Enterasys Networks ANG-1000 User Manual

Download

Aurorean™ Virtual Network

Aurorean™ Virtual Network Aurorean™ Virtual Network

ANG-1000

ANG-1000ANG-1000

User’s Guide

User’s GuideUser’s Guide

Version 1.0

Version 1.0Version 1.0

Notice

Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.

IN NO EVENT SHALL Enterasys Networks AND ITS LICENSORS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF Enterasys Networks AND ITS LICENSORS HAVE BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Enterasys Networks, Inc. 35 Industrial Way Rochester, NH 03866-5005

The Enterasys Networks logo, Aurorean, Prescriptive Diagnostics Engine, RiverMaster, Intelligent Client Routing, TollSaver are trademarks of Enterasys Networks.

Microsoft, MS, and MS-DOS are registered trademarks and Windows, Windows 95, Windows 98, Windows NT, Windows 2000 Professional and Windows Millennium are trademarks of Microsoft Corporation in the USA and other countries.

Virtual Network Computing is a trademark of AT&T Laboratories Cambridge.

ActiveState, ActivePerl, and PerlScript are trademarks of ActiveState Tool Corp.

Other trademarks and trade names used in this publication belong to their respective owners.

Aurorean Virtual Network software includes the following third-party components:

Commercial support for ActivePerl is available through PerlClinic at http://www.ActiveState.com. Peer support resources for ActivePerl issues can also be found at the ActiveState Web site under support at http://ActiveState.com/support/. The ActiveState Repository has a large collection of modules and extensions in binary packages that are easy to install and use. To view and install these packages, use the Perl Package Manager (PPM) which is included with ActivePerl. ActivePerl is the latest Perl binary distribution from ActiveState and replaces what was previously distributed as Perl for Win32. The latest release of ActivePerl as well as other professional tools for Perl developers are available from the ActiveState Web site.

Portions of the Aurorean Client Software are copyrighted to ICE Engineering, Inc. and licensed through a GNU public license. For more information, including access to the source code, visit their Web site at www.ice.com.

Part Number: AVN-ANG1-R10 May 2001 PrintedintheUSA

Aurorean Network Gateway-1000 User’s Guide

Federal Communications Commission (FCC) Notices

The Aurorean Network Gateway-100 complies with Title 47 Part 15, Subpart B of FCC Rules. Operation is subject to the following two conditions:

• This device may not cause harmful interference.

• This device must accept any interference received, including interference that may cause undesired operation.

Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority granted by the FCC or other such agency to operate this equipment.

There are no user-repairable components in the Aurorean Network Gateway-1000.

Canadian Notices

This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled “Digital Apparatus”, ICES-003 of the Department of Communications (Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques”,NMB-003 édictée par le ministre des Communications).

NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operational and safety requirements. The Department does not guarantee the equipment will operate to the user's satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In somecases,theinsidewiringassociatedwithasinglelineindividualservicemaybeextendedbymeansofacertified connector assembly. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.

UL Notices

The Aurorean Policy Server and Aurorean Network Gateway have been tested and found to comply with the UL 1950 Revision 3 regulation.

European Notices

The ANG-1000 has been tested and found to comply with the CISPR 22:1997 Class B regulation.

Aurorean Network Gateway-1000 User’s Guide

iii

ELECTRICAL HAZARD: Only qualified personnel should perform installation

procedures.

Important Safety In structions

1) Read these instructions carefully. Save these instructions for future reference.

2) Follow all warnings and instructions marked on the product.

3) Unplug this product from the wall outlet before cleaning. Do not use liquid cleaners or aerosol cleaners. Use a damp cloth for cleaning.

4) Do not use this product near water.

5) Do not place this product on an unstable cart, stand, or table. The product may fall, causing serious damage to the product.

6) Slots and openings in the chassis are provided for ventilation; to ensure reliable operation of the product and to protect it from overheating, these openings should not be blocked or covered. The openings should never be blocked by placing the product on a bed, sofa, rug, or other similar surface. This product should never be placed near or over a radiator or heat register, or in a built-in installation unless the proper ventilation is provided.

7) This product should be operated from the type of power indicated on the marking label. If you are not sure of the type of power available, consult Enterasys Networks or your local power company.

8) Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the cord.

9) If an extension cord is used with this product, make sure that the total ampere rating of the equipment plugged into the extension cord does not exceed the extension cord ampere rating. Also, make sure that the total rating of all products plugged into the wall outlet does not exceed the fuse rating.

10) Never push objects of any kind into this product through chassis slots as they may touch dangerous voltage points or short out parts that could result in a fire or electric shock. Never spill liquid of any kind on the product.

11) Do not attempt to service this product yourself, as operating or removing covers may expose you to dangerous voltage points or other risks. Refer all servicing to qualified service personnel.

12) Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following conditions:

a) When the power cord or plug is damaged or frayed.

b) If liquid has been spilled into the product.

c) If the product has been exposed to rain or water.

d) If the product does not operate normally when the operating instructions are followed. Adjust only

those controls that are covered by the operating instructions since improper adjustment of other controls may result in damage and will often require extensive work by a qualified technician to restore the product to normal condition.

e) If the product has been dropped or the chassis has been damaged.

f) If the product exhibits a distinct change in performance, indicating a need for service.

13) Use only the proper type of power supply cord set (provided in your accessories box) for this unit. It should be a detachable type, UL listed/CSA certified, type SPT-2, rated 7A 125V minimum, VDE approved or equivalent. Maximum length is 15 feet (4.6 meters).

Aurorean Network Gateway-1000 User’s Guide

About This Guide

Contents of the Guide ...........................................................................................................ix

Conventions Used in This Guide...........................................................................................x

Related Publications .............................................................................................................. xi

Chapter 1 – Overview

System Description ..................................................................................................................1

Chapter 2 – Installation

Unpacking the ANG-1000 ......................................................................................................3

Accessories ........................................................................................................................4

Location Planning .............................................................................................................4

Connecting Cables ...................................................................................................................4

Ethernet Cables .................................................................................................................5

Table of Contents

Table of ContentsTable of Contents

Connecting an ANG-1000 ....................................................................................... 6

Connecting Power to the ANG-1000.....................................................................................7

Checking ANG-1000 Connections.........................................................................................9

Rear Panel Link LEDs ......................................................................................................9

Front Panel LEDs ..............................................................................................................9

Aurorean Network Gateway-1000 User’s Guide

Chapter 3 – Configuring the ANG-1000 with Aurorean Web

Config

Before You Begin .............................................................................................................11

Logging into Web Config .............................................................................................. 13

Viewing VPN Status ...................................................................................................... 14

Downloading the Latest Firmware.............................................................................. 15

Setting Up the VPN ....................................................................................................... 18

Setting Up the Internet Connection............................................................................. 20

Setting Up the LAN ....................................................................................................... 23

Setting Up the Firewall.................................................................................................. 25

Setting Your Password .................................................................................................. 27

Checking Device Status ................................................................................................. 28

Using Advanced Utilities.............................................................................................. 31

Using the Configuration Editor ................................................................................... 32

Configuring IP Port Forwarding ......................................................................... 35

vi Aurorean Network Gateway-1000 User’s Guide

Appendix A – Glossary

Appendix B – Specifications

Appendix C – Pin Assignments

Appendix D – License Agreement & Support

Enterasys Networks License Agreement............................................................................49

License Grant...................................................................................................................49

Warranty...........................................................................................................................50

Infringement Indemnification.......................................................................................51

Limitation of Liability ....................................................................................................51

Termination......................................................................................................................52

International Provisions .................................................................................................52

Applicable Law ...............................................................................................................52

U. S. Government - Commercial Computer Software...............................................53

Technical Support...................................................................................................................53

Support from Enterasys Networks...............................................................................53

On-line Services ...................................................................................................... 53

Phone Support......................................................................................................... 53

Returning Products for Repair ......................................................................................54

Index

Aurorean Network Gateway-1000 User’s Guide vii

This guide describes how to mount, connect, power-up, and maintain an Aurorean™ Network Gateway-1000 (ANG-1000) from Enterasys Networks.

This guide is written for administrators who want to configure the ANG-1000 for their remote clients or experienced users who are knowledgeable of basic networking principles.

Contents of the Guide

Information in this guide is arranged as follows:

H Chapter 1, Overview highlights the key features of the Aurorean

Virtual Network family of enterprise VPN products.

H Chapter 2, Installation describes how to physically mount, connect,

and power-up Aurorean servers.

H Chapter 3, Configuring the ANG-1000 with Aurorean Policy Manager,

details how to configure the server.

H Appendix A, Glossary defines terms used in this manual.

H Appendix B, Specifications provides essential physical and operational

characteristics of the ANG-1000.

About This Guide

About This GuideAbout This Guide

H Appendix C, Pin Assignments describes the pinouts of the LAN

connectors.

H Appendix D, License Agreement & Support describes the warranty terms

and support policies covering Enterasys Networks products.

Aurorean Network Gateway-1000 User’s Guide

Conventions Used in This Guide About This Guide

Conventions Used in This Guide

The following conventions are used in this guide:

NOTE Notes supply additional helpful information,

provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.

CAUTION Cautions contain directions that can prevent you

from damaging the product or losing data.

WARNING Warnings provide directions that you must

follow to avoid harming yourself.

Bold Text in boldface indicates values you type using

the keyboard or select using the mouse (for example, a:\setup). Default settings may also appear in bold.

Italics Text in italics indicates a variable, important new

term, or the title of a manual.

SMALL CAPS Small caps specify the keys to press on the

keyboard; a plus sign (+) between keys indicates that you must press the keys simultaneously (for example,

CTRL+ALT+DEL).

Courier font Text in this font denotes a file name or directory.

Aurorean Network Gateway-1000 User’s Guide

About This Guide Related Publications

Related Publications

The following publications are also available with the Aurorean Network Gateway-1000:

H The ANG-1000 Quick Setup card which highlights the basic steps

required to install the Aurorean Network Gateway-1000.

H The Installation & Service Guide which describes how to install and

maintain the ANG-3000/7000 series, the Aurorean server which can be used to complete a VPN connection with the ANG-1000.

H A Portable Document File (PDF) version of this manual is available and

can be downloaded from the Enterasys.com Web site. You can view this manual on-line or print a copy of it using Adobe Acrobat Reader 3.0 (or later). Acrobat Reader can be downloaded from the Enterasys web site or the Adobe web site at www.adobe.com.

Aurorean Network Gateway-1000 User’s Guide

This chapter describes the key features of the Aurorean Network Gateway 1000 and how it is used.

System Description

The ANG-1000, displayed in Figure 1, provides home or small office connectivity to a corporate branch office or headquarters. It supports up to 25 tunnels.

Overview

OverviewOverview

ANG-1000

Front

Figure 1 ANG-1000 Front and Rear Views

Figure 2 illustrates how the ANG-1000 typically connects to the corporate network.

Aurorean Network Gateway-1000 User’s Guide

ANG-1000

Rear

System Description Chapter 1

Overview

Hub

Cable/DSL modem

ANG-1000

- Initiates tunnel to ANG-3000/7000

- Negotiates tunnel protocols

- Encrypts data over tunnel

An ANG-1000 comes equipped with the following:

H 100-240V 47-63 Hz power supply.

INTERNET

- Negotiates tunnel protocols

- Compresses data over tunnel

- Encrypts data over tunnel

ANG-3000/7000

Router

Site-to-Site connection

Figure 2 ANG-1000 Topology

APS-3000/7000

- Authenticates Aurorean users (or forwards login requests to RADIUS servers)

- Logs message/alarm activity

- Maintains master TollSaver database

Firewall

- Defines user/group policies

- Displays message/alarm activity

- Configures system network settings

RiverMaster

H High-performance CPU: 91.5 MHz.

H Complete set of diagnostic LEDs that show the server’s operational

status.

H Two 10 Base-T Ethernet ports to connect the system to the network

and the Internet.

Aurorean Network Gateway-1000 User’s Guide

This chapter describes the steps required to unpack, install and connect an Aurorean Network Gateway-1000 onto a desktop.

Unpacking the ANG-1000

Remove the ANG-1000 from the shipping box. Save the box in case the unit needs to be returned.

Installation

InstallationInstallation

Quick Setup

card

Power supply Cables

Figure 3 Removing ANG-1000 from the Shipping Box

Aurorean Network Gateway-1000 User’s Guide

Power

cord

s u r

System Software

CD ROM

Connecting Cables Chapter 2

Installation

The box contains a CD ROM with this instruction manual in the Adobe PDF format, a Quick Setup card and accessories.

Accessories

The ANG-1000 also is shipped with the following accessories:

H Two 10baseT cables (blue and orange) to connect to the LAN

ports/hub.

H One cross-over (red) cable for a direct PC/Network Gateway

connection.

H One power supply with an attached cable to connect to the

ANG-1000.

H One power cord to connect the power supply to the AC outlet.

Location Planning

Place the ANG-1000 on a desktop near the following:

H Ethernet wall jack, patch panel, or hub with available ports.

H Near a DSL or Cable modem.

H A grounded wall outlet or uninterruptible power supply (UPS).

Connecting Cables

Ethernet cables are used to connect the ANG-1000 to your computer or LAN and the Internet.

ANG-1000

Front

ANG-1000

Rear

Figure 4 Front and Rear Views of the ANG-1000

Aurorean Network Gateway-1000 User’s Guide

Chapter 2 Connecting Cables

Installation

All interconnections are made at the back of the ANG-1000 (refer to Figure 4). Although there is no power switch, a reset button is located in the rear of the unit.

CAUTION

If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered. We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults.

Ethernet Cables

The ANG-1000 is equipped with two 8-pin modular RJ-45 Ethernet ports labeled Tr u s t e d and External as shown in Figure 5. The Trusted port is connected to a computer or hub/switch with networked computers. The External port is connected to a cable or DSL modem.

The trusted connection can be either a sole desktop computer or a hub that connects up to 25 tunnels to the network as shown in Figure 6.

Aurorean Network Gateway-1000 User’s Guide

Figure 5 Location of the Ethernet Ports

Connecting Cables Chapter 2

Installation

Connecting an ANG-1000

The ANG-1000 is typically set up in the configuration shown below.

Site-to-site tunnel

Trus ted

connection

User

ANG-3000/7000

User

Hub

User

Cable / DSL

Modem

INTERNET

External

connection

Aurorean Network

Gateway-1000

Site-to-site tunnel Internet connection

Trusted connection

Figure 6 Connecting the ANG-1000

To connect the ANG-1000 Ethernet port, perform the following steps:

1 Do one of the following as shown in Figure 7:

– If you are connecting to a hub, plug the blue, straight-through

Ethernet cable into the Trusted port of the ANG-1000.

– If you are connecting directly to a computer, attach one end of the

red, cross-over cable to the Trusted port and the other end to an RJ45 connector on your computer. Skip to Step 3.

2 Plug the opposite end of the blue Ethernet cable into a wall jack,

patch panel, or hub linked to a protected network segment.

The top link LED next to the ANG-1000’s Trusted port will immediately light if the port is connected to a 10 Mbps network after the unit is powered up.

Aurorean Network Gateway-1000 User’s Guide

Chapter 2 Connecting Power to the ANG-1000

Installation

Optional crossover cable for direct PC connection

Trusted

Figure 7 Connecting Ethernet Cables to an ANG-1000

3 Plug an orange, straight-through Ethernet cable into the External port

as shown in Figure 7.

4 Plug the opposite end of this cable into a DSL or cable modem.

After you connect power, the top External LED at the rear of the ANG-1000 will be lit the moment the cable it is connected.

NOTE

If you have a DSL modem, you will need to get an IP address from your provider and configure it before the External LED will light. This condition may also exist for selective cable customers. Some cable internet providers require that you supply the MAC address of your computer. Refer to Chapter 3 for directions.

Connecting Power to the ANG-1000

External

WARNING

To avoid electrical shock, connect the Aurorean system only to a grounded (earthed) outlet.

Aurorean Network Gateway-1000 User’s Guide

Connecting Power to the ANG-1000 Chapter 2

Installation

A switching power supply including a 6’ power cord and a 7’ electrical cord with an attached power supply is supplied with each system. To connect these items to an ANG-1000, perform the following steps:

1 Plug the power supply cord into the system’s power socket as shown

in Figure 8.

Power supply cable

Figure 8 Connecting AC Power on the ANG-1000

2 Plug the correct end of the AC power cord into the power supply and

the other end into a grounded AC outlet or UPS as shown in Figure 9.

The front Power LED will light the moment you power up the unit.

Power supply

AC power cord

Figure 9 Connecting the Power Cable to the Power Supply

NOTE

International customers may swap the electrical cord segment shipped with the ANG-1000 for a cord that meets the proper standard for their country. A custom cord can be inserted in the power supply.

Aurorean Network Gateway-1000 User’s Guide

Chapter 2 Checking ANG-1000 Connections

Installation

Checking ANG-1000 Connections

The ANG-1000 is now connected and ready for configuration. Check rear and front LEDS in the manner described below to confirm that the connections are working properly.

Rear Panel Link LEDs

The two top link LEDs on the rear panel light the moment a connection is made to the respective network. The two bottom link LEDs light when data is received and transmitted to the respective network by the ANG-1000. Trusted and external connections are operational and traffic is being passed as shown in Figure 10.

TRUSTED

EXTERNAL

Figure 10 Network Connection Indicators

Front Panel LEDs

The two front LEDs behave as follows at when powered up at startup:

H Power LED lights

H Active LED blinks indicating the CPU is active

All front panel LEDs are displayed in Figure 11.

Aurorean Network Gateway-1000 User’s Guide

Checking ANG-1000 Connections Chapter 2

Installation

Figure 11 ANG-1000 Front Panel

After the ANG-1000 is configured and in use, the Internet, VPN, RX and TX LEDs will light and/or blink. Refer to Figure 12 for behavior of the LEDs.

The ANG-1000 is now ready for configuration. Refer to Chapter 3 for detailed instructions.

Power Active Internet

VPN TX RX

On when ANG is powered up Blinks when CPU is active

On when External network is assigned an IP address On when a tunnel is connected

Blinks when data is transmitted

Blinks when data is received

Figure 12 ANG-1000 Front Panel LEDs

NOTE

COM1 and COM2 LEDS are not operational at this time.

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with

Configuring the ANG-1000 withConfiguring the ANG-1000 with

Aurorean Web Config

Aurorean Web ConfigAurorean Web Config

To configure the ANG-1000, use the Internet browser on your computer and connect to the server via the Web. During the Web session, you run the Aurorean Web Config utility and configure the system. Figure 13 illustrates the process.

Aurorean

Network Gatewa y

Aurorean

Remotely Control ANG

Policy

Manager

PC Desktop

Figure 13 Configuring the ANG-1000 via Aurorean Web Config

Before You Begin

Before you begin configuration with Web Config, review the following:

H Be sure the ANG-1000 is cabled correctly as described in “Connecting

an ANG-1000” in Chapter 2 of this manual.

H Ask your DSL or cable modem Internet provider and Network

Administrator for any IP addresses, work group, network browsing or other information you may need to configure the ANG-1000 properly. Minimally, you will need:

– The IP address of the ANG-3000/7000 you will connect to for

setting up the VPN.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

– To configure your PC to include the domain of the corporate

network you will connect to.

To do so on your Windows 95/98/ME/2000 desktop: click Start, select Settings and double-click Control Panel (Win 2000: Network and Dial-up Connections). Double-click the Network icon (Win 2000: right click on Local Area Connection and click Properties), click the Protocols tab, select TCP/IP Protocol, click Properties, select the DNS tab and add the Domain Suffix in the field provided. Click OK twice to close the open windows.

H On your computer, release and renew the IP address for all adaptors

bound to TCP/IP. Refer to the Caution on page 24 for instructions.

H If you have cable service, learn the MAC address of your computer as

described on page 32.

H If your computer was supplied a static IP address and Gateway by

your service provider, you must now accept the address from a DHCP server and remove the gateway for the ANG-1000 to find and connect with the PC.

To do so, click Start, select Settings and double-click on Control Panel. Double-click the Network icon, select the Protocols tab and TCP/IP Protocol, click on Properties and the IP Address tab. Select the Obtain an IP address from a DHCP server radio button. Click Advanced, select the Gateway, click Remove and OK. Click OK twice more to close the open windows.

H Web Config supports the use of Internet Explorer 5 or Netscape 4

Web browsers.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Logging into Web Config

To log into Web Config, perform the steps below.

1 Point your Web browser at the default trusted IP address of the

ANG-1000. In the browser’s Location field at the top of the window, type: http://192.168.1.1 or aurorean. (include the dot) and click OK.

The Login window appears as shown in Figure 14.

2 Type netadmin in the User Name and Password fields as shown in

Figure 14.

3 Click the checkbox to save your password if you desire and click OK.

The VPN Status window appears as shown in Figure 15.

Aurorean Network Gateway-1000 User’s Guide

Figure 14 Login Window

Configuring the ANG-1000 with Aurorean Web Config

Viewing VPN Status

The VPN Status window is the first screen to appear after logging in. At this point, you have just begun configuration so the VPN Status window appears empty. Later, after you have configured a VPN connection to an ANG-3000/7000, the window will display information similar to the data shown in Figure 15.

Aurorean Network Gateway 1000

Chapter 3

Help

VPN

VPN Status

VPN Setup

VPN Status

Connection

rms3

Primary

146.115.206.15

Secondary

Username

lcortes e

State

Enabled

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Utilities

Links

Config File Editor Aurorean Products

Enterasys Home

Figure 15 VPN Status Window

1 Click the Firmware Upgrade menu option and go to the next page.

Status

Authenticating

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Downloading the Latest Firmware

After logging in, download the latest firmware image to the ANG-1000’s flash memory (provided the MAC address is set for cable service users - refer to page 32) by accessing the FTP server where it is stored. As new firmware becomes available, you can update it again. Begin updating your firmware by performing the following steps:

1 Click the Firmware Upgrade menu option.

The Firmware Upgrade window appears as shown in Figure 16.

Aurorean Network Gateway 1000

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

Firmware Update

FTP server:

Firmware image filepath:

Username:

Password:

Confirm:

Apply

Figure 16 Firmware Update Window

2 In the FTP server field, enter the name of the FTP server where the

new ANG image is stored: ang.enterasys.com.

3 Type the full path of the location of the Firmware image:

/ang1000/ANG1000.bin

4 Enter the Username anonymous

5 Enter netadmin in the Password and Confirm fields and click Apply.

The Firmware Update window appears as shown in Figure 17.

6 Click Apply and watch the External/Trusted LEDs on the front panel

blink displaying an inside/outside pattern.

The image is downloaded for15-30 seconds and loaded in flash memory for another 30-45 seconds. If the LEDs do not blink or only for a very short interval, the download failed and you must try again.

Aurorean Network Gateway-1000 User’s Guide

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update

Advanced Utilities

Links

Config File Editor Aurorean Products

Enterasys Home

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Firmware Update

To begin the update of the ANG-10 00 firmware image, press the “Apply” button at the bottom of the screen.

For users new to the process of upgrading the ANG-1000 firmware, you will observe the following behavior once you press the “Apply” button. It is critical not to disturb the ANG-1000 by disconnecting power or the interface cables during the firmware update process.

First you’ll see the follo wing activity lights on the ANG-1000:

This indicates that the firmware image is being downloaded from the FTP source you entered in the previous screen. The photo shows a download from an FTP server on the external interface. These lights will be active during the time neede d to retrieve the firmware image from the specified FTP server. This would take about 15-30 sec onds on a typical connection. If there are no activity lights seen or if they are seen for a very short period of time, there was an error downloading the firmware image.

After the firmware image is downloaded, the new image is “flushed” or stored on the ANG-1000. This step takes about 30-45 seconds and the photo below shows the activity lights seen on the ANG-1000 when the device’s flash memory is being upgraded with the new firmware image.

Once the “Apply” is pressed, there will be a delay in displaying the next Web page for the ANG-1000 Web application. It will only be displayed once the firmware image is downloaded and the new image is flashed to the ANG-1000. After these two steps are complete, a status page is displayed to indicate whether or not the firmware update was successful. If it wa s successful, the Web page prompts the user to reboot the ANG-1000 to run with the new firmware image.

To start the firmware image download and update process, press the “Apply” button now.

<< Back

Figure 17 Second Firmware Update Window

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

7 After downloading and “flashing “are complete, a status page displays

as shown in Figure 18 indicating the process was successful and displaying the FTP server IP address and new build filepath.

Aurorean Network Gateway 1000

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status Firmware Update Advanced Util ities

Links

Firmware Update

The Aurorean Network Gateway 1000 has been updated with the changes you have selected. The following list shows the modifications that have been made:

Download new firmware image FTP server: 146.34.69.128 Filepath: NewBuild/Build87/ANG1000-1.0.00-87.bin Username: anonymous

The Aurorean Network Gateway 1000 needs to be rebooted in order to run with the changes you have selected. Press the “Reboot Now” button below to reboot the ANG-1000.

Reboot Now

<<Back

Figure 18 Successful Firmware Update Window

8 Reboot the ANG-1000 by clicking Reboot Now.

The ANG-1000 will take a few moments to accept the new software.

9 To ensure that the image was updated, compare the date last

modified, Release, Build and Patch numbers in the lower left corner of the VPN Status window as shown in Figure 15 with the previous release information. The Device Status window also lists this data.

Aurorean Network Gateway Release 1.0 Patch 00 Build 135 (3.3.1) Page last modified Wed Apr 13 16:52:37 EST 2001

2001 Enterasys

Figure 19 Image Date and Build Information

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

Setting Up the VPN

The VPN configuration created on the ANG-1000 completes a link with the ANG-3000/7000 on the remote end of this connection. If your network administrator has already set up the ANG-3000/7000 with appropriate User, Password and Group information, after setting up the VPN you will build the site-to-site tunnel connection and be up and running on the corporate LAN.

Begin VPN Setup by performing the following steps:

1 Click the VPN Setup menu option.

The VPN Setup window appears as shown in Figure 20.

Aurorean Network Gateway 1000

Chapter 3

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Utilities

Links

Config File Edit or Aurorean Products

Enterasys Home

VPN Setup

Assigned VPN Connections:

There are no network gateway connections currently defined. Please fill in the information below and add one.

Add VPN Connection:

Name:

Gateway:

Username:

Password:

Confirm:

Connection type:

Start network gateway now:

EZ-IPsec

Apply

(uses EZ-IPSec™auto-configuration)

PPTP

Global VPN Settings:

Force default route (single VPN only):

disabled

Apply

Figure 20 VPN Setup Window

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

1 Enter the Name of the remote ANG-3000/7000 you are connecting to.

2 Enter the Gateway IP address of the remote ANG-3000/7000.

3 Enter the Username on the remote ANG-3000/7000.

4 Enter the Password on the remote ANG-3000/7000.

5 Confirm the password on the remote ANG-3000/7000.

6 Select the Connection type: either EZ-IPsec or PPTP.

The EZ-IPsec feature provides one-button configuration for standard IPSec with IKE tunnels connecting to an ANG-3000/7000. Users of legacy RiverPilot Release 2.1 and 2.2 as well as users of the Aurorean Client Release 3.0 can upgrade to 3.1 without having to uninstall/reinstall their client software.

Optional

. Click the Start network gateway now checkbox to create

instant access or wait until the other end of the connection is created.

Optional

. Click Force default route under Global VPN Settings.

Force default route disables the ANG-1000’s Intelligent Client Routing (ICR) feature which allows users to browse the Internet outside the tunnel. Be aware that with Force Default enabled, the ANG-1000 transmits all traffic through the tunnel which may cause Web browsing problems. This feature works with only one tunnel up and running; it is disabled if you create more than one tunnel.

9 Click Apply.

After applying your changes, a VPN Setup update window appears displaying configuration revisions.

NOTE

Now that you have set up a site-to-site connection, configuration is complete unless you want to change the default Internet, LAN, Firewall, Password default values or your service is a Digital Subscriber Line (DSL) which requires that you set a PPPoE assigned IP address (refer to “Setting Up the Internet Connection” on page 20). Some cable internet providers also require that you specify a MAC address (refer to “Using Advanced Utilities” on page 31 for more information).

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

NOTE

Setting Up the Internet Connection

Internet configuration of the External side of the ANG-1000 involves choosing the type of IP address assignment the ANG-1000 will accept. The ANG can accept one of the following:

H A DHCP-assigned IP address - your network automatically sets the

ANG’s IP address via the DHCP (Dynamic Host Configuration Protocol) server.

H A Manual-assigned IP address - you or your network administrator

set the ANG’s IP address and associated Subnet, Gateway, and DNS values. Consult with your Network Administrator for required values.

Chapter 3

H A PPPoE (PPP over Ethernet) assigned IP address - your DSL

provider transparently sets the IP address via the use of a Username and Password. Obtain this information from your service provider before you enter this data.

Begin Internet Setup by performing the following steps:

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

1 Click the Internet Setup menu option.

The Internet Setup window appears as shown in Figure 21.

Aurorean Network Gateway 1000

Help

VPN

VPN Status VPN Setup

Connectivity Setup

Internet Setup

LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Utilities

Links

Config File Editor Aurorean Products Enterasys Home

2 Do one of the following:

H Click the DHCP radio button and perform the following steps:

Internet Setup

Internet Address Assignment:

DHCP assigned IP address

Hostname:

Use Hostname with DHCP

Manual assigned IP address

IP Address:

Subnet:

Gateway:

Primary DNS:

Secondary DNS:

PPPoE assigned address

Username:

Password:

Confirm:

Apply

Figure 21 Internet Setup Window

– Enter a Hostname for the system. – Optionally, check the Use hostname with DHCP checkbox. – Click Apply.

H Click the Manual assigned IP address radio button and perform

the following steps:

– Specify the ANG-1000’s IP address. – Set the Subnet mask.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

– Enter the Gateway IP address. – Specify the Primary DNS IP address. – Set the Secondary DNS IP address. – Click Apply.

H Click the PPPoE assigned IP address radio button and perform

the following steps:

– Specify a Username supplied by your cable/DSL provider. – Enter a Password. – Type the password again in the Confirm field. – Click Apply.

3 If you chose the Manual or PPPoE options, a window appears

detailing the reconfiguration changes and prompting you to reboot the ANG-1000. Click Reboot Now.

After a few moments when an IP address has been received for the external port, the Internet LED will turn on. If a static IP address was configured, the Internet LED will shine immediately.

NOTE

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Setting Up the LAN

LAN configuration of the Trusted side of the ANG-1000 involves choosing either to manually set an IP address and subnet for the ANG-1000 or dynamically assigning its IP address via your network’s DHCP server.

Begin LAN Setup by performing the following steps:

1 Click the LAN Setup menu option.

The LAN Setup window appears as shown in Figure 22.

Aurorean Network Gateway 1000

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup

LAN Setup

Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Utilities

Links

Config File Editor

2 Do one of the following:

H Click the DHCP assigned IP address radio button and perform

the following steps:

– Click Apply.

LAN Setup

LAN Address Assignment:

DHCP assigned IP address

Manual assigned IP address

IP address:

Subnet:

192

168

255

DHCP server enabled

Starting IP address:

192 168

Number of IP addresses:

100

Enable DNS proxy

Enable WINS proxy

Apply

255

Figure 22 LAN Setup Window

100

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

H Click the Manual assigned IP address radio button and perform

the following steps:

– Set the ANG-1000’s IP address. – Set the Subnet mask. – Optional. Click the DHCP server enabled box if the server is

up and running.

– Set the Starting IP address of the range of consecutive IP

addresses you will create for this ANG-1000.

– Set the total Number of IP addresses the ANG-1000 can

distribute.

– Optional. Keep Enable DNS proxy checked so that the

ANG-1000 will act as a DNS server for all its tunnels. DNS proxy resolves host names and IP addresses because the domain server is non-routable, forcing attached hosts to request these values. If your hosts know the DNS address they are seeking, you can disable this feature. This option is on by default.

– Optional. Keep Enable WINS proxy checked so that PCs on

the LAN can be notified of WINS servers discovered during tunnel setup. WINS proxy notifies local PCs of the remote WINS servers without manual intervention. This option can be disabled if local PCs already know remote WINS server IP addresses. This option is on by default.

– Click Apply.

Chapter 3

CAUTION

If you change the default LAN Setup and reboot the ANG-1000, you must release and renew the IP address for all adaptors bound to TCP/IP on your connected computer(s) in order to reconnect with the ANG-1000 and make future changes. Perform the following steps:

- On your desktop, click Start. and Run.

- For Windows 95/98/ME systems, type: winipcfg, click OK, click Release and click OK. Then click Renew All and click OK.

- For Windows NT/2000 systems, type ipconfig /release and press

ENTER. Then type ipconfig /renew and press ENTER.

- For Macintosh systems, check the TCP-IP control panel.

3 If you chose the DHCP option or changed the DNS or WINS default

entries, a window appears detailing the reconfiguration changes and prompting you to reboot the ANG-1000. Click Reboot Now.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

NOTE

Setting Up the Firewall

Firewall security is established on the ANG-1000’s Trusted interface by default. But, you may choose to permit unencrypted traffic over External or Trusted connections by disabling Web or Telnet access to them.

NOTE

Enabling any of the following options allows Web or Telnet traffic to run in the clear over the ANG-1000. You can permit the transmission of unencrypted traffic but the ANG-1000 will drop packets it receives outside the tunnel. We recommend that you allow Web and Telnet access on the LAN connection but disable these permissions on the Internet and VPN Gateway connections.

WARNING

If you leave all three connections disabled, you will be UNABLE TO CONFIGURE THE ANG-1000 without resetting the system.

Begin Firewall Setup by performing the following steps:

1 Click the Firewall Setup menu option.

The Firewall Setup window appears as shown in Figure 24.

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

Aurorean Network Gateway 1000

Chapter 3

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup

Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Utilities

Internet Connection:

Allow Web configuration a ccess

Allow Telnet login access

LAN Connection:

Allow Web configuration access

Allow Telnet login access

VPN Gateway Connection:

Allow Web configuration access

Allow Telnet login access

Apply

Figure 23 Firewall Setup Window

2 Enable the option of your choice and click Apply.

NOTE

Experienced administrators can fine tune firewall functionality by editing the ipfwadm file in the Configuration Editor. For more detailed information, check the following IPFWADM Web sites:

- www.xos.nl/linux/ipfwadm/paper/

- www.fwtk.org/ipfwadm/faq/ipfwadm-faq.html

Firewall Setup

NOTE

If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Setting Your Password

To further ensure security for your ANG-1000, you should configure a new password to replace the factory-installed password netadmin.

Change the Password by performing the following steps:

1 Click the Set Password menu option.

The Set Password window appears as shown in Figure 24.

Aurorean Network Gateway 1000

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup

Set Password

Old password:

New password:

Confirm:

Apply

Figure 24 Set Password Window

2 Type the old Password in the field provided.

3 Type a new Password in the field provided.

4 Confirm the new password in the field provided.

5 Click Apply.

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

Checking Device Status

The Device Status window provides a host of important data to ensure the ANG-1000 is connected properly and to permit troubleshooting as problems occur. When consulting Enterasys Customer Support, you will be asked to display this window.

The following categories are detailed in the Device Status window:

H Version lists the Release, Patch and Build numbers, and internal name

of the ANG-1000’s firmware.

H CPU itemizes Motorola Coldfire chip specifications.

H Memory enumerates ANG-1000 memory values including Total,

Used, Free, Shared, Cached, Buffered and Swapped bytes.

H Interface Configuration describes Trusted (eth0), External (eth1), IPsec

(eth1:0-24), PPTP (ppp0-24) and Local Loopback (lo) port data including IP and MAC addresses, netmasks, Receive and Transmit errors and other information. Note that the ppp0 interface is the Internet, not WAN interface, if the Internet is configured for PPPoE.

Chapter 3

H Network Devices tabulates interface Receive and Transmit errors.

H Route Table entries detail connected networks, gateways, their

associated IP addresses, netmasks and other data.

H Interrupts lists the hardware interrupts supported on the ANG-1000

as well as their vectors and interrupt counters. The two SMC9194 items listed are the Ethernet Trusted and External port interrupts.

H System Log categorizes ANG-1000 functions/malfunctions including

routing connections/disconnections.

Check Device Status by performing the following step:

1 Click the Device Status menu option.

The Device Status window appears as shown in Figure 25.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Aurorean Network Gateway 1000

Device Status

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status

Firmware Update Advanced Util ities

Links

Config File Editor Aurorean Products

Enterasys Home

Ver sio n

Aurorean Network Gateway Release 1.0 Patch 00 Build 135 (3.1.1)

CPU

CPU: MMU: FPU: Clocking: BogoMips: Calibration:

COLDFIRE (m5307) none none

104.6MHz

59.80 29900800 loops

Memory

Mem: 14311424 Swap: 0 Free pages: Free blks: Used blks: MemTotal: MemFree: MemShared: Buffers: Cached: SwapTotal: SwapFree :

total:

used: free: shared: buffers: cached: 1851392 12460032 0 299008 102400 00 3042 (12168kB), %0 Frag, %4 slack 4 min=1 max=3034 avg=760 4 min=1 max=1016 afg=263 13976 kB 12168 kB 0kB 296 kB 172 kB 0kB 0kB

Interface Configuration

eth0

eth1

Aurorean Network Gateway-1000 User’s Guide

Link encap: Ethernet HWaddr 00:DO:CF:00:4D:94 inet addr: 192.168.1.1 Bcast: 192. 168.1.255 Mask: 255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1 RX packets: 1381 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 2288 errors: 0 dropped: 0 overruns: 0 carrier: 0 collisions:3 Interrupt: 29 Base Address:0x300

Link encap: Ethernet HWaddr 00:D0:CF:00 :4D:95 inet addr: 172.16.2.231 Bcast: 172.16.2.255 Mask: 255. 255.255.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric RX packets: 43150 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 13959 errors: 0 dropped: 0 overruns: 0 carrier: 0 collisions: 1 Interrupt: 27

Figure 25 Device Status Window

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

eth1:0

Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95 inet addr: 10.120.51.247 P-t-P: 10.120.51.1. Mask:

255.255.255.255 UP POINTOPOINT RUNNING MTU: 1400 Metric:1 RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 77 errors: 0 dropped: 0 overruns: 0 car rier: 0 collisions: 0

Link encap: Local Loopbac k inet addr: 127.0.01 Bcast: 127.255.255.255. Mask: 255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU: 3584 Metric:1 RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0 collisions: 0

Network Devices

Inter– Receive Transmit

face . packets errs drop fifo frame packers errs drop fifo colls carriers

lo:770000000000 eth0: 1381 0 0 0 0 2258 0 0 0 0 0 eth1: 43150 0 0 0 0 13959 0 0 0 1 0

eth1:0 2300 0 0 0 0 1876 0 0 0 0 0

Route Table

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use: Iface

192.168.1.0 “ 255.255.255.0 U 0 0 32 eth0

172.16.2.0 “ 255.255.255.0 U 0 0 5 eth1

127.0.0.0 “ 255.0.0.0 U 0 0 1 lo default 172.16.2.1 0.0.0.0 UG 0 0 0 eth1

Interrupts

27: 16692 SMC9194 29: 2142 SMC9194 30: 2113573 ColdFire Timer 31: 0 Reset Button 224: 0 ColdRire UART 225: 0 ColdFire UART

System Log

Wed Apr 11 17:07:45 dhcpcd: got in BOUND state Wed Apr 11 17:08:32 dhcpd: serving 192.168.1.100 Wed Apr 11 17:12:45 dhcpcd: Time to renew the address ...

Wed Apr 11 17:12:45 dhcpcd: Renewing: Send request, timeout=e1, tm=3 Wed Apr 11 17:12:45 dhcpcd: setDhcpInfo ip=3f51410f, lease=258, r enew=12c, rebind=20d Wed Apr 11 17:12:45 dhcpcd: got in BOUND state Wed Apr 11 17:17:45 dhcpcd: Time to renew the address ... Wed Apr 11 17:17:45 dhcpcd: Renewing: Send request, timeout=e1, tm=3 Wed Apr 11 17:17:45 dhcpcd: setDhcpInfo ip=3f51410f, lease=258, r enew=12c, rebind=20d Wed Apr 11 17:17:45 dhcpcd: got in BOUND state Wed Apr 11 17:18:32 dhcpd: serving 192.168.1.100 Wed Apr 11 17:18:56 IKE: Trace(*) (IKE) Begin QM Initiator (4409f0) to 146.123.34:500

Figure 26 Device Status Window (continued)

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Using Advanced Utilities

Advanced Utilities provided by the ANG-1000 include:

H Setting the MAC Address of a newly attached ANG-1000 when you

want to quickly connect to a cable service provider. MAC addresses are used by service providers to identify supported users. The ANG-1000 can proxy your computer’s MAC address to the ISP but your provider may require that you change the default value reported by the ANG-1000 to reflect the PC’s actual MAC address.

H Clearing the System Logfile - shown in the Device Status window -

when you want to erase old and display updated information.

H Soft Rebooting to reset the ANG-1000 without recycling power. This

function is similar to pressing

Aurorean Network Gateway 1000

CTRL-ALT-DELETE on your computer.

Help

VPN

VPN Status

VPN Setup

Connectivity Setup

Internet Setup LAN Setup Firewall Setup

ANG-1000 System

Set Password Device Status Firmware Update

Advanced Utilities

1 Click the Advanced Utilities menu option.

The Advanced Utilities window appears as shown in Figure 27.

Aurorean Network Gateway-1000 User’s Guide

Advanced Utilities

Internet MAC Address Assignment:

MAC address:

Apply

Clear System Logfile:

Apply

Soft Reboot ANG-1000:

Apply

Figure 27 Advanced Utilities Window

Configuring the ANG-1000 with Aurorean Web Config

2 Do one of the following:

– To change the ANG-1000’s MAC address to reflect your

computer’s MAC address, first find the computer’s address by issuing the proper command at a DOS prompt. For Windows 95/98/ME systems, type winipcfg; for Windows NT/2000 systems, type ipconfig /all; for Macintosh systems, check the TCP-IP control panel.

In the command output, look for the Physical or Adapter Address value. For example:

c:>ipconfig /all Ethernet adapter E190x1:

Description..:3Com 3C90x Ethernet Adapter Physical Address : 00-10-4B-9D-18-17

Enter the value in the Internet MAC Address Assignment fields.

Click Apply and Reboot Now when prompted to save the change.

– Select Clear System Logfile and click Apply.

Chapter 3

– Select Soft Reboot ANG-1000 and click Apply.

NOTE

ANG-1000 connections broken during a reboot will be lost after service

returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before

re-initiating the connection resolves the problem.

Using the Configuration Editor

Knowledgeable network administrators can use the Configuration Editor to invoke commands on the ANG-1000’s LINUX 2.0 operating system.

CAUTION

Inexperienced users or those unfamiliar with LINUX attempting to use

this editor may disable the system. We recommend only expert users, in

conjunction with Enterasys Customer Support, use this editor.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

1 Click the Configuration Edit menu option.

The Configuration Edit window appears as shown in Figure 28.

Aurorean Network Gateway 1000

Help

Configuration Files

config inittab ipfwrule s options ripd.conf start zebra.conf ipfwrule.routing dhcpd.conf dhcpd.iplist config. ike hosts pppoe winsd.conf ,netrc .resolv.conf config.dat dhcpd-cache.eth1 hostinfo-eth1 dhcpd.leases

Configuration File Edit

This Web application allows you to update and delete the system configuration files of the ANG-1000. These files are used to control the ANG-1000 for its VPN functionality, Internet and LAN connectivity, firewall capabilities, networking startup commands and other key features of the ANG-1000 device.

Extreme caution needs to be exercised when modifying the system configuration files of the ANG-1000 . The raw conten ts of the files are exposed for updating and improper editing could render the ANG-1000 inoperable. Bear this in mind as you use this Web application.

When the configuration files are modified, the ANG-1000 device may need to be rebooted in order for the changes to take effect. Other modifications to configuration files can be made and their effects will be seen in the running system. If you are not clear as to which type of change you are making, be sure to click the “Reboot Now” button when prompted.

This list of files on the left displays the files contained in the ANG-1000 RAMbased configuration file directory /etc/config. Most of these files contain editable text, but some of them are stored as binary data and cannot be edited.

Figure 28 Configuration Edit Window

2 Click on the command of your choice.

3 The arguments of the command you selected are displayed in the

Configuration File Edit window, as shown in Figure 29.

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

Aurorean Network Gateway 1000

Chapter 3

Help

Configuration Files

config inittab ipfwrules options ripd.conf start zebra.conf ipfwrule.routing dhcpd.conf dhcpd.iplist config.ike hosts pppoe winsd.conf .netrc .resolv.conf config.dat dhcpd-cache.eth1 hostinfo-eth1 dhcpd.leases

Configuration File Edit

File:/etc/config/config

oasswd neGpPWI1gigw2 wizard 1 dhcpcd 1 snwantype 1meth0 255,255,255.0 ipeth0 192.168.1.1 uhn 0 dhcpd 1 web0 0 web1 0 web2 0 tel0 0 tel1 0 tel2 0 MODEEXPERTon WANTYPE 1

Update Delete

Figure 29 Configuration File Edit Window

4 Edit the UNIX command and click Update or Delete.

NOTE

You can remove the Configuration Editor (along with the Advanced

Utilities option) from the main menu by selecting the config command,

deleting the MODEEXPERT on argument and clicking Update.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

NOTE

Configuring IP Port Forwarding

ANG-1000’s support of IP Port Forwarding permits you to make servers on

the trusted network of the ANG-1000 available to the rest of the VPN. In

contrast to Network Address Translation (NAT), which allows access to

external-side servers initiated by internal-side hosts, Port Forwarding permits

access to internal-side servers initiated by external-side hosts.

This is accomplished by rewriting the headers of all packets bound for the

ANG-1000 and forwarding them to another host on the trusted-side of the

network, depending on their destination port (port numbers corresponding

to standard, well-known protocols). The IP addresses are re-written so that

incoming IP (TCP and UDP) packets are forwarded to their intended

destinations, and the reply packets are re-written to appear to be coming from

the ANG-1000.

This process requires static, known values for the following:

H The IP address assigned to ANG-1000 by the VPN. This address is in

RiverMaster in the ANG-1000's user account and may not be assigned dynamically via pools or virtual subnets.

H The IP address of the server on the ANG-1000 trusted network (one

server per protocol). This may not be dynamically assigned by the ANG-1000 via DHCP.

H The protocol (TCP or UDP) and the protocol port number.

IP Port Forwarding is configured by editing the ipportfw command in the

ipfwrules configuration file in the Config Editor tool of the Web Config. The

ipportfw commands should be entered at the end of the ipfwrules file.

Aurorean Network Gateway-1000 User’s Guide

Configuring the ANG-1000 with Aurorean Web Config

Refer to the tables below for command usage, switches, arguments, and definitions.

Usage

ipportfw -A -[t | u] l.l.l.l/lport -R a.a.a.a/rport add entry ipportfw -D -[t | u] l.l.l.l/lport delete entry

l.l.l.l is the address of the VPN interface receiving packets to be forwarded a.a.a.a is the server address on the LAN lport is the port being redirected rport is the port being redirected to

Switch <arg> Definition

-t VPN address/port Forward TCP traffic

-u VPN address/port Forward UDP traffic

-A None Add the IP port forwarding table entry

-C None Clear the IP port forwarding table

-D None Delete the IP port forwarding table entry

-R IP address/port Define the server IP address

-L None List the IP port forwarding table

Chapter 3

Follow the steps below to configure IP port forwarding.

1 Login to Web Config.

2 Click on the Config File Editor menu option.

3 Click on the ipfwrules

Configuration File.

4 In the Configuration File Edit window, scroll to the end of the file.

5 Under Expert-Config, type the following rules:

– ipportfw -C – ipportfw -A <-t or -u> <VPN address/local port> -R <local server

IP address/remote port>

6 Click Update and Reboot Now when prompted to save the change.

Aurorean Network Gateway-1000 User’s Guide

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

Refer to the table below for a sample IP port forwarding configuration:

Example

ipportfw -C

ipportfw -A -t10.120.50.215/23 -R 192.168.0.1/23

ipportfw -A -t10.120.50.215/21 -R 192.168.0.1/21

ipportfw -A -t10.120.50.215/6000 -R 192.168.0.2/6000

The above sample configuration performs the following tasks:

H Clears the IP port forwarding table

H Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to

port 23 on the internal server 192.168.0.1

H Maps FTP from the VPN address to the same 192.168.0.1 server

H Maps X windows (TCP port 6000) to a different server, 192.168.0.2

Aurorean Network Gateway-1000 User’s Guide

Aurorean Network Gateway

An Enterasys Networks device that creates a secure virtual private circuit

over the Internet between itself and a remote user’s computer. The Aurorean

Network Gateway encapsulates data packets using IPSec and encrypts data

to prevent third-parties from intercepting and examining it. There are three

types of Aurorean Network Gateways:

H Aurorean Network Gateway-7000 - a tunnel server that can

accommodate up to 5000 remote users

H Aurorean Network Gateway-3000 - a tunnel server that can

accommodate up to 500 remote users

H Aurorean Network Gateway-1000 - a tunnel server that establishes a

site-to-site tunnel between itself and either an ANG-7000 or an ANG-3000 server. It can accommodate up to 25 tunnels.

Glossary

GlossaryGlossary

Aurorean Web Config

Aurorean Web Config is the utility used to configure the Aurorean Network

Gateway-1000. It is Web based and is accessed through the use of a Web

browser.

Aurorean Policy Server

An Enterasys Networks device that manages Aurorean Network

Gateways. Network administrators configure Aurorean Policy Servers

from a

user database on the Aurorean Policy Server or instruct the Aurorean

Policy Ser ver to authenticate remote users against an external

Aurorean Network Gateway-1000 User’s Guide

RiverMaster computer. The network administrator can create a remote

DHCP

DSL

Appendix A

Glossary

authentication server (such as a RADIUS or SecurID server). When the network administrator changes tunnel connection parameters, the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request.

Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP addresses. The Aurorean Network Gateway-1000 is capable of assigning IP addresses.

Refers to Digital Subscriber Lines. DSL technologies use sophisticated modulation schemes to pack data onto copper wires. They are sometimes referred to as last-mile technologies because they are used only for connections from a telephone switching station to a home or office, not between switching stations. Usually the maximum distance between the home or office and the switching station has to be around one mile.

Ethernet

The Ethernet originated in 1974 by Xerox to connect many office machines together to allow communications between them. Coax cable was originally used. today twisted pair wire can be used and the speeds can be up to 10 megabits per second.

Firewall

A combination of hardware and software which limits the exposure of a corporate network to outside attack by enforcing a boundary between the network and the Internet. Firewalls normally fall into one of two categories: application-level or network-level (often referred to as a packet filter). An application-level firewall examines traffic at the application level, and only passes packets that are sent by approved applications (such as FTP, E-mail, or Telnet). This type of firewall often readdresses outgoing traffic so that it appears to have originated at the firewall rather than an internal host, thereby concealing the address of the internal host. A network-level firewall examines traffic at the network packet level, and filters packets based on the destination and/or source address.

Aurorean Network Gateway-1000 User’s Guide

Appendix A

Glossary

Generic Routing Encapsulation (GRE)

Internet Service Provider (ISP)

Tunneling protocol developed by Cisco that can encapsulate a wide variety of

protocol packet types inside IP tunnels, creating a virtual point-to-point link

over the Internet. For PPTP, GRE is used to encapsulate PPP data packets

within an IP packet (IP packet headers contain address information necessary

for routing, while PPP packets do not).

A vendor who provides direct access to the Internet. ISPs bill users for the

amount of time they are connected, and may also offer additional services

such as Web site hosting, E-mail, or news group readers. Remote users reach

the ISP by dialing into an ISP POP with a computer, modem, and phone line,

or over a dedicated circuit (such as a cable modem connection).

Abbreviation of Internet Protocol, pronounced as two separate letters. IP

specifies the format of packets, also called datagrams, and the addressing

scheme. Most networks combine IP with a higher-level protocol called

Transport Control Protocol (TCP/IP), which establishes a virtual connection

between a destination and a source.

IP Address

An identifier for a computer or device on a TCP/IP network. Networks using

the TCP/IP protocol route messages based on the IP address of the

destination. The format of an IP address is a 32-bit numeric address written as

four numbers separated by periods. Each number can be zero to 255. For

example, 172.16.4.14 could be an IP address.

IP Security Protocol (IPSec)

Short for IPSecurity, a set of protocols developed to support secure exchange

of packets at the IP layer.

Aurorean Network Gateway-1000 User’s Guide

LAN

Locan Area Network (LAN) connects computers and peripherals together in an office or a campus to allow the computers to access each other and other common peripherals.

LEDs

Abbreviation of light emitting diode, an electronic device that lights up when electricity is passed through it. LEDs are usually red, but the ANG-1000 uses green LEDs. The LEDs are used to indicators.

Mac Address

Short for Media Access Control address, a hardware address that uniquely identifies each node on a network.

Network Address Translation (NAT)

Described by Whatis.com as the translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, a company maps its local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This provides security since each outgoing or incoming request must undergo a translation process that also offers the chance to qualify or authenticate the request or match it with a previous request. NAT also conserves the number of global IP addresses that a company uses and permits the use of a single IP address to interface with the world. RiverMaster permits the Aurorean Network be configured as a NAT ser ver.

Appendix A

Glossary

Gateway to

Aurorean Network Gateway-1000 User’s Guide

Appendix A

Glossary

Network Administrator

Point of Presence (POP)

The person responsible for installing and maintaining a company’s network

equipment, and also insuring that network resources (such as servers and the

applications running on them) are consistently available and performing

well. In terms of Enterasys Networks products, this person physically installs

Aurorean Policy Servers and Aurorean Network Gateways,

distributes Aurorean Client Software

RiverMaster

software on his/her computer to manage the entire VPN.

to remote users, and runs

In Internet terms, the physical site that contains an ISP’s network

equipment. Remote users dial into the POP, authenticate against the ISP’s

customer database, and then gain access to the Internet. ISPs typically have

POPs scattered throughout their service area, so that can customers can dial a

local phone call and avoid paying long- distance charges when accessing the

Internet.

Point-to-Point Protocol (PPP)

The Internet standard for sending network traffic over serial lines, such as

dial-up phone lines. Unlike its predecessor SLIP (Serial Line Internet

Protocol), PPP provides error detection and compression capabilities.

Point-to-Point Tunneling Protocol (PPTP)

A network protocol for linking remote locations over the Internet rather than

over costly long-distance or leased lines. To accomplish this, PPTP

encapsulates other network protocols (such as TCP/IP, IPX, and NetBEUI)

and uses encryption to secure the data sent over the Internet. PPTP was

developed jointly by Microsoft and U.S. Robotics (3Com).

PPPoE

The Point-to-Point over Ethernet protocol provides a connection to the Internet

through a DSL provider. It is also identified as PPPoE.

Aurorean Network Gateway-1000 User’s Guide

RiverMaster

A management application running on a Windows NT 4.0 Workstation computer which communicates with Aurorean Policy Servers and

Aurorean Network Gateways. Using RiverMaster, a network administrator creates user databases, sets policies for user groups, views

activity logs, and generates usage reports.

Routers

Devices which direct network traffic among LANs or WANs until the data reaches its destination. To do this, routers communicate with one another using dedicated protocols such as IGRP (Interior Gateway Routing Protocol) and BGP (Border Gateway Protocol) to transfer information on network addressing, status, and configuration.

TCP/IP

Abbreviation for Transmission Control Protocol/Internet Protocol. The suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.

Appendix A

Glossary

Tunneling

Technology that lets a network transport protocol carry information for other protocols within its own packets. For example, by encapsulating NetBEUI packets, IP can route them across the Internet, which is not normally possible.

Virtual Private Network (VPN)

An extension of a company’s private network that uses the resources of the public Internet. While most private networks use dedicated lines and equipment that are company property, a virtual private network “borrows” resources from the Internet on an as-needed basis.

Aurorean Network Gateway-1000 User’s Guide

This appendix details the specifications of the ANG-1000.

Table 1 ANG-1000 Specifications

Category Parameters

Chassis Depth 6 1/2”

Width 10”

Height 1 /7/8”

Weight 1 lb.

Specifications

SpecificationsSpecifications

Environment Operating

Temperature

PFC Power Supply

Storage Devices

Performance Server Capacity > 25 concurrent tunnels

Aurorean Network Gateway-1000 User’s Guide

Power Adapter Input: 100-240VAC, ~0.4A, 47-63Hz

Memory 16 MB DRAM

Hard Drive 2 MB Flash

Tunnel

Performance

0° to 70° C

Regulated UL Listed Class 2 power supply must be used.

Output: 5v VDC, 2.5 Amp

Upto3MbpswithIPSec

Table 1 ANG-1000 Specifications (Continued)

Category Parameters

Appendix B

Specifications

Protocols & Standards

Ethernet Number of Ports Two

Safety Regulations

Tunnel Protocols IP Security Protocol (IPSec) as defined in RFC 2401 and 2409

Point-to-Point Tunneling Protocol (PPTP) as defined in RFC 1234 Generic Routing Encapsulation (GRE) as defined in RFC 1701 and 1702

Encapsulated LAN Protocols

Routing Protocols RIP V1, V2

Authentication Challenge Handshake Authentication Protocol (CHAP)

Encryption MPPE, 40-bit and 128-bit configurable keys (RC4-compatible)

Compression Microsoft Point-to-Point Compression (MPPC)

Data Transfer Rate 10 Mbps

Connector 8-position modular jack (RJ-45)

US/Canada/ Europe

Support for dynamic Virtual Network addressing, local network addressing, or static routes

MS-CHAP (Microsoft proprietary version of CHAP)

DES (56-bit) or Triple-DES (168-bit) with IPSec only

UL 1950, CSA C22.2 No.950, 73/23/EEC, EN60950, and IEC950

EMCI US, Canada,

Europe, Japan, Australia, New Zealand, Taiwan, Russia, International

FCC Part 15, CSA C108.8, 89/336/EEC, EN55022, EN61000-32, EN61000-3-3, EN50082-1, AS/NZS3548, and VCCI VD3.

Aurorean Network Gateway-1000 User’s Guide

Pin Assignments

Pin AssignmentsPin Assignments

This appendix describes pin assignments for the Ethernet connectors on the

back of the ANG-1000. Because ANG-1000 servers ship with all the cables

required, this information is only necessary if you need to purchase or

fabricate a replacement cable.

ANG-1000 servers are equipped with Ethernet ports located at the rear of the

chassis, supporting full-duplex 10Base-T transmission.

Both port types conform to IEEE 802.3 standards with 8-pin modular RJ-45

connectors. Figure 2 shows the pin assignments for ANG-1000 server

Ethernet ports.

Link 1 (TRUSTED)

Link 2 (EXTERNAL)

Figure 2 Ethernet Port Pin Assignments

Aurorean Network Gateway-1000 User’s Guide

Pin 8

Figure 1

Pin 1Pin 8

Pin 1

Pin Signal

1 Transmit +

2 Transmit -

3 Receive +

Return

6 Receive -

Return

Pin Assignments

Replacement Ethernet cables must meet the following requirements:

H Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring

H Length cannot exceed 328 feet (100 meters)

Appendix C

Aurorean Network Gateway-1000 User’s Guide

License Agreement & Support

License Agreement & SupportLicense Agreement & Support

This appendix describes the terms and conditions that govern the use of

Aurorean Virtual Network products (including the warranties) and provides

contact information for obtaining technical support from Enterasys

Networks.

Enterasys Networks License Agreement

PLEASE READ THIS DOCUMENT CAREFULLY BEFORE USING

ENTERASYS SOFTWARE. BY USING THE SOFTWARE PRODUCT SHIPPED

TO YOU BY ENTERASYS OR ITS DISTRIBUTOR (“LICENSED SOFTWARE”)

YOU ACCEPT THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT.

IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT

USE THE SOFTWARE PRODUCT. YOU MAY RETURN THIS PRODUCT TO

ENTERASYS FOR A FULL REFUND.

The Licensed Software is licensed, not sold, to you for use only under the

terms of this license, which represents the complete agreement and

understanding between you and Enterasys. Enterasys reserves any rights not

expressly granted to you. You own the media on which the software is

originally or subsequently recorded or fixed, but Enterasys retains ownership

of all copies of the software itself.

License Grant

Enterasys Networks, Inc., 35 Industrial Way, Rochester, New Hampshire

03866 hereby grants to Licensee a personal, nonexclusive, non-transferable

license to use the Licensed Software on the servers on which the Software is

first installed (“Licensed Servers”) and on an unlimited number of client

processors, subject to the limit on simultaneous users as specified by the

Aurorean Network Gateway-1000 User’s Guide

Enterasys Networks License Agreement Appendix D

License Agreement & Support

scope of the license that Licensee has purchased from Enterasys. Should one or more the above Licensed Servers be upgraded and/or replaced by other Enterasys servers purchased by Customer pursuant to Enterasys' then current upgrade policy, the license may be transferred and the Software may be used on the replacement server(s). This License shall commence upon the receipt by Licensee of the Licensed Software and shall continue until Licensee discontinues use or this Agreement is terminated. No ownership of the Licensed Software or any of its parts is transferred to Licensee.

Licensee may make copies of the Licensed Software in object code form for archival and backup purposes only. All copies (including copies of the documentation) must bear the copyright notice(s) and restricted rights legend contained in or on the original.

Except as expressly permitted by law without the possibility of contractual waiver, Licensee agrees that it will not attempt to reverse engineer, reverse compile or reverse assemble the Licensed Software or otherwise seek to gain access to source code for the Licensed Software.

Licensee shall take all reasonable steps to protect the Licensed Software and documentation from unauthorized copying and use. Licensee shall not, without the express written consent of Enterasys, provide, disclose, transfer or otherwise make available any Licensed Software, or copies thereof, to any third party.

Warranty

Enterasys warrants to Licensee that the Licensed Software will, when used in the specified operating environment, substantially perform in the manner described in its documentation, as it exists at the date of delivery, for a period of one year from the date of original delivery to the Licensee. Enterasys's sole obligation under this warranty shall be limited to using reasonable efforts to correct reproducible defects and distribute such corrections as part of the next scheduled maintenance release of the Software. Enterasys does not warrant that: (i) operation of any of the Licensed Software will be uninterrupted or error free, or (ii) functions contained in the Licensed Software shall operate in the combination which may be selected for use by Licensee or meet Licensee's requirements. Enterasys's warranty obligations shall be void if the Licensed Software is modified without the written consent of Enterasys.

Aurorean Network Gateway-1000 User’s Guide

Appendix D Enterasys Networks License Agreement

License Agreement & Support

EXCEPT AS SPECIFICALLY PROVIDED HEREIN, THERE ARE NO

WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED

TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR ANY

IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.

Infringement Indemnification

Enterasys shall indemnify, defend and hold Customer harmless from and

against any claims, actions, or demands alleging that the Licensed Software

directly infringes any United States patent, trademark, or copyright, or

misappropriates any trade secret right of any third party, provided that

Customer promptly notifies Enterasys of any such claim, allows Enterasys to

control the defense and provides reasonable information and assistance to

Enterasys (at Enterasys' expense) in the defense of the claim. Customer shall

permit Enterasys to replace or modify any affected Licensed Software to

avoid infringement, or to procure for Customer the right to continue to use

such Licensed Software. If neither of such alternatives is reasonably possible,

Enterasys may require Customer to return the affected Licensed Software to

Enterasys and Enterasys' sole liability in regard to such return shall be to

refund the purchase price paid by Customer. Enterasys shall have no

obligation with respect to claims, actions, or demands to the extent that they

are based upon (i) the combination of Licensed Software with any items not

supplied by Enterasys, (ii) any modification or change to the Licensed

Software by Customer, or, (iii) any failure by Customer to implement

modifications or replacements distributed by Enterasys that address any

alleged infringement. This Section states the entire liability of Enterasys with

respect to indemnification or liability for infringement or misappropriation of

patents, copyrights, trademarks, trade secrets or other proprietary rights by

Enterasys or the Licensed Software or any part thereof or by their use or

operation.

Limitation of Liability

ENTERASYS AND ITS LICENSORS' TOTAL LIABILITY FOR ANY CAUSE

OF ACTION ARISING IN CONNECTION WITH THIS AGREEMENT, AND

REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR

IN TORT INCLUDING NEGLIGENCE, SHALL BE LIMITED TO THE

ACTUAL DOLLAR AMOUNT ENTERASYS RECEIVED HEREUNDER

FROM CUSTOMER FOR THE PARTICULAR PRODUCTS WHICH ARE THE

Aurorean Network Gateway-1000 User’s Guide

Enterasys Networks License Agreement Appendix D

License Agreement & Support

SUBJECT MATTER OF THE CAUSE OF ACTION. IN NO EVENT SHALL ENTERASYS BE LIABLE FOR ANY LOST OR ANTICIPATED PROFITS OR SAVINGS, OR ANY INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE, AND WHETHER OR NOT ENTERASYS WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT PERMIT DISCLAIMERS OF IMPLIED WARRANTIES OR OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE DISCLAIMERS MAY NOT APPLY TO YOU.

Termination

Enterasys may terminate this license agreement and Licensee's right to use the Licensed Software if Licensee materially breaches the terms of this Agreement or fails to pay the licensee fee when due, and fails to cure such breach within thirty days of notice thereof by Enterasys.

International Provisions

Licensee agrees that it shall not directly or indirectly export the Licensed Software, individually or as part of a system, without first obtaining a license from the U.S. Department of Commerce or any other appropriate agency of the U.S. Government, as required. Diversion of products contrary to U.S. law is prohibited.

Applicable Law

The parties agree that this license shall be governed by the substantive laws of the Commonwealth of Massachusetts and the United States. The exclusive jurisdiction for any dispute regarding this Agreement shall be in the United States of America or, for Licensees located in Europe, London, England. The parties expressly disclaim the applicability of the U.N. Convention on the Sales of Goods.

Aurorean Network Gateway-1000 User’s Guide

Appendix D

License Agreement & Support

U. S. Government - Commercial Computer Software

This Licensed Software is Commercial Computer Software as provided in 48

CFR 2.101 and is licensed to U.S. Government agencies and personnel only

with the rights set forth in this license. The use of the Licensed Software by

the Government constitutes acknowledgment of Enterasys's proprietary

rights in the Licensed Software. The manufacturer is Enterasys Networks, 35

Industrial Way, Rochester, New Hampshire 03866. The licensee or user of this

product agrees not to remove any of the RESTRICTED RIGHTS legends and

markings included in this software and associated documentation.

Technical Support

Enterasys Networks provides easy access to technical support information

through a variety of services.

Support from Enterasys Networks

Enterasys Networks offers two ways of contacting customer support

personnel.

Technical Support

On-line Services

To receive answers to technical questions on Aurorean Virtual Network

products, send E-mail to:

support@enterasys.com

Please include your name, title, company, and phone number in all

correspondence.

Phone Support

Enterasys Networks customer support personnel are available by calling

1-800-872-8440. When you call, please call from a position where you can

operate the RiverMaster management application or view the server’s LEDs,

and make sure you have the following information ready:

H State of the LEDs on both the front and rear panels of the server(s)

H A list of the error messages appearing in the RiverMaster

message/alarm display

Aurorean Network Gateway-1000 User’s Guide 53

Technical Support

Returning Products for Repair

Appendix D

License Agreement & Support

H Details about any recent configuration changes, if applicable

Enterasys Networks also recommends that you have the RiverMaster Administrator’s Guide on hand when you call.

After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1000/3000/7000 for repairs. You will receive a Return Material Authorization (RMA) number for the server. Ship the server, with the RMA number clearly visible on the outside of the package, to the following address:

Enterasys Networks 35 Industrial Way Rochester, NH 03866

Enterasys Networks recommends that you reuse the original shipping box or equivalent packaging to protect the server during shipment.

NOTE

Products sent to Enterasys Networks without an RMA number will be

returned to the sender unopened, at the sender’s expense.

54 Aurorean Network Gateway-1000 User’s Guide

Index

IndexIndex

Accessories 4 ANG-1000

Accessory Kit Ethernet LEDs 9 Ethernet ports 5 front panel LEDs 10 Interconnects 6 Power connections 7 specifications 45 unpacking 3 Usage ix

Aurorean Network Gateway

definition

Aurorean Network Gateway-1000 See ANG-1000 Aurorean Policy Server

definition

Aurorean Web Config, definition 39 authentication 46

cables

connecting Ethernet

requirements 48 Canadian notices iii compliance 46 compression 46 Connecting 7 connector pin assignments 47 connectors Ethernet 47 customer support phone numbers 53

4–7

DHCP, definition 40 DSL (Digital Subscriber Line) 40

encryption 46 Ethernet

cable requirements definition 40 port LEDs 6 ports 2, 5 specifications 46

External port connecting cables 7

Firewall, definition 40

Generic Routing Encapsulation (GRE) 41, 46 GRE. See Generic Routing Encapsulation (GRE)

installation

before you begin connecting cables 4–7 connecting power 8 locating a server 4

Internet Service Provider (ISP)

definition

IP (Internet Protocol) 41 IP address, definition 41 IP Security Protocol (IPSec) 46

definition 41

IPX 43

LAN

definition protocols 46

Aurorean Network Gateway-1000 User’sGuide 55

Index

LEDs

definition Ethernet ports 6, 9 front panel 9

license agreement 49–53

Mac Address, definition 42

NAT server

description

NetBEUI 43 Network Address Translation (NAT), definition

Network Administrator, definition 43 network cable requirements 48 Notices

Canadian FCC iii General ii UL iii

iii

on-line customer support 53

pin assignments Ethernet 47 Point of Presence (POP), definition 43 Point-to-Point Protocol (PPP), definition 43 Point-to-Point Tunneling Protocol (PPTP) 46

definition 43

POP

definition

power

connections power supply 8

specifications 45 PPP, definition 43 PPPoE, definition 43

PPTP, definition 43 protocols 46

regulatory compliance 46 RiverMaster

definition

RJ-45

connector pin assignments

RMA number 54 Routers, definition 44 routing 46

safety compliance 46 Safety Instructions iv specifications

chassis parameters CPU memory 45 Ethernet port specifications 46 general 45–46 hard drive specifications 45 operating temperature 45 processor specifications 45 safety regulations 46 server capacity 45 server performance 45 supported protocols 46

System Description 1

TCP/IP 43, 44 technical support 53 Trusted port connecting cables 6 tunnel protocols 46 tunneling, definition 44

UL notices iii

56 Aurorean Network Gateway-1000 User’s Guide

Virtual Private Network (VPN), definition 44 VPN. See Virtual Private Network (VPN) 44

warranty 50

Index

Aurorean Network Gateway-1000 User’s Guide 57

Enterasys Networks ANG-1000 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About This Guide

Index

Contents of the Guide

About This Guide

Conventions Used in This Guide

Related Publications

System Description

Overview

Unpacking the ANG-1000

Installation

Accessories

Location Planning

Connecting Cables

Ethernet Cables

Connecting an ANG-1000

4 Plug the opposite end of this cable into a DSL or cable modem.

Connecting Power to the ANG-1000

Checking ANG-1000 Connections

Rear Panel Link LEDs

Front Panel LEDs

Before You Begin

Logging into Web Config

3 Click the checkbox to save your password if you desire and click OK.

Viewing VPN Status

1 Click the Firmware Upgrade menu option and go to the next page.

Downloading the Latest Firmware

1 Click the Firmware Upgrade menu option.

4 Enter the Username anonymous

5 Enter netadmin in the Password and Confirm fields and click Apply.

8 Reboot the ANG-1000 by clicking Reboot Now.

Setting Up the VPN

1 Click the VPN Setup menu option.

1 Enter the Name of the remote ANG-3000/7000 you are connecting to.

2 Enter the Gateway IP address of the remote ANG-3000/7000.

3 Enter the Username on the remote ANG-3000/7000.

4 Enter the Password on the remote ANG-3000/7000.

5 Confirm the password on the remote ANG-3000/7000.

6 Select the Connection type: either EZ-IPsec or PPTP.

9 Click Apply.

Setting Up the Internet Connection

1 Click the Internet Setup menu option.

2 Do one of the following:

Setting Up the LAN

1 Click the LAN Setup menu option.

2 Do one of the following:

Setting Up the Firewall

1 Click the Firewall Setup menu option.

2 Enable the option of your choice and click Apply.

Setting Your Password

1 Click the Set Password menu option.

2 Type the old Password in the field provided.

3 Type a new Password in the field provided.

4 Confirm the new password in the field provided.

5 Click Apply.

Checking Device Status

1 Click the Device Status menu option.

Using Advanced Utilities

1 Click the Advanced Utilities menu option.

2 Do one of the following:

Using the Configuration Editor

1 Click the Configuration Edit menu option.

2 Click on the command of your choice.

4 Edit the UNIX command and click Update or Delete.

Configuring IP Port Forwarding

1 Login to Web Config.

2 Click on the Config File Editor menu option.

4 In the Configuration File Edit window, scroll to the end of the file.

5 Under **Expert-Config**, type the following rules:

6 Click Update and Reboot Now when prompted to save the change.

Glossary

Specifications

Pin Assignments

License Agreement & Support

Enterasys Networks License Agreement

License Grant

Warranty

5 Under Expert-Config, type the following rules: