Enterasys Networks ANG-1000 User Manual
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network Aurorean™ Virtual Network
ANG-1000
ANG-1000
ANG-1000ANG-1000
User’s Guide
User’s Guide
User’s GuideUser’s Guide
Version 1.0
Version 1.0
Version 1.0Version 1.0
Notice
Enterasys Networks and its licensors reserve the right to make changes in specifications and other
information contained in this document without prior notice. The reader should in all cases consult
Enterasys Networks to determine whether any such changes have been made. The hardware, firmware,
or software described in this manual is subject to change without notice.
IN NO EVENT SHALL Enterasys Networks AND ITS LICENSORS BE LIABLE FOR ANY INCIDENTAL, INDIRECT,
SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST
PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN
IF Enterasys Networks AND ITS LICENSORS HAVE BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN,
THE POSSIBILITY OF SUCH DAMAGES.
Enterasys Networks, Inc.
35 Industrial Way
Rochester, NH 03866-5005
Enterasys Networks, Inc. is a subsidiary of Cabletron Systems, Inc. 2001 by Enterasys Networks, Inc. All Rights
Reserved Printed in the United States of America
The Enterasys Networks logo, Aurorean, Prescriptive Diagnostics Engine, RiverMaster, Intelligent Client Routing,
TollSaver are trademarks of Enterasys Networks.
Microsoft, MS, and MS-DOS are registered trademarks and Windows, Windows 95, Windows 98, Windows NT,
Windows 2000 Professional and Windows Millennium are trademarks of Microsoft Corporation in the USA and other
countries.
Virtual Network Computing is a trademark of AT&T Laboratories Cambridge.
ActiveState, ActivePerl, and PerlScript are trademarks of ActiveState Tool Corp.
Other trademarks and trade names used in this publication belong to their respective owners.
Aurorean Virtual Network software includes the following third-party components:
Commercial support for ActivePerl is available through PerlClinic at http://www.ActiveState.com. Peer support resources for
ActivePerl issues can also be found at the ActiveState Web site under support at http://ActiveState.com/support/. The ActiveState
Repository has a large collection of modules and extensions in binary packages that are easy to install and use. To view and
install these packages, use the Perl Package Manager (PPM) which is included with ActivePerl. ActivePerl is the latest Perl
binary distribution from ActiveState and replaces what was previously distributed as Perl for Win32. The latest release of
ActivePerl as well as other professional tools for Perl developers are available from the ActiveState Web site.
Gate Daemon software © 1995 The Regents of the University of Michigan. All rights reserved.
Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators.
A DES implementation written by Eric Young © 1995-1997 Eric Young (eay@cryptsoft.com). All rights reserved.
MD4 and MD5 implementation derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm and
MD5 Message-Digest Algorithm © 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
ccp.c - PPP Compression Control Protocol © 1994 The Australian National University. All rights reserved.
chap.c - Crytographic Handshake Authentication Protocol © 1991 Gregory M. Christy. All rights reserved.
chap_ms.c - Microsoft MS-CHAP compatible implementation © 1995 Eric Rosenquist, Strata Software Limited
(www.strataware.com). All rights reserved.
fsm.c - {Link, IP} Control Protocol Finite State Machine © 1989 Carnegie Mellon University. All rights reserved.
Routines to compress and uncompress TCP packets (for transmission over low speed serial lines) © 1989 Regents of the
University of California. All rights reserved.
Portions of the Aurorean Client Software are copyrighted to ICE Engineering, Inc. and licensed through a GNU public license. For
more information, including access to the source code, visit their Web site at www.ice.com.
Part Number: AVN-ANG1-R10
May 2001
PrintedintheUSA
ii
Aurorean Network Gateway-1000 User’s Guide
Federal Communications Commission (FCC) Notices
The Aurorean Network Gateway-100 complies with Title 47 Part 15, Subpart B of FCC Rules. Operation is subject to
the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operation.
Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority
granted by the FCC or other such agency to operate this equipment.
There are no user-repairable components in the Aurorean Network Gateway-1000.
Canadian Notices
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the
interference-causing equipment standard entitled “Digital Apparatus”, ICES-003 of the Department of
Communications (Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils
numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques”,NMB-003
édictée par le ministre des Communications).
NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective, operational and safety requirements. The Department does not
guarantee the equipment will operate to the user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local
telecommunications company. The equipment must also be installed using an acceptable method of connection. In
somecases,theinsidewiringassociatedwithasinglelineindividualservicemaybeextendedbymeansofacertified
connector assembly. The customer should be aware that compliance with the above conditions may not prevent
degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the
supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the
telecommunications company cause to request the user to disconnect the equipment.
Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines
and internal metallic water pipe system, if present, are connected together. This precaution may be particularly
important in rural areas.
CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate
electric inspection authority, or electrician, as appropriate.
UL Notices
The Aurorean Policy Server and Aurorean Network Gateway have been tested and found to comply with the UL 1950
Revision 3 regulation.
European Notices
The ANG-1000 has been tested and found to comply with the CISPR 22:1997 Class B regulation.
Aurorean Network Gateway-1000 User’s Guide
iii
ELECTRICAL HAZARD: Only qualified personnel should perform installation
procedures.
Important Safety In structions
1) Read these instructions carefully. Save these instructions for future reference.
2) Follow all warnings and instructions marked on the product.
3) Unplug this product from the wall outlet before cleaning. Do not use liquid cleaners or aerosol cleaners. Use
a damp cloth for cleaning.
4) Do not use this product near water.
5) Do not place this product on an unstable cart, stand, or table. The product may fall, causing serious damage
to the product.
6) Slots and openings in the chassis are provided for ventilation; to ensure reliable operation of the product
and to protect it from overheating, these openings should not be blocked or covered. The openings should
never be blocked by placing the product on a bed, sofa, rug, or other similar surface. This product should
never be placed near or over a radiator or heat register, or in a built-in installation unless the proper
ventilation is provided.
7) This product should be operated from the type of power indicated on the marking label. If you are not sure of
the type of power available, consult Enterasys Networks or your local power company.
8) Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the
cord.
9) If an extension cord is used with this product, make sure that the total ampere rating of the equipment
plugged into the extension cord does not exceed the extension cord ampere rating. Also, make sure that the
total rating of all products plugged into the wall outlet does not exceed the fuse rating.
10) Never push objects of any kind into this product through chassis slots as they may touch dangerous voltage
points or short out parts that could result in a fire or electric shock. Never spill liquid of any kind on the
product.
11) Do not attempt to service this product yourself, as operating or removing covers may expose you to
dangerous voltage points or other risks. Refer all servicing to qualified service personnel.
12) Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following
conditions:
a) When the power cord or plug is damaged or frayed.
b) If liquid has been spilled into the product.
c) If the product has been exposed to rain or water.
d) If the product does not operate normally when the operating instructions are followed. Adjust only
those controls that are covered by the operating instructions since improper adjustment of other
controls may result in damage and will often require extensive work by a qualified technician to restore
the product to normal condition.
e) If the product has been dropped or the chassis has been damaged.
f) If the product exhibits a distinct change in performance, indicating a need for service.
13) Use only the proper type of power supply cord set (provided in your accessories box) for this unit. It should
be a detachable type, UL listed/CSA certified, type SPT-2, rated 7A 125V minimum, VDE approved or
equivalent. Maximum length is 15 feet (4.6 meters).
iv
Aurorean Network Gateway-1000 User’s Guide
About This Guide
Contents of the Guide ...........................................................................................................ix
Conventions Used in This Guide...........................................................................................x
Related Publications .............................................................................................................. xi
Chapter 1 – Overview
System Description ..................................................................................................................1
Chapter 2 – Installation
Unpacking the ANG-1000 ......................................................................................................3
Accessories ........................................................................................................................4
Location Planning .............................................................................................................4
Connecting Cables ...................................................................................................................4
Ethernet Cables .................................................................................................................5
Table of Contents
Table of Contents
Table of ContentsTable of Contents
Connecting an ANG-1000 ....................................................................................... 6
Connecting Power to the ANG-1000.....................................................................................7
Checking ANG-1000 Connections.........................................................................................9
Rear Panel Link LEDs ......................................................................................................9
Front Panel LEDs ..............................................................................................................9
Aurorean Network Gateway-1000 User’s Guide
v
Chapter 3 – Configuring the ANG-1000 with Aurorean Web
Config
Before You Begin .............................................................................................................11
Logging into Web Config .............................................................................................. 13
Viewing VPN Status ...................................................................................................... 14
Downloading the Latest Firmware.............................................................................. 15
Setting Up the VPN ....................................................................................................... 18
Setting Up the Internet Connection............................................................................. 20
Setting Up the LAN ....................................................................................................... 23
Setting Up the Firewall.................................................................................................. 25
Setting Your Password .................................................................................................. 27
Checking Device Status ................................................................................................. 28
Using Advanced Utilities.............................................................................................. 31
Using the Configuration Editor ................................................................................... 32
Configuring IP Port Forwarding ......................................................................... 35
vi Aurorean Network Gateway-1000 User’s Guide
Appendix A – Glossary
Appendix B – Specifications
Appendix C – Pin Assignments
Appendix D – License Agreement & Support
Enterasys Networks License Agreement............................................................................49
License Grant...................................................................................................................49
Warranty...........................................................................................................................50
Infringement Indemnification.......................................................................................51
Limitation of Liability ....................................................................................................51
Termination......................................................................................................................52
International Provisions .................................................................................................52
Applicable Law ...............................................................................................................52
U. S. Government - Commercial Computer Software...............................................53
Technical Support...................................................................................................................53
Support from Enterasys Networks...............................................................................53
On-line Services ...................................................................................................... 53
Phone Support......................................................................................................... 53
Returning Products for Repair ......................................................................................54
Index
Aurorean Network Gateway-1000 User’s Guide vii
This guide describes how to mount, connect, power-up, and maintain an
Aurorean™ Network Gateway-1000 (ANG-1000) from Enterasys Networks.
This guide is written for administrators who want to configure the ANG-1000
for their remote clients or experienced users who are knowledgeable of basic
networking principles.
Contents of the Guide
Information in this guide is arranged as follows:
H Chapter 1, Overview highlights the key features of the Aurorean
Virtual Network family of enterprise VPN products.
H Chapter 2, Installation describes how to physically mount, connect,
and power-up Aurorean servers.
H Chapter 3, Configuring the ANG-1000 with Aurorean Policy Manager,
details how to configure the server.
H Appendix A, Glossary defines terms used in this manual.
H Appendix B, Specifications provides essential physical and operational
characteristics of the ANG-1000.
About This Guide
About This Guide
About This GuideAbout This Guide
H Appendix C, Pin Assignments describes the pinouts of the LAN
connectors.
H Appendix D, License Agreement & Support describes the warranty terms
and support policies covering Enterasys Networks products.
Aurorean Network Gateway-1000 User’s Guide
ix
Conventions Used in This Guide About This Guide
Conventions Used in This Guide
The following conventions are used in this guide:
NOTE Notes supply additional helpful information,
provide a cross-reference to the source of more
information, or emphasize issues you should
consider when performing an action.
CAUTION Cautions contain directions that can prevent you
from damaging the product or losing data.
WARNING Warnings provide directions that you must
follow to avoid harming yourself.
Bold Text in boldface indicates values you type using
the keyboard or select using the mouse (for
example, a:\setup). Default settings may also
appear in bold.
Italics Text in italics indicates a variable, important new
term, or the title of a manual.
SMALL CAPS Small caps specify the keys to press on the
keyboard; a plus sign (+) between keys indicates
that you must press the keys simultaneously (for
example,
CTRL+ALT+DEL).
Courier font Text in this font denotes a file name or directory.
x
Aurorean Network Gateway-1000 User’s Guide
About This Guide Related Publications
Related Publications
The following publications are also available with the Aurorean Network
Gateway-1000:
H The ANG-1000 Quick Setup card which highlights the basic steps
required to install the Aurorean Network Gateway-1000.
H The Installation & Service Guide which describes how to install and
maintain the ANG-3000/7000 series, the Aurorean server which can
be used to complete a VPN connection with the ANG-1000.
H A Portable Document File (PDF) version of this manual is available and
can be downloaded from the Enterasys.com Web site. You can view
this manual on-line or print a copy of it using Adobe Acrobat
Reader 3.0 (or later). Acrobat Reader can be downloaded from the
Enterasys web site or the Adobe web site at www.adobe.com.
Aurorean Network Gateway-1000 User’s Guide
xi
This chapter describes the key features of the Aurorean Network
Gateway 1000 and how it is used.
System Description
The ANG-1000, displayed in Figure 1, provides home or small office
connectivity to a corporate branch office or headquarters. It supports up to 25
tunnels.
1
Overview
Overview
OverviewOverview
ANG-1000
Front
Figure 1 ANG-1000 Front and Rear Views
Figure 2 illustrates how the ANG-1000 typically connects to the corporate
network.
Aurorean Network Gateway-1000 User’s Guide
ANG-1000
Rear
1
System Description Chapter 1
Overview
Hub
Cable/DSL modem
ANG-1000
- Initiates tunnel to ANG-3000/7000
- Negotiates tunnel protocols
- Encrypts data over tunnel
An ANG-1000 comes equipped with the following:
H 100-240V 47-63 Hz power supply.
INTERNET
- Negotiates tunnel protocols
- Compresses data over tunnel
- Encrypts data over tunnel
ANG-3000/7000
Router
Site-to-Site connection
Figure 2 ANG-1000 Topology
APS-3000/7000
- Authenticates Aurorean
users (or forwards login
requests to RADIUS servers)
- Logs message/alarm activity
- Maintains master TollSaver
database
Firewall
- Defines user/group policies
- Displays message/alarm activity
- Configures system network settings
RiverMaster
H High-performance CPU: 91.5 MHz.
H Complete set of diagnostic LEDs that show the server’s operational
status.
H Two 10 Base-T Ethernet ports to connect the system to the network
and the Internet.
2
Aurorean Network Gateway-1000 User’s Guide
This chapter describes the steps required to unpack, install and connect an
Aurorean Network Gateway-1000 onto a desktop.
Unpacking the ANG-1000
Remove the ANG-1000 from the shipping box. Save the box in case the unit
needs to be returned.
2
Installation
Installation
InstallationInstallation
Quick
Setup
card
Power
supply Cables
Figure 3 Removing ANG-1000 from the Shipping Box
Aurorean Network Gateway-1000 User’s Guide
Power
cord
N
P
V
1
2
S
M
M
A
O
O
R
C
T
E
C
E
t
T
N
e
l
N
n
a
E
r
n
e
r
t
e
n
t
I
x
d
E
e
t
s
u
r
r
T
e
w
e
o
v
i
P
t
c
A
M
T
n
0
a
0
e
0
r
1
o
-
r
G
u
N
A
A
System Software
S
M
S
K
T
Y
R
O
W
CD ROM
3
Connecting Cables Chapter 2
Installation
The box contains a CD ROM with this instruction manual in the Adobe PDF
format, a Quick Setup card and accessories.
Accessories
The ANG-1000 also is shipped with the following accessories:
H Two 10baseT cables (blue and orange) to connect to the LAN
ports/hub.
H One cross-over (red) cable for a direct PC/Network Gateway
connection.
H One power supply with an attached cable to connect to the
ANG-1000.
H One power cord to connect the power supply to the AC outlet.
Location Planning
Place the ANG-1000 on a desktop near the following:
H Ethernet wall jack, patch panel, or hub with available ports.
H Near a DSL or Cable modem.
H A grounded wall outlet or uninterruptible power supply (UPS).
Connecting Cables
Ethernet cables are used to connect the ANG-1000 to your computer or LAN
and the Internet.
ANG-1000
Front
4
ANG-1000
Rear
Figure 4 Front and Rear Views of the ANG-1000
Aurorean Network Gateway-1000 User’s Guide
Chapter 2 Connecting Cables
Installation
All interconnections are made at the back of the ANG-1000 (refer to Figure 4).
Although there is no power switch, a reset button is located in the rear of the
unit.
CAUTION
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you supplied must
then be re-entered. We strongly recommend that you do not use the reset
button unless you want the configuration to return to factory defaults.
Ethernet Cables
The ANG-1000 is equipped with two 8-pin modular RJ-45 Ethernet ports
labeled Tr u s t e d and External as shown in Figure 5. The Trusted port is
connected to a computer or hub/switch with networked computers. The
External port is connected to a cable or DSL modem.
5
The trusted connection can be either a sole desktop computer or a hub that
connects up to 25 tunnels to the network as shown in Figure 6.
Aurorean Network Gateway-1000 User’s Guide
P
o
w
e
r
V
d
c
2
.
5
T
r
A
u
s
t
e
d
1
E
x
t
0
B
a
e
r
s
e
n
T
Figure 5 Location of the Ethernet Ports
R
a
e
s
l
e
t
5
Connecting Cables Chapter 2
Installation
Connecting an ANG-1000
The ANG-1000 is typically set up in the configuration shown below.
Site-to-site tunnel
Trus ted
connection
or
User
ANG-3000/7000
User
Hub
User
Cable / DSL
Modem
INTERNET
External
connection
Aurorean Network
Gateway-1000
Site-to-site tunnel
Internet connection
Trusted connection
Figure 6 Connecting the ANG-1000
To connect the ANG-1000 Ethernet port, perform the following steps:
1 Do one of the following as shown in Figure 7:
– If you are connecting to a hub, plug the blue, straight-through
Ethernet cable into the Trusted port of the ANG-1000.
– If you are connecting directly to a computer, attach one end of the
red, cross-over cable to the Trusted port and the other end to an
RJ45 connector on your computer. Skip to Step 3.
2 Plug the opposite end of the blue Ethernet cable into a wall jack,
patch panel, or hub linked to a protected network segment.
The top link LED next to the ANG-1000’s Trusted port will
immediately light if the port is connected to a 10 Mbps network after
the unit is powered up.
6
Aurorean Network Gateway-1000 User’s Guide
Chapter 2 Connecting Power to the ANG-1000
Installation
Optional crossover cable
for direct PC connection
Trusted
Figure 7 Connecting Ethernet Cables to an ANG-1000
3 Plug an orange, straight-through Ethernet cable into the External port
as shown in Figure 7.
4 Plug the opposite end of this cable into a DSL or cable modem.
After you connect power, the top External LED at the rear of the
ANG-1000 will be lit the moment the cable it is connected.
NOTE
If you have a DSL modem, you will need to get an IP address from your
provider and configure it before the External LED will light. This
condition may also exist for selective cable customers. Some cable
internet providers require that you supply the MAC address of your
computer. Refer to Chapter 3 for directions.
Connecting Power to the ANG-1000
External
WARNING
To avoid electrical shock, connect the Aurorean system only to a
grounded (earthed) outlet.
Aurorean Network Gateway-1000 User’s Guide
7
Connecting Power to the ANG-1000 Chapter 2
Installation
A switching power supply including a 6’ power cord and a 7’ electrical cord
with an attached power supply is supplied with each system. To connect
these items to an ANG-1000, perform the following steps:
1 Plug the power supply cord into the system’s power socket as shown
in Figure 8.
Power supply cable
Figure 8 Connecting AC Power on the ANG-1000
2 Plug the correct end of the AC power cord into the power supply and
the other end into a grounded AC outlet or UPS as shown in Figure 9.
The front Power LED will light the moment you power up the unit.
Power supply
AC power cord
Figure 9 Connecting the Power Cable to the Power Supply
NOTE
International customers may swap the electrical cord segment shipped
with the ANG-1000 for a cord that meets the proper standard for their
country. A custom cord can be inserted in the power supply.
8
Aurorean Network Gateway-1000 User’s Guide
Chapter 2 Checking ANG-1000 Connections
Installation
Checking ANG-1000 Connections
The ANG-1000 is now connected and ready for configuration. Check rear and
front LEDS in the manner described below to confirm that the connections are
working properly.
Rear Panel Link LEDs
The two top link LEDs on the rear panel light the moment a connection is
made to the respective network. The two bottom link LEDs light when data is
received and transmitted to the respective network by the ANG-1000. Trusted
and external connections are operational and traffic is being passed as shown
in Figure 10.
TRUSTED
EXTERNAL
Figure 10 Network Connection Indicators
Front Panel LEDs
The two front LEDs behave as follows at when powered up at startup:
H Power LED lights
H Active LED blinks indicating the CPU is active
All front panel LEDs are displayed in Figure 11.
Aurorean Network Gateway-1000 User’s Guide
9
Loading...