Nortel 4134 Guia Do Utilizador

New in this release

•

Dynamic NAT

•

Port Restricted Cone NAT

For information on firewall and NAT fundamentals, see

"Firewall and NAT

Fundamentals" (page 21)

. For configuration information, see

"Firewall and

NAT configuration" (page 79)

Packet filter

With the SR4134, the packet filter feature provides stateless, interface-based
packet filtering as an alternative to the stateful firewall. It also provides IPv6
packet filter functionality to complement the IPv4-only stateful firewall.

The SR4134 packet filter examines each packet on the interface to
determine whether to permit or drop the packet, based on the criteria
specified within user-configured access lists. This control can restrict
network traffic and restrict network use for certain users or devices.

The SR4134 supports three packet filter types; IPv4, IPv6, and MAC. WAN
and chassis Ethernet interfaces only support IPv4 and IPv6 packet filters.
The Module Ethernet interface support IPv4, IPv6, and MAC packet filters
in a slight different implementation.

For information on packet filter fundamentals, see

"Packet filter fundamentals

" (page 37)

. For configuration information, see

"Packet filter configuration"

(page 107)

IPsec VPN

IPsec can protect packets between hosts, between security gateways (for
example, routers or firewalls), or between hosts and security gateways.

The IPsec-based virtual private network (VPN) operates in the network
layer. Based on the policy defined, it secures individual IP packet. So, it is
transparent to the higher layer applications.

The SR4134 supports two basic types of VPN, each with an associated set
of business requirements:

•

Site-to-Site VPN

•

Remote access VPN

For information on IPsec VPN fundamentals, see

"IPsec VPN fundamentals"

(page 43)

. For configuration information, see

"IPsec VPN configuration"

(page 117)

Nortel Secure Router 4134