Scribd
Upload
80 views5 pages

Section 1: Checklist For The Set-Up of An AO On The AO Hub

The document provides instructions for setting up an Access Operator (AO) on the AO Hub. It includes sections for the AO name and code, required access types, connectivity options including changing from dial-up to a VPN connection, VPN setup details, preferred VPN settings that the AO can accept or propose alternatives for, defining the encryption domain with source and destination addresses, access control rules including source and destination addresses and services, and destination paths for the UG servers. The focus is setting up a VPN connection to replace an existing dial-up connection for access to the AO Hub.

Uploaded by

Mickie Minnue
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views5 pages

Section 1: Checklist For The Set-Up of An AO On The AO Hub

The document provides instructions for setting up an Access Operator (AO) on the AO Hub. It includes sections for the AO name and code, required access types, connectivity options including changing from dial-up to a VPN connection, VPN setup details, preferred VPN settings that the AO can accept or propose alternatives for, defining the encryption domain with source and destination addresses, access control rules including source and destination addresses and services, and destination paths for the UG servers. The focus is setting up a VPN connection to replace an existing dial-up connection for access to the AO Hub.

Uploaded by

Mickie Minnue
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Checklist for the set-up of an AO on the AO Hub

Section 1
* Mandatory Sections

1.1 AO Name(The name that the AO is to be known


as on the system)*

1.2 Please confirm that the service schedule has


been signed by the AO for the service being
requested.*

1.2 AO Code*
(Format 139nn or 111nn)

1.3 Indicate the access required :

/shareddisp - DSIP Operators Only


/lluinfo – Access to LLU exchange / line info
/ nds - NDD Operators only
/ singlebill – WLR Billing File for WLR operators
only
/ug – For all services provided by UG
Please indicate which services are required
- LLU
- CPS
- Bitstream
- GNP
- WLR

/CDR
Section 2 - Connectivity Options for the AO Hub

2.0 Is AO a current user of the hub?


(If yes, please supply username)
Change of existing access. The most
2.1 What type of access is required?
appropriate choice is to change the
If appropriate please review access controls for
existing ISDN link connection over to a
order processing on UG, see section 2.4, 2.5
VPN connection.
2.2 If a change is required please clarify From Dial up to VPN
2.3 Set up Details for VPN access
See Section 3 See below

2.4 (AO Hub)


Production Hub
Please confirm on which hub the operator requires
Test Hub
to be set up

2.4 (Unified Gateway ):


UGWP: (Production) and/or
Please confirm the environments that are required
UGWI: (Test operator)
to be set up:

2.5 Access Channel: (Unified Gateway) FTP

Section 2(a) Set Up Details for Dial up


AO Technical contact details
Name
Tel no
Email address
Section 2(b) - VPN Set-up Details

eircom Technical Contact (internal use)


Name
e-mail
Phone Number

eircom Project Owner (internal use)


Name
e-mail
Phone Number
Time Code

eircom Data Owner (internal use)


The data owner should sign eircom’s Suppliers Security Agreement on behalf of eircom if applicable.
Name
e-mail
Phone Number

3rd Party Technical Contact (edit please)


Name
e-mail
Phone Number
Section 3 - VPN Settings

The table below sets out eircom’s preferred site-to-site VPN settings. An AO should
complete the right hand column on this table. To indicate acceptance of a parameter,
double click on the check box and leave either the default value (unchecked) or change it
to “checked“. Please note, if the check box is left blank please suggest an alternative
setting.

eircom settings Enter 3rd Party Name Here


Network Settings
Peer IP 159.134.20.49 Enter VPN Gateway Address Here
VPN Product Cisco PIX Enter VPN Gateway Device Here
IKE Policy (edit please)
Message Encryption AES-256 Accepted
algorithm
Message integrity SHA Accepted or Alternative:
algorithm
Peer Authentication Pre-shared secret (Via phone)
Method
DH-Group Group 2 (1024 bit) Accepted or Alternative:
IKE Lifetime 8 hours (28,800 seconds) Accepted or Alternative:
IPSec Parameters (edit please)
Mechanism for payload ESP Accepted
encryption
ESP Transform AES-256 Accepted
Data Integrity SHA Accepted or Alternative:
Security Association (SA) 1 hours (3,600 seconds) Accepted or Alternative:
Lifetime
Perfect Forward Secrecy Enabled (Group 2 Keys) Accepted or Alternative:
(PFS)
Additional Comments (edit please, if required)
Section 4 - Encryption Domain (edit please)

Most organisations use private IP addressing internally on their networks e.g. 10.x.y.z, 192.168.x.y,
172.16.x.y. As a result there is a high probability that a third party’s internal network addressing may
conflict with eircom’s internal addressing or that of another VPN third party. To avoid such conflict
eircom will only accept IP traffic across a VPN where the source host or hosts are presented as a public
address. eircom suggests each third party address translates their internal address ranges to the public
IP address of their VPN gateway. If required the eircom host(s) can also be made available through
public NATted addresses. The following section seeks to define the traffic to be encrypted between the
two sites.

More granular information including specific target host(s) and specific target ports/services should be
defined in the “Access Control Rules“ table below.

Source Destination
Third party Public address 159.134.33.18 olotst01
Third party Public address 159.134.33.21 oloprd00

Section 6 - Access Control Rules (edit please)

Source Destination Service\Port

Third party Public address 159.134.33.18 olotst01


159.134.33.21 oloprd00 FTP

Section 7 Destination Path of UG Server

159.134.33.18
UG Production Hub
159.134.33.21
UG Interoperator Hub

You might also like