Nortel Networks 2700 User Manual 2

Version 7.05.300

NN46110-311 02.01 314708-F Rev 01 November 2007 Standard

600 Technology Park Drive Billerica, MA 01821-4130

Nortel VPN Router Installation — VPN Router 2700

The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc.

Trademarks

Nortel, the Nortel logo, the Globemark, and Contivity are trademarks of Nortel Networks.

Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.

Hi/fn and LZS are trademarks of Hi/fn, Inc.

HyperTerminal is a trademark of Hilgraeve, Inc.

Intel is a trademark of Intel Corporation.

Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.

Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation.

All other trademarks are the property of their respective owners.

Statement of conditions

In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves the right to make changes to the products described in this document without notice.

Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.

USA requirements only

Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice

Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If it is not installed and used in accordance with the instruction manual, it may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to take whatever measures may be necessary to correct the interference at their own expense.

European requirements only

EN 55 022 statement

This is to certify that the Nortel Networks VPN Router 2700 is shielded against the generation of radio interference in accordance with the application of Council Directive 89/336/EEC, Article 4a. Conformity is declared by the application of EN 55 022 Class A (CISPR 22).

NN46110-311 02.01

War ning: This is a Class A product. In a domestic environment, this product may cause radio interference, in which case, the user may be required to take appropriate measures.

Achtung: Dieses ist ein Gerät der Funkstörgrenzwertklasse A. In Wohnbereichen können bei Betrieb dieses Gerätes Rundfunkstörungen auftreten, in welchen Fällen der Benutzer für entsprechende Gegenmaßnahmen verantwortlich ist.

Attention: Ceci est un produit de Classe A. Dans un environnement domestique, ce produit risque de créer des interférences radioélectriques, il appartiendra alors à l’utilisateur de prendre les mesures spécifiques appropriées.

EC Declaration of Conformity

This product conforms (or these products conform) to the provisions of the R&TTE Directive 1999/5/EC.

Japan/Nippon requirements only

Denan statement

Voluntary Control Council for Interference (VCCI) statement

Taiwan requirements

Bureau of Standards, Metrology and Inspection (BSMI) statement

Nortel VPN Router Installation — VPN Router 2700

Canada requirements only

Canadian Department of Communications Radio Interference Regulations

This digital apparatus (VPN Router 2700) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.

Règlement sur le brouillage radioélectrique du ministère des Communications

Cet appareil numérique (VPN Router 2700) respecte les limites de bruits radioélectriques visant les appareils numériques de classe A prescrites dans le Règlement sur le brouillage radioélectrique du ministère des Communications du Canada.

Nortel Networks Inc. software license agreement

This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price.

“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to

NN46110-311 02.01

provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

4. General

a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks

Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections

12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails

to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction.

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting from

Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement between

Customer and Nortel Networks.

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If

the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.

Nortel VPN Router Installation — VPN Router 2700

NN46110-311 02.01

New in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

1000BASE-T (1000 GT) Ethernet card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Finding the latest updates on the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Getting help from the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Getting help over the phone from a Nortel Solutions Center . . . . . . . . . . . . . . . . . . . . 18

Getting help from a specialist by using an Express Routing Code . . . . . . . . . . . . . . . 18

Getting help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Printed technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Chapter 1

Installing the Nortel VPN Router 2700 chassis . . . . . . . . . . . . . . . . . . . . . . 25

Description of the Nortel VPN Router 2700 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Preparing to install the Nortel VPN Router 2700 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Shipment contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Additional equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Hardware for mounting the chassis in an equipment rack . . . . . . . . . . . . . . . 28

Site requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Nortel VPN Router Installation — VPN Router 2700

8 Contents

Installing the chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Chapter 2

Cabling the VPN Router and turning the power on . . . . . . . . . . . . . . . . . . 35

Connecting communications cables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Connecting the power cord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Verifying a successful installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Understanding the LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Installing the chassis on a flat surface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Installing the chassis in an equipment rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Rack-mount recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Attaching the shelf in the equipment rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Mounting the chassis in the equipment rack . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

LEDs on the system 10/100BASE-TX Ethernet port . . . . . . . . . . . . . . . . . . . . . . 41

10/100BASE-TX Ethernet interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

1000BASE-T (1000 GT) Ethernet interface card LEDs . . . . . . . . . . . . . . . . . . . . . 42

1000BASE-T (1000 MT) Ethernet interface card LEDs . . . . . . . . . . . . . . . . . . . . . 43

1000BASE-SX Ethernet interface card LED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

56/64K CSU/DSU WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

ADSL WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

T1/E1 CSU/DSU WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Quad T1/E1 CSU/DSU WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . 48

Single V.35/X.21 WAN interface card LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

SSL VPN Module 1000 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Chapter 3

Configuring the management IP interface. . . . . . . . . . . . . . . . . . . . . . . . . . 51

Required information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configuring the management IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Testing the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

NN46110-311 02.01

Contents 9

Chapter 4

Installing option cards and DIMMs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

Shutting down the system to add or replace hardware . . . . . . . . . . . . . . . . . . . . . . . . 60

Removing the front bezel and top cover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Attaching the antistatic wrist strap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Installing and replacing option cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Installing and replacing DIMMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Appendix A

Technical specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Chassis specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

System ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

10/100BASE-TX Ethernet LAN port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Serial port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Modem cable specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Hardware option cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

VPN Router Security Accelerator cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

SSL VPN Module 1000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

10/100BASE-TX Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

1000BASE-T (1000 GT) Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . . 83

1000BASE-T (1000 MT) Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . . 85

1000BASE-SX Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

56/64K CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

ADSL WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

ISDN BRI interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Quad T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

V.90 modem interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Single V.35/X.21 WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

HSSI WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Nortel VPN Router Installation — VPN Router 2700

10 Contents

NN46110-311 02.01

Figures

Figure 1 Front view of the VPN Router 2700 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Figure 2 Placement of rubber feet on the bottom of the chassis . . . . . . . . . . . . . . 29

Figure 3 Attaching the cage nuts to the rack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Figure 4 Installing the shelf in the equipment rack . . . . . . . . . . . . . . . . . . . . . . . . . 31

Figure 5 Removing the front bezel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Figure 6 Replacing the front bezel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Figure 7 Rear view of the VPN Router 2700 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Figure 8 Front panel LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Figure 9 LEDs on the system LAN port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Figure 10 LEDs on the 10/100BASE-TX Ethernet interface card . . . . . . . . . . . . . . . 42

Figure 11 LEDs on the 1000BASE-T (1000 GT) Ethernet interface card . . . . . . . . . 42

Figure 12 LEDs on the 1000BASE-T (1000 MT) Ethernet interface card . . . . . . . . . 43

Figure 13 LED on the 1000BASE-SX Ethernet interface card . . . . . . . . . . . . . . . . . 44

Figure 14 LEDs on the 56/64K CSU/DSU WAN interface card . . . . . . . . . . . . . . . . 45

Figure 15 LEDs on the ADSL WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Figure 16 LEDs on the T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . 47

Figure 17 LEDs on the quad T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . 48

Figure 18 LEDs on the single V.35/X.21 WAN interface card . . . . . . . . . . . . . . . . . . 49

Figure 19 LEDs on the SSL VPN Module 1000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Figure 20 Removing the front bezel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Figure 21 Removing the top cover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Figure 22 Location of option card slots and DIMMs on the system board . . . . . . . . 63

Figure 23 Location of the grounding jack for the antistatic wrist strap . . . . . . . . . . . 64

Figure 24 Installing and removing an option card . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Figure 25 Replacing the front bezel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

Figure 26 Installing and removing a DIMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Figure 27 10/100BASE-TX Ethernet connector . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Figure 28 Serial cable (9-pin D-sub plug to RS-232-C modem plug) . . . . . . . . . . . . 78

Figure 29 Modem cable (9-pin D-sub plug to RS-232-C modem plug) . . . . . . . . . . . 79

Nortel VPN Router Installation — VPN Router 2700

12 Figures

Figure 30 VPN Router Security Accelerator card . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Figure 31 SSL VPN Module 1000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Figure 32 10/100BASE-TX Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . 82

Figure 33 1000BASE-T (1000 GT) Ethernet interface card . . . . . . . . . . . . . . . . . . . 84

Figure 34 1000BASE-T (1000 MT) Ethernet interface card . . . . . . . . . . . . . . . . . . . 85

Figure 35 1000BASE-SX Ethernet interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Figure 36 56/64K CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Figure 37 ADSL WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Figure 38 ISDN BRI S/T interface card or ISDN BRI U interface card . . . . . . . . . . . 91

Figure 39 T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Figure 40 T1/E1 CSU/DSU WAN interface card (full-height card) . . . . . . . . . . . . . . 93

Figure 41 Quad T1/E1 CSU/DSU WAN interface card . . . . . . . . . . . . . . . . . . . . . . . 95

Figure 42 V.90 modem interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Figure 43 Single V.35/X.21 WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Figure 44 HSSI WAN interface card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

NN46110-311 02.01

Tables

Table 1 Items shipped with the VPN Router 2700 . . . . . . . . . . . . . . . . . . . . . . . . . 27

Table 2 Interfaces and cables for the VPN Router 2700 . . . . . . . . . . . . . . . . . . . . 36

Table 3 Power cord requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 4 Front panel LED indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 5 LED indicators on the system 10/100BASE-TX Ethernet port . . . . . . . . . 41

Table 6 LED indicators on the 10/100BASE-TX Ethernet interface card . . . . . . . . 42

Table 7 LED indicators on the 1000BASE-T (1000 GT) Ethernet interface card . . 43

Table 8 LED indicators on the 1000BASE-T (1000 MT) Ethernet interface card . 43

Table 9 LED indicator on the 1000BASE-SX Ethernet interface card . . . . . . . . . . 44

Table 10 LED indicators on the 56/64K CSU/DSU WAN interface card . . . . . . . . . 45

Table 11 LED indicators on the ADSL WAN interface card . . . . . . . . . . . . . . . . . . . 46

Table 12 LED indicators on the T1/E1 CSU/DSU WAN interface card . . . . . . . . . . 47

Table 13 LED indicators on the quad T1/E1 CSU/DSU WAN interface card . . . . . 48

Table 14 LED indicators on the single V.35/X.21 WAN interface card . . . . . . . . . . 49

Table 15 LED indicators on the SSL VPN Module 1000 . . . . . . . . . . . . . . . . . . . . . 50

Table 16 Supported option cards for the 2600 and 2700 . . . . . . . . . . . . . . . . . . . . 65

Table 17 Installing other option cards with the SSL VPN Module 1000 . . . . . . . . . 66

Table 18 Physical, electrical, and environmental specifications . . . . . . . . . . . . . . . 75

Table 19 10/100BASE-TX Ethernet port pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Table 20 Multiple DB9 and DB25 connector pinouts . . . . . . . . . . . . . . . . . . . . . . . . 78

Table 21 Modem cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Table 22 1000BASE-T (1000 GT) Ethernet pinouts . . . . . . . . . . . . . . . . . . . . . . . . 84

Table 23 1000BASE-T (1000 MT)Ethernet port pinouts . . . . . . . . . . . . . . . . . . . . . 85

Table 24 56/64K CSU/DSU cable pinouts for crossover connection . . . . . . . . . . . . 89

Table 25 56/64K CSU/DSU cable pinouts for straight-through connection . . . . . . . 89

Table 26 ADSL cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Table 27 ISDN BRI S/T cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Table 28 ISDN BRI U cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Table 29 T1/E1 CSU/DSU cable pinouts for crossover connection . . . . . . . . . . . . . 93

Nortel VPN Router Installation — VPN Router 2700

14 Tables

Table 30 T1/E1 CSU/DSU cable pinouts for straight-through connection . . . . . . . . 94

Table 31 V.90 modem cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Table 32 V.35 cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Table 33 X.21 cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Table 34 T3 cable pinouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

NN46110-311 02.01

New in this release

The following section details what’s new in Nortel VPN Router Installation— VPN Router 2700 (NN46110-311) for Release 7.05.300:

Features

See the following section for information about feature changes:

1000BASE-T (1000 GT) Ethernet card

The 1000BASE-T (1000 GT) Ethernet card replaces the 10/100BASE-TX Ethernet card. See “1000BASE-T (1000 GT) Ethernet interface card” on page 83 and “1000BASE-T (1000 GT) Ethernet interface card LEDs” on page 42.

Nortel VPN Router Installation — VPN Router 2700

16 New in this release

NN46110-311 02.01

How to get help

This chapter explains how to get help for Nortel products and services.

Finding the latest updates on the Nortel Web site

The content of this documentation was current at the time the product was released. To check for updates to the latest documentation and software for VPN Router 2700, go to:

www.nortel.com/support

Select Security & VPN and then, in the section called Virtual Private Networking (VPN), IPSEC, and SSL, click the appropriate VPN Router product.

Getting help from the Nortel Web site

The best way to get technical support for Nortel products is from the Nortel Technical Support Web site:

www.nortel.com/support

Nortel VPN Router Installation — VPN Router 2700

18 How to get help

This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products. From this site you can:

• download software, documentation, and product bulletins

• search the Technical Support site and the Nortel Knowledge Base for answers to technical issues

• sign up for automatic notification of new software and documentation for Nortel equipment

• open and manage technical support cases

Getting help over the phone from a Nortel Solutions Center

If you do not find the information you require on the Nortel Technical Support Web site, and you have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following Web site to obtain the phone number for your region:

www.nortel.com/callus

Getting help from a specialist by using an Express Routing Code

To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to:

www.nortel.com/erc

NN46110-311 02.01

How to get help 19

Getting help through a Nortel distributor or reseller

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.

Nortel VPN Router Installation — VPN Router 2700

20 How to get help

NN46110-311 02.01

Preface

The VPN Router 2700 is part of the Nortel VPN Router product family. Nortel VPN Router 2700 supports secure, reliable IP VPNs in a single, integrated hardware device. Throughout this guide, the VPN Router 2700 is also referred to as the gateway.

This guide provides instructions about how to install the VPN Router 2700 in an equipment rack and how to install and replace option cards and dual inline memory modules (DIMM). This guide also provides some initial configuration information and includes technical specifications for the VPN Router 2700.

For complete information about configuring and monitoring the VPN Router 2700, see the documentation on the software CD. For information about VPN Router documentation, see “Related publications” on page 23.

Before you begin

This guide is intended for qualified service personnel who are installing the VPN Router 2700 for the first time or who need to install or replace any of the following field replaceable units (FRU):

• LAN, WAN, and serial interface cards

• VPN Accelerator cards (VPN Router Security Accelerator card and Hardware Accelerator card)

• SSL VPN Module 1000

• dual inline memory modules (DIMM)

Before you install the VPN Router 2700, install all network wiring on the premises using standard cable system practices.

Nortel VPN Router Installation — VPN Router 2700

22 Preface

Text conventions

This guide uses the following text conventions:

Acronyms

bold Courier text

italic text Indicates new terms and book titles.

plain Courier text

separator ( > ) Shows menu paths.

This guide uses the following acronyms:

ADSL asymmetric digital subscriber line

AES Advanced Encryption Standard

AIS alarm indication signal

Indicates command names and options and text that you need to enter.

Example: Use the Example: Enter

Indicates system output, for example, prompts and system messages.

Example:

Example: Choose Status > Health Check.

File not found.

show health command.

terminal paging {off | on}.

CSU/DSU channel service unit/digital service unit

DES Data Encryption Standard

DIMM dual inline memory module

DTE data terminal equipment

FRU field replacement unit

HSSI High Speed Serial Interface

IP Internet Protocol

IPsec IP Security

LAN local area network

NN46110-311 02.01

LED light emitting diode

LOS loss of signal

OOF out of frame

PCI peripheral component interconnect

RoHS Restriction of Use of Certain Hazardous Substances

SSL Secure Sockets Layer

VPN virtual private network

WAN wide area network

Related publications

For complete information about configuring, monitoring, and managing the VPN Router 2700, formerly known as the Contivity Secure IP Services Gateway 2700, refer to the following publications (included on the software CD):

• Release notes provide the latest information, including brief descriptions of the new features, problems fixed in this release, and known problems and workarounds.

• Nortel VPN Router Configuration — Basic Features (NN46110-500) introduces the product and provides information about initial configuration.

• Nortel VPN Router Security — Servers, Authentication, and Certificates (NN46110-600) provides instructions for configuring authentication servers and services, as well as digital certificates.

• Nortel VPN Router Security — Firewalls, Filters, NAT, and QoS

(NN46110-601) provides instructions for configuring the VPN Router Stateful Firewall, NAT, and VPN Router interface and tunnel filters.

• Nortel VPN Router Configuration — Tunneling Protocols (NN46110-503) provides instructions for configuring the tunneling protocols IPsec, L2TP, PPTP, and L2F.

• Nortel VPN Router Configuration — Advanced Features (NN46110-502) provides instructions for configuring 802.1Q VLANs, circuitless IP, advanced WAN settings, PPP, PPPoE, frame relay, ADSL and ATM, T1/E1 CSU/DSU interfaces, dial services and BIS, DLSw, IPX, and Hardware Accelerator cards.

Preface 23

Nortel VPN Router Installation — VPN Router 2700

24 Preface

• Nortel VPN Router Configuration — Routing (NN46110-504) provides instructions for configuring RIP, OSPF, and VRRP, as well as instructions for configuring ECMP, routing policy services, and client address redistribution.

• Nortel VPN Router Configuration — SSL VPN Services (NN46110-501) provides instructions for configuring services on the SSL VPN Module 1000, including authentication, networks, user groups, and portal links.

• Nortel VPN Router Using the Command Line Interface (NN46110-507) provides syntax, descriptions, and examples for the commands that you can use to configure, manage, and monitor the gateway.

• Nortel VPN Router Troubleshooting (NN46110-602) provides information about backup and recovery, file management, upgrading software, and troubleshooting. This guide also provides instructions for monitoring gateway status and performance.

• Nortel VPN Router Configuration — TunnelGuard (NN46110-307) provides information about configuring and using the TunnelGuard feature.

Printed technical manuals

You can print selected technical manuals and release notes free, directly from the Internet. Go to www.nortel.com/documentation, find the product for which you need documentation, then locate the specific category and model or version for your hardware or software product. Use Adobe Reader to open the manuals and release notes, search for the sections you need, and print them on most standard printers. Go to Adobe Systems at www.adobe.com to download a free copy of the Adobe Reader.

NN46110-311 02.01

Chapter 1 Installing the Nortel VPN Router 2700 chassis

This chapter describes how to install the VPN Router 2700 chassis.

Note: Before you install the chassis, use standard cable system practices to install all the network wiring on the premises.

This chapter contains the following topics:

Topic Page

Description of the Nortel VPN Router 2700 25

Preparing to install the Nortel VPN Router 2700 26

Installing the chassis 29

Description of the Nortel VPN Router 2700

You can use the VPN Router 2700 to provide scalable, secure, and robust Internet Protocol (IP) virtual private networks (VPN) across the public data network. The VPN Router 2700 uses the infrastructure of the Internet to replace traditional remote access gear.

The VPN Router 2700 provides routing, firewall, bandwidth management, encryption, authentication, and data integrity services to ensure secure tunneling across IP networks and the Internet. An individual user or group of users can be associated with a set of attributes that provide custom access to an extranet.

Nortel VPN Router Installation — VPN Router 2700

26 Chapter 1 Installing the Nortel VPN Router 2700 chassis

Figure 1 shows the front view of the VPN Router 2700.

Figure 1 Front view of the VPN Router 2700

Alert/Fail

Boot/Ready

The VPN Router 2700 chassis provides the following:

• one 10/100 Ethernet LAN port on the base system

• one serial port for out-of-band management of the VPN Router 2700

• four expansion peripheral component interconnect (PCI) slots that can contain interface cards, VPN Accelerator cards (VPN Router Security Accelerator card and Hardware Accelerator card), and the Secure Sockets Layer (SSL) VPN Module 1000

• one 10/100 Ethernet interface card installed in PCI slot 4

• 256 MB memory upgradable to 512 MB total

CS260001B

Preparing to install the Nortel VPN Router 2700

Before you begin the installation, verify that:

• Your shipment is complete and undamaged.

• You have the cables, tools, and other equipment that you need.

• Your installation site meets the physical, electrical, and environmental requirements.

The sections that follow provide information to help you prepare for installation.

NN46110-311 02.01

Shipment contents

In addition to the gateway and this guide, the shipping container for the VPN Router 2700 contains a number of hardware accessories and other items.

Note: Nortel does not ship a power cord with the VPN Router 2750 unless you order one.

Tabl e 1 lists the hardware accessories and other items shipped with the VPN

Router 2700.

Table 1 Items shipped with the VPN Router 2700

Quantity Item Description

1 Rack mount shelf Used to support the chassis in an equipment

4 10-32 panhead screws Secures the rack mount shelf to the equipment

4 10-32 panhead cage nuts Used only if the equipment rack does not have

4 Rubber feet Used to install the chassis on a surface

1 Antistatic wrist strap Used to direct the discharge of static electricity

1 Molded serial cable

DB9/DB25-to-DB9/DB25

1 Nortel VPN Router

Installation—VPN Router 2700 (this book)

1 Recovery diskette Used to restore the software image and file

1 VPN Router software kit Contains Nortel VPN Router 2700 software and

1 VPN client kit Contains VPN Client software and

Chapter 1 Installing the Nortel VPN Router 2700 chassis 27

rack

rack and the chassis to the shelf

threaded rail holes

from your body to the chassis to prevent damage to sensitive electronic components

Used to connect the VPN Router 2700 to a PC or a local terminal

Provides instructions for installing the chassis and hardware options

system

documentation on CD

Inspect all items for shipping damage. If you detect any damage, do not install the VPN Router 2700. Call the Nortel Technical Solutions Center in your area (see

“How to get help” on page 17).

Nortel VPN Router Installation — VPN Router 2700

28 Chapter 1 Installing the Nortel VPN Router 2700 chassis

Additional equipment

You need items that are not included in the VPN Router 2700 shipping container. Before you begin the installation, ensure that you have all the cables, tools, and other equipment that you need.

Cables

You need cables that are not included in the VPN Router 2700 shipping container. For information about which cables are shipped and which ones you can order, see “Connecting communications cables” on page 36. If you do not have the proper cables, contact your network administrator.

Hardware for mounting the chassis in an equipment rack

To install the VPN Router 2700 in an equipment rack, you need a Phillips screwdriver and an equipment rack that meets the following specifications:

• heavy-duty steel construction

• width of 19 in. (48.26 cm) and depth of 24 in. (60.96 cm)

• Electronic Industries Association (EIA) standard hole-spacing

If the rack does not have threaded rail holes, you must use the cage nuts shipped with the VPN Router 2700.

Site requirements

The installation site must provide sufficient free space around the VPN Router 2700 to ensure proper ventilation and access for servicing. For information about the physical, electrical, and environmental requirements for the VPN Router 2700, see “Chassis specifications” on page 75.

NN46110-311 02.01

Installing the chassis

To install the VPN Router 2700, do one of the following:

• Position the chassis on a flat, sturdy, horizontal surface.

• Mount the chassis in a standard equipment rack (see “Installing the chassis in

an equipment rack” on page 30).

Installing the chassis on a flat surface

If you decide to place the VPN Router 2700 on a flat surface, make sure that the surface is large enough for the gateway and sturdy enough to support the combined weight of the VPN Router 2700 and the cables that you attach to it.

The VPN Router 2700 accessory kit includes four rubber feet that can be attached to the bottom of the gateway. Figure 2 shows the placement of these rubber feet.

Figure 2 Placement of rubber feet on the bottom of the chassis

Chapter 1 Installing the Nortel VPN Router 2700 chassis 29

Attach feet (4)

CS160016A

Nortel VPN Router Installation — VPN Router 2700

30 Chapter 1 Installing the Nortel VPN Router 2700 chassis

Installing the chassis in an equipment rack

To mount the VPN Router 2700 in an equipment rack, you need the following equipment:

• a standard 19-inch equipment rack

• four screws (supplied with the chassis)

• four cage nuts (supplied with the chassis) if the rack does not have threaded rail holes

• a #2 Phillips screwdriver

Rack-mount recommendations

When you mount the chassis in the rack, observe the following standard recommendations:

• Ensure that the internal temperature of the rack does not exceed the maximum recommended ambient temperature of 40

• Do not block the power supply vents or otherwise restrict air flow when you install the chassis in a rack.

• Stabilize your rack so that it does not tip over under the weight of the gateway and other devices.

• Ensure that the electrical branch circuits can handle the VPN Router 2700 and other units in the rack before you install and turn on the gateway.

• Maintain a reliable earth-ground path in the rack system. The gateway is intended to connect to an earth ground.

C (104oF).

Attaching the shelf in the equipment rack

The VPN Router 2700 ships with a rack-mount shelf to support the chassis in the equipment rack.

To attach the shelf to the inside of the equipment rack:

1 If the holes in the rack’s vertical supports are not threaded, attach a cage nut in

NN46110-311 02.01

four locations at the front of the rack (Figure 3 on page 31).

+ 78 hidden pages