Avaya SG200, SG5X, SG5 User Manual

A vaya SG5, SG5X, and SG200 Security Gateway Hardware Inst allation Guide

670-100-102
Issue 2
March 2004
Copyright 2004, Avaya Inc. All Rights Reserved
Every effort was made to ensure that the information in this document was complete and accurate at the time of release. However, information is subject to change.
Warranty
Avaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addit ion, Avaya’s st andard warranty language as well as information regarding support for this product, while under warranty, is available through the following website:
http://www.avaya.com/support
Preventing Toll Fraud
“Toll fraud” is the unauthorized use of your telecommunications system by an unauthorized party (for example, a person who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf). Be aware that there may be a risk of toll fraud associated with your system and that, if toll fraud occurs, it can result in substantial additional charges for your telecommunications services.
Avaya Fraud Intervention
If you suspect that you are being victimized by toll fraud and you need technical assistance or support, in the United States and Canada, call the Technical Service Center's Toll Fraud Intervention Hotline at 1-800-643-2353.
Disclaimer
Avaya is not responsible for any modifications, additions or deletions to the original published version of this documentation unless such modifications, additions or deletions were performed by Avaya. Customer and/or End User agree to indemnify and hold harmless Avaya. Avaya’s agents, servants and employees against all claims, lawsuits, demands and judgements arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation to the extent made by the Customer or End User.
How to Get Help
For additional support telephone numbers, go to the Avaya Web site: http://www.avaya.com/support/. If you are:
• Within the United States, click Escalation Management link. Then click the appropriate link for the type of support you need.
• Outside the United States, click Escalation Management link. Then click International Services link that includes telephone numbers for the International Centers of Excellence.
Providing Telecommunications Security
Telecommunications security (of voice, data, and/or video communications) is the prevention of any type of intrusion to (that is, either unauthorized or malicious access to or use of) your company's telecommunications equipment by some party.
Your company's “telecommunications equipment” includes both this Avaya product and any other voice/data/video equipment that could be accessed via this Avaya product (that is, “networked equipment”).
An “outside party” is anyone who is not a corporate employee, agent, subcontractor, or is not working on your company's behalf. Whereas, a “malicious party” is anyone (including someone who may be otherwise authorized) who accesses your telecommunications equipment with either malicious or mischievous intent.
Such intrusions may be either to/through synchronous (time­multiplexed and/or circuit-based) or asynchronous (character-, message-, or packet-based) equipment or interfaces for reasons of:
• Utilization (of capabilities special to the accessed equipment)
• Theft (such as, of intellectual property, financial assets, or toll-facility access)
• Eavesdropping (privacy invasions to humans)
• Mischief (troubling, but apparently innocuous, tampering)
• Harm (such as harmful tampering, data loss or alteration, regardless of motive or intent)
Be aware that there may be a risk of unauthorized intrusions associated with your system and/or its networked equipment. Also realize that, if such an intrusion should occur, it could result in a variety of losses to your company (including but not limited to, human/data privacy, intellectual property, material assets, financial resources, labor costs, and/or legal costs).
Responsibility for Your Company’s Telecommunications Security
The final responsibility for securing both this system and its networked equipment rests with you - Avaya’s customer system administrator, your telecommunications peers, and your managers. Base the fulfillment of your responsibility on acquired knowledge and resources from a variety of sources including but not limited to:
• Installation documents
• System administration documents
• Security documents
• Hardware-/software-based security tools
• Shared information between you and your peers
• Telecommunications security experts
To prevent intrusions to your telecommunications equipment, you and your peers should carefully program and configure:
• Your Avaya-provided telecommunications systems and their interfaces
• Your Avaya-provided software applications, as well as their underlying hardware/software platforms and interfaces
• Any other equipment networked to your Avaya products.
TCP/IP Facilities
Customers may experience differences in product performance, reliability and security depending upon network configurations/design and topologies, even when the product performs as warranted.
Standards Compliance
Avaya Inc. is not responsible for any radio or television interference caused by unauthorized modifications of this equipment or the substitution or attachment of connecting cables and equipment other than those specified by Avaya Inc. The correction of interference caused by such unauthorized modifications, substitution or attachment will be the responsibility of the user. Pursuant to Part 15 of the Federal Communications Commission (FCC) Rules, the user is cautioned that changes or modifications not expressly approved by Avaya Inc. could void the user’s authority to operate this equipment.
Product Safety Standards
This product complies with and conforms to the following international Product Safety standards as applicable:
• Safety of Information T echnology Equipment, IEC 60950, 3rd Edition including all relevant national deviations as listed in Compliance with IEC for Electrical Equipment (IECEE) CB-96A.
• Safety of Information Technology Equipment, CAN/CSA­C22.2 No. 60950-00 / UL 60950, 3rd Edition
• Safety Requirements for Customer Equipment, ACA Technical Standard (TS) 001 - 1997
• One or more of the following Mexican national standards, as applicable: NOM 001 SCFI 1993, NOM SCFI 016 1993, NOM 019 SCFI 1998
Electromagnetic Compatibility (EMC) Standards
This product complies with and conforms to the following international EMC standards and all relevant national deviations:
Limits and Methods of Measurement of Radio Interference of Information Technology Equipment, CISPR 22:1997 and EN55022:1998.
• Electrostatic Discharge (ESD) IEC 61000-4-2
• Radiated Immunity IEC 61000-4-3
• Electrical Fast Transient IEC 61000-4-4
• Lightning Effects IEC 61000-4-5
• Conducted Immunity IEC 61000-4-6
• Mains Frequency Magnetic Field IEC 61000-4-8
• Voltage Dips and Variations IEC 61000-4-11
• Powerline Harmonics IEC 61000-3-2
• Voltage Fluctuations and Flicker IEC 61000-3-3
Federal Communications Commission Statement
Part 15:
Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.
Canadian Department of Communications (DOC) Interference Information
This Class A digital apparatus complies with Canadian ICES-
003. Cet appareil numérique de la classe A est conforme à la
norme NMB-003 du Canada. This equipment meets the applicable Industry Canada
Terminal Equipment Technical Specifications. This is confirmed by the registration number. The abbreviation, IC, before the registration number signifies that registration was performed based on a Declaration of Conformity indicating that Industry Canada technical specifications were met. It does not imply that Industry Canada approved the equipment.
DECLARATI ONS OF CONFORMITY United States FCC Part 68 Supplier’s Declaration of
Conformity (SDoC)
Avaya Inc. in the United States of America hereby certifies that the equipment described in this document and bearing a TIA TSB-168 label identification number complies with the FCC’s Rules and Regulations 47 CFR Part 68, and the Administrative Council on Terminal Attachments (ACTA) adopted technical criteria.
Information Technology Equipment – Immunity Characteristics – Limits and Methods of Measurement, CISPR 24:1997 and EN55024:1998, including:
Avaya further asserts that Avaya handset-equipped terminal equipment described in this document complies with Paragraph 68.316 of the FCC Rules and Regulations defining Hearing Aid Compatibility and is deemed compatible with hearing aids.
Copies of SDoCs signed by the Responsible Party in the U. S. can be obtained by contacting your local sales representative and are available on the following Web site:
http://www.avaya.com/support
All Avaya media servers and media gateways are compliant with FCC Part 68, but many have been registered with the FCC before the SDoC process was available. A list of all Avaya registered products may be found at:
http://www.part68.org/
by conducting a search using “Avaya” as manufacturer.
European Union Declarations of Conformity
Avaya Inc. declares that the equipment specified in this document bearing the “CE” (Conformité Europeénne) mark conforms to the European Union Radio and Telecommunications Terminal Equipment Directive (1999/5/ EC), including the Electromagnetic Compatibility Directive (89/336/EEC) and Low Voltage Directive (73/23/EEC). This equipment has been certified to meet CTR3 Basic Rate Interface (BRI) and CTR4 Primary Rate Interface (PRI) and subsets thereof in CTR12 and CTR13, as applicable.
China BMSI (Chinese Warning Label)
Hardware, including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re­export, or import hardware.
Environmental Health and Safety:
!
WARNING:
Risk of explosion if battery is replaced by an incorrect type. Dispose of used batteries according to Avaya Environmental Health and Safety guidelines.
Documentation:
For the most current versions of documentation, go to the Avaya support Web site: http://www.avaya.com/support/
Copies of these Declarations of Conformity (DoCs) can be obtained by contacting your local sales representative and are available on the following Web site:
http://www.avaya.com/support
Japan
This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may occur, in which case, the user may be required to take corrective actions.

Table of Content

About this book 7
Contacting technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 1 Introduction 9
Functional overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Plug-and-play installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Hardware components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Available ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 2 Installing the security gateway 15
General requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Environmental requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Power considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Equipment required. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing the security gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Chapter 3 Setting up the security gateway for configuration 23
Service provider provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Power on self-test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Connecting to the private port of the security gateway . . . . . . . . . . . . . . . . . . . . 25
Performing the quick setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
March 2004 5
Avaya SG5, SG5X, & SG200 Security Gateway Hardware Installation Guide
Appendix A Specifications
Physical specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Environmental specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Electrical specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Compliance specifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Additional features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Index 33
6 March 2004

About this book

Avaya SG5, SG5X, and SG200 is the new name for Avaya VSU5, VSU5X, and VSU 500 Security Gateways. Our documentation reflects these new names as of June, 2003.
This guide describes the Avaya SG5, the SG5X, and the SG200 Security Gateways and how to install and preconfigure these devices. It is recommended that you read the entire installation guide before installing the security gateway.

Contacting technical support

Technical support is available to registered users of the Avaya security gateway products.
Domestic support
Toll free phone support: (866) 462-8292 (24x7)
Email: vpnsupport@avaya.com
Web: http://support.avaya.com
International support
For regional support numbers, go to http://www.avayanetwork.com/
site/GSO/default.htm
March 2004 About this book 7

Documentation

Avaya SG5, SG5X, & SG200 Security Gateway Hardware Installation Guide
The security gateway documentation includes both the Hardware Installation Guide and the Security Gateway Configuration Guide for VPNos. Y ou can down load these guides from http://support.avaya.com. Navigate to Product Documentation, VPN and Security.
8 About this book March 2004

Chapter 1 Introduction

Functional overview

The Avaya SG5, SG5X, and SG200 security gateways are VPN gateways to virtual private networks (VPNs) for small business and home office users. The security gateway allows user s to connect securely to their corporate networks and intranets through always-on connections such as DSL and cable modems. Designed to provide the convenience of a firewall and a gateway all in one compact desktop enclosure, the security gateway provides a cost-effective solution to quick and easy VPN deployment while providing strong attack prevention mechanisms against common attacks and Internet security threats.
The SG5X and the VSU200 are functionally identical to the SG5, but the VSU5X includes an integrated 7-port Ethernet switch. The VSU200 introduces a cardbus/PCMCIA expansion slot for future functionality, routing capabilities, and firewall enhancements that can be managed from a central-site location.
Like other platforms in the Avaya VPN family, the security gateway adds encryption, authentication, and key management to public network data links to ensure privacy and integrity of corporate data, and to enable the efficient and secure operation of VPNs. It is designed to perform complex operations, in real time, without compromising network performance.
The security gateway supports a full suite of VPN services including: IPsec-based encryption, packet authentication, and IKE key management, Network Address Translation (NAT), and packet filtering.
March 2004 Introduction 9
Avaya SG5, SG5X, & SG200 Security Gateway Hardware Installation Guide
Figure 1 SG200 security gateway

Security

The VSU provides data stream privacy by employing cryptographic algorithms and keys powerful enough for the most sensitive business communications. It supports DES and 3DES encryption, as well as the IKE key management standards.
Data authenticity is assured by using MD5 to reject altered or forged packets. All security mechanisms employed by the security gateway conform to IPsec standards, in order to provide interoperability and broaden the use of VPN technology.
The security gateway also contains a powerful IP packet filtering engine to provide extensive filtering capabilities, essential when you have a full­time connection to the Internet. A rule-based method of packet filtering is used, where the priority of the rule is determined by its position in the list (highest is top priority).
10 Introduction March 2004
or SHA-1 hashi ng algor ithms
Avaya SG5, SG5X, & SG200 Security Gateway Hardware Installation Guide

Plug-and-play installation

The security gateway can be placed anywhere in a 10/100BASE-T LAN to provide VPN functionality. Native support for IP ensures that the security gateway interoperates transparently with the broadest range of intranet and other network applications.
Affording fast and easy installation into your new or existing local area network, the security gateway functions as a DHCP server on its private port, supporting VPNs and remote access users. This greatly minimizes the necessary configuration of your workstations and IP devices. The security gateway’s web-based user interface features a quick setup wizard designed to capture essential configuration information for easy initial setup. Provisions are also made to access the web-based interface remotely over the Internet if desired.
Where central management of your VPN is required, the optional Avaya VPNmanager network management application (available separately) steps network managers through the setup process and allows them to configure a VPN in minutes. The VPNmanager also supports extensive facilities for VPN monitoring and troubleshooting, and for establishing multi-company extranets.
March 2004 Introduction 11
Loading...
+ 23 hidden pages