HP 3Com Telecommuting Module Installation Guide
3Com® Telecommuting Module
Installation Guide
Version 4.3
3Com® Telecommuting Module Installation Guide: Version 4.3
Part Number BETA
Published December 2005
3Com Corporation, 350 Campus Drive, Marlborough MA 01752-3064
Copyright © 2005, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to
make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of
3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not
limited to, the implied warranties, terms, or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make
improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a
separate document, in the hardcopy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT.If you
are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the
following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as "Commercial
Computer Software" as defined in DFARS 252.227-7014 (June 1995) or as a "commercial item" as defined in FAR 2.101(a) and as such is provided
with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as
provided in DFAR252.227-7015(Nov1995)orFAR 52.227-14 (June 1987), whichever is applicable. You agree not to removeor defaceanyportion
of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com, the 3Com logo, NBX, and SuperStack are registered trademarks of 3Com Corporation. NBX NetSet, pcXset, and VCX are trademarks of
3Com Corporation.
Adobe is a trademark and Adobe Acrobat is a registered trademark of Adobe Systems Incorporated. Microsoft, Windows, Windows 2000, Windows
NT,and Microsoft Word are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they are associated.
Table of Contents
Part I. Installation of the 3Com VCX IP Telecommuting Module......................................................................... i
1. Introduction .....................................................................................................................................................1
2. Overview of the Installation ............................................................................................................................3
3. Installing 3Com VCX IP Telecommuting Module..........................................................................................6
Part II. Configuring 3Com VCX IP Telecommuting Module...............................................................................14
4. Network Configuration..................................................................................................................................15
5. SIP Configuration ..........................................................................................................................................26
6. Administration of the Telecommuting Module .............................................................................................31
7. Firewall and Client Configuration .................................................................................................................36
Index..................................................................................................................................................................39
i
Part I. Installation of the 3Com VCX IP
Telecommuting Module
This document will help you to get started with your 3Com VCX IP Telecommuting Module. It contains the
necessary information to configure your Telecommuting Module.
Additional information about managing your 3Com VCX IP Telecommuting Module can be found in the User
Manual.
These chapters contain an introduction to the 3Com VCX IP Telecommuting Module, descriptions of the various
models and information about how to install your Telecommuting Module.
Chapter 1. Introduction
What is a Telecommuting Module?
A Telecommuting Module is a device which processes traffic under the SIP protocol (see RFC 3261). The
Telecommuting Module receives SIP requests, processes them according to the rules you have set up, and forwards
them to the receiver.
The Telecommuting Module connects to an existing enterprise firewall through a DMZ port, enabling the
transmission of SIP-based communications without affecting firewall security. SIP messages are then routed
through the firewall to the private IP addresses of authorized users on the internal network.
The Telecommuting Module can also be used as an extra gateway to the internal network without connecting to the
firewall, transmitting only SIP-based communications.
Configuration alternatives
The 3Com VCX IP Telecommuting Module can be connected to your network in three different ways, depending
on your needs.
Note that the interface which should receive traffic from the outside must have a public IP address (no NAT),
regardless of which Telecommuting Module Type was selected. For a DMZ or DMZ/LAN type, this means that
the interface connected to the DMZ of the firewall must have a public IP address.
DMZ Configuration
Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it
with only one interface. The SIP traffic finds its way to the Telecommuting Module using DNS or by setting the
Telecommuting Module as an outbound proxy on the clients.
This is the most secure configuration, since all traffic goes through both your firewall and your Telecommuting
Module. It is also the most flexible, since all networks connected to any of your firewall’s interfaces can be
SIP-enabled.
The drawback is that the SIP traffic will pass the firewall twice, which can decrease performance.
Fig 1. Telecommuting Module in DMZ configuration.
DMZ/LAN Configuration
Using this configuration, the Telecommuting Module is located on the DMZ of your firewall, and connected to it
with one of the interfaces. The other interface is connected to your internal network. The Telecommuting Module
can handle several networks on the internal interface even if they are hidden behind routers. No networks on other
interfaces on the firewall can be handled.
This configuration is used to enhance the data throughput, since the traffic only needs to pass your firewall once.
This configuration can only support one local network.
1
Chapter 1. Introduction
Fig 2. Telecommuting Module in DMZ/LAN configuration.
Standalone Configuration
Using this configuration, the Telecommuting Module is connected to your internal network on one interface and the
outside world on the other.
Use this configuration only if your firewall lacks a DMZ interface, or for some other reason cannot be configured
for the DMZ or DMZ/LAN alternatives.
Fig 3. Telecommuting Module in Standalone configuration.
2
Chapter 2. Overview of the Installation
Quick guide to 3Com VCX IP Telecommuting Module installation
3Com VCX IP Telecommuting Module is easy to install:
• Select an IP address for the Telecommuting Module on your network.
• The network interfaces are marked with 1 and 2. These numbers correspond to the physical interfaces eth0 and
eth1 respectively, the latter which should be use in the installation program.
• Plug in the power cord and turn on the Telecommuting Module.
• Wait while the Telecommuting Module boots up.
• Connect the network cables to the network interfaces.
• Find out the MAC address of the Telecommuting Module’s Network Interface 1 (printed on the Telecommuting
Module label).
• Add a static entry in your local ARP table consisting of the Telecommuting Module’s MAC address and the IP
address it should have on Network Interface 1.
This is how to add a static ARP entry if you use a Windows computer:
Run the command command (or cmd).
In the Command window, enter the command arp -s ipaddress macaddress where ipaddress is the new IP
address for Network Interface 1, and macaddress is the MAC address printed on the Telecommuting Module, but
with all colons (:) replaced with dashes (-).
• Ping this IP address to give the Telecommuting Module its new IP address. You should receive a ping reply if the
address distribution was successful.
• Direct your web browser to the IP address of the Telecommuting Module. You will be prompted to set a
password for the Telecommuting Module admin user.
• Now you can see the top page of 3Com VCX IP Telecommuting Module. Click on the Telecommuting Module
Type link and select the configuration for your Telecommuting Module. The types are described on the web page.
• Go to the Network Interface 1 page and enter the necessary configuration. See also the Interface section. Note
that the Telecommuting Module must have at least one IP address which can be reached from the Internet.
• If one of the Telecommuting Module Types DMZ/LAN or Standalone was chosen, move on to the Network
Interface 2 page and give the Telecommuting Module at least one IP address on this interface and state the
networks connected to the interface. See also the Interface section.
• Go to the Networks and Computers page. Define the networks that will send and receive SIP traffic using the
Telecommuting Module. Usually, you need at least one network per interface of the firewall connected to the
Telecommuting Module (or, for the Standalone type, per interface of the Telecommuting Module). Some
computers should be handled separately, and they therefore need their own networks. See also the Networks and
Computers section.
• Go to the Basic Configuration page under Basic Configuration and enter a Default gateway and a DNS
server. See also the Basic Configuration section.
• Go to the Access Control page and make settings for the configuration of the Telecommuting Module. See also
the Access Control section.
• Go to the Surroundings page (for the DMZ Telecommuting Module Type) and state the networks connected to
the firewall. See also the Surroundings section in chapter 4, Network Configuration.
• Go to Basic under SIP Services and turn the SIP module on. See also the Basic section.
• Go to the Interoperability page. Turn Preserve username and SIP URL encryption on.
3
Chapter 2. Overview of the Installation
• If you use a dialing domain which looks like an IP address, enter the dialing domain in the Translation
exceptions table. See also the Interoperability section.
• For this type of dialing domain, you also need to go to the Routing page. Enter the dialing domain in the DNS
Override For SIP Requests table and state the IP address of the SIP server(s) to handle the domain. See also the
Routing section.
• Go to the Save/Load Configuration page under. Select Apply configuration. Now you can test your new
configuration and save it permanently if you are satisfied with it. If the configuration is not satisfactory, select
Revert or restart the Telecommuting Module. The old configuration will remain.
When the Telecommuting Module is configured, the firewall connected to it must also be reconfigured (for the
DMZ and DMZ/LAN Telecommuting Module Types).
• Allow UDP and TCP traffic in the port interval used for media streams by the Telecommuting Module, and port
5060. This traffic must be allowed to all networks which should be reached by SIP traffic.
See also chapter 14, Firewall and Client Configuration, for information on configuring the firewall and the SIP
clients, and chapter 4 of the User Manual for Telecommuting Module configuration examples.
Before you start
You could do a rough sketch of your network to make the configuration simpler. Things to think of:
• Which IP addresses will the Telecommuting Module interfaces use? You can have more than one IP network on
one interface, each requiring a separate IP address for the Telecommuting Module.
• Which series of IP addresses will be used on the networks connected to the different interfaces?
• Are there networks behind routers?
• What is the default gateway for the Telecommuting Module?
About settings in 3Com VCX IP Telecommuting Module
3Com VCX IP Telecommuting Module uses two sets of Telecommuting Module configurations: preliminary and
permanent configuration. The permanent configuration is what is used in the active Telecommuting Module. The
preliminary configuration is where you change and set the configuration. See chapter 3 of the User Manual for
instructions.
The changes you make in the preliminary configuration are not stored in the permanent configuration until you click
on Apply configuration on the Save/Load Configuration page under Administration.
The password configuration and time setting are the exceptions to this rule; they are saved immediately. Change the
administrator passwords and create more administrator users on the User Administration page under
Administration.
3Com VCX IP Telecommuting Module displays serious errors in red, e.g., if mandatory information is not entered.
Blank fields are shown in red. Fields that you correct remain red until you select Save, Add new rows or update the
page in some other way.
If you have a web connection with the Telecommuting Module that is inactive for 10 minutes, it will ask for a
password again.
Always log out from the Telecommuting Module administration interface when you are not using it. Press the Log
out button on the left to log out.
The terms used in the book are explained in appendix C of the User Manual.
For a general description of how to configure and administer the Telecommuting Module, see chapter 3 of the User
Manual.
4
Chapter 2. Overview of the Installation
License Conditions
To fulfill the license conditions, we must either attach the source code with the software, or send a written offer,
valid at least three years, to give a copy of the source code to anyone who wants it. According to 3b) of the license,
we are entitled to charge for the distribution of the source code.
3Com Corporation offer the source code for all third party software included in 3Com VCX IP Telecommuting
Module and licensed under GPL. This offer is valid for this version of 3Com VCX IP Telecommuting Module and
is valid for three years after deliverance of your 3Com VCX IP Telecommuting Module unit. Contact 3Com
Corporation for current information.
5
Chapter 3. Installing 3Com VCX IP Telecommuting Module
Installation
There are three ways to install an 3Com VCX IP Telecommuting Module: using a serial cable, using a diskette or
perform a magic ping.
Installation with a serial cable or a diskette requires being at the same place as the Telecommuting Module, but will
give more options for the start configuration.
Installation with magic ping does not require being on the same place as the Telecommuting Module (but the
computer has to be connected to the same logical network as the Telecommuting Module), but restricts the start
configuration.
Installation with magic ping
You can use the magic ping to set an IP address for the Telecommuting Module. This is how to perform a magic
ping:
• Plug in the power cord and turn the Telecommuting Module on.
• Wait while the Telecommuting Module boots up.
• Connect the network cables to the network interfaces.
• Find out the MAC address of the Telecommuting Module (printed on the back of the Telecommuting Module).
This is the MAC address of Network Interface 1.
• Add a static entry in your local ARP table consisting of the Telecommuting Module’s MAC address and the IP
address it should have on Network Interface 1.
This is how to add a static ARP entry if you use a Windows computer:
Run the command command (or cmd).
In the Command window, enter the command arp -s ipaddress macaddress where ipaddress is the new IP address
for the Network Interface 1 interface, and macaddress is the MAC address printed on the Telecommuting
Module, but with all colons (:) replaced with dashes (-).
• Ping this IP address to give the Telecommuting Module its new IP address. You should receive a ping reply if the
address distribution was successful.
• Configure the rest through a web browser.
• Plug in the power cord and turn the Telecommuting Module on.
• Wait while the Telecommuting Module boots up.
• Connect the network cables to the network interfaces.
• Find out the MAC address of the Telecommuting Module (printed on the back of the Telecommuting Module).
This is the MAC address of Network Interface 1.
• Add a static entry in your local ARP table consisting of the Telecommuting Module’s MAC address and the IP
address it should have on Network Interface 1.
This is how to add a static ARP entry if you use a Windows computer:
Run the command command (or cmd).
In the Command window, enter the command arp -s ipaddress macaddress where ipaddress is the new IP address
for the Network Interface 1 interface, and macaddress is the MAC address printed on the Telecommuting
Module, but with all colons (:) replaced with dashes (-).
6
Chapter 3. Installing 3Com VCX IP Telecommuting Module
• Ping this IP address to give the Telecommuting Module its new IP address. You should receive a ping reply if the
address distribution was successful.
• Configure the rest through a web browser.
Installation with a serial cable
These steps are performed when installing with a serial cable:
• Connect the Telecommuting Module to your workstation with a null modem serial cable.
• Plug in the power cord and turn the Telecommuting Module on.
• Wait while the Telecommuting Module boots up.
• Log on from your workstation.
• Run the installation program (see following instructions).
• Connect the network cables to the network interfaces.
• Configure the rest through a web browser.
Connect the Telecommuting Module to your workstation with a null modem serial cable, plug in the power cord
and turn the Telecommuting Module on. You will have to wait a few minutes while it boots up.
• If you use a Windows workstation, connect like this: Start Hyperterm. A Location dialogue will show, asking for
your telephone number and area. Click Cancel followed by Yes. Then you will be asked to make a new
connection. Type a name for this connection, select an icon and click OK. The Location dialogue will show
again, so click Cancel followed by Yes.
Now you can select Connect using COM1 and click OK. A Port settings dialogue will show, where you select
19200 as Bits per second. Use the default configuration for all other settings. Click OK and wait for a login
prompt. (In some cases you have to press Return to get the login prompt.)
• If you use a Linux workstation, connect like this: Make sure that there is a symbolic link named /dev/modem
which points to the serial port you connected the Telecommuting Module to. Connect using minicom with the bit
rate 19200 bits/s, and wait for a login prompt.
Log on as the user admin. The first time you log on, no password is required. You set the password when you run
the installation script, which starts automatically when you have logged on.
Each network interface is marked with a name (1 and 2), which corresponds to a tab under Network. All eth
interfaces belong to ethernet cards and should only be connected using ethernet cables.
Decide which computer(s) are allowed to configure 3Com VCX IP Telecommuting Module and enter the name of
the network interface to which they are connected, for example, Network Interface 1. You must use the physical
device name (eth0 and eth1).
Enter the IP address of the Telecommuting Module on this interface and the network mask for the network.
A network mask can be written in two ways in 3Com VCX IP Telecommuting Module:
• The first looks just like an IP address, for example 255.255.192.0 or 255.255.254.0.
• The other way is as a number between 0 and 32. An IP address has 32 bits, where the number of the network
mask indicates how many bits are used in the network’s addresses. The rest of the bits identifies the computer on
the network.
Now, you can select to deactivate any network interfaces. Select y to deactivate all interfaces but the one you just
configured. The remaining network interfaces can be activated later when you complete the configuration via the
web interface from your work station. This only applies to interfaces which was previously active; you can’t
activate interfaces with this setting.
Now enter the computer or computers from which the Telecommuting Module may be configured (the configuration
computers).
7
Chapter 3. Installing 3Com VCX IP Telecommuting Module
Then enter a password for the Telecommuting Module. This is the password you use in your web browser to access
and change the Telecommuting Module’s configuration. Finally, you can reset all other configuration if you want to.
Following is a sample run of the installation program.
3Com VCX IP Telecommuting Module Administration
1. Basic configuration
2. Save/Load configuration
3. Become a failover team member
4. Leave failover team and become standalone
5. Wipe email logs
6. Set password
q. Exit admin
==>
Select 1 to install your 3Com VCX IP Telecommuting Module.
Basic unit installation program version 4.3
Press return to keep the default value
Network configuration inside:
Physical device name[eth0]:
IP address [0.0.0.0]: 10.47.2.242
Netmask/bits [255.255.255.0]: 255.255.0.0
Deactivate other interfaces? (y/n) [n]
Computers from which configuration is allowed:
You can select either a single computer or a network.
Configure from a single computer? (y/n) [y]
If you choose to allow only one computer to configure the Telecommuting Module, you are asked for the IP address
(the mask is set automatically).
IP address [0.0.0.0]: 10.47.2.240
If this IP address is not on the same network as the IP address of the Telecommuting Module, you are asked for the
router. Enter the IP address of the router on the network where the Telecommuting Module is connected. Then enter
the network address and mask of the network containing the configuring computer.
Static routing:
The computer allowed to configure from is not on a network local to
this unit. You must configure a static route to it. Give
the IP address of the router on the network the unit is on.
The IP address of the router [0.0.0.0]: 10.47.3.1
Network address [10.47.0.0]: 10.10.0.0
Netmask [255.255.255.0]:
You can choose to allow several computers to configure the Telecommuting Module, by answering no to the
question:
Configure from a single computer? (y/n) [y] n
8
Chapter 3. Installing 3Com VCX IP Telecommuting Module
The installation program then asks for the network number. The network number is the lowest IP address in the
series of numbers that includes the configuration computers (see chapter 3 of the User Manual). The network mask
determines the number of computers that can act as configuration computers.
Network number [0.0.0.0]: 10.47.2.0
Netmask/bits [255.255.255.0]: 255.255.255.0
If the network or partial network is not directly connected to the Telecommuting Module, you must enter the IP
address of the router leading to that network. Then enter the network’s address and mask.
Static routing:
The network allowed to configure from is not on a network local to this
unit. You must configure a static route to it. Give the
IP address of the router on the network this unit is on.
The IP address of the router [0.0.0.0]: 10.47.3.1
Network address [10.47.0.0]: 10.10.0.0
Netmask [255.255.255.0]:
Then enter a password.
Password []:
Finally, you are asked if you want to reset other configuration.
Other configuration
Do you want to reset the rest of the configuration? (y/n) [n]
If you answer n, nothing is removed. If you answer y, you have three alternatives to select from:
1. Clear as little as possible. This is the alternative that is used if you answer n to the question above. Both the
preliminary and the permanent configurations will be updated with the configuration specified above.
2. Revert to the factory configuration and then apply the configuration specified above. This will affect the
permanent but not the preliminary configuration.
3. Revert to the factory configuration and empty all logs and then apply the configuration specified above. Both
the preliminary and the permanent configurations will be affected.
Select the update mode, which is what you want to remove.
Update mode (1-3) [1]:
All configuration is now complete. The installation program shows the configuration and asks if it is correct.
yes saves the configuration.
no runs the installation program over again.
abort ends the installation program without saving.
9
Loading...