal network should have the Telecommuting Module’s IP address on that network as their outgoing SIP proxy and registrar. Other The DNS server used must have a record for the SIP domain, which states that the Telecommuting Module handles the domain, or many SIP clients won’t be able to use it (if you don’t use plain IP addresses as domains).
Part IV. Appendices In the appendices, you find more thorough information about Internet and computer security, such as descriptions of Internet services and lists of Internet protocols.
Appendix A. More About SIP The SIP protocol SIP (Session Initiation Protocol), defined in RFC 3261 (with various extensions), handles creation, modification and termination of various media stream sessions over an IP network. It is for example used for Internet telephone calls and distribution of video streams. SIP also supports user mobility by allowing registration of a user and proxying or redirecting requests to the user’s current location.
Appendix A. More About SIP often opens up certain protocols and ports in advance, but now you don’t know which ports to open. To handle SIP through a firewall which doesn’t understand the SIP concept, all ports must be open all the time, which would make the firewall somewhat unnecessary. A firewall that understands SIP can open up the ports for the right protocols just when the SIP traffic needs it. In the SIP headers there is a lot of information concerning what IP numbers the session participants use.
Appendix B. Troubleshooting Troubleshooting the Telecommuting Module largely consists of checking the hardware (the Telecommuting Module, the network connectors, ...) and checking the Telecommuting Module log. The log is usually an excellent tool in finding out why the Telecommuting Module does not do what you wanted it to do. Below is some general advice to help you troubleshoot, almost regardless of which problem you have.
Appendix B. Troubleshooting • Check that the (on the Logging Configuration page). A call is established, but there is no voice • If you use a DMZ Telecommuting Module Type, check on the Surroundings page that you have separated the clients into correct networks. Clients that can reach each other without using the Telecommuting Module should be in the same Surroundings network, and clients that must use the Telecommuting Module to reach each other should be in different Surroundings networks.
Appendix B. Troubleshooting The Telecommuting Module is unaccessible for some time when trying to apply a configuration There is something in the new configuration that does not allow you to access the web configuration interface. • Check the log to see if your access attempts reached the Telecommuting Module. • Check that the configuration IP address (Configuration Transport on the Access Control page) is the one you use when trying to access the Telecommuting Module.
Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols The following lists discuss the most important ports and the server services that belong to them, and the different types of ICMP messages. Client programs usually use ports between 1024 and 65535. There are also lists over Internet protocols, reserved IP addresses and a mapping between netmasks and IP address intervals. List of the most important reserved ports This is a list of important ports.
Appendix C.
Appendix C.
Appendix C.
Appendix C.
Appendix C.
Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols ICMP type 35 36 Name Mobile Registration Request Mobile Registration Reply Code Description Internet protocols and their numbers The following table lists common Internet protocols and their protocol numbers. All these protocols run on IP. The list is extracted from http://www.iana.org/, Protocol Numbers.
Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Protocol number 64 65 66 68 69 70 75 80 84 85 86 87 88 91 92 93 94 95 97 98 99 100 115 255 Keyword SAT-EXPAK KRYPTOLAN RVD Protocol SATNET and Backroom EXPAK Kryptolan MIT Remote Virtual Disk Protocol any distributed file system SATNET Monitoring VISA Protocol Packet Video Protocol ISO Internet Protocol TTP NSFNET-IGP Dissimilar Gateway Protocol TCF EIGRP Locus Address Resolution Protocol Multicast Transport Protocol AX.
Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols 1-set bits 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Mask 255.248.0.0 255.252.0.0 255.254.0.0 255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254 255.255.255.
Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols Class IP intervals 7 0-1 2-3 4-5 6-7 8-9 10-11 ... 254-255 8 0 1 2 3 4 5 ... 255 You could have a large network, for example 130.234.128.0/18, which is interpreted from the tables as all IP addresses from 130.234.128.0 to 130.234.191.255, inclusive (18 is in class no. 2, giving an IP interval of 128-191). N.B.: The netmask only reaches the third byte, which means that all IP addresses in byte 4 are available.
Appendix D. Definitions of terms AFS, Andrew File System AFS is a more secure way of distributing file systems over a network. If files are mounted over the Internet, AFS is fairly secure. Normally, AFS uses Kerberos for security management. ARP ARP, Address Resolution Protocol, is a protocol for mapping an IP address to a physical machine address in the local network. A thorough description of ARP can be found in RFC 826. Client program A client program is one that the user runs on her computer.
Appendix D. Definitions of terms request a domain called, for instance, service. Below, we have ‘Company Inc.,’ which consists of three departments: A sales department, a service department, and a computer department. The computer department is divided into an IBM section and a Unisys section. Contact your internet service provider to register a domain. Dynamic routing Dynamic routing is used when the traffic between two computers have several routes available.
Appendix D. Definitions of terms 192.165.122.42. Several IP addresses are required to connect several computers in a network; one for each computer. IP addresses were previously divided into A networks, B networks and C networks, but that terminology is now considered obsolete. An A network was one where the first group of numbers is predetermined and you determine the remaining groups yourself; for example 17.x.y.z . A B network was one where the two first groups are predetermined; for example 128.42.y.z.
Appendix D. Definitions of terms NAT NAT (Network Address Translation), also known as masquerading, is a way to hide a network from outside computers. Used with firewalls to hide the computers on the internal network from the rest of the world. Netmask See network mask. Network mask A network mask tells what computers can be accessed locally without using a gateway, and what computers can only be reached through a gateway. The bits in the network mask determine what is a network and what is a computer.
Appendix D. Definitions of terms Two NTP servers communicating with each other use port 123 and the UDP protocol. Open Windows Open Windows is a window system that is used by several work stations. A similar window system is the X Window System, which Open Windows is based on. The X Window System and Open Windows use ports 6000 and upward for traffic to the work stations. It is a good idea to block ports 6000-6010 for incoming traffic from an unsecure outside network.
Appendix D. Definitions of terms Relay When the local network is connected to the Internet through a firewall, all types of services are usually blocked. It is as if the network is not connected to the Internet. Relays can then be set up to allow certain services, such as the WWW, to pass through under controlled circumstances. Think of it as a giant stone wall with a gate and a specialized gate keeper. The gate keeper only lets certain visitors pass.
Appendix D. Definitions of terms Static Routing A fixed path for the contact between computers. With a static routing, traffic cannot be redirected to another path if the connection is broken. This would require dynamic routing, for example, with RIP. Syslog Syslog is a service for logging data. In UNIX, regular programs do not log any information; they send all data to a syslog server that saves data in a log file.
Appendix E. License Conditions 3Com VCX IP Telecommuting Module contains third party software that is subject to the following license agreements. To fulfill the license conditions, we must either attach the source code with the software, or send a written offer, valid at least three years, to give a copy of the source code to anyone who wants it. According to 3b) of the license, we are entitled to charge for the distribution of the source code.
Appendix E. License Conditions 1. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License.
Appendix E. License Conditions b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code.
Appendix E. License Conditions 9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 10.
Appendix E. License Conditions Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages - typically libraries - of the Free Software Foundation and other authors who decide to use it.
Appendix E. License Conditions The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 1.
Appendix E. License Conditions License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Appendix E. License Conditions You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License.
Appendix E. License Conditions 11. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 12.
Appendix E. License Conditions 17.
Appendix E. License Conditions USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Appendix E. License Conditions The MIT license Terms Copyright (c) 1998 Free Software Foundation, Inc.
Appendix E. License Conditions 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org (mailto:openssl-core@openssl.org). 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. 6.
Appendix E. License Conditions jseward@acm.org (mailto:jseward@acm.org) The lilo license Terms LILO program code, documentation and auxiliary programs are Copyright 1992-1998 Werner Almesberger. All rights reserved. Redistribution and use in source and binary forms of parts of or the whole original or derived work are permitted provided that the original work is properly attributed to the author.
Appendix E. License Conditions 3. Cavium Networks’ name may not be used to endorse or promote products derived from this software without specific prior written permission. This Software,including technical data,may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries.
Appendix F. Obtaining Support for Your 3Com Products 3Com offers product registration, case management, and repair services through eSupport.3com.com. You must have a user name and password to access these services, which are described in this appendix. Register Your Product to Gain Service Benefits To take advantage of warranty and other service benefits, you must first register your product at: http://eSupport.3com.
Appendix F. Obtaining Support for Your 3Com Products Telephone Technical Support and Repair To obtain telephone support as part of your warranty and other service benefits, you must first register your product at: http://eSupport.3com.
Appendix F. Obtaining Support for Your 3Com Products Country Italy Telephone Number 199 161346 Country U.K. Telephone Number 0870 909 3266 You can also obtain support in this region using this URL: http://emea.3com.com/support/email.
Index accounts for administration, 90 administration, 90 AFS, 140 alarm, 98 e-mail errors, 107 hardware errors, 107 RADIUS errors, 107 SNMP errors, 107 Andrew File System, 140 apply configuration, 16, 87 ARP, 140 authentication of administrator, 45 via RADIUS, 47 backup, 17, 88 Basic configuration SIP, 69 via serial console, 37 cache, 144 capture log, 118 certificates, 54 signed, 55 change password, 41, 90 via serial console, 37 clear log, 98 client program, 140 clock, 94 configuration, 13 apply, 16,
interoperability SIP, 71 IP, 142 IP address, 18, 141 log selection, 99 reserved, 139 via serial console, 37 IP intervals, 137 IP policy, 42 Kerberos, 140 LGPL, 150 license conditions, 147 limited test mode, 87 load diagram, 103 scanning, 102 load configuration via serial console, 39 load display, 102 log clear, 98 log classes, 109 log display, 98 encrypted packets, 100 export to file, 101 flags, 102 IP address selection, 99 packet type selection, 98 protocol selection, 99 log on, 13 log out, 13 loggin
dynamic, 141 of SIP traffic, 83 static, 146 save configuration, 17, 88 via serial console, 39 secret RADIUS, 47 Secure Shell, 145 serial console, 36 basic configuration, 37 main menu, 36 serial number, 15, 89 server, 145 Service-Type, 50 shared secret RADIUS, 47 show configuration, 89 signed certificates, 55 SIP, 69, 82, 125, 145 media stream, 78 SIP address, 86 SIP basic configuration, 69 SIP domains static, 84 SIP headers, 126 SIP interoperability, 71 SIP license, 78 SIP methods, 82 SIP module rest
