Version 7.05.300 NN46110-313 02.
Copyright © 2007 Nortel Networks. All rights reserved. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc.
EC Declaration of Conformity This product conforms (or these products conform) to the provisions of the R&TTE Directive 1999/5/EC.
“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software.
c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations. d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose. e. The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. f.
NN46110-313 02.
Contents New in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1000BASE-T (1000 GT) Ethernet card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 1000BASE-T (1000 GT) Ethernet interface card LEDs . . . . . . . . . . . . . . . . . . . . . 30 56/64K CSU/DSU WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 ADSL WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 T1/E1 CSU/DSU WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Single V.35/X.21 WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures Figure 1 VPN Router 600 1010/1050/1100 series . . . . . . . . . . . . . . . . . . . . . . . . . 21 Figure 2 VPN Router 600 1010 front view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Figure 3 VPN Router 600 1050 front view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Figure 4 VPN Router 600 1100 front view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Figure 5 Rear view of the VPN Router 600 1010/1050/1100 . . . . . . . . . . .
Figures NN46110-313 02.
Tables Table 1 Items shipped with the VPN Router 600 1010, 1050, and 1100 . . . . . . . . 22 Table 2 Power cord requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Table 3 Front panel LED indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Table 4 Ethernet port LED indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Table 5 LED indicators on the 10/100BASE-TX Ethernet interface card . . . . . .
Tables NN46110-313 02.
New in this release The following section details what’s new in Nortel VPN Router Installation— VPN Router 1010/1050/1100 (NN46110-313) for Release 7.05.300: Features See the following section for information about feature changes: 1000BASE-T (1000 GT) Ethernet card The 1000BASE-T (1000 GT) Ethernet card replaces the 10/100BASE-TX Ethernet card. See “1000BASE-T (1000 GT) Ethernet interface card LEDs” on page 30 and “1000BASE-T (1000 GT) Ethernet interface card” on page 47.
New in this release NN46110-313 02.
How to get help This chapter explains how to get help for Nortel products and services. Finding the latest updates on the Nortel Web site The content of this documentation was current at the time the product was released. To check for updates to the latest documentation and software for VPN Router, go to: www.nortel.com/support Select Security & VPN and then, in the section called Virtual Private Networking (VPN), IPSEC, and SSL, click the appropriate VPN Router product.
How to get help Getting help over the phone from a Nortel Solutions Center If you do not find the information you require on the Nortel Technical Support Web site, and you have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center. In North America, call 1-800-4NORTEL (1-800-466-7835). Outside North America, go to the following Web site to obtain the phone number for your region: www.nortel.
Preface The VPN Router 1010, 1050, and 1100 are part of the Nortel VPN Router system. Nortel VPN Routers support secure, reliable IP VPNs in a single, integrated hardware device. Throughout this guide, the VPN Router 1010, 1050, and 1100 are also referred to collectively as the gateway. This guide provides instructions about how to install the VPN Router 1010, 1050, and 1100 and about how to install and replace option cards in the VPN Router 1100. This guide also includes technical specifications.
Preface Text conventions This guide uses the following text conventions: bold Courier text Indicates command names and options and text that you need to enter. Example: Use the show health command. Example: Enter terminal paging {off | on}. italic text Indicates new terms and book titles. plain Courier text Indicates system output, for example, prompts and system messages. Example: File not found. separator ( > ) Shows menu paths. Example: Choose Status > Health Check.
Preface MAC media access control MDI-X medium dependent interface crossover OOF out of frame PCI peripheral component interconnect URL uniform resource locator VPN virtual private network WAN wide area network 19 Related publications For more information about using the VPN Router 1010, 1050, and 1100 (formerly known as the Contivity Secure IP Services Gateway 1010, 1050, and 1100), refer to the following publications (included on the VPN Router software CD): • • • • • • Release notes pr
Preface • • • • • • Nortel VPN Router Configuration — Advanced Features (NN46110-502) provides instructions for configuring 802.1Q VLANs, circuitless IP, advanced WAN settings, PPP, PPPoE, frame relay, ADSL and ATM, T1/E1 CSU/DSU interfaces, dial services and BIS, DLSw, IPX, and Hardware Accelerator cards.
Chapter 1 Hardware overview The Nortel VPN Router 1010/1050/1100 series provides scalable, secure, manageable extranet access for up to five concurrent tunnels across the public data network. These models are based on Intel architecture with a 300 MHz Celeron CPU and 128 MB SDRAM. Instead of a hard drive, this series uses a removable, upgradeable compact flash card. The VPN Router 1010, 1050, and 1100 fit on a bookshelf or on a shelf in a rack (Figure 1).
Chapter 1 Hardware overview Table 1 lists the hardware accessories and other items shipped with the VPN Router 1010, 1050, and 1100. Note: Nortel does not ship a power cord with the VPN Router unless you order one.
Chapter 1 Hardware overview 23 Internal LAN connections (LAN 0 and LAN 1) The VPN Router 1010, 1050, and 1100 have two internal LANs built in: • • LAN 0 is the private LAN and also the LAN to use for Web management. LAN 1 defaults to a public LAN. The software refers to the LAN 1 port as slot 1, interface 1. The VPN Router 1010 has a single autonegotiating 10/100 Ethernet port on LAN 0.
Chapter 1 Hardware overview Figure 3 VPN Router 1050 front view Boot/Ready LED 10/100 Mb/s LEDs Alert LED VPN Router 1050 A B C D LAN 1 Console LAN 0 Link/Activity LEDs 10676EA Figure 4 VPN Router 1100 front view Boot/Ready LED 10/100 Mb/s LEDs A B Alert LED C LAN 0 D LAN 1 Console VPN Router 1100 Link/Activity LEDs 10677EA NN46110-313 02.
Chapter 1 Hardware overview 25 Rear view of the gateway Figure 5 shows the rear view of the VPN Router 1010, 1050, and 1100. Figure 5 Rear view of the VPN Router 1010/1050/1100 DC power supply Label On/Off switch LAN0 Private MAC Address LAN1 Public MAC Address DC Input 19V/3.16 A 60W max.
Chapter 1 Hardware overview Connecting the power cord You must order the power cord for the VPN Router 1010/1050/1100 separately. The power cord must meet the requirements described in Table 2. Caution: Risk of equipment damage Do not modify or use the AC power cord if it is not the exact type that is required for your power outlet.
Chapter 1 Hardware overview 27 2 Plug the power cord into the AC power outlet. Caution: Risk of equipment damage Protect the VPN Router 1010/1050/1100 by plugging it into a surge suppressor. 3 Plug the external power supply into the port labeled “DC Input” on the back of the gateway (Figure 5 on page 25). 4 Press the power switch to the “on” position and wait for the gateway to boot. 5 Verify a successful installation by checking the LEDs on the front panel (see “Front panel LEDs” on page 27).
Chapter 1 Hardware overview Figure 6 Front panel of the VPN Router 1010 Boot/Ready LED 10/100 Mb/s LEDs LAN 0 Alert LED LAN 1 Console VPN Router 1010 Link/Activity LEDs 10675EA Table 3 describes the LEDs on the VPN Router 1010/1050/1100 front panel. Table 3 Front panel LED indicators LED Indicator Description Boot/Ready Yellow The gateway is booting and is in a non-ready state. Green The boot process is complete and the gateway is in a state of readiness.
Chapter 1 Hardware overview 29 Table 4 describes the Ethernet port LEDs on the VPN Router 1010/1050/1100. Table 4 Ethernet port LED indicators LED Indicator Description 10/100 Mb/s (Amber) On The LAN port is operating at 100 Mb/s. Off The LAN port is operating at 10 Mb/s. Link/Act (Green) On The cable connections between the LAN port and the hub are good. Off The cable connections between the LAN port and the hub are faulty. Flashing The LAN port is sending or receiving network data.
Chapter 1 Hardware overview 1000BASE-T (1000 GT) Ethernet interface card LEDs The following figures show the LEDs on the 1000BASE-T (1000 GT) Ethernet interface card. Although the card supports 10/100/1000 Mbit/s operation, the VPN Router 1100 only supports 10/100 Mbit/s operation.
Chapter 1 Hardware overview 31 56/64K CSU/DSU WAN interface card LEDs Figure 10 shows the LEDs on the 56/64K CSU/DSU WAN interface card. Figure 10 LEDs on the 56/64K CSU/DSU WAN interface card Blue LED Red LED 56/64K DDS Green LED Yellow LED Table 7 describes the LEDs on the 56/64K CSU/DSU WAN interface card. Table 7 LED indicators on the 56/64K CSU/DSU WAN interface card LED Description Blue The blue alarm LED is lit when receiving an upstream failure denoted by an alarm indication signal (AIS).
Chapter 1 Hardware overview Table 8 describes the LEDs on the ADSL WAN interface card. Table 8 LED indicators on the ADSL WAN interface card CONN LED Tx/Rx LED Description Steady green Steady green The ADSL interface card is not initialized; the software driver is not installed. Off Off The ADSL interface card is initialized, but has not established a link with the ADSL network. Flashing green Off The ADSL interface card is attempting to establish a link with the ADSL network.
Chapter 1 Hardware overview 33 Table 9 describes the LEDs on the T1/E1 CSU/DSU WAN interface card. Table 9 LED indicators on the T1/E1 CSU/DSU WAN interface card LED Indicator Description LED 1 Red The red alarm LED is lit when a loss-of-signal (LOS) or out-of-frame (OOF) condition is detected on the receive signal. LED 2 Blue The blue alarm LED is lit when receiving an upstream failure denoted by an alarm indication signal (AIS).
Chapter 1 Hardware overview Table 10 LED indicators on the single V.35/X.21 WAN interface card LED 3 Green Power to the adapter is on and the onboard microcode is loaded. LED 4 Green Cable is detected. NN46110-313 02.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 The Nortel VPN Router 1100 has two expansion slots for option cards. This chapter provides instructions about how to install and replace LAN, WAN, and serial option cards in the VPN Router 1100. Table 11 lists the option cards that you can install in the VPN Router 1100.. Note: The 1000BASE-T (1000 GT) Ethernet interface card only operates at 10/100 Mbit/s on the VPN Router 1100.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 2 The VPN Router 1100 must be running Version 5.05.330, 6.05.140 and later, 7.00.062, 7.05.100 and later, or 7.05.300 and later. The VPN Router 1100 supports 10/100 Mbps operation only. 3 The VPN Router 1100 must be running Version 5.0 or later. 4 The VPN Router 1100 must be running Version 4.90 or later. 5 The VPN Router 1100 must be running Version 4.80 or later. 6 The VPN Router 1100 must be running Version 4.80 or later.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 37 7 Remove the four screws on the sides of the VPN Router 1100. 8 Slide the chassis cover away from the base. The VPN Router 1100 system board is now exposed. Figure 14 on page 37 shows the location of the option card slots on the system board. 9 Locate the slot where you plan to install the new or replacement option card (Table 11 on page 35).
Chapter 2 Installing option cards in the Nortel VPN Router 1100 10 Attach an antistatic wrist strap (not included with the VPN Router 1100 shipment). Caution: Risk of equipment damage Electrostatic discharge can damage VPN Router 1100 components. 11 Remove the blank card bracket (or the option card that you are replacing) from the slot.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 39 18 Press the power switch to the on position and wait for the gateway to boot. Caution: The boot process can take as long as 3 minutes. Do not turn the power off and on again; recycling the power quickly can cause problems. Always wait at least 5 seconds, after you turn off the power, before you turn it on again.
Chapter 2 Installing option cards in the Nortel VPN Router 1100 NN46110-313 02.
Appendix A Technical specifications This appendix provides technical specifications for the VPN Router 1010, 1050, and 1100 chassis and for their interfaces. Chassis specifications Table 12 lists the physical specifications for the VPN Router 1010, 1050, and 1100 chassis. Table 12 Physical specifications Chassis Height Width Depth Weight VPN Router 1010 1.75 in. (4.44 cm) 8.25 in. (21 cm) 7.5 in. (19 cm) 2.65 lb (1.2 kg) VPN Router 1050 1.75 in. (4.44 cm) 8.25 in. (21 cm) 7.5 in.
Appendix A Technical specifications System ports The VPN Router 1010/1050/1100 system board provides the following interfaces: • • 10/100BASE-TX Ethernet LAN ports Serial port This section provides information about the 10/100BASE-TX Ethernet LAN ports and the serial port on the system board. 10/100BASE-TX Ethernet LAN ports The VPN Router 1010, 1050, and 1100 have two internal LANs built in: • • LAN 0 is the private LAN and also the LAN to use for Web management.
Appendix A Technical specifications 43 • 10BASE-T connections can use Category 3, 4, or 5 twisted-pair wiring. Table 14 provides the 10/100BASE-TX Ethernet port pinouts for the system ports on the VPN Router 1100. Table 14 10/100BASE-TX Ethernet port pinouts TX+ TX- RX+ RX12345678 Pin Description 1 TX + 2 TX - 3 RX + 6 RX - CS260010A Serial port The system board provides a serial port on the front of the VPN Router 1010, 1050, and 1100 to enable out-of-band management of the gateway.
Appendix A Technical specifications Figure 15 Serial cable (RJ-45-to-DB9) 10 ft (3.05 m) Pin 8 Pin 1 RJ-45 connector Pin 5 Pin 1 Pin 9 Pin 6 9-position D-sub receptacle with screw locks (ground shield connected to backshell) CAB0110A Table 15 provides the RJ-45-to-DB9 serial interface cable pinouts.
Appendix A Technical specifications 45 External modem adapter If you need to connect a VPN Router 1010, 1050, or 1100 to a modem, you can order a null modem adapter from Nortel. With this adapter, you can connect the VPN Router 1010/1050/1100 console cable (shipped with the gateway) to an RS-232-C modem port. Caution: Risk of EMI Use only the serial cable shipped with the VPN Router 1010, 1050, or 1100 and this modem adapter to connect a modem to the VPN Router 1010, 1050, or 1100.
Appendix A Technical specifications Table 16 Null modem adapter cable pinouts (continued) DB9 termination DB25 termination Pin # to Pin # 4 6 5 7 6 20 7 5 8 4 Hardware option cards The VPN Router 1100 has two expansion slots that support a combination of the following network interface cards: • • • • • • • • • 10/100BASE-TX Ethernet 10/100/1000BASE-X Ethernet 56/64K CSU/DSU WAN ADSL WAN ISDN BRI T1/E1 CSU/DSU WAN (half-height card) T1 CSU/DSU WAN (full-height card) V.90 modem Single V.35/X.
Appendix A Technical specifications 47 10/100BASE-TX Ethernet interface card The 10/100BASE-TX Ethernet interface card has a single RJ-45 connector that provides the signals needed to interface to 10BASE-T and 100BASE-TX Ethernet equipment. Figure 17 shows the 10/100BASE-TX Ethernet interface card.
Appendix A Technical specifications • • • • 6.05.140 and all subsequent versions 7.00.062 7.05.100 and all subsequent versions (FIPS branch) 7.05.300 and all subsequent versions The following figures show the full and half-height Ethernet faceplates for the VPN Router 1100. Figure 18 VPN Router 1100 full-height 1000BASE-T (1000 GT) The full-height model is for installation in slot 2; the half-height model is for installation in slot 3.
Appendix A Technical specifications 49 The following table provides the pinouts for the 1000BASE-T (1000 GT) Ethernet interface card.. Table 17 1000BASE-T (1000 GT) Ethernet pinouts 12345678 CS260010A Pin Description 1 TP0+ 2 TP0- 3 TP1+ 4 TP2+ 5 TP2- 6 TP1- 7 TP3+ 8 TP3- 56/64K CSU/DSU WAN interface card The 56/64K CSU/DSU WAN interface card has a single RJ-48 connector that provides the signals needed to interface to network equipment.
Appendix A Technical specifications Use cable that is wired in accordance with EIA-568-A wiring style. This wiring style ensures that a twisted pair inside the patch cord carries the transmit signal (pins 1 and 2) and the receive signal (pins 7 and 8). Nortel strongly recommends that you use factory-made patch cords. You connect the 56/64K CSU/DSU WAN interface card to the service provider network using a straight-through cable or a crossover cable, depending on how the service provider wired its jack.
Appendix A Technical specifications 51 Table 19 provides the 56/64K CSU/DSU cable pinouts for a straight-through connection.
Appendix A Technical specifications Table 20 provides the ADSL port pinouts. Table 20 ADSL cable pinouts Pin Function 1 N/C 2 Tip 3 Ring 4 N/C ISDN BRI interface card The ISDN BRI S/T and ISDN BRI U interface cards have a single RJ-45 connector that provides the signals needed to interface to ISDN equipment. (To connect the ISDN BRI S/T interface to the ISDN network, you must attach an external NT-1 device to the RJ-45 connector.) Figure 22 shows the ISDN BRI S/T interface card.
Appendix A Technical specifications 53 The connector on the ISDN BRI S/T and ISDN BRI U interface cards accommodates an 8-pin RJ-45 modular patch cord. These cables are sold as Category 5, or Ethernet, cables. Note: Nortel does not supply a cable with the ISDN BRI interface cards. Table 21 provides the ISDN BRI S/T cable pinouts.
Appendix A Technical specifications T1/E1 CSU/DSU WAN interface card The T1/E1 CSU/DSU WAN interface card has a single connector that provides the signals needed to interface to T1 or E1 equipment. Figure 24 shows the T1/E1 CSU/DSU WAN interface card. This interface card ships as a half-height card and as a full-height card. Figure 24 T1/E1 CSU/DSU WAN interface card CS160012A Note: The brackets of the half-height and full-height cards are almost identical.
Appendix A Technical specifications 55 Table 23 provides the T1/E1 CSU/DSU cable pinouts for a crossover connection.
Appendix A Technical specifications Table 24 T1/E1 CSU/DSU cable pinouts for straight-through connection Nortel termination Remote termination not used 7 7 not used not used 8 8 not used V.90 modem interface card The V.90 modem interface card has two RJ-11 connectors that provide the signals needed to interface to an incoming telephone line and to telephone equipment. Figure 25 shows the V.90 modem interface card. LINE PHONE Figure 25 V.
Appendix A Technical specifications 57 Single V.35/X.21 WAN interface card The single V.35/X.21 WAN interface card has a single DB28S connector that provides the signals needed to interface to V.35 and X.21 equipment. Figure 26 shows the single V.35/X.21 WAN interface card. Figure 26 Single V.35/X.21 WAN interface card CS160011A You need a DSU/CSU (digital service unit/channel service unit) between the WAN connection and the gateway. You can order a V.35 or X.
Appendix A Technical specifications Table 26 V.
Appendix A Technical specifications 59 Table 27 provides the X.21 cable pinouts. (The pair suffix A or B refers to an individual wire within a twisted pair.) Table 27 X.
Appendix A Technical specifications Table 27 X.21 cable pinouts (continued) Standard-wired end 28-pin male Signal name Pair number and conductor Standard-wired end 15-pin male Notes 1 SHIELD pair 14A 1 Note 4,5 7 SIGNAL GROUND pair 14B 8 Note 3,5 The following notes apply to the single X.21 cable: 1. Wires of pair 4 connect to wires of pair 5, but not to any pins in the DA-15. 2. The term “no conn” means the wire is not connected to a pin in the 15-pin connector. 3.
Index Numerics C 10/100BASE-TX Ethernet interface card cable specifications 42 described 47 installing 35 LEDs 29 port pinouts 43 cable adapter for modem 45 10/100BASE-TX system LAN ports cable specifications 43 connector 43 LEDs 28 1000BASE-T (1000 GT) Ethernet interface card 47 LEDs 30 56/64K CSU/DSU WAN interface card cable pinouts 50 connector 49 described 49 installing 35 LEDs 31 A AC power cord connecting 26 ordering 22 requirements 26 acronyms 18 adapter, for connecting serial cable to a mod
Index D L DC input port 25 LAN interface card connector 47 installing 35 LEDs 29 specifications 47 E electrical specifications 41 environmental specifications 41 Ethernet MDI configuration 42 F front panel LEDs 27 H LAN interface cards LEDs 1000BASE-T (1000 GT) Ethernet 30 LAN ports, system cable specifications 43 connector 43 described 23 LEDs 28 help, How to get 15 LEDs 10/100BASE-TX Ethernet interface card 29 1000BASE-T (1000 GT) Ethernet interface card 30 56/64K CSU/DSU WAN interface card 3
Index 63 P described 43 shipment contents 22 physical specifications 41 pinouts 10/100BASE-TX Ethernet interface 43 56/64K CSU/DSU WAN interface 50 ADSL WAN interface 52 ISDN BRI S/T interface 53 ISDN BRI U interface 53 null modem adapter 45 serial interface cable 44 single V.35 WAN interface 57 single X.21 WAN interface 59 T1/E1 CSU/DSU WAN interface 55 V.90 modem interface 56 plug, AC power, specifications 26 shutting down the VPN Router 1100 36 single V.35/X.
Index description 21 MAC addresses 25 Power LED 25 recovery switch 25 shipment contents 22 technical specifications 41 VPN Router 1100 installing option cards 35 removing cover from base 37 shutting down 36 technical specifications 41 W WAN interface cards installing in VPN Router 1100 35 LEDs 56/64K CSU/DSU 31 ADSL 31 single V.35/X.21 33 T1/E1 CSU/DSU 32 specifications 56/64K CSU/DSU 49 ADSL 51 single V.35/X.21 57 T1/E1 CSU/DSU 54 wiring requirements, Category 5 43 NN46110-313 02.