Using Management Center for VPN Routers 1.2
New Features for Router MC 1.2.1
Download this chapter
New Features for Router MC 1.2.1New Features for Router MC 1.2.1
Download the complete book
Using Management Center for VPN Routers 1.2 - full book PDFUsing Management Center for VPN Routers 1.2 - full book PDF (PDF - 4 MB)
give_us_feedback

Table of Contents

New Features for RMC 1.2.1
 Uploading Configurations From a Device
 Defining Translation Rules

New Features for RMC 1.2.1

Router MC 1.2.1 is a later version of Router MC 1.2. This appendix documents the new features and changes that have been made in the user interface for Router MC 1.2.1, since Router MC 1.2 was released.

The following sections include updated information that is not included in the user guide, or online help for Router MC 1.2:

Uploading Configurations From a Device

To upload device configurations, you must first import the source device into Router MC. You then specify the target object, meaning the device or group to which you want to upload the source device's configurations. You can then perform the upload operation.

Following a valid and successful upload, Router MC generates an upload report that shows:

  • Which policies were uploaded.
  • Error or warning messages describing any problems encountered.
  • The actual CLI syntax of the uploaded policies.
Before You Begin:
  • Import the device from which you want to upload configurations.
  • Make sure you are working within the context of an open activity.
Procedure
Step 1   Select Configuration>Upload. The Upload page appears. See Table D-1 for a description of the Upload page.

Step 2   In the Upload From area, select the source device, meaning the device that contains the configuration policies you want to upload. The name of the device appears in the text box below the hierarchy.

Step 3   Click Select Target. The Upload Target dialog box appears. Table D-2 describes the elements in the Upload Target dialog box.

Step 4   In the Upload To area, select the target object, meaning the object to which you want to upload policies. The target object can be a group or an individual device. If the target object is a group, the policies will be uploaded to all the descendents of that group.

Step 5   Click OK. The Upload Target dialog box closes, and the selected target object will appear in Upload To area of the Upload page.

Step 6   If you want to replace the existing policies on the target object with the uploaded policies, select the Override existing policies check box. Click Upload. The upload report appears, indicating which policies were uploaded successfully and listing errors or warnings if problems were encountered.




Table D-1 describes the elements in the Upload page.

Table D-1   Upload—GUI Reference

GUI Element  Description 

Upload From area

Displays device tree from which you select the source device, meaning the device from which you want to upload configurations. The name of the selected device appears in the text box below the tree.

+/- signs

Click the plus sign to expand, or click the minus sign to collapse, the selected level in the tree.

Select Target button

Click to open the Upload Target dialog box, in which you select the target object, meaning the object to which you want to upload policies. See Table D-2 for a description of the Upload Target dialog box.

Upload To area

Displays the selected target object.

Override existing policies check box

Select to override the existing policies on the target device(s) with the uploaded policies from the source device. This applies specifically to policies that cannot exist in multiple instances on a device, such as preshared keys and CA policies. If this check box is not selected, and one of these policies is defined on the device, the policy from the source device will not be uploaded.

Upload button

Click to start the upload operation.

Table D-2 describes the elements in the Upload Target dialog box.

Table D-2   Upload Target—GUI Reference

GUI Element  Description 

Upload To area

Select the target object to which you want to upload policies. The target object can be a group or an individual device. If the target object is a group, the policies will be uploaded to all the descendents of that group.

OK button

Click to accept the selection and close the dialog box.

Cancel button

Click to cancel any selection and close the dialog box.

Defining Translation Rules

Defining a translation rule involves the following two steps:

  • Creating a traffic filter. To use the NAT features in Router MC, you must identify the traffic flows that require NAT by defining traffic filters.
  • Creating an address pool or specifying a VPN interface. Internal devices that require external connections will draw their translated addresses from an address pool, or will use the IP address of the external (VPN) interface on the devices as the translated IP address.
Note    To define NAT on a device group, you must specify a VPN interface. The address pool option is only available for single devices.
Note   You must perform both these steps. If you attempt to define a traffic filter without defining a NAT address, a validation error will be generated and displayed in the Error Checking page of the Job wizard, on deployment.

You perform these steps in the Translation Rules page under the Configuration tab.

Before You Begin

Make sure you are working within the context of an open activity.

Procedure
Step 1   Select Configuration>Translation Rules. The Translation Rules page appears. Table D-3 describes the elements in the Translation Rules page.

Step 2   Click Create to create a new traffic filter. The Create ACE dialog box appears. See Table D-5 for a description of the Create ACE dialog box.

Step 3   In the Source fields, either enter the source IP address, or select a network group from the list box.

Step 4   In the Destination fields, either enter the destination IP address, or select a network group from the list box.

Step 5   Select the Permit check box.

Step 6   Click Apply. The Create ACE dialog box closes, returning you to the Translation Rules page.

Step 7   Click Select NAT Address. The NAT Address Type dialog box opens. See Table D-4 for a description of the elements in the NAT Address Type dialog box.

Step 8   In the Type area, select a radio button, either Address Pool or VPN Interface.

Step 9   If you selected Address Pool, enter a network address in the From and To fields to define the start and end of the address pool range. Enter a subnet mask in the Pool Subnet Mask field.

Step 10   Click Apply to save your NAT definitions in the database.

The NAT Address Type dialog box closes, returning you to the Translation Rules page. The selected NAT address is displayed in the Address Type field.




Table D-3 describes the elements in the Translation Rules page.

Table D-3   Translation Rules—GUI Reference

GUI Element  Description 

Address Type field

Displays the selected NAT address.

Select NAT Address button

Opens the NAT Address Type dialog box, in which you can select the required address type. See Table D-4 for a description of the elements in the NAT Address Type dialog box.

Source column

Displays the source address.

Destination column

Displays the destination address.

Action column

Identifies the associated action for the specified traffic filter. Available actions include:

  • Permit—Allow the traffic.
  • Deny—Block the traffic.

check box

Enables you to select a filter to edit it, delete it, or move it higher or lower in the table. You can select more than one check box at a time.

Rows per page list box

Enables you to change the number of traffic rule filters displayed per page.

<< link;
>> link

Click the << link, when it is available, to return to the previous screen in the filters table. Click the >> link, when it is available, to advance to the next screen in the filters table.

Move Up button

Move the selected filter one row higher in the list of filters. This increases its priority in comparison to those that are lower in the list.

Move Down button

Move the selected filter one row lower in the list of filters. This decreases its priority in comparison to those that are higher in the list.

Create button

Opens the Create ACE (NAT) dialog box. See Table D-5 for a description of the elements displayed in the Create ACE (NAT) dialog box.

Note If an object other than Global is selected in the Object Selector, creating a new filter adds any existing inherited values to the filter.

Edit button

Opens the Edit Filter dialog box.

Delete button

Deletes the specified traffic filter.

Clear button

The Clear button is only present if Global is selected in the Object Selector. Click the Clear button to remove your current definitions.

Note Clicking the Clear button deletes both the traffic filter definition and the selected NAT address.

Defaults button

The Defaults button is present when any object other than Global is selected in the Object Selector. Click to remove your local definitions and restore the inherited values.

Table D-4 describes the elements in the NAT Address Type dialog box.

Table D-4   NAT Address Type—GUI Reference

GUI Element  Description 

Type

This area contains the following three radio buttons from which you can select the address type:

  • Address Pool: Only available when a single spoke is selected in the Object Selector. Select this radio button to define an address pool from which IP addresses for NAT will be drawn.
  • VPN Interface: Select this radio button to specify that the IP address of the VPN interface on the device(s) should be used as the translated address.
  • None: Select this radio button if you have NAT configurations on a device that were inherited from a higher level object, and you want to remove them.

From field

Only appears when the Address Pool radio button is selected.
Enter a network address to define the start of the address pool range.

To field

Only appears when the Address Pool radio button is selected.
Enter a network address to define the end of the address pool range.

Pool Subnet Mask field

Only appears when the Address Pool radio button is selected.
Enter the subnet mask in bits, such as 192.168.168.0/24.

Apply button

Click to save your NAT selections in the database, and return to the Translation Rules page.

Cancel button

Click to exit without saving your selections.

Table D-5 describes the elements in the Create ACE (NAT) dialog box.

Table D-5   Create ACE (NAT)—GUI Reference

GUI Element  Description 

Source:
IP Address field; Network Group list box

Use this field to specify the source of the flow that will use NAT addressing. Enter the IP address or host name of a device, or the IP address and subnet mask of a network. Alternatively, select a predefined network group representing the required range of networks. The list of available network groups includes inside interfaces and internal networks on the spokes, enabling you to broaden your definition of flows that will use NAT addressing.

Destination:
IP Address field; Network Group list box

Enter the IP address or host name of a device, or the IP address and subnet mask of a network. Alternatively, select a predefined network group representing the required range of networks. Traffic transmitted to the specified destination networks will use NAT addressing.

Permit check box

Select to translate this traffic flow. Leave unselected to prevent translation.

Apply button

Click to apply your definitions.

Cancel button

Click to cancel your definitions.