Enterasys Networks ANG-1000 Network Card User Manual
Contents
1. sseeeseeeeee ee eene 15 Setting Up thie VPN cei terti ms castes dete deve ri raesent 18 Setting Up the Internet Connection sse nennen 20 Setting Up the LAN deed ette eee eeu tidied tee ds 23 Setting Up the Firewall intr eee reete deti tre serti ive tira esta 25 Setting Your PassWord ase cec etre esi EREEREER AAEE el ud teres ta etn sare noe dE 27 Checking D yice Status ienunocaaiatetene e siete de tee d ei e ie DESI ertet 28 Using Advanced Utilities nee t tetti ee dece tir eie hinein 31 Using the Configuration Editor sseeeeeeeee eee ee enne 32 Configuring IP Port Forwarding sse eee nns 35 Aurorean Network Gateway 1000 User s Guide Appendix A Glossary Appendix B Specifications Appendix C Pin Assignments Appendix D License Agreement amp Support Enterasys Networks License Agreement 49 license GTabE 2c iig ine eoa ed aia DO ON RINBU eai eiei 49 laici c 50 Infringement Indemnification sse eene enne 51 Limitation of Eiability ee dee tete eneen NETE e eese t need Reb ncn A 51 iau E M 52 International Provisions eene nennen ene ene ener nennen 52 Applicable Law a 52 U S Government Commercial Computer Software sess 53 Technical Support eate mae road ea e e dee Tenn 53 Support from Enterasys Networks2. 26 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Setting Your Password To further ensure security for your ANG 1000 you should configure a new password to replace the factory installed password netadmin Change the Password by performing the following steps 1 Click the Set Password menu option The Set Password window appears as shown in Figure 24 Aurorean Network Gateway 1000 e Help Set Password VPN Old password VPN Status New password eVPN Setup Confirm Connectivity Setup Internet Setup Apply Figure 24 Set Password Window 2 Type the old Password in the field provided 3 Typea new Password in the field provided 4 Confirm the new password in the field provided 5 Click Apply Aurorean Network Gateway 1000 User s Guide 27 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Checking Device Status The Device Status window provides a host of important data to ensure the ANG 1000 is connected properly and to permit troubleshooting as problems occur When consulting Enterasys Customer Support you will be asked to display this window The following categories are detailed in the Device Status window D o o Version lists the Release Patch and Build numbers and internal name of the ANG 1000 s firmware CPU itemizes Motorola Coldfire chip specifications Memory enumerates ANG 1
3. Category Chassis Specifications This appendix details the specifications of the ANG 1000 Table 14 ANG 1000 Specifications Depth Parameters 6 1 2 Width 10 Height 1 7 8 Weight 1 Ib Environment Operating Temperature 0 to 70 C PFC Power Supply Power Adapter Input 100 240VAC 0 4A 47 63Hz Regulated UL Listed Class 2 power supply must be used Output 5v VDC 2 5 Amp Processor Motorola Coldfire XCF5307 91 5 Mhz Memory 16 MB DRAM Storage Devices Hard Drive 2 MB Flash Performance Server Capacity gt 25 concurrent tunnels Tunnel Performance Up to 3 Mbps with IPSec Aurorean Network Gateway 1000 User s Guide 45 Appendix B Specifications Category Protocols amp Standards Table 1 ANG 1000 Specifications Continued Tunnel Protocols Parameters IP Security Protocol IPSec as defined in RFC 2401 and 2409 Point to Point Tunneling Protocol PPTP as defined in RFC 1234 Generic Routing Encapsulation GRE as defined in RFC 1701 and 1702 Encapsulated LAN Protocols IP Routing Protocols RIP V1 V2 Support for dynamic Virtual Network addressing local network addressing or static routes Authentication Challenge Handshake Authentication Protocol CHAP MS CHAP Microsoft proprietary version of CHAP Encryption MPPE 40 bit and 128 bit configurable keys RC4 c
4. Conventions Used in This Guide About This Guide Conventions Used in This Guide The following conventions are used in this guide v NOTE JAN enemies ALI Bold Italics SMALL CAPS Courier font Notes supply additional helpful information provide a cross reference to the source of more information or emphasize issues you should consider when performing an action Cautions contain directions that can prevent you from damaging the product or losing data Warnings provide directions that you must follow to avoid harming yourself Text in boldface indicates values you type using the keyboard or select using the mouse for example a setup Default settings may also appear in bold Text in italics indicates a variable important new term or the title of a manual Small caps specify the keys to press on the keyboard a plus sign between keys indicates that you must press the keys simultaneously for example CTRL ALT DEL Text in this font denotes a file name or directory Aurorean Network Gateway 1000 User s Guide About This Guide Related Publications Related Publications The following publications are also available with the Aurorean Network Gateway 1000 O The ANG 1000 Quick Setup card which highlights the basic steps required to install the Aurorean Network Gateway 1000 O The Installation amp Service Guide which describes how to install and maintain the ANG 3000 7000 series th
5. sssssssssseeeeenee ees 53 On line Services uncta centia TE EERE EHE Ie te siest ie pee see esee uae teats 53 Phone SUP PORE ce dete E rere ies E E periere Doe exe DIRE 53 Returning Products for Repait etece e tastes eterni iaraa 54 Index Aurorean Network Gateway 1000 User s Guide vii About This Guide This guide describes how to mount connect power up and maintain an Aurorean Network Gateway 1000 ANG 1000 from Enterasys Networks This guide is written for administrators who want to configure the ANG 1000 for their remote clients or experienced users who are knowledgeable of basic networking principles Contents of the Guide Information in this guide is arranged as follows o o Chapter 1 Overview highlights the key features of the Aurorean Virtual Network family of enterprise VPN products Chapter 2 Installation describes how to physically mount connect and power up Aurorean servers Chapter 3 Configuring the ANG 1000 with Aurorean Policy Manager details how to configure the server Appendix A Glossary defines terms used in this manual Appendix B Specifications provides essential physical and operational characteristics of the ANG 1000 Appendix C Pin Assignments describes the pinouts of the LAN connectors Appendix D License Agreement amp Support describes the warranty terms and support policies covering Enterasys Networks products Aurorean Network Gateway 1000 User s Guide ix
6. Described by Whatis com as the translation of an Internet Protocol address used within one network to a different IP address known within another network One network is designated the inside network and the other is the outside Typically a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses This provides security since each outgoing or incoming request must undergo a translation process that also offers the chance to qualify or authenticate the request or match it with a previous request NAT also conserves the number of global IP addresses that a company uses and permits the use of a single IP address to interface with the world RiverMaster permits the Aurorean Network Gateway to be configured as a NAT server Aurorean Network Gateway 1000 User s Guide Appendix A Glossary Network Administrator The person responsible for installing and maintaining a company s network equipment and also insuring that network resources such as servers and the applications running on them are consistently available and performing well In terms of Enterasys Networks products this person physically installs Aurorean Policy Servers and Aurorean Network Gateways distributes Aurorean Client Software to remote users and runs RiverMaster software on his her computer to manage the entire VPN Point of Presence POP In Internet ter
7. Enter a Hostname for the system Optionally check the Use hostname with DHCP checkbox Click Apply O Click the Manual assigned IP address radio button and perform the following steps Specify the ANG 1000 s IP address Set the Subnet mask Aurorean Network Gateway 1000 User s Guide 21 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 22 Enter the Gateway IP address Specify the Primary DNS IP address Set the Secondary DNS IP address Click Apply O Click the PPPoE assigned IP address radio button and perform the following steps Specify a Username supplied by your cable DSL provider Enter a Password Type the password again in the Confirm field Click Apply 3 If you chose the Manual or PPPoE options a window appears detailing the reconfiguration changes and prompting you to reboot the ANG 1000 Click Reboot Now After a few moments when an IP address has been received for the external port the Internet LED will turn on If a static IP address was configured the Internet LED will shine immediately NOTE If you rs the reset button after you have configured your ANG 1000 you wi l lose your entire configuration Any settings you supplied must then be re entered We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Auro
8. IPSec auto configuration Aurorean Products onnection type PPTP Enterasys Home Start network gateway now O Force default route single VPN only disabled Figure 20 VPN Setup Window 18 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 1 Enter the Name of the remote ANG 3000 7000 you are connecting to 2 Enter the Gateway IP address of the remote ANG 3000 7000 3 Enter the Username on the remote ANG 3000 7000 4 Enter the Password on the remote ANG 3000 7000 5 Confirm the password on the remote ANG 3000 7000 6 Select the Connection type either EZ IPsec or PPTP The EZ IPsec feature provides one button configuration for standard IPSec with IKE tunnels connecting to an ANG 3000 7000 Users of legacy RiverPilot Release 2 1 and 2 2 as well as users of the Aurorean Client Release 3 0 can upgrade to 3 1 without having to uninstall reinstall their client software 7 Optional Click the Start network gateway now checkbox to create instant access or wait until the other end of the connection is created 8 Optional Click Force default route under Global VPN Settings Force default route disables the ANG 1000 s Intelligent Client Routing ICR feature which allows users to browse the Internet outside the tunnel Be aware that with Force Default enabled the ANG 1000 transmits all traffic through the tunnel which may cause Web browsing problems This feature work
9. Mask 255 0 0 0 dhcpcd Time to renew the address dhcpcd Renewing Send request timeout e1 tm 3 dhcpcd setDhcplInfo ip 3f51410f lease 258 renew 12c rebind 20d dhcpcd got in BOUND state dhcpcd Time to renew the address dhcpcd Renewing Send request timeout e1 tm 3 dhcpcd setDhcplInfo ip 3f51410f lease 258 renew 12c rebind 20d dhcpcd got in BOUND state dhcpd serving 192 168 1 100 IKE Trace IKE Begin QM Initiator 4409f0 to 146 123 34 500 Figure 26 Device Status Window continued Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Using Advanced Utilities Advanced Utilities provided by the ANG 1000 include O Setting the MAC Address of a newly attached ANG 1000 when you want to quickly connect to a cable service provider MAC addresses are used by service providers to identify supported users The ANG 1000 can proxy your computer s MAC address to the ISP but your provider may require that you change the default value reported by the ANG 1000 to reflect the PC s actual MAC address O Clearing the System Logfile shown in the Device Status window when you want to erase old and display updated information O Soft Rebooting to reset the ANG 1000 without recycling power This function is similar to pressing CTRL ALT DELETE on your computer ENTERASYS NETWORKS Aurorean Network Gateway 1000 Advanced Utilities Internet MAC Addr
10. OF IMPLIED WARRANTIES OR OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE ABOVE DISCLAIMERS MAY NOT APPLY TO YOU Termination Enterasys may terminate this license agreement and Licensee s right to use the Licensed Software if Licensee materially breaches the terms of this Agreement or fails to pay the licensee fee when due and fails to cure such breach within thirty days of notice thereof by Enterasys International Provisions Licensee agrees that it shall not directly or indirectly export the Licensed Software individually or as part of a system without first obtaining a license from the U S Department of Commerce or any other appropriate agency of the U S Government as required Diversion of products contrary to U S law is prohibited Applicable Law The parties agree that this license shall be governed by the substantive laws of the Commonwealth of Massachusetts and the United States The exclusive jurisdiction for any dispute regarding this Agreement shall be in the United States of America or for Licensees located in Europe London England The parties expressly disclaim the applicability of the U N Convention on the Sales of Goods Aurorean Network Gateway 1000 User s Guide Appendix D Technical Support License Agreement amp Support U S Government Commercial Computer Software This Licensed Software is Commercial Computer Software as provided in 48 CFR 2 101 and is licensed to U S Government agenc
11. or UPS as shown in Figure 9 The front Power LED will light the moment you power up the unit Power supply AC power cord Figure 9 Connecting the Power Cable to the Power Supply NOTE International customers may swap the electrical cord segment shipped with the ANG 1000 for a cord that meets the proper standard for their country A custom cord can be inserted in the power supply 8 Aurorean Network Gateway 1000 User s Guide Chapter 2 Checking ANG 1000 Connections Installation Checking ANG 1000 Connections The ANG 1000 is now connected and ready for configuration Check rear and front LEDS in the manner described below to confirm that the connections are working properly Rear Panel Link LEDs The two top link LEDs on the rear panel light the moment a connection is made to the respective network The two bottom link LEDs light when data is received and transmitted to the respective network by the ANG 1000 Trusted and external connections are operational and traffic is being passed as shown in Figure 10 S3 R ML M E E Md MU M V T ED E NAL Figure 10 Network Connection Indicators Front Panel LEDs The two front LEDs behave as follows at when powered up at startup O Power LED lights O Active LED blinks indicating the CPU is active All front panel LEDs are displayed in Figure 11 Aurorean Network Gateway 10
12. packets to be forwarded a a a a is the server address on the LAN Iport is the port being redirected rport is the port being redirected to Switch Definition t VPN address port Forward TCP traffic u VPN address port Forward UDP traffic A None Add the IP port forwarding table entry C None Clear the IP port forwarding table D None Delete the IP port forwarding table entry R IP address port Define the server IP address L None List the IP port forwarding table Follow the steps below to configure IP port forwarding 1 Login to Web Config Click on the Config File Editor menu option 2 3 Click on the ipfwrules Configuration File 4 Inthe Configuration File Edit window scroll to the end of the file 5 Under Expert Config type the following rules ipportfw C ipportfw A lt t or u gt VPN address local port R local server IP address remote port o Click Update and Reboot Now when prompted to save the change 36 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Refer to the table below for a sample IP port forwarding configuration Example ipportfw C ipportfw A t10 120 50 215 23 R 192 168 0 1 23 ipportfw A t10 120 50 215 21 R 192 168 0 1 21 ipportfw A t10 120 50 215 6000 R 192 168 0 2 6000 The above sample configuration performs the following tasks o o Clears the IP po
13. 0 7000 Negotiates tunnel protocols Encrypts data over tunnel Defines user group policies m wm m Site to Site connection Displays message alarm activity Configures system network settings Figure 2 ANG 1000 Topology An ANG 1000 comes equipped with the following CJ 100 240V 47 63 Hz power supply O High performance CPU 91 5 MHz O Complete set of diagnostic LEDs that show the server s operational status O Two 10 Base T Ethernet ports to connect the system to the network and the Internet 2 Aurorean Network Gateway 1000 User s Guide 2 Installation This chapter describes the steps required to unpack install and connect an Aurorean Network Gateway 1000 onto a desktop Unpacking the ANG 1000 Remove the ANG 1000 from the shipping box Save the box in case the unit needs to be returned System Software CD ROM Figure 3 Removing ANG 1000 from the Shipping Box Aurorean Network Gateway 1000 User s Guide 3 Connecting Cables Chapter 2 Installation The box contains a CD ROM with this instruction manual in the Adobe PDF format a Quick Setup card and accessories Accessories The ANG 1000 also is shipped with the following accessories O Two 10baseT cables blue and orange to connect to the LAN ports hub O One cross over red cable for a direct PC Network Gateway connection O One power supply with an attached cable to connect to the ANG 1000 O One power cord to connect the power
14. 00 User s Guide 9 Checking ANG 1000 Connections Chapter 2 Installation Internet Power Active Trusted External RX TX RX TX Figure 11 ANG 1000 Front Panel After the ANG 1000 is configured and in use the Internet VPN RX and TX LEDs will light and or blink Refer to Figure 12 for behavior of the LEDs The ANG 1000 is now ready for configuration Refer to Chapter 3 for detailed instructions Power 4 On when ANG is powered up Active Q Blinks when CPU is active Internet On when External network is assigned an IP address VPN w On when a tunnel is connected TX Blinks when data is transmitted RX Blinks when data is received Figure 12 ANG 1000 Front Panel LEDs NOTE COM1 and COM2 LEDS are not operational at this time 10 Aurorean Network Gateway 1000 User s Guide 3 Configuring the ANG 1000 with Aurorean Web Config To configure the ANG 1000 use the Internet browser on your computer and connect to the server via the Web During the Web session you run the Aurorean Web Config utility and configure the system Figure 13 illustrates the process Aurorean Network Gateway _ gt a E Aurorean lt A Policy Remotely Control ANG Manager V PC Desktop Figure 13 Configuring the ANG 1000 via Aurorean Web Config Before You Begin Before you begin configuration with Web Config review the following O Besurethe A
15. 000 memory values including Total Used Free Shared Cached Buffered and Swapped bytes Interface Configuration describes Trusted eth0 External eth1 IPsec eth1 0 24 PPTP ppp0 24 and Local Loopback lo port data including IP and MAC addresses netmasks Receive and Transmit errors and other information Note that the ppp0 interface is the Internet not WAN interface if the Internet is configured for PPPoE Network Devices tabulates interface Receive and Transmit errors Route Table entries detail connected networks gateways their associated IP addresses netmasks and other data Interrupts lists the hardware interrupts supported on the ANG 1000 as well as their vectors and interrupt counters The two SMC9194 items listed are the Ethernet Trusted and External port interrupts System Log categorizes ANG 1000 functions malfunctions including routing connections disconnections Check Device Status by performing the following step 1 28 Click the Device Status menu option The Device Status window appears as shown in Figure 25 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config ENTERASYS NETWORKS Aurorean Network Gateway 1000 Device Status Version Aurorean Network Gateway Release 1 0 Patch 00 Build 135 3 1 1 CPU VPN Status CPU COLDFIRE m5307 VPN Setup MMU none Connectivity Setup FU Temas Internet Setup BogoMips 59 80 LAN Setup Ca
16. 43 56 PPTP definition 43 protocols 46 regulatory compliance 46 RiverMaster definition 44 RJ 45 connector pin assignments 47 RMA number 54 Routers definition 44 routing 46 S safety compliance 46 Safety Instructions iv specifications chassis parameters 45 CPU memory 45 Ethernet port specifications 46 general 45 46 hard drive specifications 45 operating temperature 45 processor specifications 45 safety regulations 46 server capacity 45 server performance 45 supported protocols 46 System Description 1 T TCP IP 43 44 technical support 53 Trusted port connecting cables 6 tunnel protocols 46 tunneling definition 44 U UL notices iii Aurorean Network Gateway 1000 User s Guide Index V Virtual Private Network VPN definition 44 VPN See Virtual Private Network VPN 44 W warranty 50 Aurorean Network Gateway 1000 User s Guide 57
17. Aurorean Virtual Network ANG 1000 User s Guide Version 1 0 ENTERASYS NETWORKS Notice Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made The hardware firmware or software described in this manual is subject to change without notice IN NO EVENT SHALL Enterasys Networks AND ITS LICENSORS BE LIABLE FOR ANY INCIDENTAL INDIRECT SPECIAL OR CONSEQUENTIAL DAMAGES WHATSOEVER INCLUDING BUT NOT LIMITED TO LOST PROFITS ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT EVEN IF Enterasys Networks AND ITS LICENSORS HAVE BEEN ADVISED OF KNOWN OR SHOULD HAVE KNOWN THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc Part Number AVN ANG1 R10 35 Industrial Way May 2001 Rochester NH 03866 5005 Printed in the USA Enterasys Networks Inc is a subsidiary of Cabletron Systems Inc 2001 by Enterasys Networks Inc All Rights Reserved Printed in the United States of America The Enterasys Networks logo Aurorean Prescriptive Diagnostics Engine RiverMaster Intelligent Client Routing TollSaver are trademarks of Enterasys Networks Microsoft MS and MS DOS are registered trademarks and Windows Windows 95 Windows 98 Windows NT Windows 2000 Professional and Windows Mil
18. INT RUNNING MTU 1400 Metric 1 RX packets 77 errors 0 dropped 0 overruns 0 frame 0 TX packets 77 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo Link encap inet addr 1 UP BROADCAST LOOPBACK RUNNING MTU 3584 Metric 1 RX packets 77 errors 0 dropped 0 overruns 0 frame 0 TX packets 77 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Network Devices Inter Receive Transmit face packets errs drop fifo frame packers errs drop fifo colls carriers lo 77 0 0 0 0 0 0 0 0 0 0 etho 1381 0 0 0 0 2258 0 0 0 0 0 eth1 43150 0 0 0 0 13959 0 0 0 1 0 eth1 0 2300 0 0 0 0 1876 0 0 0 0 0 Route Table Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use lface 192 168 1 0 255 255 255 0 U 0 0 32 etho 172 16 2 0 j 255 255 255 0 U 0 0 5 eth1 127 0 0 0 a 255 0 0 0 U 0 0 1 lo default 172 16 2 1 0 0 0 0 UG 0 0 0 eth1 Interrupts 27 16692 SMC9194 29 2142 SMC9194 30 2113573 ColdFire Timer 31 0 Reset Button 224 0 ColdRire UART 225 0 ColdFire UART System Log Wed Apr 11 17 07 45 dhcpcd got in BOUND state Wed Apr 11 17 08 32 dhcpd serving 192 168 1 100 Wed Apr 11 17 12 45 Wed Apr 11 17 12 45 Wed Apr 11 17 12 45 Wed Apr 11 17 12 45 Wed Apr 11 17 17 45 Wed Apr 11 17 17 45 Wed Apr 11 17 17 45 Wed Apr 11 17 17 45 Wed Apr 11 17 18 32 Wed Apr 11 17 18 56 Ethernet HWaddr 00 D0 CF 00 4D 95 0 120 51 247 P t P 10 120 51 1 Mask Local Loopback 27 0 01 Bcast 127 255 255 255
19. NG 1000 is cabled correctly as described in Connecting an ANG 1000 in Chapter 2 of this manual O Ask your DSL or cable modem Internet provider and Network Administrator for any IP addresses work group network browsing or other information you may need to configure the ANG 1000 properly Minimally you will need The IP address of the ANG 3000 7000 you will connect to for setting up the VPN Aurorean Network Gateway 1000 User s Guide 11 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 12 To configure your PC to include the domain of the corporate network you will connect to To do so on your Windows 95 98 ME 2000 desktop click Start select Settings and double click Control Panel Win 2000 Network and Dial up Connections Double click the Network icon Win 2000 right click on Local Area Connection and click Properties click the Protocols tab select TCP IP Protocol click Properties select the DNS tab and add the Domain Suffix in the field provided Click OK twice to close the open windows On your computer release and renew the IP address for all adaptors bound to TCP IP Refer to the Caution on page 24 for instructions If you have cable service learn the MAC address of your computer as described on page 32 If your computer was supplied a static IP address and Gateway by your service provider you must now accept the address from a DHCP server and remove the gateway for the ANG 1000 to find
20. Return 5 Return Link 2 6 Receive EXTERNAL 7 Return 8 Return Figure 1 Figure 2 Ethernet Port Pin Assignments Aurorean Network Gateway 1000 User s Guide 47 Appendix C Pin Assignments Replacement Ethernet cables must meet the following requirements O Category 3 4 or 5 unshielded twisted pair UTP wiring O Length cannot exceed 328 feet 100 meters 48 Aurorean Network Gateway 1000 User s Guide License Agreement amp Support This appendix describes the terms and conditions that govern the use of Aurorean Virtual Network products including the warranties and provides contact information for obtaining technical support from Enterasys Networks Enterasys Networks License Agreement PLEASE READ THIS DOCUMENT CAREFULLY BEFORE USING ENTERASYS SOFTWARE BY USING THE SOFTWARE PRODUCT SHIPPED TO YOU BY ENTERASYS OR ITS DISTRIBUTOR LICENSED SOFTWARE YOU ACCEPT THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT DO NOT USE THE SOFTWARE PRODUCT YOU MAY RETURN THIS PRODUCT TO ENTERASYS FOR A FULL REFUND The Licensed Software is licensed not sold to you for use only under the terms of this license which represents the complete agreement and understanding between you and Enterasys Enterasys reserves any rights not expressly granted to you You own the media on which the software is originally or subsequently recorded or fixed but Enterasys r
21. a hub that connects up to 25 tunnels to the network as shown in Figure 6 Aurorean Network Gateway 1000 User s Guide 5 Connecting Cables Chapter 2 Installation Connecting an ANG 1000 The ANG 1000 is typically set up in the configuration shown below Site to site tunnel ae wee pena B NU SSS i ANG 3000 7000 User PEE s External connection Trusted Cable DSL Modem Aurorean Network Gateway 1000 Site to site tunnel Mb Internet connection User Trusted connection Figure 6 Connecting the ANG 1000 To connect the ANG 1000 Ethernet port perform the following steps 1 Doone ofthe following as shown in Figure 7 Ifyou are connecting to a hub plug the blue straight through Ethernet cable into the Trusted port of the ANG 1000 Ifyou are connecting directly to a computer attach one end of the red cross over cable to the Trusted port and the other end to an RJ45 connector on your computer Skip to Step 3 2 Plug the opposite end of the blue Ethernet cable into a wall jack patch panel or hub linked to a protected network segment The top link LED next to the ANG 1000 s Trusted port will immediately light if the port is connected to a 10 Mbps network after the unit is powered up 6 Aurorean Network Gateway 1000 User s Guide Chapter 2 Connecting Power to the ANG 1000 Installation Reset com4 s Optional crossover cable for direct PC connection Trus
22. able modem connection Abbreviation of Internet Protocol pronounced as two separate letters IP specifies the format of packets also called datagrams and the addressing scheme Most networks combine IP with a higher level protocol called Transport Control Protocol TCP IP which establishes a virtual connection between a destination and a source IP Address An identifier for a computer or device on a TCP IP network Networks using the TCP IP protocol route messages based on the IP address of the destination The format of an IP address is a 32 bit numeric address written as four numbers separated by periods Each number can be zero to 255 For example 172 16 4 14 could be an IP address IP Security Protocol IPSec Short for IPSecurity a set of protocols developed to support secure exchange of packets at the IP layer Aurorean Network Gateway 1000 User s Guide 41 Appendix A Glossary LAN LEDs Locan Area Network LAN connects computers and peripherals together in an office or a campus to allow the computers to access each other and other common peripherals Abbreviation of light emitting diode an electronic device that lights up when electricity is passed through it LEDs are usually red but the ANG 1000 uses green LEDs The LEDs are used to indicators Mac Address Short for Media Access Control address a hardware address that uniquely identifies each node on a network Network Address Translation NAT 42
23. and connect with the PC To do so click Start select Settings and double click on Control Panel Double click the Network icon select the Protocols tab and TCP IP Protocol click on Properties and the IP Address tab Select the Obtain an IP address from a DHCP server radio button Click Advanced select the Gateway click Remove and OK Click OK twice more to close the open windows Web Config supports the use of Internet Explorer 5 or Netscape 4 Web browsers Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config ge ga IIE TR TE SEG AT Logging into Web Config To log into Web Config perform the steps below 1 Point your Web browser at the default trusted IP address of the ANG 1000 In the browser s Location field at the top of the window type http 192 168 1 1 or aurorean include the dot and click OK The Login window appears as shown in Figure 14 Enter Network Password C o Cancel Figure 14 Login Window Type netadmin in the User Name and Password fields as shown in Figure 14 Click the checkbox to save your password if you desire and click OK The VPN Status window appears as shown in Figure 15 Aurorean Network Gateway 1000 User s Guide 13 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Viewing VPN Status The VPN Status window is the first screen to appear after logging in At this point you have just begun confi
24. by disconnecting power or the interface cables during the firmware update process First you ll see the following activity lights on the ANG 1000 Aurorean This indicates that the firmware image is being downloaded from the FTP source you entered in the previous screen The photo shows a download from an FTP server on the external interface These lights will be active during the time needed to retrieve the firmware image from the specified FTP server This would take about 15 30 seconds on a typical connection If there are no activity lights seen or if they are seen for a very short period of time there was an error downloading the firmware image After the firmware image is downloaded the new image is flushed or stored on the ANG 1000 This step takes about 30 45 seconds and the photo below shows the activity lights seen on the ANG 1000 when the device s flash memory is being upgraded with the new firmware image Once the Apply is pressed there will be a delay in displaying the next Web page for the ANG 1000 Web application It will only be displayed once the firmware image is downloaded and the new image is flashed to the ANG 1000 After these two steps are complete a status page is displayed to indicate whether or not the firmware update was successful If it was successful the Web page prompts the user to reboot the ANG 1000 to run with the new firmware image To start the firmware image download and update proces
25. censed Software with any items not supplied by Enterasys ii any modification or change to the Licensed Software by Customer or iii any failure by Customer to implement modifications or replacements distributed by Enterasys that address any alleged infringement This Section states the entire liability of Enterasys with respect to indemnification or liability for infringement or misappropriation of patents copyrights trademarks trade secrets or other proprietary rights by Enterasys or the Licensed Software or any part thereof or by their use or operation Limitation of Liability ENTERASYS AND ITS LICENSORS TOTAL LIABILITY FOR ANY CAUSE OF ACTION ARISING IN CONNECTION WITH THIS AGREEMENT AND REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE SHALL BE LIMITED TO THE ACTUAL DOLLAR AMOUNT ENTERASYS RECEIVED HEREUNDER FROM CUSTOMER FOR THE PARTICULAR PRODUCTS WHICH ARE THE Aurorean Network Gateway 1000 User s Guide 51 Enterasys Networks License Agreement Appendix D License Agreement amp Support 52 SUBJECT MATTER OF THE CAUSE OF ACTION IN NO EVENT SHALL ENTERASYS BE LIABLE FOR ANY LOST OR ANTICIPATED PROFITS OR SAVINGS OR ANY INCIDENTAL EXEMPLARY PUNITIVE SPECIAL OR CONSEQUENTIAL DAMAGES REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE AND WHETHER OR NOT ENTERASYS WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES SOME STATES DO NOT PERMIT DISCLAIMERS
26. cssecesesseceeesseceseceeesseeeseseeseneeeses ix Conventions Used in This Guide eese nennen etre nnn en tenentes ens x Related Publications nuce E e ceo rebate reae tc esas esee sedo xi Chapter 1 Overview System D SscriptiOra ine dh nee rein iren eaves e HE LEE FR FE EA 1 Chapter 2 Installation Unpacking the ANG 1000 nci tetti teer street stent petet etis cioe te ipee deer di cesis eed 3 A CCOSSOFIES P vbek 4 Location Planning tein iecit iiie eei ia eee a deest 4 Connecting Cables ce certet iet re teet ke Rieder adp doeet re EE 4 Bthernet Cables s 0H eei ee repete d ped es 5 Connecting an AING T000 is ia nne rer treten reir tiet t dee dens 6 Connecting Power to the ANG 1000 ccccccsssseseststeseseeeeneescecenssesesnsnsnensseseeesesceseneneneaane 7 Checking ANG 1000 Corinections e erneuert nter eee tente sentiet ener tene ternas i Sie 9 Rear Panel Link LBDs anual p PH pe ei etie ege 9 Front Panel EBDS ener t tren pr re E Re SEENEN RE Eee e Ro eee oe 9 Aurorean Network Gateway 1000 User s Guide v Chapter 3 Configuring the ANG 1000 with Aurorean Web vi Config Before You Beg if seprene 11 Logging into Web Config 5 niit seshesstacstinsssdacsbansbadeestassbadecshasdiateetsiscaatscadees 13 Viewing VPN Status c nndee eidem in hn erre rin t eer HER HE EH H EH U E 14 Downloading the Latest Firmware
27. difications or changes made to this device and not approved by Enterasys Networks may void the authority granted by the FCC or other such agency to operate this equipment There are no user repairable components in the Aurorean Network Gateway 1000 Canadian Notices This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Department of Communications Cet appareil num rique respecte les limites bruits radio lectriques applicables aux appareils num riques de Classe A prescrites dans la norme sur le mat riel brouilleur Appareils Num riques NMB 003 dict e par le ministre des Communications NOTICE The Industry Canada label identifies certified equipment This certification means that the equipment meets certain telecommunications network protective operational and safety requirements The Department does not guarantee the equipment will operate to the user s satisfaction Before installing this equipment users should ensure that it is permissible to be connected to the facilities of the local telecommunications company The equipment must also be installed using an acceptable method of connection In Some cases the inside wiring associated with a single line individual service may be extended by means of a certified connector assembly The customer should be aware that compliance with t
28. e Aurorean server which can be used to complete a VPN connection with the ANG 1000 O A Portable Document File PDF version of this manual is available and can be downloaded from the Enterasys com Web site You can view this manual on line or print a copy of it using Adobe Acrobat Reader 3 0 or later Acrobat Reader can be downloaded from the Enterasys web site or the Adobe web site at www adobe com Aurorean Network Gateway 1000 User s Guide xi 1 Overview This chapter describes the key features of the Aurorean Network Gateway 1000 and how it is used System Description The ANG 1000 displayed in Figure 1 provides home or small office connectivity to a corporate branch office or headquarters It supports up to 25 tunnels Aurorean pere ANG 1000 ANG 1000 Front Rear Figure 1 ANG 1000 Front and Rear Views Figure 2 illustrates how the ANG 1000 typically connects to the corporate network Aurorean Network Gateway 1000 User s Guide 1 System Description Chapter 1 Overview Negotiates tunnel protocols APS 3000 7000 Compresses data over tunnel Encrypts data over tunnel _ ANG 3000 7000 Authenticates Aurorean users or forwards login requests to RADIUS servers Logs message alarm activity Maintains master TollSaver database fil INTERNET WUU AO ANG 1000 Initiates tunnel to ANG 300
29. e a remote user database on the Aurorean Policy Server or instruct the Aurorean Policy Server to authenticate remote users against an external Aurorean Network Gateway 1000 User s Guide 39 Appendix A Glossary 40 DHCP DSL authentication server such as a RADIUS or SecurID server When the network administrator changes tunnel connection parameters the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request Dynamic Host Configuration Protocol DHCP servers are used to assign IP addresses The Aurorean Network Gateway 1000 is capable of assigning IP addresses Refers to Digital Subscriber Lines DSL technologies use sophisticated modulation schemes to pack data onto copper wires They are sometimes referred to as last mile technologies because they are used only for connections from a telephone switching station to a home or office not between switching stations Usually the maximum distance between the home or office and the switching station has to be around one mile Ethernet The Ethernet originated in 1974 by Xerox to connect many office machines together to allow communications between them Coax cable was originally used today twisted pair wire can be used and the speeds can be up to 10 megabits per second Firewall A combination of hardware and software which limits the exposure of a corporate network to outside attack by enforcing a boundary between the network and the I
30. ean Web Config Aurorean Network Gateway 1000 Configuration File Edit File etc config config oasswd neGpPWI1 gigw2 wizard 1 dhcpcd 1 snwantype 1methO 255 255 255 0 ipethO 192 168 1 1 uhn 0 dhcpd 1 web0 0 web1 0 web2 0 telo 0 teli 0 tel2 0 MODEEXPERT WANTYPE 1 o Delete Figure 29 Configuration File Edit Window vL NOTE You can remove the Configuration Editor along with the Advanced Utilities opi from the main menu by selecting the config command deleting t e MODEEXPERT on argument and clicking Update Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config NOTE If you A the reset button after you have configured your ANG 1000 you will lose your entire configuration Any settings you have changed from factory defaults such as firewall rules will be removed We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button Configuring IP Port Forwarding ANG 1000 s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG 1000 available to the rest of the VPN In contrast to Network Address Translation NAT which allows access to external side servers initiated by internal side hosts Port Forwarding permits access to internal side servers initiated by external side hosts This is accompli
31. electric shock Never spill liquid of any kind on the product 11 Do not attempt to service this product yourself as operating or removing covers may expose you to dangerous voltage points or other risks Refer all servicing to qualified service personnel 12 Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following conditions a When the power cord or plug is damaged or frayed b If liquid has been spilled into the product c Ifthe product has been exposed to rain or water d If the product does not operate normally when the operating instructions are followed Adjust only those controls that are covered by the operating instructions since improper adjustment of other controls may result in damage and will often require extensive work by a qualified technician to restore the product to normal condition e Ifthe product has been dropped or the chassis has been damaged f Ifthe product exhibits a distinct change in performance indicating a need for service 13 Use only the proper type of power supply cord set provided in your accessories box for this unit It should be a detachable type UL listed CSA certified type SPT 2 rated 7A 125V minimum VDE approved or equivalent Maximum length is 15 feet 4 6 meters iv Aurorean Network Gateway 1000 User s Guide Table of Contents About This Guide Contents of the Guide ccccceecccccscessccccsssscescescesssesceseceseseu
32. ess Assignment VPN Status MAC address J D JL JL VPN Setup Connectivity Setup Internet Setup LAN Setu Clear System Logfile Firewall Setup ANG 1000 System Set Password Device Status Firmware Update Soft Reboot ANG 1000 Advanced Utilities ne Apply Figure 27 Advanced Utilities Window 1 Click the Advanced Utilities menu option The Advanced Utilities window appears as shown in Figure 27 Aurorean Network Gateway 1000 User s Guide 31 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 2 Do one of the following To change the ANG 1000 s MAC address to reflect your computer s MAC address first find the computer s address by issuing the proper command at a DOS pone For Windows 95 98 ME systems type winipcfg for Windows NT 2000 systems ee ipconfig all for Macintosh systems check the TCP IP control panel In the command output look for the Physical or Adapter Address value For example c ipconfig all Ethernet adapter E190x1 Description 3Com 3C90x Ethernet Adapter Physical Address 00 10 4B 9D 18 17 Enter the value in the Internet MAC Address Assignment fields Click Apply and Reboot Now when prompted to save the change Select Clear System Logfile and click Apply Select Soft Reboot ANG 1000 and click Apply yL NOTE ANG 1000 connections broken during a reboot will be lost after service returns moin d the traff
33. etains ownership of all copies of the software itself License Grant Enterasys Networks Inc 35 Industrial Way Rochester New Hampshire 03866 hereby grants to Licensee a personal nonexclusive non transferable license to use the Licensed Software on the servers on which the Software is first installed Licensed Servers and on an unlimited number of client processors subject to the limit on simultaneous users as specified by the Aurorean Network Gateway 1000 User s Guide 49 Enterasys Networks License Agreement Appendix D License Agreement amp Support 50 scope of the license that Licensee has purchased from Enterasys Should one or more the above Licensed Servers be upgraded and or replaced by other Enterasys servers purchased by Customer pursuant to Enterasys then current upgrade policy the license may be transferred and the Software may be used on the replacement server s This License shall commence upon the receipt by Licensee of the Licensed Software and shall continue until Licensee discontinues use or this Agreement is terminated No ownership of the Licensed Software or any of its parts is transferred to Licensee Licensee may make copies of the Licensed Software in object code form for archival and backup purposes only All copies including copies of the documentation must bear the copyright notice s and restricted rights legend contained in or on the original Except as expressly permitted by law without
34. figuration Protocol server O A Manual assigned IP address you or your network administrator set the ANG s IP address and associated Subnet Gateway and DNS values Consult with your Network Administrator for required values O A PPPoE PPP over Ethernet assigned IP address your DSL provider transparently sets the IP address via the use of a Username and Password Obtain this information from your service provider before you enter this data Begin Internet Setup by performing the following steps 20 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 1 Click the Internet Setup menu option The Internet Setup window appears as shown in Figure 21 Connectivity Setup e Internet Setup e LAN Setup e Firewall Setup ANG 1000 System e Set Password e Device Status e Firmware Update e Advanced Utilities Links e Config File Editor e Aurorean Products e Enterasys Home Aurorean Network Gateway 1000 Internet Setup Internet Address Assignment DHCP assigned IP address O Use Hostname with DHCP C Manual assigned IP address IP Address i L Subnet oz Gateway 1 1 E Primary DNS l Secondary DNS i c PPPoE assigned address Username Password Confirm Figure 21 Internet Setup Window 2 Do one ofthe following O Click the DHCP radio button and perform the following steps
35. guration so the VPN Status window appears empty Later after you have configured a VPN connection to an ANG 3000 7000 the window will display information similar to the data shown in Figure 15 Aurorean Network Gateway 1000 VPN Status Connection Primary Secondary Username State Status 146 115 206 15 Icortese Enabled Authenticating Connectivity Setup e Internet Setup e LAN Setup e Firewall Setup ANG 1000 System e Set Password e Device Status e Firmware Update e Advanced Utilities Links Config File Editor e Aurorean Products e Enterasys Home Figure 15 VPN Status Window 1 Click the Firmware Upgrade menu option and go to the next page 14 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Downloading the Latest Firmware After logging in download the latest firmware image to the ANG 1000 s flash memory provided the MAC address is set for cable service users refer to page 32 by accessing the FIP server where it is stored As new firmware becomes available you can update it again Begin updating your firmware by performing the following steps 1 Click the Firmware Upgrade menu option The Firmware Upgrade window appears as shown in Figure 16 Aurorean Network Gateway 1000 Firmware Update FTP server e VPN Status Firmware image 1 filepath e VPN Setup ui Username Connectivity Setup Internet Setu Pa
36. he above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment Users should ensure for their own protection that the electrical ground connections of the power utility telephone lines and internal metallic water pipe system if present are connected together This precaution may be particularly important in rural areas CAUTION Users should not attempt to make such connections themselves but should contact the appropriate electric inspection authority or electrician as appropriate UL Notices The Aurorean Policy Server and Aurorean Network Gateway have been tested and found to comply with the UL 1950 Revision 3 regulation European Notices The ANG 1000 has been tested and found to comply with the CISPR 22 1997 Class B regulation Aurorean Network Gateway 1000 User s Guide ELECTRICAL HAZARD Only qualified personnel should perform installation AN procedures Important Safety Instructions 1 Read these instructions carefully Save these instructions for future reference 2 Follow all warnings and instructions marked on the product 3 Unplug this product from the wall outlet before cleaning Do not use liquid c
37. ic stream Telnet e g for a couple minutes before re initiating t e connection resolves the problem Using the Configuration Editor Knowledgeable network administrators can use the Configuration Editor to invoke commands on the ANG 1000 s LINUX 2 0 operating system CAUTION Inexperienced users or those unfamiliar with LINUX attempting to use this editor may disable the system We recommend only expert users in conjunction with Enterasys Customer Support use this editor 32 Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 1 Click the Configuration Edit menu option The Configuration Edit window appears as shown in Figure 28 ENTERASYS NETWORKS Aurorean Network Gateway 1000 Configuration File Edit Help This Web application allows you to update and delete the system configuration Configuration Files files of the ANG 1000 These files are used to control the ANG 1000 for its VPN config functionality Internet and LAN connectivity firewall capabilities networking inittab startup commands and other key features of the ANG 1000 device ipfwrules options Extreme caution needs to be exercised when modifying the system ripd conf configuration files of the ANG 1000 The raw contents of the files are exposed start for updating and improper editing could render the ANG 1000 inoperable Bear zebra cont this in mind as you u
38. ies and personnel only with the rights set forth in this license The use of the Licensed Software by the Government constitutes acknowledgment of Enterasys s proprietary rights in the Licensed Software The manufacturer is Enterasys Networks 35 Industrial Way Rochester New Hampshire 03866 The licensee or user of this product agrees not to remove any of the RESTRICTED RIGHTS legends and markings included in this software and associated documentation Technical Support Enterasys Networks provides easy access to technical support information through a variety of services Support from Enterasys Networks Enterasys Networks offers two ways of contacting customer support personnel On line Services To receive answers to technical questions on Aurorean Virtual Network products send E mail to support enterasys com Please include your name title company and phone number in all correspondence Phone Support Enterasys Networks customer support personnel are available by calling 1 800 872 8440 When you call please call from a position where you can operate the RiverMaster management application or view the server s LEDs and make sure you have the following information ready O State of the LEDs on both the front and rear panels of the server s O A list of the error messages appearing in the RiverMaster message alarm display Aurorean Network Gateway 1000 User s Guide 53 Technical Support Appendix D License Agreemen
39. leaners or aerosol cleaners Use a damp cloth for cleaning 4 Do not use this product near water 5 Do not place this product on an unstable cart stand or table The product may fall causing serious damage to the product 6 Slots and openings in the chassis are provided for ventilation to ensure reliable operation of the product and to protect it from overheating these openings should not be blocked or covered The openings should never be blocked by placing the product on a bed sofa rug or other similar surface This product should never be placed near or over a radiator or heat register or in a built in installation unless the proper ventilation is provided 7 This product should be operated from the type of power indicated on the marking label If you are not sure of the type of power available consult Enterasys Networks or your local power company 8 Do not allow anything to rest on the power cord Do not locate this product where persons will walk on the cord 9 If an extension cord is used with this product make sure that the total ampere rating of the equipment plugged into the extension cord does not exceed the extension cord ampere rating Also make sure that the total rating of all products plugged into the wall outlet does not exceed the fuse rating 10 Never push objects of any kind into this product through chassis slots as they may touch dangerous voltage points or short out parts that could result in a fire or
40. lennium are trademarks of Microsoft Corporation in the USA and other countries Virtual Network Computing is a trademark of AT amp T Laboratories Cambridge y Ke d fi n ActiveState ActivePerl and PerlScript are trademarks of ActiveState Tool Corp STATE Other trademarks and trade names used in this publication belong to their respective owners Aurorean Virtual Network software includes the following third party components Commercial support for ActivePerl is available through PerlClinic at http www ActiveState com Peer support resources for ActivePerl issues can also be found at the ActiveState Web site under support at http ActiveState com support The ActiveState Repository has a large collection of modules and extensions in binary packages that are easy to install and use To view and install these packages use the Perl Package Manager PPM which is included with ActivePerl ActivePerl is the latest Perl binary distribution from ActiveState and replaces what was previously distributed as Perl for Win32 The latest release of ActivePerl as well as other professional tools for Perl developers are available from the ActiveState Web site Gate Daemon software O 1995 The Regents of the University of Michigan All rights reserved Gate Daemon was originated and developed through release 3 0 by Cornell University and its collaborators A DES implementation written by Eric Young 1995 1997 Eric Young eay cryptsoft com All rights reser
41. liance 46 compression 46 Connecting 7 connector pin assignments 47 connectors Ethernet 47 customer support phone numbers 53 DHCP definition 40 DSL Digital Subscriber Line 40 Aurorean Network Gateway 1000 User s Guide encryption 46 Ethernet cable requirements 48 definition 40 port LEDs 6 ports 2 5 specifications 46 External port connecting cables 7 F Firewall definition 40 G Generic Routing Encapsulation GRE 41 46 GRE See Generic Routing Encapsulation GRE 41 installation before you begin 4 connecting cables 4 7 connecting power 8 locating a server 4 Internet Service Provider ISP definition 41 IP Internet Protocol 41 IP address definition 41 IP Security Protocol IPSec 46 definition 41 IPX 43 L LAN definition 42 protocols 46 55 Index LEDs definition 42 Ethernet ports 6 9 front panel 9 license agreement 49 53 Mac Address definition 42 NAT server description 42 NetBEUI 43 Network Address Translation NAT definition 42 Network Administrator definition 43 network cable requirements 48 Notices Canadian iii FCC iii General ii UL iii Oo on line customer support 53 P pin assignments Ethernet 47 Point of Presence POP definition 43 Point to Point Protocol PPP definition 43 Point to Point Tunneling Protocol PPTP 46 definition 43 POP definition 43 power connections 8 powersupply 8 specifications 45 PPP definition 43 PPPoE definition
42. libration 29900800 loops Firewall Setup ANG 1000 System Memory Set Password total used free shared buffers cached Device Status Mem 14311424 851392 d 2460032 0 299008 102400 0 D Free pages 3042 12168kB 960 Frag 964 slack Advanced Utilities Free blks 4 min 1 max 3034 avg 760 Links Used blks 4 min 1 max 1016 afg 263 DN MemrTotal 13976 kB Config File Editor MemFree 12168 kB Aurorean Products MemShared 0 kB Enterasys Home Buffers 296 kB Cached 172 kB SwapTotal 0 kB SwapFree 0 kB Firmware Update Swap Interface Configuration etho Link encap Ethernet HWaddr 00 DO CF 00 4D 94 inet addr 192 168 1 1 Bcast 192 168 1 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 1381 errors 0 dropped 0 overruns 0 frame 0 TX packets 2288 errors 0 dropped 0 overruns 0 carrier 0 collisions 3 Interrupt 29 Base Address 0x300 Link encap Ethernet HWaddr 00 D0 CF 00 4D 95 inet addr 172 16 2 231 Beast 172 16 2 255 Mask 255 255 255 0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU 1500 Metric RX packets 43150 errors 0 dropped 0 overruns 0 frame 0 TX packets 13959 errors 0 dropped 0 overruns 0 carrier 0 collisions 1 Interrupt 27 Figure 25 Device Status Window Aurorean Network Gateway 1000 User s Guide 29 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 30 eth1 0 Link encap inet addr 1 255 255 255 255 UP POINTOPO
43. ms the physical site that contains an ISP s network equipment Remote users dial into the POP authenticate against the ISP s customer database and then gain access to the Internet ISPs typically have POPs scattered throughout their service area so that can customers can dial a local phone call and avoid paying long distance charges when accessing the Internet Point to Point Protocol PPP The Internet standard for sending network traffic over serial lines such as dial up phone lines Unlike its predecessor SLIP Serial Line Internet Protocol PPP provides error detection and compression capabilities Point to Point Tunneling Protocol PPTP A network protocol for linking remote locations over the Internet rather than over costly long distance or leased lines To accomplish this PPTP encapsulates other network protocols such as TCP IP IPX and NetBEUI and uses encryption to secure the data sent over the Internet PPTP was developed jointly by Microsoft and U S Robotics 3Com PPPoE The Point to Point over Ethernet protocol provides a connection to the Internet through a DSL provider It is also identified as PPPoE Aurorean Network Gateway 1000 User s Guide 43 Appendix A Glossary 44 RiverMaster A management application running on a Windows NT 4 0 Workstation computer which communicates with Aurorean Policy Servers and Aurorean Network Gateways Using RiverMaster a network administrator creates user database
44. nge of consecutive IP addresses you will create for this ANG 1000 Set the total Number of IP addresses the ANG 1000 can distribute er Keep Enable DNS proxy checked so that the ANG 1000 will act as a DNS server for all its tunnels DNS proxy resolves host names and IP addresses because the domain server is non routable forcing attached hosts to request these values If your hosts know the DNS address they are seeking you can disable this feature This option is on by default Optional ye Enable WINS proxy checked so that PCs on the LAN can be notified of WINS servers discovered during tunnel setup WINS proxy notifies local PCs of the remote WINS servers without manual intervention This option can be disabled if local PCs already know remote WINS server IP addresses This option is on by default Click Apply A CAUTION If m change the default LAN Setup and reboot the ANG 1000 you must release and renew the IP address for all adaptors bound to TCP IP on your connected computer s in order to reconnect with the ANG 1000 and make future changes Perform the following steps On your desktop click Start and Run For Windows 95 98 ME systems type winipcfg click OK click Release and click OK Then click Renew All and click OK For Windows NT 2000 systems type ipconfig release and press ENTER Then type ipconfig renew and press ENTER For Macintosh systems check the TCP IP control panel 3 If yo
45. nternet Firewalls normally fall into one of two categories application level or network level often referred to as a packet filter An application level firewall examines traffic at the application level and only passes packets that are sent by approved applications such as FTP E mail or Telnet This type of firewall often readdresses outgoing traffic so that it appears to have originated at the firewall rather than an internal host thereby concealing the address of the internal host A network level firewall examines traffic at the network packet level and filters packets based on the destination and or source address Aurorean Network Gateway 1000 User s Guide Appendix A Glossary Generic Routing Encapsulation GRE Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels creating a virtual point to point link over the Internet For PPTP GRE is used to encapsulate PPP data packets within an IP packet IP packet headers contain address information necessary for routing while PPP packets do not Internet Service Provider ISP IP A vendor who provides direct access to the Internet ISPs bill users for the amount of time they are connected and may also offer additional services such as Web site hosting E mail or news group readers Remote users reach the ISP by dialing into an ISP POP with a computer modem and phone line or over a dedicated circuit such as a c
46. ompatible DES 56 bit or Triple DES 168 bit with IPSec only Compression Microsoft Point to Point Compression MPPC Ethernet Number of Ports Two Data Transfer Rate 10 Mbps Connector 8 position modular jack RJ 45 Safety Regulations US Canada Europe UL 1950 CSA C22 2 No 950 73 23 EEC EN60950 and IEC950 EMCI 46 US Canada Europe Japan Australia New Zealand Taiwan Russia International FCC Part 15 CSA C108 8 89 336 EEC EN55022 EN61000 3 2 EN61000 3 3 EN50082 1 AS NZS3548 and VCCI VD3 COMB POLE RS ERE AER BMA VCCI OF KEOSVIRAHRENKRE CT TORE EKERI CHEAT S CBR GHEE AMOTLCEMBVED C OBGICuuneau8g M RET SEAIBRENSTEMHOVET Aurorean Network Gateway 1000 User s Guide C Pin Assignments This appendix describes pin assignments for the Ethernet connectors on the back of the ANG 1000 Because ANG 1000 servers ship with all the cables required this information is only necessary if you need to purchase or fabricate a replacement cable ANG 1000 servers are equipped with Ethernet ports located at the rear of the chassis supporting full duplex 10Base T transmission Both port types conform to IEEE 802 3 standards with 8 pin modular RJ 45 connectors Figure 2 shows the pin assignments for ANG 1000 server Ethernet ports Pin 8 xX E 1 Pin Signal Link 1 1 Transmit TRUSTED 2 Transmit 3 Receive 4
47. own in Figure 15 with the previous release information The Device Status window also lists this data Aurorean Network Gateway Release 1 0 Patch 00 Build 135 3 3 1 Page last modified Wed Apr 13 16 52 37 EST 2001 2001 Enterasys Networks All rights reserved Figure 19 Image Date and Build Information Aurorean Network Gateway 1000 User s Guide 17 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Setting Up the VPN The VPN configuration created on the ANG 1000 completes a link with the ANG 3000 7000 on the remote end of this connection If your network administrator has already set up the ANG 3000 7000 with appropriate User Password and Group information after setting up the VPN you will build the site to site tunnel connection and be up and running on the corporate LAN Begin VPN Setup by performing the following steps 1 Click the VPN Setup menu option The VPN Setup window appears as shown in Figure 20 Aurorean Network Gateway 1000 VPN Setup Assigned VPN Connections VPN Status i VPN Setup There ale no network gateway connections currently defined Please fill in the information below and add one Connectivity Setup Internet Setup LAN Setup _ Firewall Setu Add VPN Connection ANG 1000 System Name CO Set Password Gateway Device Status Firmware Update Username Advanced Utilities Password Links Confirm Config File Editor C ti EZ IPsec uses EZ
48. rean Web Config SS EEE EE ee Setting Up the LAN LAN configuration of the Trusted side of the ANG 1000 involves choosing either to manually set an IP address and subnet for the ANG 1000 or dynamically assigning its IP address via your network s DHCP server Begin LAN Setup by performing the following steps 1 Click the LAN Setup menu option The LAN Setup window appears as shown in Figure 22 Aurorean Network Gateway 1000 LAN Setup LAN Address Assignment C DHCP assigned IP address C ty Set Manual assigned IP address onnectivity Setu e Internet d T IE address 192 168 J 1 LAN Setup Subnet 255 255 255 0 e Firewall Setu Iv DHCP server enabled ANG 1000 System Starting IP address e Set Password 192 1e8 1 100 Device mE Number of IP addresses e Firmware Update 100 e Advanced Utilities v Enable DNS proxy Iv Enable WINS proxy Links e Config File Editor Figure 22 LAN Setup Window 2 Do one ofthe following O Click the DHCP assigned IP address radio button and perform the following steps Click Apply Aurorean Network Gateway 1000 User s Guide 23 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 24 O Click the Manual assigned IP address radio button and perform the following steps Set the ANG 1000 s IP address Set the Subnet mask Optional Click the DHCP server enabled box if the server is up and running Set the Starting IP address of the ra
49. rt forwarding table Maps telnet TCP port 23 from the VPN address 10 120 50 215 to port 23 on the internal server 192 168 0 1 Maps FIP from the VPN address to the same 192 168 0 1 server Maps X windows TCP port 6000 to a different server 192 168 0 2 Aurorean Network Gateway 1000 User s Guide 37 A Glossary Aurorean Network Gateway An Enterasys Networks device that creates a secure virtual private circuit over the Internet between itself and a remote user s computer The Aurorean Network Gateway encapsulates data packets using IPSec and encrypts data to prevent third parties from intercepting and examining it There are three types of Aurorean Network Gateways O Aurorean Network Gateway 7000 a tunnel server that can accommodate up to 5000 remote users O Aurorean Network Gateway 3000 a tunnel server that can accommodate up to 500 remote users O Aurorean Network Gateway 1000 a tunnel server that establishes a site to site tunnel between itself and either an ANG 7000 or an ANG 3000 server It can accommodate up to 25 tunnels Aurorean Web Config Aurorean Web Config is the utility used to configure the Aurorean Network Gateway 1000 It is Web based and is accessed through the use of a Web browser Aurorean Policy Server An Enterasys Networks device that manages Aurorean Network Gateways Network administrators configure Aurorean Policy Servers from a RiverMaster computer The network administrator can creat
50. s press the Apply button now Apply lt lt Back Figure 17 Second Firmware Update Window Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 7 After downloading and flashing are complete a status page displays as shown in Figure 18 indicating the process was successful and displaying the FTP server IP address and new build filepath ENTERASYS VPN Status VPN Setup NETWORKS Firmware Update The Aurorean Network Gateway 1000 has been updated with the changes you have selected The following list shows the modifications that have been made Download new firmware image Connectivity Setup FIP server 146 34 69 128 Internet Setup LAN Setup Filepath NewBuild Build87 ANG1000 1 0 00 87 bin Username anonymous Firewall Setu The Aurorean Network Gateway 1000 needs to be rebooted in order to run with ANG 1000 System the changes you have selected Press the Reboot Now button below to reboot Set Password the ANG 1000 Device Status Firmware Update Reboot Now Advanced Utilities Links lt lt Back Figure 18 Successful Firmware Update Window Reboot the ANG 1000 by clicking Reboot Now The ANG 1000 will take a few moments to accept the new software To ensure that the image was updated compare the date last modified Release Build and Patch numbers in the lower left corner of the VPN Status window as sh
51. s sets policies for user groups views activity logs and generates usage reports Routers Devices which direct network traffic among LANs or WANs until the data reaches its destination To do this routers communicate with one another using dedicated protocols such as IGRP Interior Gateway Routing Protocol and BGP Border Gateway Protocol to transfer information on network addressing status and configuration Abbreviation for Transmission Control Protocol Internet Protocol The suite of communications protocols used to connect hosts on the Internet TCP IP uses several protocols the two main ones being TCP and IP TCP IP is built into the UNIX operating system and is used by the Internet making it the de facto standard for transmitting data over networks Even network operating systems that have their own protocols such as Netware also support TCP IP Tunneling Technology that lets a network transport protocol carry information for other protocols within its own packets For example by encapsulating NetBEUI packets IP can route them across the Internet which is not normally possible Virtual Private Network VPN An extension of a company s private network that uses the resources of the public Internet While most private networks use dedicated lines and equipment that are company property a virtual private network borrows resources from the Internet on an as needed basis Aurorean Network Gateway 1000 User s Guide
52. s with only one tunnel up and running it is disabled if you create more than one tunnel 9 Click Apply After applying your changes a VPN Setup update window appears displaying configuration revisions NOTE Now that you have set up a site to site connection configuration is complete unless you want to change the default Internet LAN Firewall Password default values or your service is a Digital Subscriber Line DSL which requires that you set a PPPoE assigned IP address refer to Setting Up the Internet Connection on page 20 Some cable internet providers also require that you specify a MAC address refer to Using Advanced Utilities on page 31 for more information Aurorean Network Gateway 1000 User s Guide 19 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config NOTE If you ae the reset button after you have configured your ANG 1000 you will lose your entire configuration Any settings you supplied must then be re entered We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults Setting Up the Internet Connection Internet configuration of the External side of the ANG 1000 involves choosing the type of IP address assignment the ANG 1000 will accept The ANG can accept one of the following O ADHCP assigned IP address your network automatically sets the ANCG s IP address via the DHCP Dynamic Host Con
53. se this Web application ipfwrule routing dhcpd conf When the configuration files are modified the ANG 1000 device may need to dhcpd iplist be rebooted in order for the changes to take effect Other modifications to config ike configuration files can be made and their effects will be seen in the running hosts System If you are not clear as to which type of change you are making be sure pppoe to click the Reboot Now button when prompted winsd conf netrc This list of files on the left displays the files contained in the ANG 1000 RAM resolv conf based configuration file directory etc config Most of these files contain config dat editable text but some of them are stored as binary data and cannot be edited dhcpd cache eth1 hostinfo eth1 dhcpd leases Figure 28 Configuration Edit Window 2 Click on the command of your choice 3 The arguments of the command you selected are displayed in the Configuration File Edit window as shown in Figure 29 Aurorean Network Gateway 1000 User s Guide 33 34 ENTERASYS NETWORKS Help Configuration Files config einittab eipfwrules options eripd conf start zebra conf ipfwrule routing e dhcpd conf e dhcpd iplist config ike hosts pppoe winsd conf netrc e resolv conf config dat dhcpd cache eth1 e hostinfo eth1 dhcpd leases 4 Edit the UNIX command and click Update or Delete Chapter 3 Configuring the ANG 1000 with Auror
54. shed by rewriting the headers of all packets bound for the ANG 1000 and forwarding them to another host on the trusted side of the network depending on their destination port port numbers corresponding to standard well known protocols The IP addresses are re written so that incoming IP TCP and UDP packets are forwarded to their intended destinations and the reply packets are re written to appear to be coming from the ANG 1000 This process requires static known values for the following O The IP address assigned to ANG 1000 by the VPN This address is in RiverMaster in the ANG 1000 s user account and may not be assigned dynamically via pools or virtual subnets O The IP address of the server on the ANG 1000 trusted network one server per protocol This may not be dynamically assigned by the ANG 1000 via DHCP O The protocol TCP or UDP and the protocol port number IP Port Forwarding is configured by editing the ipportfw command in the ipfwrules configuration file in the Config Editor tool of the Web Config The ipportfw commands should be entered at the end of the ipfwrules file Aurorean Network Gateway 1000 User s Guide 35 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Refer to the tables below for command usage switches arguments and definitions Usage ipportfw A t u I I I l Iport R a a a a rport add entry D t u 1 1 1 port delete entry I I I I is the address of the VPN interface receiving
55. ssword Co e LAN Setu Confirm Firewall Setu Apply Figure 16 Firmware Update Window 2 Inthe FTP server field enter the name of the FTP server where the new ANG image is stored ang enterasys com 3 Type the full path of the location of the Firmware image ang1000 ANG1000 bin Enter the Username anonymous 5 Enter netadmin in the Password and Confirm fields and click Apply The Firmware Update window appears as shown in Figure 17 6 Click Apply and watch the External Trusted LEDs on the front panel blink displaying an inside outside pattern The image is downloaded for15 30 seconds and loaded in flash memory for another 30 45 seconds If the LEDs do not blink or only for a very short interval the download failed and you must try again Aurorean Network Gateway 1000 User s Guide 15 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config 16 VPN Status VPN Setup Connectivity Setup e Internet Setup LAN Setup Firewall Setup ANG 1000 System Set Password Device Status Firmware Update e Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Firmware Update To begin the update of the ANG 1000 firmware image press the Apply button at the bottom of the screen For users new to the process of upgrading the ANG 1000 firmware you will observe the following behavior once you press the Apply button It is critical not to disturb the ANG 1000
56. supply to the AC outlet Location Planning Place the ANG 1000 on a desktop near the following O Ethernet wall jack patch panel or hub with available ports O Near a DSL or Cable modem O A grounded wall outlet or uninterruptible power supply UPS Connecting Cables Ethernet cables are used to connect the ANG 1000 to your computer or LAN and the Internet ANG 1000 ANG 1000 Front Rear ENTER ASYS Figure 4 Front and Rear Views of the ANG 1000 4 Aurorean Network Gateway 1000 User s Guide Chapter 2 Connecting Cables Installation All interconnections are made at the back of the ANG 1000 refer to Figure 4 Although there is no power switch a reset button is located in the rear of the unit CAUTION If you nen the reset button after you have configured your ANG 1000 you will lose your entire configuration Any settings you supplied must then be re entered We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults Ethernet Cables The ANG 1000 is equipped with two 8 pin modular RJ 45 Ethernet ports labeled Trusted and External as shown in Figure 5 The Trusted port is connected to a computer or hub switch with networked computers The External port is connected to a cable or DSL modem Ex ase 7 ema Resef Figure 5 Location of the Ethernet Ports The trusted connection can be either a sole desktop computer or
57. t amp Support 54 O Details about any recent configuration changes if applicable Enterasys Networks also recommends that you have the RiverMaster Administrator s Guide on hand when you call Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller you may be asked to return the APS 3000 7000 or ANG 1000 3000 7000 for repairs You will receive a Return Material Authorization RMA number for the server Ship the server with the RMA number clearly visible on the outside of the package to the following address Enterasys Networks 35 Industrial Way Rochester NH 03866 Enterasys Networks recommends that you reuse the original shipping box or equivalent packaging to protect the server during shipment A NOTE Products sent to Enterasys Networks without an RMA number will be returned to the sender unopened at the sender s expense Aurorean Network Gateway 1000 User s Guide Index A Accessories 4 ANG 1000 Accessory Kit 4 Ethernet LEDs 9 Ethernet ports 5 front panel LEDs 10 Interconnects 6 Power connections 7 specifications 45 unpacking 3 Usage ix Aurorean Network Gateway definition 39 Aurorean Network Gateway 1000 See ANG 1000 Aurorean Policy Server definition 39 Aurorean Web Config definition 39 authentication 46 C cables connecting Ethernet 4 7 requirements 48 Canadiannotices iii comp
58. ted External Figure 7 Connecting Ethernet Cables to an ANG 1000 3 Plug an orange straight through Ethernet cable into the External port as shown in Figure 7 4 Plug the opposite end of this cable into a DSL or cable modem After you connect power the top External LED at the rear of the ANG 1000 will be lit the moment the cable it is connected NOTE If you have a DSL modem you will need to get an IP address from your provider and configure it before the External LED will light This condition may also exist for selective cable customers Some cable internet providers require that you supply the MAC address of your computer Refer to Chapter 3 for directions Connecting Power to the ANG 1000 A WARNING To avoid electrical shock connect the Aurorean system only to a grounded earthed outlet Aurorean Network Gateway 1000 User s Guide 7 Connecting Power to the ANG 1000 Chapter 2 Installation A switching power supply including a 6 power cord and a 7 electrical cord with an attached power supply is supplied with each system To connect these items to an ANG 1000 perform the following steps 1 Plug the power supply cord into the system s power socket as shown in Figure 8 ecc Reset com4 s Power supply cable Figure 8 Connecting AC Power on the ANG 1000 2 Plug the correct end of the AC power cord into the power supply and the other end into a grounded AC outlet
59. terasys Aurorean Network Gateway 1000 User s Guide Appendix D Enterasys Networks License Agreement License Agreement amp Support EXCEPT AS SPECIFICALLY PROVIDED HEREIN THERE ARE NO WARRANTIES EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR ANY IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE Infringement Indemnification Enterasys shall indemnify defend and hold Customer harmless from and against any claims actions or demands alleging that the Licensed Software directly infringes any United States patent trademark or copyright or misappropriates any trade secret right of any third party provided that Customer promptly notifies Enterasys of any such claim allows Enterasys to control the defense and provides reasonable information and assistance to Enterasys at Enterasys expense in the defense of the claim Customer shall permit Enterasys to replace or modify any affected Licensed Software to avoid infringement or to procure for Customer the right to continue to use such Licensed Software If neither of such alternatives is reasonably possible Enterasys may require Customer to return the affected Licensed Software to Enterasys and Enterasys sole liability in regard to such return shall be to refund the purchase price paid by Customer Enterasys shall have no obligation with respect to claims actions or demands to the extent that they are based upon i the combination of Li
60. the possibility of contractual waiver Licensee agrees that it will not attempt to reverse engineer reverse compile or reverse assemble the Licensed Software or otherwise seek to gain access to source code for the Licensed Software Licensee shall take all reasonable steps to protect the Licensed Software and documentation from unauthorized copying and use Licensee shall not without the express written consent of Enterasys provide disclose transfer or otherwise make available any Licensed Software or copies thereof to any third party Warranty Enterasys warrants to Licensee that the Licensed Software will when used in the specified operating environment substantially perform in the manner described in its documentation as it exists at the date of delivery for a period of one year from the date of original delivery to the Licensee Enterasys s sole obligation under this warranty shall be limited to using reasonable efforts to correct reproducible defects and distribute such corrections as part of the next scheduled maintenance release of the Software Enterasys does not warrant that i operation of any of the Licensed Software will be uninterrupted or error free or ii functions contained in the Licensed Software shall operate in the combination which may be selected for use by Licensee or meet Licensee s requirements Enterasys s warranty obligations shall be void if the Licensed Software is modified without the written consent of En
61. u chose the DHCP option or changed the DNS or WINS default entries a window appears detailing the reconfiguration changes and prompting you to reboot the ANG 1000 Click Reboot Now Aurorean Network Gateway 1000 User s Guide Chapter 3 Configuring the ANG 1000 with Aurorean Web Config NOTE If you a the reset button after you have configured your ANG 1000 you will lose your entire configuration Any settings you supplied must then be re entered We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults Setting Up the Firewall Firewall security is established on the ANG 1000 s Trusted interface by default But you may choose to permit unencrypted traffic over External or Trusted connections by disabling Web or Telnet access to them NOTE Enabling any of the following options allows Web or Telnet traffic to run in the clear over the ANG 1000 You can permit the transmission of unencrypted traffic but the ANG 1000 will drop packets it receives outside the tunnel We recommend that you allow Web and Telnet access on the LAN connection but disable these permissions on the Internet and VPN Gateway connections p Xl If you leave all three connections disabled you will be UNABLE TO CONFIGURE THE ANG 1000 without resetting the system Begin Firewall Setup by performing the following steps 1 Click the Fire
62. ved MD4 and MD5 implementation derived from the RSA Data Security Inc MD4 Message Digest Algorithm and MD5 Message Digest Algorithm 1991 2 RSA Data Security Inc Created 1991 All rights reserved ccp c PPP Compression Control Protocol 1994 The Australian National University All rights reserved chap c Crytographic Handshake Authentication Protocol 1991 Gregory M Christy All rights reserved chap ms c Microsoft MS CHAP compatible implementation O 1995 Eric Rosenquist Strata Software Limited www strataware com All rights reserved fsm c Link IP Control Protocol Finite State Machine 1989 Carnegie Mellon University All rights reserved Routines to compress and uncompress TCP packets for transmission over low speed serial lines O 1989 Regents of the University of California All rights reserved Portions of the Aurorean Client Software are copyrighted to ICE Engineering Inc and licensed through a GNU public license For more information including access to the source code visit their Web site at www ice com Aurorean Network Gateway 1000 User s Guide Federal Communications Commission FCC Notices The Aurorean Network Gateway 100 complies with Title 47 Part 15 Subpart B of FCC Rules Operation is subject to the following two conditions This device may not cause harmful interference This device must accept any interference received including interference that may cause undesired operation Mo
63. wall Setup menu option The Firewall Setup window appears as shown in Figure 24 Aurorean Network Gateway 1000 User s Guide 25 Chapter 3 Configuring the ANG 1000 with Aurorean Web Config Aurorean Network Gateway 1000 Firewall Setup e Help Internet Connection Allow Web configuration access VPN Status Allow Telnet login access VPN Setup Connectivity Setup LAN Connection e Internet Setup Iv Allow Web configuration access e LAN Setup v Allow Telnet login access e Firewall Setu VPN Gateway Connection ANG 1000 System Allow Web configuration access e Set Password e Device Status Allow Telnet login access e Firmware Update Apply e Advanced Utilities Apply Figure 23 Firewall Setup Window 2 Enable the option of your choice and click Apply 4 NOTE Experienced administrators can fine tune firewall Vos e el by editing the ipfwadm file in the Configuration Editor For more detaile information check the following IPFWADM Web sites www xos nl linux ipfwadm paper www fwtk org ipfwadm faq ipfwadm faq html NOTE If you press the reset button after you have configured your ANG 1000 you will lose your entire configuration Any settings you have changed from factory defaults such as firewall rules will be removed We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button
Download Pdf Manuals
Related Search