IPv4-IPv6 Transformer User Manual
Contents
1. 8 14 MANUAL IPSEC SECURITY 80 8 15 FIRMWARE 9 WEB GRAPHICAL USER INTERFACE WEBGUI STATUS 69 9 1 SYSTEM 0 260 000060000000022000000000000 69 0 2 INTERFACES 0 0 0 0 60806000000000000000000 72 9 3 TRAFFIC GRAPH cccccceccccecccceccccccccsccccecccacecausccasceseccececesausesaescenteceusecens 73 10 WEB GRAPHICAL USER INTERFACE WEBGUI DIAGNOSTICS 74 IUE NMEEocC C 74 10 2 5 2 02 00 0010000000000 75 10 3 lt 22222 2 1 1200000 2 00 76 IP gt amp 77 10 5 ADDRESS POOL cc cccccccsccccecccccccccccccccccuccccccccccececasecaesececccseescsaesecueeceusecens 79 10 6 ADDRESS c 80 10 7 TRANSLATION STATISTICS ccccccsecccceccccccccccccccsccccesccusccecccceescsausecuecceusesens 81 10 8 NETWORK STATISTICS cccccsecccccccccsccccccccccccccucscecesccusccescesaesesaesecuesceueecens 82 83 10 10 BACKUP RESTORE cccccccccccscccceccccceccccecccaccccucceucccceeececeuscsausecuteceueesens 84 10 11 FACTORY DEFAULTS ccccccccccccccccccccccscccaccccasccec2. asked oe vus Ue 4 FIGURE 14 1P V4 ADDRHESS POOL SCREEN utcsteessastasv om 42 FIGURE 15 ADDING OR EDITING THE ADDRESS POOL SCREEN 43 FIGURE 16 STATIC IPV4 IPV6 ADDRESS MAP 44 FIGURE 17 LOCAL FORWARDING ADDRESS 45 FIGURE 18 LOCAL FORWARDING ADDRESS MAP EDIT SCREEN eene 46 FIGURE 19 DHCP YG CLIENT SCREEN zeretan 47 FIGURE 20 DHOP V4 SERVER SGHEEBDNL 49 FIGURE 21 STATIC ROUTES sereneco rr rr eer rn re re 51 FIGURE 22 SNMP SERVER Ip 53 FIGURE 29 FTF GATEWAY CELE IN sisi ibo eh ases RM atas Mas ERU pdt IU 55 FIGURE 24 MANUAL IPSEC SECURITY POLICIES 56 FIGURE 25 MANUAL IPSEC SECURITY ASSOCIATIONS 57 FIGURE 26 MANUAL IPSEC SECURITY POLICY EDIT 2 22 59 FIGURE 27 MANUAL IPSEC SECURITY POLICY EDIT SCREEN CONTINUED 60 FIGURE 28 MANUAL IPSEC SECURITY POLICIES DISPLAY AFTER EDITING 63 FIGURE 29 MANUAL IPSEC SECURITY ASSOCIATION
3. Software Support SOFTWARE support is provided by Manufacturer or its affiliates or subsidiaries separate from the computer on which it may be installed SOFTWARE support is limited to the warranty period stated below unless either a separate maintenance contract has been consummated between you and the manufacturer or the manufacturer has agreed in writing at the time of purchase by you of the software to an extension of the warranty Should you have any questions concerning this LICENSE or if you desire to contact Manufacturer for any other reason please refer to the address provided in the documentation for the SOFTWARE Export Restrictions You agree that you will not export or re export the SOFTWARE to any country person or entity subject to U S export restrictions You specifically agree not to export or re export the SOFTWARE 1 to any country to which the U S has embargoed or restricted the export of goods or services which as of March 1998 include but are not necessarily limited to Cuba Iran Iraq Libya North Korea Sudan and Syria or to any national of any such country wherever located who intends to transmit or transport the products back to such country iu to any person or entity who you know or have reason to know will utilize the SOFTWARE or portion thereof in the design development or production of nuclear chemical or biological weapons or to any person or entity who has been prohibited from
4. Internet Protected Mode Figure 15 Adding or Editing the Address Pool Screen 8 6 Static address Figure 16 Static IPv4 IPv6 Address Map Screen displays manually configured bindings between the IPv4 and IPv6 addresses The legacy IPv4 host reaches these given IPv6 addresses using the given IPv4 addresses These static bindings may use IPv4 addresses that in the pool ot not in the pool but they should not be reachable on the network side ae gei er enc i aya ALUL Lr LYE Mg hes EL WO AC Tess APPLICATION transformer local System General setup Set Date Time L E E I Rm Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics 2005 2011 Datatek Applications Inc All rights reserved Internet Protected Mode Off Figure 16 Static IPv4 IPv6 Address Map Screen Add a static binding between an IPv4 and IPv6 address to the table Edit an existing static binding Delete an existing static binding 8 7 Local Forwarding address This feature configures bindings that allow additional IPv4 hosts to communicate with IPv6 endpoints As shown in Figure 17 Local Forwarding Address Map Screen enter the local host sid
5. IPv4 IPv6 Transformer User Manual 6 2013 V4 0 5 License Copyright O 2005 2013 Datatek Applications Inc All rights reserved The End User License Agreement EULA for the Datatek IPv4 IPv6 Transformer is detailed in Section 11 of the Datatek IPv4 IPv6 Transformer User Manual mOnOwall is Copyright 2002 2013 by Manuel Kasper mk neon1 net All rights reserved Copyright 1992 2013 The FreeBSD Project All rights reserved Printed in the USA Manufactured by Datatek Applications Inc 399 Campus Drive Suite 140 Somerset NJ 08873 Phone 732 667 1080 www datatekcorp com TABLE OF CONTENTS lt 5 1 c e 2 UII IEEE 2 1 HOW THE TRANSFORMER WORKS 2 2 KEY FEATURES ccccccseccccccccccccccecccucsccesccceusccaecesasceueceeenceeaes 2 PHYSICAL SETUP eicit mee oe mn reer 3 1 TRANSFORMER PHYSICAL DESCRIPTION 3 2 TRANSFORMER 02 0000000000000000 4 CONSOLE 5 WEBGUI 6 5 222
6. Tools mn skc datatekcorp co General setup Set Date Time Interface setup Disable this Security Association SA Registration Set this option to disable this SA without removing it from the configuration database Address pool ipid ddp Static address map DHCPwv6 client DHCPv4 server 2001 91 Static routes SNMP Server ESP FTP Gateway Manual IPsec transport Firmware Must match the setting chasen on the remote side Status System Interfaces The same unique number 1 16383 entered for a Security Policy SP and a Security Traffic graph Association 5 will ensure a specific 5A is used for the SP e Diagnostics 2004 98 AES CBC 128 192 256 bitkey 1234567830BCDEFG 12345678 Use double quoted string e g secret codeword hexidecimal digits preceded by Ox e g 0x1234567890abcdef Hash algorithm HMAC SHA1 160 bitkey Hash nassword 7 1 aaa 4 Internet Protected Mode Figure 29 Manual IPsec Security Association Edit Screen Disable This box 15 checked to disable the SA without deleting all its parameters from the configuration database Source IP This is the source IP address of the SA The IP addtess is matched against the source address in the IP headet Destination IP This is the destination IP address of the SA The IP address is matched again
7. supported e Authentication and or encryption is to be performed discard The packet is to be discarded none Accept the packet without any processing IPsec Protocol IPsec supports the Authentication Header AH protocol and the Encapsulating Security Payload ESP protocol Select AH to provide authentication and integrity across the IP header AH header and the IP payload Select ESP to provide confidentiality across the IP payload When ESP 15 selected an Integrity Check Value ICV is always performed for heightened security The ICV is computed over the ESP header Security Parameter Index SPI and Sequence Number the IP payload and the ESP trailer padding padding length field and next header Note that the IP header is excluded from the ICV computation Mode IPsec supports two modes tunnel mode and transport mode In tunnel mode an outer IP header comprised of the tunnel endpoints is pre pended to the original packet before AH or ESP processing is performed on the entire original IP packet Therefore in tunnel mode IPsec processing covers both the original IP header and the payload In transport mode ESP encryption mainly covers the IP payload and AH integrity covers both the IP header and the payload Local tunnel This is the IP address of the local gateway or local tunnel endpoint that will appear in the outer IP header In the outbound direction this would be the tunnel source
8. DHCPv6 client DO NOT abort the firmware upgrade once it has started The firewall will reboot DHCPv4 server automatically after storing the new firmware The configuration will be maintained Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics 2005 2011 Datatek Applications Inc All rights reserved view license system_firmware php Internet Protected Mode Off 100 Figure 31 Firmware screen 9 Web Graphical User Interface webGUI Status The following forms used for displaying the status of the Transformer such as general system information interfaces and traffic 9 1 System information Figure 32 System information Screen displays general system information about the Transformer Name This is the name of the Transformer that is formed with the Hostname and Domain fields from the General setup screen Version This is the image the Transformer is running The version filename and its date and time are displayed Platform This field displays the Transformer hardware version Uptime This is number of hours and minutes since the Transformer was last booted Last config change This dates the last time the database was saved CPU usage Figure 33 CPU usage Screen is a graph that tracks CPU usage by clicking VIEW GRAPH link Memory usage This is a bar graph that dynamically tracks
9. WA Interface setup EENE Registration 172 31 0 1 Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Ld Diagnostics a transformer local ar uan me SET ATES 172 351 255 294 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Figure 14 4 Address Pool Screen The following buttons are provided for editing the entries in the address pool G Add a new range of IPv4 addresses to the pool Edit an existing range 09 Delete an existing range Figure 15 Adding or Editing the Address Pool Screen is displayed when a new addtess range is added or an existing address range 15 edited E gt LZ Safety titrate WebGUI Configuration System ct T T ee System 4 Address Pool Edit Set Date Time Interface setup 172 31 0 1 Registration 4 address for the start of a pool segment Address pool Static address map 172 31 255 254 DHCPv amp client IPv4 address for the end of a pool segment Must be greater than or equal to start DHCPv4 server address Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics transformer local 2005 2011 Datatek Applications Inc All rights reserved view
10. view license Internet Protected Mode Off 100 Figure 49 Reboot System Screen 11 End User License Agreement for Datatek IPv4 IPv6 Transformer 2966 This License Agreement is a legal contract between you and the manufacturer Manufacturer of the software product s you acquired identified as SOFTWARE The SOFTWARE may include printed materials that accompany the SOFTWARE Any software provided along with the SOFTWARE that is associated with a separate end user license agreement is licensed to you under the terms of that license agreement By installing copying downloading accessing or otherwise using the SOFTWARE you agree to be bound by the terms of this LICENSE If you do not agree to the terms of this LICENSE Manufacturer is unwilling to license the SOFTWARE to you In such event you may not use ot copy the SOFTWARE and you should promptly contact Manufacturer for instructions on return of the unused product s for a refund Software License You may only install and use one copy of the SOFTWARE on one computer unless otherwise licensed by Manufacturer Notwithstanding the foregoing and except as otherwise provided below any number of Devices may access or otherwise utilize the services of the SOFTWARE You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicabl
11. 10 4 IPSec The form below displays the Security Policies SPs and Security Associations SAs as they appear in the system SPD The Security Policy Database SPD tab displays what type of data must be protected by IPSec as shown in Figure 39 Security Policy Database Screen Each entry has a source and destination address direction and tunnel endpoints if the policy is for tunnel mode The tunnel endpoints are the addresses used for the outer IPv6 packet header li Pager 5 skd local Diagnostics IPsec General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 amp client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping SAD incoming as seen by translator outgoing as seen by translator http 172 31 12 49 diag_ipsec_sad php Internet Protected Mode Off Figure 39 Security Policy Database Screen SAD The Security Association Database SAD tab displays how data that is to be protected as determined by the SPD is protected Each entry shows the source and destination addresses type of encryption and authentication algorithms type of IPSec header and uniquely identifying SPI as shown in Figure 40 Security Association Database Screen skd local Di
12. Protocol Version 4 or IPv4 Since the inception of the Internet IPv4 has become so ubiquitous that no one bothered to mention the version number and simply referred to it as or TCP IP One day IPv6 will completely replace IPv4 Some people think that the sun will burn out before this happens In the mean time IPv6 and IPv4 will coexist and new devices will support both protocols Legacy devices that only support IPv4 will be at disadvantage Q3 How do I connect to your Transformer A3 It s simple The Transformer has two LAN ports a host side port and a network side port First disconnect your legacy device from the network and plug it into the Transformer s host side port Next hook the Transformer s network side port up to your network Finally configure the Transformer using a web browser and you re done Q4 Do I have to install your software my legacy device A4 No there s no software to install on the legacy device Q5 Will I need to make any changes to my legacy device 5 Typically you will need to change the legacy device s IPv4 address subnet mask default router and DNS server This is because the Transformer uses the legacy device s original IPv4 address on its network side port and the legacy device will use a private address that s only visible on the host side of the Transformer Howevet if the legacy device is set up to get these parameters from a DHCP server the Transformer will automatic
13. The NDP messages are used to verify that the link local address is unique on the link The Router messages used to discover the network prefix of the Transformer s IPv6 link The prefix is combined with the interface identifier of the link local address to create a global IPv6 interface address This address is then configured as the Transformer s IPv6 Network interface s IPv6 address A proxy IPv6 address is also autoconfigured for the IPv4 legacy device by using the host side interface s MAC addtess as the interface identifier for the proxy IPv6 address proxy IPv6 address 1s then bound to the IPv4 address of the legacy device The SLAAC process independently supports both the Transformer as an endpoint and the host as a proxy endpoint When temporary addresses are enabled on the Transformer the interface identifier is a randomized value that is regenerated periodically and combined with the network prefix that was 17 advertised in the router advertisements to create a temporary addtess that is difficult to eavesdrop due to its changing nature DNS Server The Transformer uses a DNS Application Layer Gateway ALG to act as a proxy DNS Server for the IPv4 legacy device As a proxy the Transformer processes DNS lookups and reverse lookups sent from the legacy device A DNS lookup requests the IP address for a given domain name A DNS reverse lookup requests the domain name for a given IP address Henceforth
14. This functionality is directed by forward mapping Without any forward mappings the Transformer acts as a full IPv6 surrogate for one IPv4 host With forward mapping enabled the Transformer can perform address and protocol translation for additional IPv4 endpoints on the host side network However the Transformer cannot act as a full IPv6 surrogate for those other IPv4 endpoints Q9 Jf I use a Transformer can my legacy device still use IPv4 to communicate with other legacy devices on the network that don t have Transformers 9 ves Transformer adds IPvG capability to a legacy device that only supports IPv4 It doesn t remove the legacy device s IPv4 capability or connectivity Q1 put Transformer between two routers A1 0 No that s not supported 10 Q1 1 legacy device gets its IP address from DHCP server Will this still work with a Transformer A11 Yes the Transformer can act as a DHCP server to the legacy device Q1 2 M ly legacy device connects to hosts by using domain names not IP addresses Can it still do this 12 The Transformer has a DNS ALG Application Layer Gateway that will forward your legacy device s queries for an IPv4 address to a DNS server The DNS ALG will prefer finding address for a DNS query and will return a proxy 4 address to the host Q1 3 Does the Transformer provide any security A1 3 Yes IPsecv2 and IPsecv3 ar
15. but not limited to implied warranties of merchantability fitness for a particular purpose and non infringement with regard to the software and the accompanying written materials This limited warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jurisdiction Special Provisions SOFTWARE and documentation are provided with RESTRICTED RIGHTS Use duplication or disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 i1 of the Rights in Technical Data and Software clause at DFARS 252 227 7013 or subparagraphs c 1 and 2 of the Commercial Software Restricted Rights at 48 CFR 52 227 19 as applicable Manufacturer is Datatek Applications Inc 379 Campus Drive Somerset NJ 08873 If you acquired the SOFTWARE in the United States of America this Software License 15 governed by the laws of the State of New Jersey excluding its choice of laws provisions If you acquired the SOFTWARE outside the United States of America local law may apply This LICENSE constitutes the entire understanding and agreement between you and the Manufacturer in relation to the SOFTWARE and supersedes any and all prior or other communications statements documents agreements or other information between the parties with respect to the subject matter hereof Limitation of Liability To the maximum extent permitted by applicable law in no event shall Man
16. each network device in our example network After the Transformer has been configured the IPv4 host and IPv6 devices will have two different perspectives as shown in Figure 2 Host Perspective and Figure 3 Device Perspective From the IPv4 host s perspective as shown in Figure 2 Host Perspective all IPv6 addresses on the IPv6 network appear to be using IPv4 addresses From the IPv6 devices perspective as shown in Figure 3 Device Perspective all IPv4 addresses on the IPv4 host side appear to be using IPv6 addresses 14 4 Perspective IPv4 IPv6 Transformer DTX 4260 Host E Network Side Side 172 31 0 1 172 31 0 2 2005 99 172 31 0 3 Figure 2 Host Perspective IPv6 Perspective IPv4 IPv6 Transformer DTX 4260 J 2005 26 H 2 31 0 2 2005 99 Figure 3 Device Perspective 15 The Transformer has a feature called Local Forwarding which is used to add extra 4 host nodes with IPv4 IPv6 packet translation This functionality is directed by forward mapping Without any forward mappings the Transformer acts as a full IPv6 surrogate for one IPv4 host With forward mapping enabled the Transformer can perform address and protocol translation for additional IPv4 endpoints on the host side network However the Transformer cannot act as a full IPv6 surrogate for those other IPv4 endpoints The mappings added for forwarding are different from the primary ad
17. handles the DNS request forwarding it to the network s DNS when necessary If the network s DNS returns an AAAA record meaning there is an associated IPv6 address for that name the Transformer will choose a surrogate 4 address from the address pool and set up a binding for that surrogate 4 to the IPv6 address returned from DNS The Transformer then passes the surrogate IPv4 address as the response to the host s DNS request If the DNS returns only an A record that IPv4 address is transmitted as the answer to the host s request Packets arriving from the network are translated in a complementary fashion When a packet arrives at the Transformer for the host s public IPv4 address the Transformer replaces that address with the host s private address and forwards the packet to the host When an arriving packet is addressed to one of the host s IPv6 public addresses the Transformer looks up the IPv6 13 soutce address the binding tables If the address is not found a new binding is created using an available IPv4 address from the pool The source and destination addresses are then translated to the corresponding IPv4 addresses while the packet is converted from IPv6 to IPv4 Example Network IPv4 IPv6 Transformer DTX 4260 Host Network Side Side 172 31 0 1 X 172 31 0 2 2005 99 Figure 1 Overview IP Addresses Figure 1 Overview IP Addresses displays the actual IPv4 and IPv6 addresses of
18. legacy host are the addresses that were E configured on the General Setup form HH 50 2 Static Address assignment list Select to add a specific client by and IP address that the Transformer is to serve All other clients are ignored This is used in conjunction with the Deny unknown clients option Static routes Figure 21 Static routes Screen shows how static routes can be added edited or deleted Both IPv4 and IPv6 netwotks can be configured Favorites transformer local System Static routes 2 Data APPLICATIONS INC webGUI Configuration transformer local System System Static routes General setup Set Date Time Interface setup 7 The changes have been applied successfully Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 21 Static routes Screen 8 10 SNMP Server An enterprise MIB has been implemented on the Transformer that allows viewing translation specific configuration and statistics Included with the Transformer s SNMP implementation is a standard MIB file named DATATEK TXT that allows reading out many different system parameters IP addresses performance measures etc and their d
19. memory usage APPLICATIGOAS Daterick webGUI Confi iguration System General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics ING System information Name Version transformer local transformer local Datatek IPv4 IPv6 Transformer Version 4 0 0 Disk 090111 3 made by tsun Build 080511 2 made by tsun DTX4260 VERSION 3 00 21 Thu Sep 1 16 22 39 UTC 2011 view graph 14 2005 2011 Datatek Applications Inc All rights reserved Figure 32 System information Screen Heo Sanh A WebGUI Configuration Status CPU load General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics Note the Adobe SVG viewer is required to view the graph 2005 2011 Datatek Applications Inc All rights reserved Internet Protected Mode Figure 33 CPU usage Screen 9 2 Interfaces Figure 34 Interfaces Screen displays the up down status of the link and the addresses configuted on the IPv4 and IPv6 interfaces On the IPv6 interface there are
20. participating in U S export transactions by any federal agency of the U S government Limited Warranty Manufacturer warrants that a the SOFTWARE will perform substantially in accordance with the accompanying written materials for a period of ninety 90 days from the date of shipment from Datatek Applications Inc Software support is limited to the hours of 9 AM to 5 PM ET Monday through Friday excluding Datatek Applications observed holidays Other coverage and extended warranty may be purchased at additional cost Any implied warranties on the SOFTWARE limited to ninety 90 days Some states jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you Manufacturer s and its suppliers entire liability and your exclusive remedy shall be at Manufacturer s option either a return of the price paid or b repair or replacement of the SOFIWARE that does not meet this Limited Warranty and which is returned to Manufacturer with copy of your receipt This Limited Warranty is void if failure of the SOFTWARE has resulted from accident abuse or misapplication Any replacement SOFTWARE will be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer No Other Warranties To the maximum extent permitted by applicable law manufacturer and its suppliers disclaim all other warranties either express implied including
21. reboot is required for any configuration changes made on the other screens to take effect The GUI will wo display instances when a reboot is required WebGUI protocol select or HTTPS as the GUI protocol HTTPS uses over SSL Secure Socket Layer for security webGuUI port Enter a custom port number to use or leave blank to use the default port of 80 for 443 for HTTPS Time zone Select the time zone the Transformer is 1n Time update interval Enter how often the Transformer should use NTP Network Time Protocol to synchronize its clock with a server in the network NTP time server Enter the domain name of the NTP Network Time Protocol time server 36 Set Date Time The Set Date Time form allows the user to configure the date and time on the Transformer Enter the current year month day hour and minute in the format displayed in Figure 11 Set Date Time Screen and select Update to apply the changes 48 06 UTC 2011 Windows Internet Explore mex n tem 5 iz er 2 http 192 168 11 26 date php 4 x 0 Googie pe gt Ur Favorites transformerocal System Set Date TueAug91 Ej 7 Sl Pager Safety Too transformer local Data webGUI Configuration APPLICATIOAS ING System Set Date Tue Aug 9 13 48 06 UTC 2011 General setup Set Date Time Interface
22. setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs 172 31 255 254 172 31 0 4 DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system icense 2005 2011 Datatek Applications Inc All rights reserved view Internet Protected Mode Off 810 Figure 41 IPv4 Address pool Screen 10 6 Address map Figure 42 Address map Screen displays the actual Transformer mapping table It shows how the IPv6 and IPv4 addresses are mapped as well as the Type which can be acquired statically or dynamically Both the configured static mapping and the local forward mapping will appear as static transformer local Diagr ostics Ow http 192 168 11 26 diag_map php Db Googie p Safety Tools v wr Favorites transformer local Diagnostics Address map D Data webGUI Configuration APPLICA System 1 T fI Diagnostics Address map Set Date Time DEIN ae RE Registration static Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics
23. still work The Transformer will ship from Datatek with a valid registration key When upgrading the Transformer to a major new release a new registration key will need to be obtained from Datatek Minor release updates will not require a new key To perform Registration go to the WebGUI System page Click on the Registration button from the menu the left side of the page and the Registration form will be displayed as shown in Figure 8 Registration Screen The registration page has three main fields 1 Product ID 2 Softwate version 9k Authorization code to be entered by the uset The product ID and software version should be provided to Datatek and the authorization code obtained from Datatek should be entered the Authorization code field The user must reboot upon successfully entering the Authorization code The reboot indicator is displayed on most web pages and the not registered indicator is removed Setting the unit back to the factory defaults will remove the authorization code a one will need to be obtained from Datatek Warning To obtain an Authorization Code you may contact Datatek at Datatek Applications Inc 399 Campus Drive Suite 140 Somerset NJ 08873 Phone 732 667 1080 www datatekcorp com ipv6support datatekcorp com 31 Figure 8 Registration Screen displays the Transformer Product ID and Software Version and a field where the user must en
24. use with static keys Only use aes ctr if IKE Internet Key Exchange as used for establishing Reys Warning Hash Algorithm This is the authentication algorithm used to calculate the authentication data field applied across the encrypted payload Each algorithm must use a key of a specific length Hash Password This password or key is used by the authentication algorithm to provide authentication and integrity The authentication key can be entered as an ASCII character string in double quotes or as hexadecimal sequence starting with Ox If the key is entered as an ASCII string each character is treated as an 8 bit quantity E g 12345678 is a 64 bit key equivalent to 0x3132333435363738 hmac md5 128 hmac sha1 160 Authentication Algorithm Key Length bits Security Parameter Index This is a 32 bit integer that is assigned to the SA Valid values are 0x100 through The SPI in conjunction with the destination IP address the IPsec protocol uniquely identify the SA Description Enter up to 80 characters to describe this SA This field is not processed but simply recorded as a comment for this SA Save Click this button to write the parameters to the configuration database on the flash Afterwards the System Manual IPsec screen will appear with an Apply Changes button at the top as shown in Figure 30 Manual IPsec Security Associations Screen after editing Click
25. 00 6 1 SET UP IPV4 AND IPV6 5 070 5 6 2 RESET WEBGUI 5 2 20 0 00 0 0 0 0000 0 nennen nns 6 3 RESET TO FACTORY 6 0 00000000 6 4 REBOOT SYSTEM cccccsccccecccceccccecccucccccscccuccccaucccaecceaesceueceseuceeaes 6 5 sees et st este ese eee 6 6 655 02 00000000000000002000 6 7 LOGOFF 7 SOFTWARE REGISTRATION 8 WEB GRAPHICAL USER INTERFACE WEBGUI SYSTEM 8 1 GENERAL 8 2 INTERFACE SETUP Oo ee on een 8 4 D 9 ea eden cs 8 6 STATIC ADDRESS 00000000000000 061 8 LOCAL FORWARDING ADDRESS MAP 8 8 DHOPV6 ne nennen nnne 8 9 46 202 0 56 6 5 0000 000000000000 nnne rrr 8 10 SNMP 0200 200 0 0 0 0 000000000000000000 0 8 11 FTP GATEWAY uA 8 12 MANUAL 8 13 MANUAL IPSEC SECURITY
26. 27ff pnpid ORMO000 on isa 6 client Aug 8 12 42 30 kernel atrtcO AT Real Time Clock gt at port 0x70 irq 8 on isa0 DHCPv4 server Static routes Aug 8 12 42 30 kernel uart0 16550 or compatible gt at port 0x3f8 0x3ff irq 4 flags 0x10 on 0 System a FTP Gateway ME Poar 8 12 42 30 kernel uart0 console 9600 n 8 1 Firmware 8 12 42 30 kernel uarti 16550 or compatible gt at port 0x2f8 0x2ff irq 3 on 0 8 12 42 30 kernel uart1 FILTER em rfaces 8 12 42 30 kernel Timecounter TSC frequency 499905596 Hz quality 800 Traffic graph Aug 8 12 42 30 kernel Timecounters tick every 1 000 msec Aug 8 12 42 30 kernel naptmodevent type 0 DHCP leases 8 12 42 30 IPsec Address pool Address map Translation stats uino Factory defauts Reboot sytem aues IT 8 17947 20 bernel iib ii 2 narte with A ramevshla calf nawered CREE I ICON GN Figure 36 Logs Screen 10 2 DHCP leases Figure 37 DHCP leases Screen displays the status of current or past DHCP leases that are owned by the Transformer It will not display any leases for locally forwarded IPv4 endpoints howevet PU m E http 192 168 11 26 diag logs dhcp ph LT Favorites transformer local Diagnostics Logs APPLICATIONS INC webGUI Configuration transformer local System General setup Set Date Time Interface s
27. 7 50 64 4 address for network side interface or none none 135 47 8 16 4 subnet mask length for IPv6 LAN interface 16 24 Please wait You can now access the webGUI by opening any of the following URLs in your browser htt5sr 2192 169 1 17 20072250 7 195 4 7 0 16 You must reboot before these changes take effect Press ENTER to continue You aren t required to supply an IPv4 or address for the network side interface If you don t supply an IPv4 address you won t be able to access the webGUI from the network side interface using IPv4 If you don t supply an IPv6 address you may still be able to access the webGUI using IPv6 This is because the network side interface is automatically assigned an IPv6 link local address Once you make changes to the host or network side IP addresses you must reboot the Transformer before the changes will take effect To do this from the Console Main Menu select item 4 Reboot system 6 2 Reset webGUI password This selection resets the webGUI password to the factory default do this from the Console Main Menu select item 2 Reset webGUI 6 3 Reset to factory defaults This selection resets all configured values to the factory defaults including those that you have setup using the webGUL Use it when you want to make a fresh start like when you re moving a Transformer from one legacy devic
28. 8 12 Manual IPsec Figure 24 Manual IPsec Security Policies Screen and Figure 25 Manual IPsec Security Associations Screen display currently configured Security Policies SPs and Security Associations SAs Select the Security Policies tab to see the SPs displayed on the screen Select the Security Associations tab to see the SAs displayed on the screen The following control buttons are at the end of each row Add a new configuration Edit an existing configuration 59 Delete existing configuration om D NN More gt gt Data APPLICATIONS INC webGUI Configuration mn skc datatekcorp com System System Manual IPsec General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Security Associations 172 31 15 21 ny require 172 31 12 91 32 2001 91 2004 98 128 D 2005 2011 Datatek Applications Inc All rights Figure 24 Manual IPsec Security Policies Screen APFFLICGCATIOGNSBS ING System General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics mn skc datatekcorp com 172 31 15 21 172 31 12 91 2005 2011 Data
29. EDIT 5 64 FIGURE 30 MANUAL IPSEC SECURITY ASSOCIATIONS SCREEN AFTER EDITING 67 FIGURE 31 FIRMWARE SCREEN essen innen neret 68 FIGURE 32 SYSTEM INFORMATION SCREEN eese neret enne 70 FIGURE S9 CPU SAGE SCREEN M e e Eoi i anie a i N 71 FIGURE INTERFACES SOREEN 72 FIGURE 35 TRAFFIC GRAFH OGREEN nU NA dS Oe 73 giClrize LOGS SCREEN 74 FIGURE 37 DHCP LEASES 75 ES unio 76 FIGURE 39 SECURITY POLICY DATABASE SCREEN T1 FIGURE 40 SECURITY ASSOCIATION DATABASE 78 FIGURE 41 IPV4 ADDRESS POOL SCREEN eee enne 79 FIGURE 42 ADDRESS MAP 80 FIGURE 43 TRANSLATION STATISTICS SCREEN essere nennen 81 FIGURE 44 NETWORK STATISTICS SCREEN eere nennen neret enne 82 FIGURE 45 PING OGRE EN 83 FIGURE 46 BACKUP RESTORE CONFIGURATION SCREEN 84 FIGURE 47 BACKUP RESTO
30. It receives IPv6 packets from the network side interface and translates them into IPv4 packets and sends them out the host side interface The Transformer uses a mapping table that contains one to one bindings between surrogate IPv4 addresses and IPv6 addresses The binding between the legacy IPv4 address and its proxy IPv6 address is automatic Other bindings are either configured manually using the Static address map form or created dynamically by the Transformer when it selects an available Pv4 address from the 4 address pool that was configured on the Address pool form The Transformer has IPv4 and IPv6 addresses assigned to represent itself to the world for management purposes but the Transformer also establishes pubic IPv4 and IPv6 addresses to represent the host s private Pv4 address When the 4 host sends a packet to an IPv4 address on the network side the Transformer substitutes the host s private Pv4 address with the public Pv4 address representing the host on the Transformer and then transmits that packet to the network When the 4 host transmits a packet to an IPv6 endpoint its private IPv4 address is mapped to the public IPv6 address on the Transformer the surrogate destination IPv4 address is mapped to the actual IPv6 destination and protocol translation from IPv4 to IPv6 is performed This packet is then routed to the network IPv6 address If the IPv4 host looks up the IP endpoint by name the Transformer
31. Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system transformer local 2005 2011 Datatek Applications Inc All rights reserved view license Q Internet Protected Mode Off i005 Figure 42 Address map Screen 10 7 Translation statistics Figure 43 Translation statistics Screen displays various Transformer statistics useful to the uset lt ig http 192168 11 26 diag stats php x E Googie E 2 wp Favorites transformer local Diagnostics Translation statis Data APPLICATIOAS eem uem Diagnostics Translation statistics Set Date Time 5 Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system webGUI Configuration transformer local pa Dvinepoedsuinkersionetok redon vaneppedseunnetwokiohortdredon PITE cored ie ou fre 0 0 0 0 Internet Protected Mode Off 100 Figure 43 Translation stati
32. RE PASSWORD AND SSH FILES SCREEN 85 FIGURE 48 FACTORY DEFAULTS SCREEN esses nennen enne nennen enses enne nnt 86 FIGURE 49 REBOOT SYSTEM Rm SO Pip 87 Important Safety Instructions IMPORTANT SAFETY INSTRUCTIONS The exclamation point within an equilateral triangle is intended to alert the user to the presence of important operating and maintenance servicing instructions in the literature accompanying the product When installing operating or maintaining this equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following Read and understand all instructions Handle this product in conformity with the applicable building code Follow all warnings and instructions marked on this product For information on proper mounting instructions consult the User s Manual provided with this product Do not place this product on an unstable cart stand or table The product may fall causing serious damage to the product The Telecommunications interfaces should not leave the building premises unless connected to telecommunication devices providing primary and secondary protection as applicable This product should be operated only from the type of power source indicated on the marking label If you are not sure of the type of power supply con
33. a vr1 Reboot system Aug 9 04 42 38 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vri Internet Protected Mode Diagnostics Logs System SNMP Settings Last 50 DHCP service log entries Figure 37 DHCP leases Screen 10 3 SNMP Figure 38 SNMP Screen displays the status of SNMP information er n http 192 168 1126 webGUI Configuration transformer local Diagnostics Logs General setup Set Date Time Interface setup Registration Address pool Last 50 SNMP log entries Static address map snmpd 80 datxf Oct 14 20 21 000000000 Oct 6 14 20 21 0 Initiali DHCPv4 server 80 zing Static routes snmpd 80 datxf eee eee itum Oct 6 14 20 24 snmpd 80 Cannot find module IP MIB At line 0 in none Firmware Oct 6 14 20 24 snmpd 80 Cannot find module IF MIB At line 0 in none status Oct 6 14 20 24 80 Cannot find module TCP MIB At line 0 in none System 2 snmpd 80 Cannot find module UDP MIE At line 0 in none Traffic graph 14 20 24 snmpd 80 Cannot find module HOST RESOURCES MIB At line 0 in none sf ys nostics Oct 6 14 20 25 snmpd 80 Cannot find module SNMPv2 MIB At line 0 in ogs DHCP leases IPsec Address pool Address map Translation stats M SHMP Internet Protected Mode Off Figure 38 SNMP Screen
34. agnostics IPsec Windows Internet Explorer gt 172 3112 49 ipsec sad php J Search More gt gt _ Signin Diagnostics IPsec General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats SAD Internet Protected Mode Figure 40 Security Association Database Screen Note This is not recommended except as a means of troubleshooting Do not delete any entries unless you know Warning What you re doing 10 5 Address pool Figure 41 IPv4 Address pool Screen displays the range and size of the addresses remaining in the Transformer IPv4 address pool It shows the starting and ending addresses still available in the pool as opposed to configured for the pool as well as the number of available addresses size re x E transformer lacal Diac Yostics gt e E E http 192 168 11 26 diag_pool php y Favorites transformer local Diagnostics 4 Address pool webGUI Configuration transformer local IH C APPLICATIONS Diagnostics IPv4 Address pool General setup Set Date Time Interface
35. all done Configuring LAN interface done Configuring WAN interface done Starting syslog sservice isl link state changed to DOWN done Starting webGUI done Starting DNS forwarder done Starting DHCP service done Starting NTP client done Initializing SSH started sshd Setting proxy link local address done Configuring address pool done Configuring IPsec done Datatek IPv4 IPv6 Transformer Version 4 0 0 Disk 093010 2 made by v6adm Build 093010 1 made by Copyright 2010 Datatek Applications Inc All rights reserved Code imported from m0n0wall Copyright C 2002 2005 by Manuel Kasper All rights reserved Initial GUI IP address 172 31 0 1 Port configuration LAN gt 5151 WAN gt 5150 FreeBSD i386 skf local console If the console messages do not look like the messages above but instead look like the following then make sure the Compact Flash is plugged in all the way 0 19 0 0E11 0 8 0C031008 0117 0280 08 38 00 A0003000 00000000 11 1 Seconds to automatic boot Press Ctrl P for entering Monitor NSC DP83815 DP83816 Fast Ethernet UNDI v1 03 Copyright C 2002 2003 National Semiconductor Corporation rights reserved Pre boot eXecution Environment PXE 2 0 build 082 Copyright C 1997 2000 Intel Corporation CLIENT MAC ADDR 00 00 24 C4 F9 4C PXE E53 No boot filename received PXE MOF Exiting MacPhyter PXE ROM No Boot device available enter
36. ally reconfigure the legacy device Q6 How hard is it to configure the Transformer AO The Transformer is shipped with a default configuration that provides basic capabilities for a typical device If this default configuration works for you no changes are required For more complex features and special network configuration the Transformer provides a secure web based graphical user interface GUI that s accessible from either the host or network side ports using either IPv4 or IPv6 In addition a serial console interface enables initial configuration when the LAN ports are unavailable Q7 Why shouldn t I just upgrade the software my legacy device to support IPv6 7 If you you should Howevet this may be more difficult than it appears The software running on a legacy device typically consists of an operating system and several network applications Both the operating system and the network applications will need to be upgraded to support IPv6 For older systems upgrades for every component may not be available Even when upgrades are available the cost of the new software and additional costs to re test and re certify it may be prohibitive In these cases the Transformer is a cost effective solution Q8 How many legacy devices can a Transformer support 8 Transformer has feature called Local Forwatding which is used to add extra IPv4 host nodes with IPv4 IPv6 packet translation
37. an A record query will refer to DNS lookup of an IPv4 address for a given domain name and an AAAA record query will refer to a lookup for an IPv6 address for a given domain name DNS Lookup or A AAAA record Query The Transformer receives A record queries from the IPv4 legacy device and translates them into AAA A record queries before forwarding them to the network s DNS Server The DNS Server either responds with an IPv6 address or not If an IPv6 address 15 received in response the IPv6 address is mapped to an available IPv4 address from the IPv4 Address pool AAAA response 15 then translated into an A record response containing the IPv4 address and forwarded to the legacy device To the IPv4 legacy device the IPv4 address looks as if it came from the DNS Server directly If the network s DNS Server does not respond to the AAA A record query the Transformer tries to get an IPv4 address for the domain name by sending the DNS Server an A record query The A recotd response is then forwarded to the IPv4 legacy device without translation Reverse DNS Lookup or PTR record Query The DNS ALG also supports reverse lookups Henceforth Pointer PTR record will refer to reverse lookups that ask for the host and domain name of a given IP address If the Transformer receives a PTR record query for a given 4 address it checks if it is mapped to IPv6 address A mapping may exist if an IPv6 host on the network ini
38. aved configuration file to the Transformer This is shown in Figure 46 Backup restore Configuration Screen transformer lacal Dia gnostics A x E http 192 168 11 26 diag backup php Dp x Favorites transformer local Diagnostics Backup restore ta he E Safety Tools Data APPLICATIONS INC webGUI Configuration transformer local System Y ERE Diagnostics Backup restore Set Date Time Interface setup Registration Address pool Static address map Click this button to download the system configuration in XML format DHCPv6 client DHCPv4 server Download configuration Static routes SNMP Server FTP Gateway Manual IPsec Open a configuration XML file and click the button below to restore the configuration Firmware Statu Note E m The transformer will reboot after restoring the configuration Interfaces Traffic graph Browse Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system Password Files Backup configuration Restore configuration Restore configuration 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode 100 Figure 46 Backup restore Configuration Screen Password and SSH Files The Password and SSH Files tab is selected to backup the password fil
39. bases in memory x le 2 search gt Sign In a yir Favorites mn ske datatekcorp com System Manual mn skc datatekcorp com System Manual m E 2 7 Safetyv Tool Configuration mn skc datatekco irp comi General setup System Manual IPsec Set Date Time Interface setu The security policy configuration has been changed Registration j You must apply the changes in order for them to take effect Address pool Static address map DHCPv6 client DHCPv4 server 1 Security Associations Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Internet Protected Mode Off Figure 28 Manual IPsec Security Policies Display after editing 8 14 Manual IPsec Security Associations System gt Manual IPsec gt Security Associations gt System gt Manual IPsec gt Security Associations gt o Figure 29 Manual IPsec Security Association Edit Screen is used to add a new Security Association SA or edit an existing SA Parameters on this form specify how the packet is to be encrypted and or authenticated The following parameters this form used to uniquely identify and match it to a packet These are some examples e Security Policy Index SPD Destination IP address and port e IPsec protocol ESP or AH More Sigin A gt Safety
40. cannot be reached by the Transformer s ping Figure 45 Ping Screen shows the results of the Ping command APPLICATIONS Ine webGUI Configuration transformer local System General setup Set Date Time Interface setup 192 168 11 1 Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes Ping output SNMP Server FTP Gateway PING 192 168 11 1 192 168 11 1 56 data bytes Manual IPsec 64 bytes from 192 168 11 1 seq 0 tt1 255 time 1 421 64 bytes from 192 168 11 1 seq 1 tt1 255 time 1_388 64 bytes from 192 168 11 1 icmp seq 2 551 255 time 1 435 Diagnostics Ping Count 35 y Firmware Status system 192 168 11 1 ping statistics Interfaces 3 packets transmitted 3 packets received 0 0 packet loss Traffic graph round trip min avg max stddev 1 388 1 416 1 439 0 021 Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights reserved view lic Figure 45 Ping Screen 10 10 Backup Restore Configuration The Configuration tab is selected to backup the system configuration to a file on the host that is running the web browser or restore the system configuration from a file on the web browser host to the Transformer This selection will also enable you to restore a previously s
41. ccecescccuucecsecesausecatecensesens 86 10 12 REBOOT SYSTEM ccccccccccccscccccccccccccccccccccccasccccuuccesaucccceescceucsccsaccecaeescs 87 11 END USER LICENSE AGREEMENT FOR DATATEK IPV4 IPV6 TRANSFORMER ee 88 E 9 APPENDIX 4 O OrT nOre 92 TABLE FIGURES FIGURE 1 OVERVIEW IP 55 5 22 2 40 22 2 1 0000 000000000000 000 14 FIGURE 2 HOST PERSPECTIVE 15 FIGURE 3 DEVICE PERSPEG HYVE Van I pa tU on PUR 15 FIGURE 4 LOCAL FORWARDING cee enhn enne treten enses tnnt 17 FIGURE 5 TRANSFORMER REAR VIEW sessi 21 FIGURE 6 TRANSFORMER FRONT VIEW nennen nennen enne 21 FIGURE 7 SYSTEM INFORMATION SCREEN 4 eese enne 27 FIGURE 8 REGISTRATION 5 32 FIGURE 9 UNREGISTERED TRANSFORMER SCREEN esee nennen 33 FIGURE 10 34 FIGURE TT SET DATETIME SCREEN 37 FIGURE 12 EXAMPLE NETWORK tenete entente ennt 39 FIGURE T9 INTERFACE SETUP SCREEN
42. ck ck ck 1 Set up 4 and IPv6 interfaces Reset webGUI password Reset to factory defaults Reboot system Ping host Change password Logoff Enter a number 1 5 WebGUIl Interface The Transformer provides a web servet to support configuration and management through any standard web browser such as MS Internet Explorer Mozilla Firefox etc The webGUI can be accessed from either the IPv4 Host or the IPv6 Network interfaces 1 Start a web browser 2 In the http box enter the IPv4 or IPv6 address that was configured on the Transformer s Host or Network interface as the address to which the web browser must connect IPv6 addresses must be enclosed in brackets e g http 2002 2 et F F k F k F File Edit wiew Favorites Tools Help pack i2 A P Search SP Favorites A A i rel 3 JH 72 31 12 351 bal 50 Links 35 Address 3 The default user name is admin and the default password is mono The default login and password should be changed after logging in the first time See General Setup page to configure new login and passwotd Authorization Dialog You need to supply a username and a password to access this site at Z002 Z2 Username admin Password Keep password ak Passwords must conform to the following rules a Passwords must have at least 10 case sensitive characters b Passwords mus
43. ckets with untranslatable protocol number of packets with bad ICMP format etc 52 Figure 22 SNMP Server Screen shows checkbox which the user select to enable the SNMP agent It also has descriptor fields to identify the location of the Transformer system contact information and the community the Transformer is part of APPLICATIONS ING webGuI Configu ration transformer local System Services SNMP General setup Set Date Time Interface setup Enable SNMP agent Registration Address pool lab Static address map DHCPv6 client admin N DHCPv4 server Static routes public SNMP Server In most cases public is used here FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 22 SNMP Server Screen 8 11 FTP Gateway uses a command and response protocol over a connection from a client to a server established to a predefined TCP port The FTP protocol 1s used to initiate file transfers and other data transfers over dynamically established connections When using the Transformer an IPv4 host that uses FTP either as a client or a server 15 positioned on the v4 side of the Transtormer with the rest of the network on the other side That host may need to continue using FTP but now a layer of addressing and protocol trans
44. dress bindings The primary bindings static DNS and ingress map existing IPv6 addresses into surrogate Pv4 addresses seen only on the host side network that allow host side endpoints to reach the IPv6 wotld using 4 addresses Bindings for forwarding map existing 4 addresses on the host side into surrogate IPv6 addresses that network side endpoints can use to reach endpoints on the host side through the Transformer The extra surrogate IPv6 addresses allow the Transformer to perform packet translation between 4 endpoints on the host side other than the host itself and endpoints on the network side However they do not provide full Transformer functionality for those endpoints For example The DHCP6 client cannot obtain IPv6 addresses for these endpoints Transformer cannot auto configure any IPv6 addresses e g link local for these endpoints There is only one IPv6 address assigned to each 4 address and therefore only one IPv6 scope for any endpoint set up this way 4 passthrough cannot be done to these extra hosts Using forward mapping and static routes the 4 address space on the host side can be more elaborate than just a simple host subnetwork For example host ot some other endpoint on the host side can provide forwarding the Transformer can be configured with an appropriate static route This may allow IPv4 passthrough The surrogate IPv6 addresses us
45. e addresses of the IPv4 hosts and the IPv6 addresses by which they will be known to the network side Note no autoconfiguration will be done by the Transformers for these additional hosts 2 Search More gt gar Favorites transformer local System oalFomwadingAd tu mm Pager Safety Tool AF FPLIC AT 4 amp System General setup Set Date Time Interface setup Registr ation 4 4 Addr at Address pool 172 31 10 250 Static address map Local forward map DHCPv6 cient DHCPVyA server Static routes SNMP Server Gateway Manual sec Firmware System Interfaces Traffic qraph k Diagnostics Assign 2005 2011 Deatatek Appicatione Ir Internet Protected Mode Off Figure 17 Local Forwarding Address Map Screen Figure 18 Local Forwarding Address Map Edit Screen is displayed when a new address range is added or an existing address range is edited Qe JB e bitp 192 168 11 101 ystem fwdmaps edit php id 0 191 Data ESTEE in ME UEM E APPLICATIONS s webGUI Configuration transformer local General setup Set Date Time Interface setup Registration Address pool Static address map Local forward map DHCPv6 client DHCPy4 Server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph System Local Forwarding Address Map Edit This IPv4 address is trans
46. e both supported along with a choice of several cryptographic algorithms The Transformer acts as an IPsec proxy for your IPv4 legacy device The secured path will be between the Transformer and a remote host that also supports IPsec The path between your legacy device and Transformer is not secured but since they are supposed to be co located and tightly coupled this should not be a problem Q1 4 Has the Transformer been certified by an independent 3rd party A1 4 Transformer has passed IPv6 Ready Phase 2 Gold Cote USGv6 Basic SLAAC Address Architecture and IPsec Conformance tests as performed by the University of New Hampshire UNH interoperabilty test lab The Transformer has been certified for IPv6 by the Joint Interoperability Test Command which 1s the official DoD test agency Q1 D The status bar at the bottom of web browser shows Waiting for address A1 Some web browsers such as Mozilla Firefox may show Waiting for address in the status at the bottom instead of Done after the page 1s loaded This be ignored Q1 6 I logged into the GUI and when I opened another connection I was not re prompted to log in A16 The login and password dialog box for the Transformer s web browser GUI may not appear for subsequent connections from a browser session that has previously established a login to the Transformer s GUI 11 Q1 7 Wh doesn t the Transfor
47. e law notwithstanding this limitation You may not rent lease or lend the SOFIWARE in any manner You may permanently transfer all of your rights under this LICENSE provided you retain no copies you transfer all of the SOFTWARE including all component parts the media and printed materials any upgrades this LICENSE if applicable the Certificate s of Authenticity and the recipient agrees to the terms of this LICENSE If the SOFTWARE is an upgrade any transfer must also include all prior versions of the SOFTWARE Without prejudice to any other rights Manufacturer may terminate this LICENSE if you fail to comply with the terms and conditions of this LICENSE In such event you must destroy all copies of the SOFTWARE and all of its component parts Intellectual Property Rights SOFTWARE is licensed not sold to you The SOFTWARE is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties You may not copy the printed materials accompanying the SOFTWARE title and intellectual property rights in and to the content which may be accessed through use of the SOFTWARE is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties This LICENSE grants you no fights to use such content All rights not expressly granted under this LICENSE are reserved Manufacturer and its licensors if any
48. e to another To do this from the Console Main Menu select item 3 Reset to factory defaults Setting the unit back to the factory defaults will remove the registration key and a new one will need to be obtained from Datatek Warning 6 4 Reboot system This selection reboots the Transformer To do this from the Console Main Menu select item 4 Reboot system 6 5 Ping host This selection allows you to enter either a hostname or IP address of a target machine that you wish to ping To do this from the Console Main Menu select item 5 Ping host The IP address can be either an 4 or IPv6 address However Ping6 directed to the legacy host will not work 6 6 Change password This selection allows you to change the password to the serial console do this from the Console Main Menu select item 6 Change password You may not use the null password anymore Any passwotd selection is acceptable There are no rules on the length of the password not use of special characters 6 Logoff This selection allows you to logoff from the serial console To do this from the Console Main Menu select item 7 Logoff After you logoff you will be prompted to Login 30 7 Software Registration The Transformer must be registered before IPv4 IPv6 transforming will work Without registration configuration can still be set up except for pool and bindings IPv6 and IPv4 access to the web server will
49. e want to proceed Static address am T DHCPv6 client ves DHCPv4 server r3 Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph v Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 011 Datatek Applications All rights reserved view license PB internet Protected Mode OW fav 400 f po O intemet Preteded Mode OR Av 100 7 Figure 48 Factory defaults Screen 10 12 Reboot System The Reboot System form is used to reboot the Transformer and apply any configuration changes made to the system Figure 49 Reboot System Screen is shown below transformerlocal Diagnostics 7 http 192 168 11 26 reboot php qx Favorites transformer local Diagnostics Reboot System Data webGUI Configuration APPLICATIONS INC Diagnostics Reboot System General setup Set Date Time Behont Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics transformer local Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights reserved
50. eckbox is selected to enable the Transformer to act as a DHCPv4 server to the legacy IPv4 device and to locally forwarded IPv4 endpoints Deny unknown clients Select this checkbox to allow DHCP to assign IP addresses only to the clients with MAC addresses entered the table below When locally forwarded endpoints are used with DHCP this checkbox must be selected and the static address assignment list must be used to assign the IP and MAC addresses of the primary host and each of the secondary hosts Subnet The subnet on which the legacy IPv4 host resides is displayed This field is taken from the Interface Setup s screen s host side configuration Subnet mask This is the subnet mask of the above subnet This field is taken from the Interface Setup s screen s host side configuration Available addresses This is the IPv4 address that the Transformer serves to the legacy host This field is taken from the Interface Setup s screen s host side configuration WINS server These are the IPv4 addresses of the WINS server s that the Transformer serves to the legacy host Default lease time This is the number of seconds for which the parameters served to the legacy host remain valid The default is 7200 seconds Maximum lease time This is the maximum number of seconds for which the parameters served to the legacy host remain valid The default is 86 400 seconds The primary and secondary DNS addresses that are served to the
51. ed in forward mapping can belong to an IPv6 subnetwork different from the Transformer a router on the IPv6 network side can be configured to forward those addresses through the Transformer Complications can easily cause serious problems For example A DHCP server the host side can interfere with the Transformer endpoint on the host subnetwork that 15 1 the local forwarding list will have an arp conflict with the Transformer Pv4 connectivity of any equipment the host side that might reach the main network on the Transformer s IPv6 side without going through the Transformer might cause problems Figure 4 Local Forwarding shows a primary IPv4 device and other secondary IPv4 endpoints behind the Transformer 16 Local Forwarding Example IPv4 IPv6 Transformer Network NC Secondary IPv4 Devices translation only see local forwarding Primary 4 Device Figure 4 Local Forwarding 2 2 Key Features Autoconfiguration The Transformer suppotts the Stateless Address Autoconfiguration SLAAC protocol described in 2462 and an extension to SLAAC for supporting temporary addresses as described in RFC3041 in configuring the network side IPv6 address interface The Stateless Address Autoconfiguration SLAAC process employs the Neighbor Discovery Protocol NDP which includes Router Solicitations Advertisements and Neighbor Solicitation Advertisements
52. endpoint In the inbound direction this would be the tunnel destination endpoint This field is only active when the Mode is tunnel Remote Gateway This is the IP address of the remote gateway or remote tunnel endpoint that will appear in the outer IP header In the outbound direction this would be the tunnel destination endpoint In the inbound direction this would be the tunnel source endpoint This field is only active when the Mode is tunnel Level This specifies how the SA 15 to be regarded required means an SA must exist or the packet will be discarded use means an SA is not mandatory but if an SA exists it will be used unique means apply a specific SA that uniquely corresponds to this SP This one to one correspondence is established through the unique parameter Level is only active if this SP s Policy is to perform ipsec Unique Number This is a number from 1 through 16 383 that is configured in the SP and the corresponding SA that is to be used for this SP Description Enter up to 80 characters to describe this SP This field is not processed but simply recorded as a comment for this SP Save Click this button to write the parameters to the configuration database on the flash Afterwards the System Manual IPsec screen will appear with an Apply Changes button at the top as shown in Figure 28 Manual IPsec Security Policies Display after editing Click the Apply Changes button to update the SP and SA data
53. es Time in seconds or leave blank for default of 1 week Temporary address preferred Time in seconds or leave blank for default of 1 day 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 13 Interface setup screen 41 8 5 Address pool The Address pool form displays the starting and ending addresses of ranges of IPv4 addresses that are used to automatically map an IPv6 address in an IPv6 packet received from the network side to an IPv4 addtess so that the IPv6 packet can be translated to IPv4 and forwarded to the IPv4 legacy host The address pool may be configured in any way that does not conflict with the IPv4 addressing on the network side The best approach is to choose an address pool that is in the same subnetwork as the one containing the host IP and the host side Transformer IP addresses This should be in one of the private subnetwork ranges and should not appear in the address space reachable on the network side The IPv4 Address Pool Screen is displayed in Figure 14 IPv4 Address Pool Screen 2 gt v 1 http 192 168 1126 murium ool php lex I Goge OO p gt Favorites e transformer local System 4 Address Pool ta 2 Tools Dateric WebGUI Configuration System IPv4 Address Pool General setup Set Date Time
54. es used by Secure Shell SSH to the host that is running the web browser or restore them from the web browser host to the Transformer This is shown in Figure 47 Backup restore Password and SSH Files Screen e Diz gr ostii 4 x b Googie p yc E E http 192 168 11 26 diag backup passwds php ES Jd Page Safety Tools v rea Rem E Data webGuUI Confi APPFLICATIONE IMC SCIEN Diagnostics Backup restore General setup Set Date Time Interface setup Registration Address pool ration transformer local Password and SSH Files Backup password files and SSH host keys Static address map Click this button to download the system s password files and Secure Shell host keys DHCPv6 client to another host DHCP 4 server SNMP Server oe Restore password files and SSH host keys Firmware Select the password and SSH host key files and dick the button below to restore them Status to the Transformer en Note m A reboot is not necessary but the SSH Daemon will be restarted with the restored host Traffic graph keys Diagnostics Logs DHCP leases Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights reserved view license Q Internet Protected Mode Off 100 Figure 47 Backup restore Password a
55. escriptions An NMS that supports custom MIBs should be able to display the list of available parameters That MIB does not support changing or clearing any parameters This DATATEK TXT file does not get put on the Transformer Instead it is loaded on a customer s NMS to merge with all the other MIB descriptors it is expected to find on systems with SNMP agents The NMS can use information in this file to direct formatted display of data and some descriptive text Without this file an NMS can only display raw data and does not display tables well Besides this MIB there are other MIBs supported on the Transformer Hundreds of data items are supported See e g mibII generate a list set up an NMS that supports loading additional MIBS Tell it where to find the DATATERK txt file Then have the NMS walk the system using a command line snmp utility to display everything It has a list of standard MIBs in etc somewhere and supports adding extension MIBs in the user s HOME snmp mibs directory Some of the SNMP objects included in the Transformer s MIB are IPv4 and IPv6 addresses number of IPv4 packets mapped from host to network and vice versa number of IPv4 packets passed from host to network and vice versa number of packets dropped from host number of IPv4 packets translated to IPv6 and vice versa number of IPv6 packets translated to IPv4 number of IPv6 packets not translated number of IPv4 and IPv6 packets dropped number of pa
56. etup Registration Address pool Static address map Aug 8 23 42 37 DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vri DHCPv6 client Aug 8 23 42 37 dhepd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc via vri DHCP 4 server Static routes dhcpd Wrote 1 leases to leases file SNMP Server Aug 9 00 42 37 dhopd DHCPREQUEST for 172 31 0 2 from 00 50 0 59 22 43 croc via vri c Aug 9 00 42 37 dhepd DHCPACK 172 31 0 2 to 00 50 da 59 22 43 croc via vr1 Firmware Aug 900 48 22 dhepd DHCPINFORM from 172 31 0 2 via vr1 Status Aug 9 00 48 22 dhcpd DHCPACK to 172 31 0 2 00 50 da 59 22 43 via vr1 2 dhepd DHCPINFORM from 172 31 0 2 via vr1 Traffic graph dhcpd DHCPACK to 172 31 0 2 00 50 da 58 22 43 via vri poids tics Aug 901 42 37 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via DHCP leases Aug 901 42 37 dhepd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc via vr1 IPsec Aug 9 02 42 37 dhcpd Wrote 1 leases to leases file hs is Aug 9 02 42 38 dhcpd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vri Translation stats Aug 902 42 38 dhepd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc via vr1 Network stats dhepd Wrote 1 leases to leases file Pin Ba id RUNDE Aug 903 42 38 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vr1 Factory defaults Aug 9 03 42 38 dhepd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc vi
57. eway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics webGUI Configuration transformer lacal System Transformer Registration www datatekcorp com ipv6 contact Supply the product ID and software version below to receive a This transformer needs to be registered Please contact Datatek Applications technical support registration code Then enter the registration code the space provided and dick the Save button Transformer Product ID amp SBLPK IBND4 W3AZV QG231 40 2 software version Send this product ID and software version to Datatek Applications Becistratiun Cod Enter registration code received from Datatek Applications 011 Datatek Applications Inc Internet Protected Mode Figure 9 Unregistered Transformer Screen 8 Web Graphical User Interface webGuUI System 8 1 General Setup The Figure 10 General setup Screen below displays configurable information that applies to the entire Transformer as a whole rather than to a specific interface address or feature Na quesos oso T rr pas de c r3 FE 3E aral 1 Zl AFF wI HE Borken T C en perite ani Gu E http 192 168 11 26 system php 4 Google gt qr Favorites transformer local System General setup fce Z3 mh v Page Safety Tool tariek MN APPLICATION B Ime webGUI Configuration tra
58. formation stands between that host and any remote host The major problem is that the protocol requires exchanging address and protocol information but the two sides have differing views of both the addressing and the protocol To resolve that problem the Transformer provides an application layer gateway ALG to provide the transformation that allows the two hosts to communicate Figure 23 FTP Gateway Screen shows there are 2 choices that a user can select to enable the FTP ALG calling a host side and or network side server on the standard FTP port By checking one or both entries the ALG 1s activated which will perform the proper IPv4 IPv6 translation between the client and server The variations covered by the FTP ALG are Client on IPv4 host IPv6 server on network Client on IPv4 host IPv4 server on network IPv6 client on netwotk server on IPv4 host IPv4 client on network server on IPv4 host 54 Data APPLICATIONS INC webGUI Configuration transformer local System Gateway General setup Set Date Time Interface setup Enable FTP ALG for server on network side interface Registration Address pool Enable FTP ALG for server on host side interface Static address map DHCPv 6 client DHCPv4 server Static routes SNMP Server Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics Internet Protected Mode Figure 23 FTP Gateway Screen
59. he specified policy is carried out Use the following buttons to G Add a new configuration Edit an existing configuration G9 Delete an existing configuration 58 System General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics mn skc datatekcorp com Set this option to disable this Security Policy without removing it from the configuration database Type Single host Address 2004 98 Port Leave blank for any port Address 2001 91 128 Port Leave blank for any port out Type any Protocol number IPsec ESP ESP is encryption AH is authentication only transport Internet Protected Mode Figure 26 Manual IPsec Security Policy Edit Screen Gateway m Manual IPsec Destination IP Address 2001 91 Firmware Port Status Leave blank for System Interfaces Traffic graph Diagnostics ESP is encryption is authentication only transport Enter the public IP address of the local tunnel Enter the public IP address of the remote gateway require The same unique number 1 16383 entered for a TNR EP and a Security Association SA will ensure a specific 5A is used for the SP You may enter a de
60. in the same subnetwork as the host Addresses within the subnetwork are reached after a suitable ARP exchange while addresses not in the same subnetwork should be directed toward the host interface of the transformer by means of a static ot gateway toute The gateway is configured either manually on the legacy host or automatically if the host is configured for DHCP When ARP is initiated by the host the transformer replies with its own interface address In these two ways all IPv4 traffic to the surrogate IPv4 addresses travels through the transformer s host side interface Local Forwarding Local forwarding allows expanding the Transformer to work with more than one legacy host as discussed above There are some caveats however to their use that must be mentioned The locally forwarded endpoints do not support SLAAC nor do they support the IPv4 pass through mode The locally forwarded endpoints can receive addresses from the DHCPvA server as will be detailed in a later section None of these DHCP leases will appear on the DHCP leases screen however In addition Diagnostics will not function properly for these endpoints Internet Protocol Security IPsec The Transformer can be configured to provide IPsec protection on behalf of an IPv4 legacy device and locally forwarded IPv4 endpoints The secured path lies between the Transformer and the remote host Specifically Psec is terminated at the IPv6 endpoints the IPv6 address that represen
61. lated to the IPv6 address below IPv6 Address 2004 250 This IPv amp address is translated to the IPv4 address above 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Figure 18 Local Forwarding Address Map Edit Screen 8 8 DHCPVv6 client The Transformer can be enabled to act as a DHCPv6 client to some DHCPv6 server on the IPv6 network side The DHCPv6 client Screen is displayed in Figure 19 DHCPv6 client Screen fo x 000000002 gt 7 amp dh Safety Toos webGUI Confi gu ration transformer lacal AFPFPFLIGATIONS ING System DHCPv6 client General setup Set Date Time Interface setup Registration Address pool Only exchange informational parameters Static address map DHCPv6 client Send rapid commit option DHCPv4 server Static routes Request a list of Domain Name Servers SNMP Server FTP Gateway Request a DIIS search path Manual IPsec Firmware Request a list of NTP server addresses Status System 0001000115c1a200000024ch5284 Interfaces Traffic graph i 0001000115cbe01d000024c55285 gt Diagnostics 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 19 DHCPv6 client Screen Enable DHCPv6 client on network side interface This checkbox is selected to enable the Transformer to act as a DHCPv6 c
62. lient Only exchange informational parameters This checkbox is selected to receive only the informational parameters that appear below That is the 6 server 15 to serve addresses as well as the informational parameters described below to the Transformet Send Rapid Commit option This checkbox is selected for the Transformer to send DHCPv6 messages with the Rapid Commit option Request a list of Domain Name Servers This checkbox is selected for the Transformer to request a list of DNS addresses from the DHCPv6 servet Request a DNS search path This checkbox is selected to request a DNS search path by domain name from the DHCPv6 servet Request a list of NTP server addresses This checkbox is selected to request a list of NTP server addresses from the DHCPV6 server Transformer DUID Change the DHCP Unique Identifier DUID of the Transformer to a DUID by which the DHCPv6 server knows the Transformer A default DUID 1s automatically created at boot time and displayed in this field Device DUID Change the DHCP Unique Identifier DUID of the legacy IPv4 device to a DUID by which the DHCPv6 server knows the legacy device A default DUID is automatically created at boot time and displayed in this field 8 9 DHCPv4 server The Transformer can act as a DHCP Yv4 Server to the IPv4 legacy host to provide host configuration parameters to the 4 legacy host The DHCPv4 server Screen is displayed i
63. me Between Failures MTBF Calculated 100 000 hours Power Consumption 4W typical 6W peak Form Factor 1U desktop design Environmental Dimensions W x x D 6 25 in x 1 0 in x 6 25 in 159mm x 25mm x 159mm Unit Weight 1 0 Ib 0 45 Power External adaptor 100 120V AC 50 60Hz US plug style Cooling None Fanless Operating temperature 32 122 degrees F 0 50 degrees C Certification FCC Part 15 CE EN61000 6 3 CE EN61000 6 2 Safety UL Safety and Environmental Compliance 92
64. mer s webGUI have a logout button 17 The Transformer uses HTTP authentication For evety page you request from the Transformer your browser sends the username and password from its cache There is no reliable way to force the browser to forget the username and password and session management to work around that would introduce potential security vulnerabilities so the Transformer does not provide a log out functionality To safely log out close your browser Your web browser may have a way to clear cached credentials Check your browser s documentation for further information 12 2 Overview Throughout this document the following definitions and conventions will be used Host side refers to the attachment point for the IPv4 legacy device This is the physical connection labeled IPv4 on the Transformer s front panel Nefwork side refers to the IPv6 or IPv4 IPv6 dual network which is connected to a hub or router This is the physical connection labeled IPv6 on the Transformer s front panel 2 1 Howthe Transformer Works The Transformer has two interfaces the host side and network side interfaces The legacy IPv4 device is connected to the Transformer on the host side IPv4 interface while the IPv6 network 15 connected on the network side IPv6 interface The Transformer receives IPv4 packets from the legacy IPv4 device through the IPv4 interface and translates them into IPv6 packets to send out the network side interface
65. monitor comBIOS Monitor Press for help gt R After booting you will be greeted with the login prompt as shown below You enter any character at this time which will bring you to the Console Main Menu as shown below However if the Console Main Menu does not appear on the console within about 3 minutes of booting contact support More information on the Console Main Menu configuration selections is discussed in the next section login test Datatek Transformer Console KEKEKE KK OR OS OR KKK OR 1 Set up IPv4 and IPv6 interfaces 2 Reset webGUI password 3 Reset to factory defaults 4 Reboot system 5 Ping host 6 Change password 7 Logoff Enter a number When the Transformer is shipped from the factory the host side 4 address is set to 172 31 0 1 The network side port is not assigned an 4 address However network side port has an link local address and it will participate in IPv6 Stateless Address Autoconfiguration 4 Console Interface The console pott lets you access the console interface to the Transformer You must use the console interface when you first install the Transformer to assign IP addresses to the host and or network side ports You only need to use the console interface when you can t reach the webGUI through either the host or network side LAN ports You may also need to use the console interface if you make a serious mistake when co
66. multiple addresses configured Addresses associated with the IPv4 device are indicated with IPv4 device The IPv6 interface addresses include the link local address of the IPv4 device the IPv6 address that is mapped to an 4 device and the foreign IPv6 care of addresses Other IPv6 addresses include the address of the IPv6 Network interface D nee pfe i 9 iB http 192 168 11 26 status interfaces php Favorites transformer local Status Interfaces 2 APPLICATIONS ING webGUI Configuration transformer local System General setup Set Date Time Interface setup Registration Status up Address pool MAC address 00 00 24 cb 52 84 Static address ma Pep address 192 168 11 26 24 DHCPv4 server 4 address 192 168 11 222 32 IPv4 Gateway 192 168 11 1 SNMP Server FTP Gateway IPv6 address 2005 26 64 Manual IPsec IPv6 address 2005 2 64 IPv4 device Firmware Status System 100 Interfaces 4385 568 764 KB 434 KE Traffic graph m k Diagnostics i 1 Status Interfaces IPv6 interface 2005 1 IPv4 interface Status up MAC address D0 00 24 ch 52 85 172 31 0 1 16 100baseTX full duplex 469 245 80 KB 25 KB 2005 2011 Datatek Applications Inc All rights reserved view license Figure 34 Interfaces Screen 9 3 Traffic graph Figure 35 Traffic graph Screen displays incoming and outgoing traffic for both the IPv4 LAN and IPv6 WAN inte
67. n Figure 20 DHCPv4 server Screen in E E I 1 1 1 tarm DHC O 4 server W T ht 1723112313 sevices dhcp ph wp Favorites transformer local System DHCP 1 4 server EN m Safety Tools Daterick APPLICATIONS INC webGUI Configuration transformer local System System DHCP IPv4 server General setup Set Date Time Interface setup Registration Address pool Enable DHCP server on host side interface Static address map DHCPv6 client Deny unknown clients DHCPv4 server If this is checked only the dients defined below will get DHCP leases from this server Static routes mE SNMP Server Gateway 255 255 0 0 Manual IPsec Firmware 172 31 0 2 Status System Interfaces Traffic graph Diagnostics host side seconds This is used for clients that do not ask for a specific expiration time The default is 7200 seconds seconds This is the maximum lease time for clients that ask for a specific expiration time The default is 86400 seconds Note The DNS servers entered in System General setup or the DNS forwarder if enabled will be assigned to dients by the DHCP server The DHCP lease table can be viewed on the Diagnostics DHCP leases page Internet Protected Mode Figure 20 DHCPv4 server Screen Enable DHCP server on host side interface This ch
68. n the network side section of the Interface Setup screen This feature may be useful for situations where not all the IPv4 devices on a link can be moved behind Transformers at one time The devices then must be separated by placing some of the IPv4 devices on the network side of the Transformer and a single IPv4 device behind the Transformer on the host side Pass through is then used to enable communication between the IPv4 device on the host side and all the other IPv4 devices on the network side Address Pool The transformer configuration includes a range ot multiple ranges of IPv4 addresses that it can use to satisfy the need to map network side IPv6 addresses to host side IPv4 addresses The processes described above in which new IPv6 addresses are added to the list of endpoints reachable by the legacy host requires a supply of IPv4 addresses available to combine one to one in bindings of IPv6 addresses to IPv4 addresses This supply is called the address pool The designated private IPv4 address ranges are the best choice to be used to supply the pool But it is required that IPv4 addresses in the address pool must be addresses that are not reachable on the network side 19 Address Resolution In the normal course of sending and receiving packets with IPv6 endpoints the legacy host is working only with IPv4 addresses most likely with addresses that have come from the pool These IPv4 addresses may or may not be
69. nd SSH Files Screen 10 11 Factory defaults The Factory defaults form provides the means to clear out the current configuration and restore it to the defaults that were shipped from the factory Use the Diagnostics Backup Restore form first to save a copy of your configuration After clearing the by responding Yes to the question Are you sure you want to proceed the Transformer will automatically reboot After rebooting the Transformer Console Menu must be used to enter the IPv6 Host and IPv6 Network addresses necessary to access the webGUI again Figure 48 Factory defaults Screen is shown below v Setting the unit back to the factory defaults will remove the authorization code and a new one will need to be obtained from Datatek Warning http 172 31 12 113 diag_defaults php Y 24 Google pr 29 Search More Sign In q gt gt yy Favorites transformer local Diagnostics Factory defau m7 L3 Safetyv Tool v Data INC webGUI Configuration transform Mise m Diagnostics Factory defaults Set Date Time If you click Yes the Transformer will be reset to factory defaults and will reboot immediately The Interface setup entire system configuration will be overwritten The LAN IP address will be reset to 172 31 0 1 the Registration system will NOT be configured as a DHCP server and the password will be set to mono Address pool Are sur
70. nfiguring the Transformer with the webGUI like changing the password to something you immediately forget Configuring and accessing the webGUI is discussed in the next section To use the console interface you must connect the console port to an ASCII terminal a PC com port with terminal emulator or via a console access device Terminal settings are 9600 baud no parity one 1 stop bit The console cable used should be a cross over 9 pin null modem cable See Appendix B for the crossover connector pinout diagram While booting the Transformer prints a large amounts of information on the console that is mainly of interest to the software developers However the console interface is active during this period and it is possible to pause or modify the boot process by entering commands These commands are for development and testing use only and are not documented in this manual After booting you will be greeted with a login prompt As shown in the example below you must use the login id root Once you enter the login id it will prompt you to enter a password From the factory the default password is the Enter key Later on you may change the password to one of your own choosing The Transformer prints the Console Main Menu and prompts you to enter a number corresponding to a menu item Each of these menu items are described in mote detail in Section 6 login root Datatek Transformer Console ACAckckck ck ockockck ck ck ko ko
71. ngths for the host and netwotk side interfaces This will allow you access to the webGUI You must supply an IPv4 address and subnet mask for the host side interface You may also supply an IPv4 address subnet mask and an IPv6 address prefix length for the network side interface Note that these network side addresses are for the management interface on the Transformer not the proxy addresses for the legacy IPv4 device You will need to use the webGUI to enter the proxy addresses We recommend using an IP address from the RFC1918 private address space for the host side interface since it s not visible to the network side of the Transformer There are three private ranges Start End 10 0 0 0 10 255 255 255 172 16 0 0 112 91 259 235 192 168 0 0 192 168 255 255 To configure the Transformer s interface go to the Console main menu and select item 1 Set up 4 and IPv6 interfaces the example below we set the host side interface address to 192 168 1 1 and accept the default subnet mask length of 24 Note that each prompt shows the current or default value in parentheses accept the default value simply press ENTER Similarly we set the network side IPv6 and IPv4 addresses to 2007250 and 135 47 8 16 respectively TPv4 address for host side interface 172 31 0 1 192 168 1 1 IPv4 subnet mask length for host side interface 24 IPv6 address for network side interface or none none 2007 50 IPv6 prefix length for 200
72. nsformer local System General setup Set Date Time Interface setup dois transformer Registration host name of the transformer without domain part Address pool e g frans Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware ausim admin Status If you want to change the username for accessing the webGUI enter it here System Interfaces Traffic graph 21 Diagnostics If you want to change the password for accessing the webGUI enter it here twice System General setup local HTTP HTTPS Enter a custom port number for the webGUI above if you want to override the default 80 for HTTP 443 for 5 Select the location closest to you Minutes between network time sync 300 recommended or 0 to disable poal ntp org Use a space to separate multiple hosts only one required Remember to set up at least one DNS server if you enter a host name here 2005 2011 Datatek Applications Inc Figure 10 General setup Screen Hostname This is the name of the Transformer Domain This is the domain of the Transformer DNS servers This is the IP address of the DNS Server both a primary and secondary are allowed When the Transformer receives a DNS lookup request for a hostname from the 4 legacy device the request is turned into a request for an IPv6 address and is sent to the DNS Server The IPv6 address received from the DNS Server is
73. ply cord or plug is damaged or frayed b If liquid has been spilled into the product C If the product has been exposed to rain or water d If the product does not operate normally by following the operating instructions Adjust only those controls that are covered by the operating instructions because improper adjustment of other controls may result in damage and will often require extensive work by qualified technician to restore the product to normal operation e If the product has been dropped or the cabinet has been damaged f If the product exhibits a distinct change in performance SAVE THESE INSTRUCTIONS Federal Communications Commission Statement This device complies with Part 15 of the Rules Operation 1s subject to the following two conditions 1 this device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio energy If this equipment 1s not installed and used in accordance with the manufacturer s instructions it may cause harmful interference to radio communications However there is no guarantee that in
74. ransformer can be configured on the DHCPV6 client screen to act as a DHCPv6 client to receive an IPv6 address for itself along with other host configuration parameters from a DHCPv6 server The Transformer can also receive the IPv6 proxy addtess for the host DHCPv4 Server The Transformer can be configured on the DHCPv4 server screen to act as DHCPv4 server to the IPv4 legacy device to provide the IPv4 legacy device with an IP address and other host configurations The IPv4 address that is served to the IPv4 legacy device is the IPv4 address that was configured on the Interface Setup screen This DHCP feature satisfies those IPv4 devices that do not store their own IPv4 addresses but require a DHCP Server to give one to them Passthrough The legacy IPv4 device can talk to other IPv4 devices across the network In pass through the Transformer does not translate IPv4 packets but maps the IPv4 address representing the host In the direction from the IPv4 legacy device towards the netwotk the legacy device only needs to ensure its routing table contains an entry for the subnet or host address of the IPv4 destination host and that the gateway or next hop for that subnet or host address is the Transformer s host side interface address as configured on the Interface Setup screen s host side Transformer IPv4 address IPv4 hosts on the network can talk to the legacy host by addressing the legacy host with the Device IPv4 Address that was configured i
75. ress 2005 2 Device 4 address 172 31 0 2 Transformer IPv6 address 2005 26 Transformer IPv4 address 1 2 31 0 1 Device IPv4 address 192 168 11 222 Transformer 4 address 192 168 11 26 Figure 12 Example Network Setup 39 Accept router advertisements This is checked to enable stateless address autoconfiguration as specified in RFC4862 If this is not checked the Transformer must get its IPv6 address through alternative means such as manual configuration through the Transformer IPv6 Address field or through stateful address configuration like DHCPv6 Use temporary addresses This 1s checked to make the IEEE interface identifiers and the random number which are both used in generating the global IPv6 addresses from stateless address autoconfiguration to change over time as specified in RFC3041 The interface identifiers are made to change over time by generating random values that will cause the IPv6 global address to also change over time making it more difficult for eavesdroppers and affording more privacy Prefer temporary addresses This is checked to give preference to temporary addresses over public addresses in source address selection when connections are initiated from the Transformer itself or from the host side legacy device Temporary address valid lifetime Enter the valid lifetime of the temporary address in seconds or leave blank for the default of 1 week Temporary address preferred life
76. rfaces FI t NA ym mn skc datz misi pisn Lem atus Traffic graph Windows Internet Explo B http 172 31 12 49 status_ Cn webGUI Configuration Status Traffic graph Interface WAN General setup Set Date Time Interface setup Registration Address pool Ir 10 3 2011 14 29 31 Switch to bytes s Static address map In 15 Kbps AutoScale up DHCPv6 client Out 7 Kbps Graph shows last 120 seconds DHCPv4 server Static routes SNMP Server FTF Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Note the Adobe SVG viewer is required to view the graph 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 35 Traffic graph Screen 2 SignIn z mn skc datatekcorp com WAN 5 Kbps 50 Kbps 25 Kbps 10 Web Graphical User Interface webGUI Diagnostics The following forms used for the maintenance and debugging of the Transformer 10 1 Logs Figure 36 Logs Screen displays the system log x 0 18 JAE M E E d Pager Safetyy Toos APPLICATIONS webGUI Configuration transformer local Diagnostics Logs General setup Set Date Time Interface setup Registration Address pool Last 50 system log entries Static address map Aug 8 12 42 30 kernel orm0 lt ISA Option ROM at iomem 0xc8000 0xd
77. s not support port numbets The number of subnet mask bits is selected from a pull down menu Direction in specifies that the SP 15 matched against inbound packets while out specifies the SP 1s matched against outbound packets Inbound packets may be received from the network side host side Outbound packets are either originated by the Transformer or forwarded by the Transformer For example a ping command initiated from the Transformer s console creates an outbound ICMP packet Such a packet is matched against the parameters of an SP whose direction 15 0 2 An example of an outbound packet that comes from forwarding 15 where packets are received from the legacy host translated and then forwarded towards the network Whenever a packet 15 forwarded it is considered to be in the outbound direction Therefore during the forwarding process the parameters of an SP whose direction is oz ate matched against the packet being forwarded Higher Layer Protocol IPsec allows an SP to match against the next higher layer protocol in the protocol stack The commonly used higher layer protocols TCP UDP ICMP are selected from the pull down menu To specify any other protocol select other and enter the protocol number as it will appear in the IP packet s next header field If the SP is to apply to all higher layer protocols select any Policy This is the action to take if the packet matches the selection criteria The following actions are
78. scription here for your reference not parsed 2005 2011 Datatek Applications 3 Inc Figure 27 Manual IPsec Security Policy Edit Screen continued Disable This box is checked to disable the SP without deleting all its parameters from the configuration database Source IP This is the source IP address of the SP This field is comprised of an IP address and a port number The IP address is matched against the source address in the IP header and the port number is matched against the port number in the higher layer protocol header Leave the port field blank to allow any port number if the higher layer protocol does not support port numbers The type of address may a single host or a network address For a single host IPv6 address all 128 bits of the address are matched and for an IPv4 address all 32 bits of the address are matched A typical single host may be the IPv6 address of a legacy IPv4 host For a network address the number of subnet mask bits are selected from a pull down menu A network address may be the subnet on which the Transformer resides Destination IP This is the destination IP address of the SP This field is comprised of an IP address and a port number The IP address is matched against the destination address in the IP header and the port number is matched against the port number in the higher layer protocol header Leave the port field blank to allow any port number if the higher layer protocol doe
79. setup 2011 Da 09 13 48 Registration year manth day hour min Address pool Update Static address map DHCPV6 client DHCPv4 server Static routes SNMP Server Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics 2005 2011 Datatek Applications Inc All rights reserved Internet Protected Mode Off Figure 11 Set Date Time Screen 8 2 Interface Setup The Interface setup form is used to configure the host side and network side interfaces of the Transformer and the IPv4 address of the legacy device and the proxy IPv6 address of the legacy device There are two interfaces on the Transformer a host side interface and a network side interface If the legacy device 15 manually configured its configuration should be set up to match the configuration entered in this form If the legacy device is configured to receive its configuration automatically the values it receives come from the entries in this form Figure 13 Interface setup screen shows all the configuration fields and options 8 3 Host side Device IPv4 address This is the IPv4 address of the legacy device Transformer IPv4 address This is the IPv4 address of the Transformer s host side interface 8 4 Network side Device IPv6 address This 15 the IPv6 proxy addtess of the legacy device This IPv6 proxy address 15 bound to the IPv4 addtess of the legacy device In translating IPv4 packets from the legacy device
80. st the destination address in the IP header The destination IP address in conjunction with the Security Parameter Index and the IPsec protocol uniquely identify the SA IPsec Protocol See the IPsec Protocol description in the section Manual IPsec Security Policy The IPsec Protocol in conjunction with the destination IP address and the Security Parameter Index uniquely identify the SA Mode See the Mode description in the section Manual IPsec Security Policy The Mode must match the setting chosen on the remote side Unique Number This is the same number from 1 through 16 383 that was configured in the SP Configuring the same Unique Number for the SA and SP ensures this SA is used for the SP Encryption Algorithm This is the encryption algorithm used to protect the IP payload Each algorithm must use a key of a specific length Encryption Password This is the key the encryption algorithm uses to provide confidentiality The mandatory length of each key is determined by the encryption algorithm The encryption key can be entered as an ASCII character string in double quotes or as hexadecimal sequence starting with Ox If the key is entered as an ASCII string each character 15 treated as an 8 bit quantity E g 12345678 1s a 64 bit key equivalent to 0x3132333435363738 Encryption Algorithm Key Length bits J3des cbc 192 aes cbc 128 192 256 aes ctt 160 224 288 aes ctr 15 not recommended for
81. stics Screen 10 8 Network statistics Figure 44 Network statistics Screen displays Network statistics of the Transformet Data webGUI Configuration SLE Diagnostics Network statistics General setup Set Date Time ip statistics Interface setup Eo rh CL RD ERE zd BEEN INNEN Address pool total m Static address map Local forward map bad header checksums DHCPV6 client Static routes wider cH EM SNMP Server with ip length gt max ip packet size FTP Gateway with header length data size Manual IPsec with data length header length Status with bad options Interfaces Diagnostics fragments dropped dup or out of space fragments dropped after timeout fr ts dr fter timeout DHCP leases Address pool packets for this host Address map Translation stats EREMO REDDERETUR Network stats packets forwarded 0 packets fast forwarded Backup Restore Factory defaults packets received for unknown multicast group Reboot system packets sent from this host packets sent with fabricated ip header output packets dropped due no bufs etc ds PUE y i a n i uts i Registration Name Figure 44 Network statistics Screen 10 9 Ping The Ping form is used to test connectivity between the Transformer and a device on either the IPv6 or the IPv4 side However the IPv6 addresses representing the host side
82. sult your dealer or local Power Company Unplug this product from the wall outlet before cleaning Do not use liquid cleaners or aerosol cleaners Use a damp cloth for cleaning Do not use this product near water for example in a wet basement To reduce the risk of electrical shock do not disassemble this product Service should be performed by trained personnel only Opening or removing covers and or circuit boards may expose you to dangerous voltages or other risks Incorrect re assembly can cause electric shock when the unit is subsequently used This product is equipped with a three wire grounding type plug a plug having a third grounding pin This plug is intended to fit only into a grounding type power outlet This is a safety feature If you are unable to insert the plug into the outlet contact your electrician to replace your obsolete outlet Do not defeat the safety purpose of the grounding type plug Do not use a 3 to 2 prong adapter at the receptacle Use of this type adapter may result in risk of electrical shock and or damage to this product Do not allow anything to rest on the power cord Do not locate this product where the cord will be abused by persons walking on it Do not overload wall outlets and extension cords as this can result in the risk of fire or electric shock Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following conditions a When the powers sup
83. t have a mix of uppercase letters lowercase letters numbers and special characters such that at least two characters from each of the afore mentioned four types of characters are present For example x T1ITBn2 is a valid password Mv4 mabc3Z is invalid because it only has special character Mv4 abc3Z is valid c New passwords must not be reused from any of the previous ten passwords Automatic expiration of passwords is not supported at this time Warning 4 After logging in the Transformer s Figure 7 System Information Screen below will appear tz E om Pager Safety Tools amp Data webGUI Confi APPLICATIONS INC qu ration transformer local System General setup System information Set Date Time Interface setup Name transformer local Registration Version Datatek IPv4 IPv6 Transformer Version 4 0 0 Address pool Disk 090111 3 made by tsun Static address map ee DHCPv6 client DTX4250 VERSION 3 DHCPv4 server Static routes SNMP Server at Thu Sep 1 16 22 39 UTC 2011 Gateway view graph Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics 00 21 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 7 System Information Screen 6 Logical Setup 6 1 Setup IPv4 and IPv6 interfaces This selection lets you set the IP addresses and subnet masks prefix le
84. tek Applications Inc All rights reserved vie Internet Protected Mode Figure 25 Manual IPsec Security Associations Screen Enable IPsec This check box is selected to apply any SP or SA configurations that may be in the configuration database to the SP and SA databases in memory Uncheck this box for a quick way to disable all IPsec on the Transformer without having to delete any SP or SA configurations from the flash Ifyou intend to use IPsec Enable IPsec must be selected Note Apply Changes This control button appears when an SP or SA has been changed through the e or buttons Click Apply Changes to update the SP and SA databases in memory so that the changes will take effect The new IPsec changes will not be applied until you select Apply Changes 8 13 Manual IPsec Security Policy Manual IPsec gt Security Policies gt Manual IPsec gt Security Policies gt Figure 26 Manual IPsec Security Policy Edit Screen and Figure 27 Manual IPsec Security Policy Edit Screen continued are used to add a new Security Policy SP or edit an existing SP Selection parameters specified on this form are matched against fields in the IP header and upper layer protocol header of IP packets Examples of some of these selection parameters are Direction Source IP address and port Destination IP address and port Higher layet protocol If a packet matches the specified parameters above t
85. ter the Registration Code APP L ICATIONS INC webGUI Configuration transformer local System General setup d ria 42 S8LPK I8ND4 W3AZV QG23I 4 0 0 Registration giii Send this product ID and software version to Datatek Applications Address pool TE ee 22 Static address map Peeran Cade USBAB MQEHZ TQZ3P YTBLG DHCPv amp client Enter registration code received from Datatek Applications DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics System Transformer Registration 2 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Figure 8 Registration Screen If registration has not been done or the user has entered an invalid Registration Code most of the web pages will show an added information block near the top The info block contains a link to the registration page The registration page is where the user carries out the registration process The not registered information block and the side frame of every page of the web interface both have links to the registration page Figure 9 Unregistered Transformer Screen appears if the user has entered invalid Registration Code General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gat
86. terference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment to an outlet a circuit different from that to which the receiver 15 connected Consult the dealer or an experienced radio TV technician for help The circuit board is designed for installation in a shielded enclosure metal or plastic with conductive coating Shielded cables are required on LAN and serial ports to assure compliance with FCC regulations copy of the test report will be provided on request 1 are answers to some of your most frequently asked questions Q1 What s an Pv4 IPv6 Transformer The Datate cations IPv4 IPv6 Transformer changes a legacy 4 evice into a 1 The Datatek Applications IPv4 IPv6 Transf hanges a legacy IPv4 only device i dual stack Pv4 IPv6 host Q 2 What sa legacy Pv4 only device A2 It could be a PC a server a printer a network appliance it s anything with a LAN port that doesn t understand the new Internet Protocol Version 6 or IPv6 Virtually every device with a LAN port understands Internet
87. the Apply Changes button to update the SP and SA databases in memory More gt gt SignIn B amp F E F Page Safety Tools i mn skc datatekcorp com System zen General setup System Manual IPsec Set Date Time 7 The security association configuration has been changed Interface setup You must apply the changes in order for them to take effect Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FIP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph k Diagnostics Figure 30 Manual IPsec Security Associations Screen after editing 8 15 Firmware Upgrading new firmware New firmware upgrades may be obtained in several ways email and distribution on CD ROM Datatek will alert all users via email and on its website that a new upgrade is available Datatek maintains a secure FTP site on its corporate website so users can download it to their servers directly If the user cannot use FTP for downloading purposes email is an option Contact Datatek support and the firmware image will be emailed where it can be loaded on the user s server Due to the size of the firmware upgrade email may not be practical for some customers with a size limit on their email A third option 1s to deliver the firmware upgrade on a CD which will contain a Readme file and the firmware image The user can then follow the Readme instruc
88. the IPv4 device address is translated to the IPv6 proxy address Transformer IPv6 address This is the IPv6 address of the Transformer This is one of the addresses to which the web browser may connect in order to talk to the Transformer s web server The other address the web browser may use is the Transformer IPv4 address 38 Device IPv4 address This is IPv4 address for the legacy device that appears on the network side interface Nodes on the netwotk side that wish to talk to the legacy device must use this address This IPv6 proxy address is bound to the IPv4 addtess of the legacy device In translating IPv4 packets from the legacy device the IPv4 device address 15 translated to the IPv6 proxy address Transformer IPv4 address This is the IPv4 address of the Transformer on the network side interface This is one of the addresses to which the web browser may connect in order to talk to the Transtormer s web server The other address the web browser may use is the IPv4 address on the host side Figure 12 Example Network Setup displays all the interfaces and their IPv4 and IPv6 addresses that are of interest to the Transformer The diagram uses the sample addresses that were configured in the Interface screen capture Figure 13 Interface setup Screen Example Network Setup Legacy IPv4 Device IPv4 IPv6 Transformer DTX 4260 545 0 5 Network Side Device IPv6 add
89. the Transformer To setup the Transformer Unpack the Transformer and its power cable Connect the Transformer s 4 port to the 4 device with standard Ethernet cables for example Cat 5 Connect the Transformer s IPv6 Network port to the IPv6 network with standard Ethernet cables for example Cat 5 Connect the console port to an ASCII terminal PC com port with terminal emulator or via a console access device Terminal settings are 9600 baud 8 bit no parity one 1 stop bit 8 1 The console cable used should be a cross over db9 pin null modem cable See Appendix A for the crossover connector pinout diagram The console port is used for initial configuration of the Transformer Its possible to do the initial configuration using the Pv4 port provided that the factory default IP address assigned to the port works Note for you Power up the Transformer and monitor booting from the console You may safely ignore traces during the boot process The following is what the user will typically see during the boot process kernel text 0x4c70d8 data 0x50714 0x5b47c Loading mfsroot 6000000 0107 0280 00 00 00 00000000 00000000 Booting B 0020 02000000 0107 0290 00 3F 00 0000E101 A0000000 10 Trying to mount root from ufs dev md0a Found configuration on ad0 Initializing timezone done Initializing PC cards failed probably no PC card controller present Configuring firew
90. then mapped to a dynamic IPv4 address The dynamically bound IPv4 address is returned to the IPv4 legacy device as the response to its original lookup request Username This is the login name of the administrator It is the same as the Username the popup authorization dialog that appears when one first connects to the webGUI Password To change the current password type in a new password It is the same one that is used in the authorization dialog that appears when one first connects to the webGUI Passwords must conform to the following rules Passwords must have at least 10 case sensitive characters Passwords must have a mix of uppercase letters lowercase letters numbers and special characters Passwords must have at least two characters from each of the afore mentioned four types of characters For example x T1ITBn2 is a password Mv4 mabc3Z is znvalid because it only has one special character Mv4 abc3Z 15 valid New passwords must not be reused from any of the previous ten passwords Automatic expiration of passwords is not supported at this time Warning 35 SAVE domain must be entered before the information on this screen can be saved Select the SAVE button before proceeding to the remaining configuration screens otherwise the information will belost Furthermore configuration on the General setup screen determines the availability of some options on the other screens A
91. tiated a session with the IPv4 legacy host and the packet received from the network contained the IPv6 address of the remote IPv6 host as the source address This IPv6 source address would have been bound to an available IPv4 address from the Address pool before the packet was forwarded to the legacy device The legacy device could then send a PTR record quety for the IPv4 address from the address pool In this case the Transformer must translate the IPv4 PTR record query into an IPv6 PTR record query for the domain name of the IPv6 address to which the IPv4 address is mapped The IPv6 PTR record query is sent to the DNS Server The 6 PTR record response from the DNS Server contains a domain name that is then translated into 4 response containing the same domain name unchanged It is also possible for the Transformer to receive a PTR recotd query for an IPv4 address that is not bound to an IPv6 address In the case of Passthrough which is used for communication between two IPv4 hosts there is Pv4 IPv6 binding The Transformer forwards a PTR record query from the legacy device for an unbound IPv4 address directly to the DNS Server The response is forwarded directly to the legacy device 18 Configuration The DNS Server address for the IPv6 network is either manually configured on the General Setup form or may be served from a DHCPv6 Server as specified on the DHCP V6 client form DHCPv6 Client The T
92. time Enter the preferred lifetime of the temporary address in seconds or leave blank for the default of 1 day 1 lt 2 http 192 168 11 26 ifconfig php yir Favorites transformer local System Interface setup Data APPLICATIONS IMC webGUI Configuration transformer local System on System Interface setup Set Date Time Interface setup Host side Registration Device IPv4 add 123102 m Address pool riu 3 Static address map IPv4 address of the IPv4 only device on the host side of Transformer Static routes IPv4 address for Transformer s host side interface SNMP Server i FTP Gateway Network side Manual IPsec Device IPv5 address 20852 64 Firmware x Status IPv6 address for IPv4 only device on the network side of the Transformer System Transformer IPv amp Address 2005505 54 sgh eee IPv6 address for Transformer s network side interface Traffic graph Diagnostics Device IPv4 Address 19328841222 132 IPv4 address of the IPv4 only device on the network side of the transformer Transformer IPv4 Address 192 1658 11 26 24 IPv4 address for Transformer s network side interface Check to enable RFC4862 stateless address auto configuratian Use temporary addresses Check to enable RFC3041 privacy extensions a k a temporary Prefer temporary addresses Check to prefer temporary addresses to public address
93. tions for installing the upgrade from the CD itself or after loading the image on the server Contact Datatek support for this option To load the new firmware upgrade on the Transformer select the Firmware button from the left hand menu items On the Firmware screen shown in Figure 31 Firmware screen click the Enable Firmware upload button Browse for the file then click the Upgrade Firmware button to start the Transformer firmware upgrade process A message will be displayed at the bottom of the Firmware screen firmware is now being installed The Transformer will reboot automatically Wait 2 to 3 minutes for the Transformer to finish the upgrade and reboot Do not power off the Transformer during the firmware upgrade process You will know when the reboot has finished if the Transformer responds to a click on any of the left hand menu items ske local System Firmware Windows Interne LAN QU http 192 168 11 101 system firmware php X Google 2 x Google 3 Search y More gt yip Favorites ske local System Firmware fy 3 d v Pager Safetyv Tool v ske local System Firmware Set Date Time Click Enable firmware upload below then choose the image file to be uploaded Interface setup Click Upgrade firmware to start the upgrade process Registration Address pool Static address map Local forward map Warning
94. ts the IPv4 legacy device and the IPv6 address of the remote host Since the path between the legacy host and the Transformer is not secured they should be co located in a secuted atea To enable IPsec the administrator must configure the Security Policy SP and may manually configure a Security Association SA SP specifies the packets that should be protected by describing the characteristics on which to match a user packet e g the IP address and port number and the upper layer protocol The SA specifies how they should be protected e g the algorithms and keys to use 3 Physical Setup 3 1 Transformer Physical Description The Transformer s rear and front views shown below in Figure 5 Transformer Rear View and Figure 6 Transformer Front View Om NETWORK USB Figure 5 Transformer Rear View Feature Description 1 Power Input 12 18VDC center positive power adapter 2 USB USB ports not used at this time 3 Network IPv6 Port LAN port supports 10 BASE T or 100 BASE T 4 4 Port LAN port supports 10 BASE T or 100 BASE T 5 Serial Console 9 pin serial console interface 432 1 Figure 6 Transformer Front View Feature Desctiption 1 Reset Button Button used to reboot the unit 2 LED Lights while booting 3 LED Lights while booting 4 LED Powet 3 2 Transformer Setup The Transformer must be set up and minimally configured in order to use a web browser to completely configure
95. ufacturer or its suppliers be liable for any damages whatsoever including without limitation special incidental consequential or indirect damages for personal injury loss of business profits business interruption loss of business information or any other pecuniary loss arising out of the use of or inability to use this product even if Manufacturer has been advised of the possibility of such damages In any case Manufacturer s and its suppliers entire liability under any provision of this License shall be limited to the amount actually paid by you for the SOFTWARE Because some states jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages the above limitation may not apply to you 90 Appendix 9 Pin Null Modem Connector Pinouts DB9 Pin Layout Pin 1 Carrier Detect CD Pin 2 Receive Data RD Pin 3 Transmit Data TD Pin 4 Data Terminal Ready DTR Pin 5 Ground GND Pin 6 Data Set Ready DSR Pin 7 Ready To Send RTS Pin 8 Clear To Send CTS Pin 9 Ring Indicator RI l 6 4 2 3 7 91 Appendix Specifications Physical Flash Memory 4GB Power Supply 7 20V Internal DC Power LAN Ports Two 10 100Mbps Ethernet RJ 45 USB Ports Two USB 2 0 Console One DB9 Serial Male Port Buttons System Reset Factory Network Reset LEDs Unit Power Booting LAN Link Activity OS FreeBSD 8 0 Mean Ti
Download Pdf Manuals
Related Search