Avaya BSR252 User Manual

Business Secure Router 252 2.6.0.0.010

1. Release Summary

Release Date: 07-Jan-2010 Purpose: Software patch release to address customer change request and documentation change s.

2. Important Notes Before Upgrading to This Release

Save existing configuration prior to upgrade. See BSR 252 Configuration Basics for upgrade and backup procedures.

3. Platforms Supported

Business Secure Router 252

4. Notes for Upgrade

For details on updating the software on your Business Secure Router, please see “Nortel Business Secure Router 252 Configuration Basics” for software release 2.6 (NN47922-500). To download this document, go to

http://www.nortel.com/support

Click on Documentation in the gray banner to view a list of all documentation for the product. The new .rom file must also be used when upgrading for this release. The new default .rom file can be loaded using the WEB UI. This can be done from the F/W upload menu accessed from the Maintenance Menu. Save your existing file, upgrade with the new .rom (packaged in the .zip file of this release), and then restore your saved configuration.

File Names For This Release

File Name Module or File Type File Size (bytes)

, and select Security and VPN. Under VPN, select Business Secure Router 252.

VBSR252_2.6.0.0.010C0.bin Business Secure Router 252 device image 3,506,668

Product Notes:

1. FW is built base on Ethernet firmware load VBSR222_2.6.0.0.003

2. Restore to Factory Defaults Setting Requirement: no

3. The default values of Contivity Client are as follows: Phase 1: 3DES, SHA1, DH2 or 3DES, MD5, DH2. Phase 2: 3DES, SHA1, PFS DH2 or 3DES, MD5, PFS DH2.

4. On demand client tunnel CI command - ”ipsec config ODService”.

5. When any bug related to IPSec is found, please attach your rom file into SPR system due to we need to analyze the correct rule.

6. When users restore to default rom file, BSR252 will save port information to rom file once.

7. When enabling Contivity client fail-over and connect to defined Contivity server, rom file will be written with three fail-over IP addresses after the tunnel established.

8. Multi-user configuration only supports SMT and eWC.

9. To support 802.1X over Ethernet, we suggest to use Odyssey Client.

10. Contivity client will not make traffic with it’s destination in WAN subnet go through tunnel

Known Anomalies:

1. When create two Ipsec rules and each one has correct parameters, when #1 is active and #2 is de-active,

then VPN tunnel can’t be built up successfully.

2. [040809504] VPN stress test (72 hours) fail when 60 tunnels build up with its SA life time are 3 minutes.

3. SFTP session can not be correct to complete.

4. It can't be treated as land attack when a ftp server visits itself through Wan IP address of BSR252. Condition:

1) Add a ftp server through port forwarding

2) Enable natloopback in CI

3) Enable firewall

4) FTP server access itself throght the WANIP of BSR252.

5) ftp server can access itself(NOT GOOD)

5. VPN rule swapping fails by phase 1 Local ID type

6. VPN rule swapping fails when NAT Traversal is enabled.

7. Can not access BSR252 for LAN or WAN , if BSR252 setup a special VPN rule. The setting of VPN rule:

BSR252#1:

Policy Local:0.0.0.0/0.0.0.0 Policy Remote:0.0.0.0/0.0.0.0 MyIP:192.168.8.1 Secure Gateway: 192.168.8.2

BSR252#2:

Policy Local:0.0.0.0/0.0.0.0 Policy Remote:0.0.0.0/0.0.0.0 MyIP:192.168.8.2 Secure Gateway: 192.168.8.1

8. Log schedule weekly will fail.

9. Some application of low MSN (windows messenger 4.6/4.7) will failed, f.e., voice connection, white board sharing etc.

10. NAT port forwarding rule need reboot to take effect (SPRID060313982)

11. Bandwidth management: Changes Applied to a Class Affect the Functionality of Other Classes (refer to : Q01327124)

12. FTP in bandwidth management will create dynamic rule, if you change the rule setting, the dynamic rule will be dropped, so the traffic cannot be controled and show in monitor is 0. If you select all services, it will control all packets, so it can control the old FTP session. If you re-connect the FTP, the BW can control the new session.

13. Lose of sync, this problem happens about 2 to 3 times every 24 hours in BT of UK, the DSLAM info: Alcatel Single Density D-Slam Alcatel High Density D-Slam Alcatel Ultra Density D-Slam FTEAL FDX Mk 2, 3, 4, 4a, IS Westel Supervision Marconi AXH 600

Documentation Changes:

1. In The BSR252 Advanced Configuration Guide Page 279, Appendix G, Table 67, IP Commands,

Route add, The Description should read: “adds a temporary route which is not saved on reboot.”

2. The IPSEC P1SaLifetime parameter is now configurable on any Tunnel type and may be

disabled by configuring a value of zero.

+ 1 hidden pages