Nortel 252 用户指南
Chapter 5 User Notes 35
Nortel Business Secure Router 252 — Fundamentals
If a VPN Client user account is de-activated, deleted, or changed, and that user is
currently connected, the connection is not automatically dropped. To drop the
connection, the administrator needs to disconnect the user using the 'Disconnect'
function in the VPN/SA Monitor GUI. This is consistent with other Nortel
Contivity products.
currently connected, the connection is not automatically dropped. To drop the
connection, the administrator needs to disconnect the user using the 'Disconnect'
function in the VPN/SA Monitor GUI. This is consistent with other Nortel
Contivity products.
2
User Name Restrictions
User names are limited to a maximum length of 63 characters.
3
VPN Client Account Password Restrictions
The password for a VPN Client user cannot contain the single- or double-quote
characters.
characters.
4
IP Pool Address Overlap
When defining multiple VPN Client Termination IP pools, the router uses the IP
Subnet mask, and not the pool size, to determine if the pools are overlapping. The
subnet mask of each pool should be appropriate for the size of the VPN Client
Termination IP pool.
Subnet mask, and not the pool size, to determine if the pools are overlapping. The
subnet mask of each pool should be appropriate for the size of the VPN Client
Termination IP pool.
5
VPN Client Termination - Failure In Specific Addressing Situation
If the Client has an assigned IP address that is the same as the IP address assigned
for the Client Tunnel, the connection will fail to be established.
for the Client Tunnel, the connection will fail to be established.
6
VPN Client Termination - Configuration Restrictions
This router has some restrictions when compared to larger Contivity Routers
(1000 Series and above). In particular,
(1000 Series and above). In particular,
VPN Clients cannot be added to the LAN subnet. They must have addresses
outside of the LAN subnet.
outside of the LAN subnet.
VPN Clients can have dynamically assigned IP addresses, or they can have a
statically assigned addresses. However, the router does not support both
modes at once. All addresses must either be dynamically assigned, or they
must all be statically assigned.
statically assigned addresses. However, the router does not support both
modes at once. All addresses must either be dynamically assigned, or they
must all be statically assigned.
7
Establishing a Client Tunnel From One Business Secure Router to Another