Page 1
Aurorean ™ Virtual Network
Aurorean ™ Virtual Network
Aurorean ™ Virtual Network Aurorean ™ Virtual Network
ANG-1100
ANG-1100
ANG-1100ANG-1100
User’s Guide
User’s Guide
User’s GuideUser’s Guide
Version 2.1
Version 2.1
Version 2.1Version 2.1
Page 2
Notice
Enterasys Networks and its licensors reserve the right to make changes in specifications and other
information contained in this document without prior notice. The reader should in all cases consult
Enterasys Networks to determine whether any such changes have been made. The hardware, firmware,
or software described in this manual is subject to change wi thout notice.
IN NO EVENT SHALL ENTERASYS NETWORKS AND ITS LICENSORS BE LIABLE FOR ANY INCIDENTAL,
INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO
LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT,
EVEN IF ENTERASYS NETWORKS AND ITS LICENSORS HAVE BEEN ADVISED OF, KNOWN, OR SHOULD
HAVE KNOWN, THE POSSIBILI TY OF SUCH DAMAGES.
Enterasys Networks, Inc.
35 Industrial Way
Rochester, NH 03866-5005
2001 by Enterasys Networks, Inc.
All Rights Reserved
Printed in the United States of America
The ENTERASYS NETWORKS logo, AUROREAN, PRESCRIPTIVE DIAGNOSTICS ENGINE, RIVERMASTER,
INTELLIGENT CLIENT ROUTING, and TOLLSAVER are trademarks of Enterasys Networks.
MICROSOFT , MS, and MS-DOS are registered trademarks and Windows, Windows 95, Windows 98, Windows NT,
Windows 2000 Professional and Windows Millennium are trademarks of Microsoft Corporation in the USA and other
countries.
VIRTUAL NETWORK COMPUTING is a trademark of AT&T Laboratories Cambridge.
Other trademarks and trade names used in this publication belong to their respective owners.
Aurorean Virtual Network software includes the following third-party components:
Commercial support for ActivePerl is available through PerlClinic at http://www.ActiveState.com. Peer support resources for
ActivePerl issues can also be found at the ActiveState Web site under support at http://ActiveState.com/support/. The ActiveState
Repository has a large collection of modules and extensions in binary packages that are easy to install and use. To view and
install these packages, use the Perl Package Manager (PPM) which is included with ActivePerl. ActivePerl is the latest Perl
binary distribution from ActiveState and replaces what was previously distributed as Perl for Win32. The latest release of
ActivePerl as well as other professional tools for Perl developers are available from the ActiveState Web site.
Gate Daemon software © 1995 The Regents of the University of Michigan. All rights reserved.
Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators.
A DES implementation written by Eric Young © 1995-1997 Eric Young (eay@cryptsoft.com). All rights reserved.
MD4 and MD5 implementation derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm and
MD5 Message-Digest Algorithm © 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
ccp.c - PPP Compression Control Protocol © 1994 The Australian National University. All rights reserved.
chap.c - Crytographic Handshake Authentication Protocol © 1991 Gregory M. Christy. All rights reserved.
chap_ms.c - Microsoft MS-CHAP compatible implementation © 1995 Eric Rosenquist, Strata Software Limited
(www.strataware.com). All rights reserved.
fsm.c - {Link, IP} Control Protocol Finite State Machine © 1989 Carnegie Mellon University. All rights reserved.
Routines to compress and uncompress TCP packets (for transmission over low speed serial lines) © 1989 Regents of the
University of California. All rights reserved.
Portions of the Aurorean Client Software are copyrighted to ICE Engineering, Inc. and licensed through a GNU public license. For
more information, including access to the source code, visit their Web site at www.ice.com.
Part Number: 9033734-01
October 2001
Printed in the United States of America
ii Aurorean Network Gateway-1100 User’s Guide
Page 3
Federal Communications Commission (FCC) Notices
The Aurorean Network Gateway-1102/1 105 complies with T itle 47 Part 15, Class B of FCC rules. Operation is subject
to the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operation.
Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority
granted by the FCC or other such agency to operate this equipment.
There are no user-repairable components in the Aurorean Network Gateway-1102/1105.
Canadian Notices
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the
interference-causing equipment standard entitled “Digital Apparatus”, ICES-003 of the Department of
Communications (Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils
numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques”, NMB-003
édictée par le ministre des Communications).
NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective, operational and safety requirements. The Department does not
guarantee the equipment will operate to the user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local
telecommunications company. The equipment must also be installed using an acceptable method of connection. In
some cases, the inside wiring associated with a single line individual service may be extended by means of a certified
connector assembly. The customer should be aware that compliance with the above conditions may not prevent
degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the
supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the
telecommunications company cause to request the user to disconnect the equipment.
Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines
and internal metallic water pipe system, if present, are connected together. This precaution may be particularly
important in rural areas.
CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate
electric inspection authority, or electrician, as appropriate.
UL Notices
The Aurorean Network Gateway-1102/1105 have been tested and found to comply with the UL 1950/CSA c22.2
Revision 3/CUL regulation.
European Notices
The ANG-1102/1105 has been tested and found to comply with the CISPR 22:1997 Class B regulation.
Aurorean Network Gateway-1100 User’s Guide iii
Page 4
ELECTRICAL HAZARD: Only qualified personnel should perform installation
procedures.
Important Safety Instructions
1) Read these instructions carefully. Save these instructions for future reference.
2) Follow all warnings and instructions marked on the product.
3) Unplug this product from the wall outlet before cleaning. Do not use liquid cleaners or aerosol cleaners. Use
a damp cloth for cleaning.
4) Do not use this product near water.
5) Do not place this product on an unstable cart, stand, or table. The product may fall, causing serious damage
to the product.
6) Slots and openings in the chassis are provided for ventilation; to ensure reliable operation of the product
and to protect it from overheating, these openings should not be blocked or covered. The openings should
never be blocked by placing the product on a bed, sofa, rug, or other similar surface. This product should
never be placed near or over a radiator or heat register, or in a built-in installation unless the proper
ventilation is provided.
7) This product should be operated from the type of power indicated on the marking label. If you are not sure of
the type of power available, consult Enterasys Networks or your local power company.
8) Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the
cord.
9) If an extension cord is used with this product, make sure that the total ampere rating of the equipment
plugged into the extension cord does not exceed the extension cord ampere rating. Also, make sure that the
total rating of all products plugged into the wall outlet does not exceed the fuse rating.
10) Never push objects of any kind into this product through chassis slots as they may touch dangerous voltage
points or short out parts that could result in a fire or electric shock. Never spill liquid of any kind on the
product.
11) Do not attempt to service this product yourself, as operating or removing covers may expose you to
dangerous voltage points or other risks. Refer all servicing to qualified service personnel.
12) Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following
conditions:
a) When the power cord or plug is damaged or frayed.
b) If liquid has been spilled into the product.
c) If the product has been exposed to rain or water.
d) If the product does not operate normally when the operating instructions are followed. Adjust only
those controls that are covered by the operating instructions since improper adjustment of other
controls may result in damage and will often require extensive work by a qualified technician to restore
the product to normal condition.
e) If the product has been dropped or the chassis has been damaged.
f) If the product exhibits a distinct change in performance, indicating a need for service.
13) Use only the proper type of power supply cord set (provided in your accessories box) for this unit. It should
be a detachable type, UL listed/CSA certified, type SPT-2, rated 7A 125V minimum, VDE approved or
equivalent. Maximum length is 15 feet (4.6 meters).
iv Aurorean Network Gateway-1100 User’s Guide
Page 5
About Thi s Guide
Contents of the Guide ...........................................................................................................ix
Conventions Used in This Guide...........................................................................................x
Related Publications.............................................................................................................. xi
Chapter 1 – Overview
System Description..................................................................................................................1
Chapter 2 – Installation
Unpacking the ANG-1102/1105 ........................................................ ....................................3
Accessories ........................................................................................................................4
Location Planning .............................................................................................................4
Connecting Cables...................................................................................................................5
Ethernet Connections.......................................................................................................5
Table of Contents
Table of Contents
Table of ContentsTable of Contents
Serial Connection..............................................................................................................7
Connecting Power to the ANG-1102/1105...........................................................................8
Checking ANG-1102/1105 Connections.............................................................................10
LED behavior................................... ...... ............................................. ...... ...... .................10
Aurorean Network Gateway-1100 User’s Guide v
Page 6
Table of Contents
Chapter 3 – Configuring the ANG-1100 with Au rorean Web
Config
Before You Begin.............................................................................................................11
Logging into Web Config.............................................................................................. 13
Setting Your Password .................................................................................................. 14
Viewing VPN Status......................................................................................................15
Setting Up the VPN ....................................................................................................... 16
Setting Up the Internet Connection.............................................................................18
Downloading the Latest Firmware.............................................................................. 21
Setting Up the LAN.......................................................................................................24
Setting Up the Firewall.................................................................................................. 26
Setting Your Password .................................................................................................. 28
Checking Device Status......................... ...... .................................................................. 30
Using Advanced Utilities..............................................................................................33
Using the Configuration Editor ...................................................................................34
Appendix A – Glossary
Appendix B – Specifications
Appendix C – Pin Assignments
Appendix D – Program License Agreement & Support
Enterasys Networks, Inc. Program License Agreement..................................................55
License ....................................................................................................................................56
Other Restrictions.......................................... ...... ............................................. ...... ...... ......... 56
Applicable Law......................................................................................................................56
Export Requirements............................................................................................................ 56
vi Aurorean Network Gateway-1100 User’s Guide
Page 7
Index
Table of Contents
United States Government Restricted Rights ....................................................................57
Exclusion of Warranty.......................................................................................................... .57
No Liability for Consequential Damages...........................................................................58
Technical Support...................................................................................................................58
Support from Enterasys Networks...............................................................................58
Returning Products for Repair............................. ...... ..... ..............................................59
Aurorean Network Gateway-1100 User’s Guide vii
Page 8
Page 9
This guide describes how to mount, connect, power-up, and maintain an
Aurorean™ Network Gateway-1100 (ANG-1102/1105) from Enterasys
Networks.
This guide is written for administrators who wa nt to configure the
ANG-1100 for their remote clients or experienced users who are
knowledgeable of basic networking principles.
Contents of the Guide
Information in this guide is arranged as follows:
! Chapter 1, Overview highlights the key features of the Aurorean
Virtual Network family of enterprise VPN products.
! Chapter 2, Installation describes how to physically mount, connect,
and power-up Aurorean servers.
! Chapter 3, Configuring the ANG-1100 with Aurorean Policy Manager,
details how to configure the server.
! Appendix A, Glossary defines terms used in this manual.
About This Guide
About This Guide
About This GuideAbout This Guide
! Appendix B, Specifications provides essential physical and operational
characteristics of the AN G - 1100.
! Appendix C, Pin Assignments describes the pinouts of the LAN
connectors.
! Appendix D, License Agreement & Support describes the warranty terms
and support policies covering Enterasys Networks products.
Aurorean Network Gateway-1100 User’s Guide ix
Page 10
Conventions Used in This Guide About This Guide
Conventions Used in This Guide
The following conventions are used in this guide:
NOTE Notes supply additional helpful information,
CAUTION Cautions contain directions that can prevent you
WARNING Warnings provide directions that you must
Bold Text in boldface indicates values you type using
Italics T ext in italics indicates a variable, important new
SMALL CAPS Small caps specify the keys to press on the
Courier font Text in this font denotes a file name or directory.
provide a cross-reference to the source of more
information, or emphasize issues you should
consider when performing an action.
from damaging the product or losing data.
follow to avoid harming yourself.
the keyboard or select using the mouse (for
example, a:\setup). Default settings may also
appear in bold.
term, or the title of a manual.
keyboard; a plus sign (+) between keys indicates
that you must press the keys simultaneously (for
example,
CTRL+ALT+DEL).
x Aurorean Network Gateway-1100 User’s Guide
Page 11
About This Guide Related Publications
Related Publications
The following publications are also available with the Au rorean Network
Gateway-1100:
! The ANG-1102/1105 Quick Setup card which highlights the basic steps
required to install the Aurorean Network Gateway-1100.
! The Installation & Service Guide which describes how to install and
maintain the ANG-3000/7000 series, the Aurorean server which can
be used to complete a VPN connection with the ANG-1100.
! A Portable Document File (PDF) version of this manual is available and
can be downloaded from the Enterasys.com Web site. You can view
this manual on-line or print a copy of it using Adobe Acrobat
Reader 3.0 (or later). Acrobat Reader can be downloaded from the
Enterasys web site or the Adobe web site at www.adobe.com.
! All Aurorean manuals, Release Notes and Quick Start Cards are
stored at this URL: http://www.enterasys.com/support/
manuals.
Aurorean Network Gateway-1100 User’s Guide xi
Page 12
Page 13
This chapter describes the key features of the Aurorean Network
Gateway 1100 and how it is used.
System Description
The ANG-1100, displayed in Figure 1, provides home or small office
connectivity to a corporate branch of fi ce or headqu arters. I t supports up to 25
tunnels.
1
Overview
Overview
OverviewOverview
Figure 1 ANG-1100
Figure 2 illustrates how the ANG-1100 typically connects to the corporate
network.
Aurorean Network Gateway-1100 User’s Guide 1
Page 14
System Description Chapter 1
Overview
Hub
Cable/DSL modem
ANG-1102/1105
- Initiates tunnel to ANG-3000/7000
- Negotiates tunnel protocols
- Encrypts data over tunnel
An ANG-1100 comes equipped with the following:
! 110-250V power supply.
INTERNET
- Negotiates tunnel protocols
- Compresses data over tunnel
- Encrypts data over tunnel
ANG-3000/7000
Router
Site-to-Site connection
Firewall
Figure 2 ANG-1102/1105 Topology
APS-3000/7000
- Authenticates Aurorean
users (or forwards login
requests to RADIUS servers)
- Logs message/alarm activity
- Maintains master TollSaver
database
RiverMaster
- Defines user/group policies
- Displays message/alarm activity
- Configures system network settings
! High-performance CPU: 90 MHz internal, 45 MHz external.
! Complete set of diagnostic LEDs which display the server’s
operational status.
! One (ANG-1102) or four trusted (ANG-1105) 10/100 Base-T Ethernet
ports and one external 10 Base-T port each to connect the system to
the network and the Internet.
! One DB-9 port (ANG-1105) for diagnostics.
2 Aurorean Network Gateway-1100 User’s Guide
Page 15
This chapter describes the steps required to unpack, install and connect an
Aurorean Network Gateway-1102/1105 onto a desktop.
Unpacking the ANG-1102/1105
Remove the ANG-1102/1105 from the shipping box. Save the box in case the
unit needs to be returned.
2
Installation
Installation
InstallationInstallation
Quick
Setup
card
Power
Power
cord
Cross-over
supply Cable
N
P
S
V
M
K
S
1
T
Y
R
2
M
S
O
M
O
A
W
O
C
R
T
C
E
E
t
T
N
l
N
a
ne
E
r
n
r
te
e
t
In
x
d
E
e
t
s
u
r
r
T
e
w
e
o
v
i
P
t
c
A
M
T
n
2
a
0
e
1
r
1
-
o
r
G
u
N
A
A
System Software
CD ROM
Figure 3 Removing ANG-1102/1105 from the Shipping Box
Aurorean Network Gateway-1100 User’s Guide 3
Page 16
Unpacking the ANG-1102/1105 Chapter 2
Installation
The box contains a CD ROM with this instruction manual in the Adobe PDF
format, a Quick Setup card and accessories. See an illustration of the
ANG-1105 below.
Figure 4 ANG-1105
Accessories
The ANG-1100 also is shipped with the following accessories:
! One cross-over (red) cable for a direct PC/Network Gateway
connection.
! One power supply with an attached cable to connect to the
ANG-1100.
! One power cord to connect the power supply to the AC outlet.
Location Planning
Place the ANG-1100 on a desktop near the following:
! Ethernet wall jack, patch panel, or hub with av ailable ports.
! Near a DSL or Cable modem.
! A grounded wall outlet or uninterruptible power supply (UPS).
4 Aurorean Network Gateway-1100 User’s Guide
Page 17
Chapter 2 Connecting Cables
Installation
Connecting Cables
Ethernet cables are used to connect the ANG-1100 to your computer or LAN
and the Internet. A serial cable can be used to connect the ANG-1105 to your
computer for diagnostic purposes.
All interconnections are made at the back of the ANG-1100 (refer to Figur e 5).
Also, a reset button is located in the rear of the unit.
CAUTION
If you press the Reset button after you have configured your ANG-1100,
you will lose your entire configuration. Any settin gs you supplied must
then be re-entered. Do not use the Reset button unless you want the
configuration to return to factory defaults; you may want to record your
settings before using the Reset button.
Ethernet Connections
The ANG-110 2 is equipped with two 8-pin modular RJ -45 Ethernet ports ( five
ports on the ANG-1105) labeled TRUSTED and EXTERNAL as shown in
Figure 5. The trusted port is connected to a computer or hub/switch with
networked computers. The external port is connected to a cable or DSL
modem.
P
O
W
E
R
C
O
M
R
E
S
E
T
E
X
T
E
R
N
A
L
1
2
T
R
3
U
S
T
E
D
4
Figure 5 Location of the Serial/WAN/LAN Ports (ANG-1105 shown)
The trusted connection can be either a sole desktop computer or a hub that
connects up to 25 tunnels to the network as shown in Figure 6.
Aurorean Network Gateway-1100 User’s Guide 5
Page 18
Connecting Cables Chapter 2
Installation
Connecting an ANG-1102/1105
The ANG-1100 is typically set up in the configuration shown below.
Site-to-site tunnel
Trusted (LAN)
connection
or
User
ANG-3000/7000
Users
Hub
User
Cable / DSL
Modem
INTERN ET
External (WAN)
connection
Aurorean Network
Gateway-1100
Site-to-site tunnel
Internet connection
Trusted connection
Figure 6 Connecting the ANG-1100
To connect the ANG-1100 Ethernet port, perform the following steps:
1 Do one of the following as shown in Figure 7:
– If you are connecting an ANG-1102 to a hub, plug one end of a
straight-through Ethernet cable into the ANG’s trusted port. If
you are connecting an ANG-1105 to a PC, plug one end of a
straight-through cable into the ANG’s trusted port. If you are
connecting an ANG-1105 to a hub, plug one end of the red, crossover cable to a trusted port. Go to Step 2.
– If you are connecting the ANG-1102 directly to a computer, attach
one end of the red, cr oss-over cable to a trusted port and the other
end to an RJ45 connector on your computer. Skip to Step 3.
2 Plug the opposite end of the cable into a wall jack, patch panel, or hub
linked to a protected network segment.
6 Aurorean Network Gateway-1100 User’s Guide
Page 19
Chapter 2 Connecting Cables
Installation
P
O
W
E
R
C
O
M
R
E
S
E
T
E
X
T
E
R
N
A
L
1
2
T
R
3
U
S
T
E
D
4
Connection to
serial port on PC
Serial Connection
Straight-through cable
for connection out to
DSL or cable modem
Cross-over cable for
direct PC connection
by ANG-1102 or
Hub connection
by ANG-1105
Straight-through cable for Hub
connection by ANG-1102 or direct
OR
PC connection by ANG-1105
Figure 7 Connecting Cables to the ANG-1100 (ANG-1105 shown)
3 Plug an Ethernet cable into the External port as shown in Figure 7. 4 Plug the opposite end of this cable into a DSL or cable modem.
NOTE
If you have a DSL modem, you will need to get an IP address from your
provider and configure it. This condition may also exist for selective cable
customers. Some cable internet providers require that you supply the
MAC address of your computer. Refer to Chapter 3 for directions.
The ANG-1105 is equipped with one 9-pin DB-9 port for use as a console port.
You can then start a Hyperterminal session or establish a link using another
terminal emulator.
Connecting an ANG-1105
To connect the ANG-1105 serial port, connect one end of a null modem cable
(female-to-female) to the DB-9 port and another to the DB-9 port on your PC.
Aurorean Network Gateway-1100 User’s Guide 7
Page 20
Connecting Power to the ANG-1102/1105 Chapter 2
R
Installation
Connecting Power to the ANG-1102/1105
WARNING
To avoid electrical shock, connect the Aurorean system to a grounded
(earthed) outlet only.
A switching power supply includ ing a 6’ power cord and a 7’ electrical cord
with an attached power supply is supplied with each system. To connect
these items to an ANG-1100, perform the following steps:
1 Plug the power supply cord into the system’s power socket as shown
in Figure 8.
P
O
Power supply cable
W
E
R
C
O
M
R
E
S
E
T
E
X
T
E
R
N
A
L
1
T
Figure 8 Connecting AC Power on the ANG-1100 (ANG-1105 shown)
8 Aurorean Network Gateway-1100 User’s Guide
Page 21
Chapter 2 Connecting Power to the ANG-1102/1105
Installation
2 Plug the AC power cord into the power supply and the other end into
a grounded AC outlet or UPS as shown in Figure 9.
The Power LED on the ANG-1100 will light the moment you power
up the unit.
Power supply
AC power cord
Figure 9 Connecting the Power Cable to the Power Supply
NOTE
International customers may swap the electrical cord segment shipped
with the ANG-1100 for a cord that meets the proper standard for their
country. A custom cord can be inserted in the power supply.
Aurorean Network Gateway-1100 User’s Guide 9
Page 22
Checking ANG-1102/1105 Connections Chapter 2
Installation
Checking ANG-1102/1105 Connections
The ANG-1100 is now connected and ready for configuration. Check the
LEDS in the manner described below to confirm that the conn ections are
working properly.
LED behavior
The LEDs behave as follows at when powered up at startup :
! Power LED stays ON for 2-3 seconds indicating boot diagnostics are
running followed by boot up of the Linux kernel.
– If the Power LED flashes at a twice per second interval, boot
diagnostics have failed.
– If the Power LED remains ON or OFF following the boot
sequence, the kernel has failed to boot.
! Power LED blinks once per second indicating the system is operating
correctly.
! LAN LEDs 1-4 either blink when active or r emain ON. The ANG-1 1 02
LAN LEDs are amber (10 Mbps); the ANG -1105 LAN LEDs are green
(100 Mbps) or amber if the connected device is running at 10 Mbps.
! The WAN LED either blinks when active or remains ON.
! The VPN LED stays ON when a tunnel is connected.
The ANG-1100 is now rea dy for configuration. Refer to Chapter 3 for detailed
instructions.
10 Aurorean Network Gateway-1100 User’s Guide
Page 23
3
Configuring the ANG-1100 with
Configuring the ANG-1100 with
Configuring the ANG-1100 withConfiguring the ANG-1100 with
Aurorean Web Config
Aurorean Web Config
Aurorean Web ConfigAurorean Web Config
To configure the ANG-1100, use the Internet browser on your computer and
connect to the server via the Web. During the Web session, you run the
Aurorean Web Config utility and configure the system. Figure 10 il lustrates
the process.
Aurorean
Network
Gateway
Aurorean
Remotely Control ANG
Policy
Manager
PC Desktop
Figure 10 Configuring the ANG-1100 via Aurorean Web Config
Before You Begin
Before you begin configuration with Web Config, review the following:
! Be sure the ANG-1100 is cabled correctly as described in “Connecting
an ANG-1100” in Chapter 2 of this manual.
! Ask your DSL or cable modem Internet provider and Network
Administrator for any IP addresses, work group, n etwork browsing
or other information you may need to configure the ANG-1100
properly. Minimally, you will need:
– The IP address of the ANG-3000/700 0 you will connect to for
setting up the VPN.
Aurorean Network Gateway-1100 User’s Guide 11
Page 24
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
– To configure your PC to include the domain of the corporate
network you will connect to.
To do so on your Windows 95/98/ME/2000 desktop: click
Start, select Settings and double-click Control Panel (Win
2000: Network and Dial-up Connections). Do uble- c lick the
Network icon (Win 2000: right click on Local Area
Connection and click Properties), click the Protocols tab,
select TCP/IP Protocol, click Properties, select the DNS ta b
and add the Domain Suffix in the field provided. Click OK
twice to close the open windows.
! On your computer, release and renew the IP address for all adaptors
bound to TCP/IP. Refer to the Caution on page 27 for instructions.
! If you have cable service, learn the MAC address of your computer as
described on page 36.
! If your computer was supplied a static IP address and Gateway by
your service provider , you must now accept the address from a DHCP
server and remove the gateway for the ANG-1 100 to find and connect
with the PC.
T o do so, click Start, select Settings and double-click on Control Panel.
Double-click the Network icon, select the Protocols tab and TCP/IP
Protocol, click on Properties and the IP Address tab. Select the Obtain
an IP address from a DHCP server radio button. Click Advanced,
select the Gateway, click Remove and OK. Click OK twice more to
close the open windows.
! Web Config supports the use of Internet Explorer 5 or Netscape 4 and
higher Web browsers.
! If your Web browser has Proxy settings, you must do the fo llowing:
– For Internet Explorer users, under Tools/Internet Options/
Connections/LAN Settings, uncheck “Automatically detect
settings” and “Use automatic configuration script” boxes.
Also check the “Use a proxy server” and “Bypass proxy
server for local addresses” boxes and ask your network
administrator for the IP Address, Port number and any
Advanced settings.
– For Netscape users, under Edit/Preferences/Advanced/
Proxies, uncheck any proxy radio buttons and check the
“Direct connection to the Internet” button. No bypass option
is available.
12 Aurorean Network Gateway-1100 User’s Guide
Page 25
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Logging into Web Config
To log into Web Config, perform the steps below.
1 Point your Web browser at the default trusted IP address of the
ANG-1100. In the browser’s Location field at the top of the window,
type: http://192.168.1.1 and click OK.
The Login window appears as shown in Figure 11.
Figure 11 Login Window
2 Type netadmin in the User Name and Password fields as shown in
Figure 11.
3 Click the checkbox to save your password if you desire and click OK.
The VPN Status window appears as shown in Figure 13.
Aurorean Network Gateway-1100 User’s Guide 13
Page 26
Configuring the ANG-1100 with Aurorean Web Config
Setting Your Password
Because the default password is readily available through all ANG-1100
documentation, we st rongl y recommend that you ensure security by
configuring a new password to replace the default password netadmin.
NOTE
If you forget your password after changing it from the factory default,
you can return to using netadmin by pressing the Reset button and
reinstate all factory default values.
Change the Password by performing the following steps:
1 Click the Set Password menu option.
The Set Password window appears as shown in Figure 12.
Chapter 3
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
Set Password
Old password:
New password:
Confirm:
Apply
Figure 12 Set Password Window
2 Type the old Password in the field provided. 3 Type a new Password in the field provided. 4 Confirm the new password in the field provided.
5 Click Apply.
14 Aurorean Network Gateway-1100 User’s Guide
Page 27
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Viewing VPN Status
The VPN Status window is the first screen to appear after log ging in. At this
point, you have just begun configuration so the VPN Status window appear s
empty. Later, after you have configured a VPN connection to an
ANG-3000/7000, the window will display information similar to the data
shown in Figure 13.
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
VPN Status
Connection Gateway User Type State Status
rms3
Boston
Docs
142.11.106.11
201.5.15.121
145.14.111.3
lcortese
ronzone
jeaby
IPsec
PPTP
IPsec
Enabled
Enabled
Enabled
Connectivity Setup
Internet Setup
LAN Setup
Firewall Se tu p
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
Figure 13 VPN Status Window
1 Click the Setting Up the VPN menu option and go to the next page.
Authenticating
Connected
Connected
Aurorean Network Gateway-1100 User’s Guide 15
Page 28
Configuring the ANG-1100 with Aurorean Web Config
Setting Up the VPN
The VPN configuration created on the ANG-1100 completes a link with the
ANG-3000/7000 on the remote end of this connection. If your network
administrator has already set up the ANG-3000/7000 with appropriate User,
Password and Group information, after setting up the VPN you will build the
site-to-site tunnel connection and be up and running on the corporate LAN.
Before you start VPN configuration, be sure that your network admin istrator
has supplied any IP addresses and masks required
Begin VPN Setup by performing the followi ng steps:
1 Click the VPN Setup menu option.
The VPN Setup window appears as shown in Figure 14.
Chapter 3
16 Aurorean Network Gateway-1100 User’s Guide
Page 29
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
VPN Setup
Assigned VPN Connections:
There are no network gateway connections currently defined. Please fill in the
information below and a dd one.
Add VPN Connection:
Name:
Gateway:
Username:
Password:
Confirm:
Connection type:
Connection mode:
Start network gateway now:
Global VPN Settings:
Force default route (singleVPN only):
EZ-IPsec (uses EZ-IPSec™auto-configuration)
PPTP
Client
Network Extens ion
Peer to Peer
Peer Subnet 1:
Peer Subnet 2:
Peer Subnet 3:
Apply
Apply
Figure 14 VPN Setup Window
2 Enter the Name of the remote ANG-3000/7000 you are connecting to. 3 Enter the Gateway IP address of the remote ANG-3000/7000. 4 Enter the Username on the remote ANG-3000/7000.
Aurorean Network Gateway-1100 User’s Guide 17
Page 30
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
CAUTION
When using PPTP, which selects MS-CHAPv2 authentication as a default,
a Username cannot contain a plugin selector (e.g., user@domain). For
example, if Windows 2000’s IAS is being used to authenticate PPTP
tunnels via a RADIUS plugin, the plugin must be the authorization's
default plugin.
5 Enter the Password on the remote ANG-3000/7000. 6 Confirm the password on the remote ANG-3000/7000. 7 Select the Connection type: either EZ-IPsec or PPTP.
The EZ-IPsec feature provides one-button configuration for standard
IPSec with IKE tunnels connecting to an ANG-3000/7000.
8 Select one of the following Connection modes:
– Client - standard site-to-site connectivity.
– Network Extension - expanded connectivity to devices on the
trusted network behind the ANG-1100.
CAUTION
Choosing Network Extension mode requires that you con figure, in the
LAN Setup window, the IP address and mask with unique values
supplied by your Network Administrator. You cannot select NEM and
enable the ANG-1100 without your administrator’s approval.
– Peer to Peer - connectivity for devices on remote networks over
tunnels between two ANG-1100 servers, or interoperability
between an ANG-1100 and a Cisco, Nortel or Nokia/Checkpoint
VPN gateway. This option requires adding the IP address and
Subnet Mask of up to 3 remote peers.
NOTE
Choosing Peer to Peer mode requires that you configure one or more IP
addresses and subnet masks of connected peers with values supplied by
your Network Administrator.
18 Aurorean Network Gateway-1100 User’s Guide
Page 31
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
9 Optional. Check the Start network gateway now checkbox and click
Apply to create instant access or wait until the other end of the
connection is created.
10 Optional. Click Force default route under Global VPN Settings.
Force defau lt route disables the ANG-1100’s Intelligent Client Routing
(ICR) feature which allows users to browse the Internet outside the
tunnel. Be aware that with Force Default enabled, the ANG-1100
transmits all traffic through the tunnel which may cause Web
browsing problems. This feature works with only one tunnel up and
running; it is disabled if you create more than one tunnel.
11 Click Apply.
After applying your changes, a VPN Setup update window appears
displaying configuration revisions.
NOTE
Now that you have set up a site-to-site connection, configuration is
complete unless you want to change the default Internet, LAN, Firewall,
Password default values or your service is a Digital Subscriber Line (DSL)
which requires that you configure a PPPoE connection ( refer to “Setting
Up the Internet Connection” on page 20). Some cable internet providers
also require that you specify a MAC address (refer to “Using Advanced
Utilities” on page 35 for more information).
NOTE
If you press the Reset button after configuring your ANG- 1100, you will
lose your entire configuration. Any settings y ou supplied must then be
re-entered. Do not use the Reset button unless you want the configuration
to return to factory defaults. Also, you may want to record your settings.
Aurorean Network Gateway-1100 User’s Guide 19
Page 32
Configuring the ANG-1100 with Aurorean Web Config
Setting Up the Internet Connection
Internet configuration of the External side of the ANG-1100 involves choosing
the type of IP address assignment the ANG-1100 will accept. The ANG can
accept one of the following:
! A DHCP-assigned IP address - your network automatically sets the
ANG’s IP address via the DHCP (Dynamic H ost Configuration
Protocol) server. This is the factory default setting.
! A Manual-assigned IP address - you or your network administrator
set the ANG’s IP address and associated Subnet, Gateway, and DNS
values. Consult with your Network Administra tor for required
values.
! A PPPoE (PPP over Ethernet) assigned IP address - your DSL
provider transparently sets the IP address via the use of a Username
and Password. Obtain this information from your service provider
before you enter this data.
Begin Internet Setup by performing the following steps:
Chapter 3
1 Click the Internet Setup menu option.
The Internet Setup window appears as shown in Figure 15.
20 Aurorean Network Gateway-1100 User’s Guide
Page 33
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
2 Do one of the following:
! Click the DHCP radio button and perform the following steps:
Internet Setup
Internet Address Assignment:
DHCP assigned IP address
Hostname:
Use Hostname with DHCP
Manual assigned IP address
IP Address:
Subnet:
Gateway:
Primary DNS:
Secondary DNS:
PPPoE assigned address
Username:
Password:
Confirm:
Apply
Figure 15 Internet Setup Window
– Enter a Hostname for the system.
– Optionally, check the Use hostname with DHCP checkbox.
– Click Apply.
! Click the Manual assigned IP address radio button and perform
the following steps:
– Specify the ANG-1100’s IP address.
– Set the Subnet mask.
– Enter the Gateway IP address.
– Specify the Primary DNS IP address.
Aurorean Network Gateway-1100 User’s Guide 21
Page 34
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
– Set the Secondary DNS IP address.
– Click Apply.
! Click the PPPoE assigned IP address radio button and perform
the following steps:
– Specify a Username supplied by your cable/DSL provider.
– Enter a Password.
– Type the password again in the Confirm field.
– Click Apply.
3 If you chose the Manual or PPPoE options, a window appears
detailing the reconfiguration changes and prompting you to reboot the
ANG-1100. Click Reboot Now.
After a few moments when an IP address has been received for the external
port, the Internet LED will turn on. If a static IP address was configured, the
Internet LED will shine immediately.
NOTE
If you press the Reset button after configuring your ANG-1100, you will
lose your entire configuration. Any settings you supplied must then be
re-entered. Do not use the Reset button unless you want the configuration
to return to factory defaults. Also, you may want to record your
configuration settings.
22 Aurorean Network Gateway-1100 User’s Guide
Page 35
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Downloading the Latest Firmware
After logging in, download the latest firmware image to the
ANG-1100’s flash memory (provided the MAC address is set for cable service
users - refer to page 36) by accessing the FTP server where it is stored. As new
firmware becomes available, you can update it again. Begin updating your
firmware by performing the following steps:
1 Click the Firmware Upgrade menu option.
The Firmware Upgrade window appears as shown in Figure 1 6.
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
Firmware Update
FTP server:
Firmware image
filepath:
Username:
Password:
Confirm:
ang.enterasys.com
ANG1100/ANG1100.bin
anonymous
Apply
Figure 16 Firmware Update Window
2 In the FTP server field, enter the name of the FTP server where the
new ANG image is stored: ang.enterasys.com
3 Type the full path of the location of the Firmware image:
/ANG1100/ANG1100.bin
4 Enter the Username anonymous 5 Enter netadmin in the Password and Confirm fields and click Apply.
The Firmware Update window appears as shown in Figure 1 7.
6 Click Apply.
Depending on your network connection, the image (nearly 2 MB)
downloads for 20-30 seconds and loads in flash memory for 2-3
minutes more. Note that the Power and VPN LEDs blink very quickly
together during this interval and then turn off. The W AN LED blinks
as well. Meanwhile, the ANG Web Config screen appears blank.
Aurorean Network Gateway-1100 User’s Guide 23
Page 36
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
Configuring the ANG-1100 with Aurorean Web Config
Firmware Update
To begin the update of the ANG-1100 firmware image (ANG-1105 shown), press
“Apply” button at the bottom of the screen.
For users new to the process of upgrading the ANG-1 100 firmware, you will
observe the following behavior once you press the “Apply” button. It is critical not
to disturb the ANG-1100 by disconnecting power or the interface cables during
the firmware update process.
First you’ll see the following activity lights on the ANG-1100 (with two LAN
connections):
This indicates that the firmware image is being downloaded from the FTP source
you entered in the previous screen. The photo shows a download from an FTP
server on the external interface. These lights will be active during the time needed
to retrieve the firmware image from the specified FTP server. This would take
about 30 seconds on a typical connection. If there are no activity lights seen or
if they are seen for a very short period of time, there was an error downloading the
firmware image.
After the firmware image is downloaded, the new image is “flashed” or stored on
the ANG-1100. This step takes up to 5 minutes and the photo below shows
the activity lights seen on the ANG-1100 when the device’s flash memory is being
upgraded with the new firmware image.
Chapter 3
Once the “Apply” is pressed, there will be a delay in displaying the next Web page
for the ANG-1100 Web application. It will only be displayed once the firmware
image is downloaded and the new image is flashed to the ANG-1100. After these
two steps are complete, a status page is displayed to indicate whether or not the
firmware update was successful. If it was successful, the Web page prompts the
user to reboot the ANG-1100 to run with the new firmware image.
To start the firmware image download and update process, press the “Apply”
button now.
<< Back
Figure 17 Second Firmware Update Window
24 Aurorean Network Gateway-1100 User’s Guide
Page 37
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
7 Af ter downloading and “flashing” are complete, a status page displays
as shown in Figure 18 indicating the process was successful and
displays the FTP server IP address and new build filepath.
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Firmware Update
The Aurorean Network Gateway 1100 has been updated with the changes you
have selected. The following list shows the modifications that have been made:
Download new firmware image
FTP server: 146.34.69.128
Filepath: NewBuild/Build87/ANG1100-1.0.00-87.bin
Username: anonymous
The Aurorean Network Gateway 1100 needs to be rebooted in order to run with
the changes you have selected. Press the “Reboot Now” button below to reboot
the ANG-1100.
Reboot Now
<<Back
Figure 18 Successful Firmware Update Window
8 Reboot the ANG by clicking Reboot Now.
Power and VPN LEDs turn off; then the Power LED turns on for
about 4 seconds. Once the kernel is up, the Power LED blinks every
half-second. The VPN LED then turns on when the tunnel comes up.
9 To ensure that the image was updated, compare the date last
modified, Release, Build and Patch numbers in the lower left corner
of the VPN Status window as shown in Figure 19 with the previous
release information. The Device Status window also lists this data.
Aurorean Network Gateway Release 2.1 Patch 00 Build 154 (3.5)
Page last modified Wed October 24 16:52:37 EDT 2001
© 2000, 2001 Enterasys
Networks. All rights reserved
Figure 19 Image Date and Build Information
Aurorean Network Gateway-1100 User’s Guide 25
Page 38
Configuring the ANG-1100 with Aurorean Web Config
Setting Up the LAN
LAN configuration of the Trusted side of the ANG-1100 involves choosing
either to manually set an IP address and subnet for the ANG-1100 or
dynamically assign its IP ad dress via your network’s DHCP server. The
factory default LAN setting configures the ANG as a DHCP server on th e
trusted LAN and automatically assign IP addresses to local PCs. Usually , this
setting need not be modified. Begin LAN Setup by performing the following
steps:
1 Click the LAN Setup menu option.
The LAN Setup window appears as sho wn in Figure 20.
Aurorean Network Gateway
Chapter 3
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
2 Do one of the following:
! Click the DHCP assigned IP address radio button and perform
the following steps:
– Click Apply.
LAN Setup
LAN Address Assignment:
DHCP assigned IP address
Manual assigned IP address
IP address:
Subnet:
192
168
255
255
DHCP server enabled
Starting IP address:
192
168
Number of IP addresses:
100
Enable DNS proxy
Enable WINS proxy
Apply
1
255
1
Figure 20 LAN Setup Window
1
0
100
26 Aurorean Network Gateway-1100 User’s Guide
Page 39
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
! Click the Manual assigned IP address radio button and perform
the following steps:
– Set the ANG-1100’s IP address.
CAUTION
If you chose NetWork Extension mode (in the VPN Setup window), you
must manually configure the IP and Starting IP address of the ANG with
values supplied by your Network Administ rato r. This trusted subnet is
routed to the central Intranet so it must have a distinct IP address. By
default, the ANG-1100 uses 192.168.1.0/24 as the trusted network subnet
so it must be changed to a unique subnet not in use on the network.
– Set the Subnet mask.
– Optional. Click the DHCP server enabled box if the server is
up and running.
– Set the Starting IP address of the range of consecutive IP
addresses you will create for this ANG-1100.
– Set the total Number of IP addresses the ANG-1100 can
distribute.
– Optional. Keep Enable DNS proxy checked so that the
ANG-1100 will act as a DNS server for all its tunnels. DNS
proxy resolves host names and IP addresses because the
domain server is non-routable, forcing attached hosts to
request these values. If your hosts know the DNS address
they are seeking, you can disable this feature. This option is
on by default.
– Optional. Keep Enable WINS proxy checked so that PCs on
the LAN can be notified of WINS servers discovered during
tunnel setup. WINS proxy notifies local PCs of the remote
WINS servers without manual intervention. This opti on can
be disabled if local PCs already know remote WINS server IP
addresses. This option is on by default.
– Click Apply.
CAUTION
If you change the default LAN Setup and reboot the ANG-1100, you must
release and renew the IP address for all adaptors bound to TCP/IP on
your connected computer(s) in order to reconnect with the
ANG-1100 and make future changes. Perform the following steps:
- On your desktop, click Start. and Run.
- For Windows 95/98/ME systems, type: winipcfg, click OK, click
Aurorean Network Gateway-1100 User’s Guide 27
Page 40
Release and click OK. Then click Renew All and click OK.
- For Windows NT/2000 systems, type ipconfig /release and press
ENTER. Then type ipconfig /renew and press ENTER.
- For Macintosh systems, check the TCP-IP control panel.
3 If you chose the DHCP option or changed the DNS or WINS default
entries, a window appears detailing the reco nfi gurati on ch ange s and
prompting you to reboot the ANG-1100. Click Reboot Now.
NOTE
If you press the Reset button after configuring your ANG-1100, you will
lose your entire configuration. Any settings you supplied must then be
re-entered. We strongly recommend that you do not use the Reset button
unless you want the configuratio n to return to factory defaults.
Setting Up the Firewall
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Firewall security is established in a one-way, outbound configuration by default
on the ANG-1100’s External interface. A strong combination of firewall and
NA T security is achieved to allow users out from their ANGs but disallow any
others in from the Internet. The firewall also provides the following optional
choices to control management of the ANG-1100 via HTTP and/or Telnet:
! Enable/disable HTTP/Telnet from the Trusted network
! Enable/disable HTTP/Telnet over the VPN tunnels
! Enable/disable HTTP/Telnet in the clear from the Internet
Enabling any of these options al lows ANG-1100 management via the Web or
Telnet. We recommend that you accept the factory default settin gs which
allow W eb and Telnet management access on the Tr usted LAN connection but
disable these permissions on the Internet and VPN Gateway connections.
WARNING
DO NOT LEAVE AL L THREE CONN ECTI ONS DIS ABLED . If you do so ,
you will be UNABLE TO CONFIGURE THE ANG-1100 without resetting
the system and returning to the factory default configuration.
28 Aurorean Network Gateway-1100 User’s Guide
Page 41
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Begin Firewall Setup by performing the following steps:
1 Click the Firewall Setup menu option.
The Firewall Setup window appears as shown in Figure 21.
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Internet Connection:
Allow Web configuration access
Allow Telnet login access
LAN Connection:
Allow Web configuration access
Allow Telnet login access
VPN Gateway Connection:
Allow Web configuration access
Allow Telnet login access
Apply
Figure 21 Firewall Setup Window
2 Enable the option of your choice and click Apply.
NOTE
Experienced administrators can fine tune firewall functionality by editing
the ipfwadm file in the Configuration Editor. For more detailed
information, check the following IPFWADM Web sites:
- www.xos.nl/linux/ipfwadm/paper/
- www.fwtk.org/ipfwadm/faq/ipfwadm-faq.html
Firewall Setup
Aurorean Network Gateway-1100 User’s Guide 29
Page 42
Configuring the ANG-1100 with Aurorean Web Config
NOTE
If you press the Reset button after you have configured your
ANG-1100, you will lose your entire configuration. Any settings you have
changed from factory defaults, such as firewall rules, will be removed. W e
recommend that you save these settings to a Notepad file which you then
can reference if you are compelled to use the Reset button.
Setting Your Password
Because the default password is readily available through all ANG-1100
documentation, we st rongl y recommend that you ensure security by
configuring a new password to replace the default password netadmin.
NOTE
If you forget your password after changing it from the factory default,
you can return to using netadmin by pressing the Reset button and return
to all factory default values.
Chapter 3
Change the Password by performing the following steps:
1 Click the Set Password menu option.
The Set Password window appears as shown in Figure 22.
30 Aurorean Network Gateway-1100 User’s Guide
Page 43
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Aurorean Network Gateway
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
Set Password
Old password:
New password:
Confirm:
Apply
Figure 22 Set Password Window
2 Type the old Password in the field provided. 3 Type a new Password in the field provided. 4 Confirm the new password in the field provided.
5 Click Apply.
Aurorean Network Gateway-1100 User’s Guide 31
Page 44
Configuring the ANG-1100 with Aurorean Web Config
Checking Device Status
The Device Status window provides a host of important data to ensure the
ANG-1100 is connected properly and to permit troubleshooting as problems
occur. When consulting Enterasys Customer Support, you will be asked to
display this window.
The following categories are detailed in the Device Status window:
! Version lists the Release, Patch and Build numbers, and internal na me
of the ANG-1100’s firmware.
! CPU itemizes Motorola Coldfire chip specifications.
! Memory enumerates ANG-1100 memory values including Total,
Used, Free, Shared, Cached, Buffered and Swapped bytes.
! Interface Configuration describes Trusted (eth0), External (eth1), IPsec
(eth1:0-24), PPTP (ppp0-24) and Local Loopback (lo) port data
including IP and MAC addresses, netmasks, Receive and Transmit
errors and other information. Note that the ppp0 interface is the
Internet, not WAN interface, if the Internet is configured for PPPoE.
Chapter 3
! Network Devices tabulates interface Receive and Transmit errors.
! Route Table entries detail connected networks, gateways, their
associated IP addresses, netmasks and other data.
! Interrupts lists the hardware interrupts supported on the
ANG-1100 as well as their vectors and interrupt counters. The two
SMC9194 items listed are the Ethernet Trusted and External port
interrupts.
! System Log categorizes ANG-1100 functions/malfunctions including
routing connections/disconnectio ns.
Check Device Status by performing the following step:
1 Click the Device Status menu option.
The Device Status window appears as show n in Figu re 23.
32 Aurorean Network Gateway-1100 User’s Guide
Page 45
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Aurorean Network Gateway
Device Status
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
Version
Aurorean Network Gateway Relea se 2.0 Pa tch 00 Buil d 121 (3. 2)
CPU
CPU:
MMU:
FPU:
Clocking:
BogoMips:
Calibration:
COLDFIRE (m5307)
none
none
104.6MHz
59.80
29900800 loops
Memory
Mem: 14311424
Swap: 0
Free pages:
Free blks:
Used blks:
MemTotal:
MemFree:
MemShared:
Buffers:
Cached:
SwapTotal:
SwapFree:
total:
used: free: shared: buffers: cached:
1851392 12460032 0 299008 102400
00
3042 (12168kB),%0 Frag,%4 slack
4 min=1 max=3034 avg=760
4 min=1 max=1016 afg=263
13976 kB
12168 kB
0kB
296 kB
172 kB
0kB
0kB
Interface Configur a tion
Link encap: Ethernet HWaddr 00:DO:CF:00:4D:94
eth0
inet addr: 192.168.1.1 Bcast: 192.168.1.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 1381 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 2288 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions:3
Interrupt: 29 Base Address:0x300
Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95
eth1
inet addr: 172.16.2.231 Bcast: 172.16.2.255 Mask: 255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric1
RX packets: 43150 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 13959 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 1
Interrupt: 27
Figure 23 Device Status Window
Aurorean Network Gateway-1100 User’s Guide 33
Page 46
Configuring the ANG-1100 with Aurorean Web Config
Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95
eth1:0
inet addr: 10.120.51.247 P-t-P: 10.120.51.1. Mask: 255.255.255.255
UP POINTOPOINT RUNNING MTU: 1400 Metric:1
RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0
Chapter 3
lo
Link encap: Local Loopback
inet addr: 127.0.01 Bcast: 127.255.255.255. Mask: 255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU: 3584 Metric:1
RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0
Network Devices
Inter– Receive Transmit
face. packets errs drop fifo frame packers errs drop fifo colls carrier
lo: 77 0 0 0 0 0 0000 0
eth0:13810000225800000
eth1:4315000001395900010
eth1:023000000187600000
Route Table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use: Iface
192.168.1.0 “ 255.255.255.0 U 0 0 32 eth0
172.16.2.0 “ 255.255.255.0U005eth1
127.0.0.0 “ 255.0.0.0 U001lo
default 172.16.2.1 0.0.0.0 UG000eth1
Interrupts
27: 1844 NE2000
29: 1024 NE2000
30: 53550 ColdFire Timer
31: 0 Reset Button
224: 22645 ColdFire UART
225: 0 ColdFire UART
System Log
--- --- -- --:--:-- UTC dhcpd: Binding to interface ‘eth1’
--- --- -- --:--:-- UTC dhcpd: setDhcpInfo ip=868d9f78, lease=a8c100, renew=54600, rebind=93a80
--- --- -- --:--:-- UTC boa: Boa/0.93.15 started
--- --- -- --:--:-- UTC dhcpd: eth0 (hwaddr) = 0:1:f4:0:0:1
--- --- -- --:--:-- UTC zebra: connected route add 127.0.0.0/8 directly connected to lo
--- --- -- --:--:-- UTC zebra: connected route add 192.168.1.0/24 directly connected to eth0
--- --- -- --:--:-- UTC dnsproxy: started, version 1.0 cache_size 101
--- --- -- --:--:-- UTC ucd-snmp: UCD-SNMP version 4.1.2
--- --- -- --:--:-- UTC IKE: Error (X) File open failed
--- --- -- --:--:-- UTC IKE: Trace (X) (IKE) Initializing Site-to-Site Credentials Agent
--- --- -- --:--:-- UTC dhcpd: responding Server: 134.143.111.13
--- --- -- --:--:-- UTC dhcpd: assigned IP address: 134.143.111.12
Figure 24 Device Status Window (continued)
34 Aurorean Network Gateway-1100 User’s Guide
Page 47
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Using Advanced Utilities
Advanced Utilities provided by the ANG-1100 include:
! Setting the MAC Address of a newly attached ANG-1100 when you
want to quickly connect to a cable service provider. MAC addresses
are used by service providers to identify supported users. The ANG1100 can proxy your computer’s MAC address to the ISP but your
provider may require that you change the default value reported by
the ANG-1100 to reflect the PC’s actual MAC address.
! Clearing the System Logfile - shown in the Device Status window -
when you want to erase old and display updated information.
! Soft Rebooting to reset the ANG-1100 without recycling power. This
function is similar to pressing
Aurorean Network Gateway
CTRL-ALT-DELETE on your computer.
Help
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1100 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Advanced Utilities
Internet MAC Address Assignment:
MAC address:
Apply
Clear System Logfile:
Apply
Soft Reboot ANG-1100:
Apply
Restore Default
00e0 63 1300 00
Figure 25 Advanced Utilities Window
1 Click the Advanced Utilities menu option.
The Advanced Utilities window appea r s as shown in Figure 25.
Aurorean Network Gateway-1100 User’s Guide 35
Page 48
Configuring the ANG-1100 with Aurorean Web Config
2 Do one of the following:
– To change the ANG-1100’s MAC address to reflect your
computer’s MAC address, first find the computer’s address
by issuing the proper command at a DOS prompt. For
Windows 95/98/ME systems, type winipcfg; for Windows
NT/2000 systems, type ipconfig /all; for Macintosh
systems, check the TCP-IP control panel.
In the command output, look for the Physical or Adapter
Address value. For example:
c:>ipconfig /all
Ethernet adapter E190x1:
Description . . : 3Com 3C90x Ethernet Adapter
Physical Address : 00-10-4B-9D-18-17
Enter the value in the Internet MAC Address Assignment
fields.
Click Apply and Reboot Now when prompted to save the
change.
– Select Clear System Logfile and click Apply.
– Select Soft Reboot ANG-1100 and click Apply.
Chapter 3
NOTE
ANG-1100 connections broken during a reboot will be lost after service
returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before
re-initiating the connection resolves the problem.
Using the Configuration Editor
Knowledgeable network administrators can use the Configuration Editor to
modify the ANG-1100’s LINUX 2.0 operating system configuration files.
CAUTION
Inexperienced users or those unfamiliar with LINUX attem pting to use
this editor may disable the system. We recommend only expert users, in
conjunction with Enterasys Customer Support, use this editor.
36 Aurorean Network Gateway-1100 User’s Guide
Page 49
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
1 Click the Configuration Edit menu option.
The Configuration E dit window appears as shown in Figure 26.
Aurorean Network Gateway
Help
Configuration Files
config
inittab
ipfwrules
options
ripd.conf
start
zebra.conf
ipfwrule.routing
dhcpd.conf
config.ike
hosts
pppoe
winsd.conf
.netrc
snmpd.gms.conf
snmpd.conf
snmp.conft
resolv.conf
config.dat
hostinfo-eth1
Configuration File Edit
This Web application allows you to update and delete the system configuration
files of the ANG-1100. These files are used to control the ANG-1100 for its VPN
functionality, Internet and LAN connectivity, firewall capabilities, networking
startup commands and other key features of the ANG-1100 device.
Extreme caution needs to be exercised when modifying the system
configuration files of the ANG-1100. The raw contents of the files are exposed
for updating and improper editing could render the ANG-1100 inoperable. Bear
this in mind as you use this Web application.
When the configuration files are modified, the ANG-1100/1105 device may need
to be rebooted in order for the changes to take effect. Other modifications to
configuration files can be made and their effects will be seen in the running
system. If you are not clear as to which type of change you are making, be sure
to click the “Reboot Now” button when prompted.
This list of files on the left displays the files contained in the ANG-1100 RAMbased configuration file directory /etc/config.
Figure 26 Configuration Edit Window
2 Click on the configuration file of your choice. 3 The arguments of the configuration file you selected are displayed in
the Configuration File Edit window, as shown in Figure 27.
Aurorean Network Gateway-1100 User’s Guide 37
Page 50
Configuring the ANG-1100 with Aurorean Web Config
Aurorean Network Gateway
Chapter 3
Help
Configuration Files
config
inittab
ipfwrules
options
ripd.conf
start
zebra.conf
ipfwrule.routing
dhcpd.conf
dhcpd.iplist
config.ike
hosts
pppoe
winsd.conf
.netrc
.resolv.conf
config.dat
dhcpd-cache.eth1
hostinfo-eth1
dhcpd.leases
Configuration File Edit
File:/etc/config/config
oasswd neGpPWI1gigw2
wizard 1
dhcpcd 1
snmeth0 255,255,255.0
ipeth0 192.168.1.1
uhn 0
dhcpd 1
web0 0
web1 0
web2 0
tel0 0
tel1 0
tel2 0
MODEEXPERT onon
WANTYPE 1
LANTYPE 2
Update
Delete
Figure 27 Configuration File Edit Window
4 Edit the UNIX configuration file and click Update or Delete.
NOTE
You can remove the Configuration Editor (along with the Advanced
Utilities option) from the main menu by selectin g config, deleting the
MODEEXPERT on argument and clicking U pdate.
38 Aurorean Network Gateway-1100 User’s Guide
Page 51
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
NOTE
If you press the Reset button after configuring your ANG- 1100, you will
lose your entire configuration. Any settings you have changed from
factory defaults, such as firewall rules, will be removed. We recommend
that you save these settings to a Notepad file which you then can
reference if you are compelled to use the Reset button.
Configuring IP Port Forwarding
ANG-1100’s support of IP Port Forwarding permits you to make servers on
the trusted network of the ANG-1100 available to the rest of the VPN. In
contrast to Network Address Translation (NAT), which allows access to
external-side servers initiated by internal-side hosts, Port Forwarding permits
access to internal-side servers initiated by external-side hosts.
This is accomplished by rewriting the headers of all pa ckets bound for the
ANG-1100 and forwarding them to another host on the trusted-side of the
network, depending on their destinatio n port (port numbers corresponding
to standard, well-known protocols). The IP addresses are re-written so that
incoming IP (TCP and UDP) packets are forwarded to their intended
destinations, and the reply packets are re-written to appear to be coming from
the ANG-1100.
This process requires static, known values for the following:
! The IP address assigned to AN G-1100 by the VPN. This address is in
RiverMaster in the ANG-1 1 00's user account an d may not be assigned
dynamically via pools or virtual subnets.
! The IP address of the server on the ANG-1100 trusted network (one
server per protocol). This may not be dynamically assigned by the
ANG-1100 via DHCP.
! The protocol (TCP or UDP) and the protocol port number.
IP Port Forwarding is configured by editing the ipportfw command in the
ipfwrules configuration file in th e Conf ig Editor tool of the Web Config. The
ipportfw commands should be entered at the end of the ipfwrules file.
Aurorean Network Gateway-1100 User’s Guide 39
Page 52
Configuring the ANG-1100 with Aurorean Web Config
Refer to the tables below for command usage, switches, arguments, and
definitions.
Usage
ipportfw -A -[t | u] l.l.l.l/lport -R a.a.a.a/rport add entry
ipportfw -D -[t | u] l.l.l.l/lport delete entry
l.l.l.l is the address of the VPN interface receiving packets to be forwarded
a.a.a.a is the server address on the LAN
lport is the port being redirected
rport is the port being redirected to
Switch <arg> Definition
-t VPN address/port Forward TCP traffic
-u VPN address/port Forward UDP traffic
-A None Add the IP port forwarding table entry
-C None Clear the IP port forwarding table
-D None Delete the IP port forwarding table entry
-R IP address/port Define the server IP address
-L None List the IP port forwarding table
Chapter 3
Follow the steps below to configure IP port forwa rding.
1 Login to Web Config.
2 Click on the Config File Editor menu option.
3 Click on the ipfwrules
Configuration File.
4 In the Configuration File Edit window, scroll to the end of the file.
5 Under **Expert-Config**, type the following rules:
– ipportfw -C
– ipportfw -A <-t or -u> <VPN address/local port> -R <local server
IP address/remote port>
6 Click Update and Reboot Now when prompted to save the change.
40 Aurorean Network Gateway-1100 User’s Guide
Page 53
Chapter 3
Configuring the ANG-1100 with Aurorean Web Config
Refer to the table below for a sample IP port forwarding configuration:
Example
ipportfw -C
ipportfw -A -t10.120.50.215/23 -R 192.168.0.1/23
ipportfw -A -t10.120.50.215/21 -R 192.168.0.1/21
ipportfw -A -t10.120.50.215/60 00 -R 192. 168.0.2/6000
The above sample configuration performs the following tasks:
! Clears the IP port forwarding table
! Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to
port 23 on the internal server 192.168.0.1
! Maps FTP from the VPN address to the same 192.168.0.1 s erver
! Maps X windows (TCP port 6000) to a different server, 192.168.0.2
Aurorean Network Gateway-1100 User’s Guide 41
Page 54
Page 55
Aurorean Network Gateway
An Enterasys Networks device that creates a secure virtual private circuit
over the Internet between itself and a remote user’s computer. The Aurorean
Network Gateway encapsulates data packets using IPSec and encrypts data
to prevent third-parties from intercepting and examining it. There are three
types of Aurorean Network Gateways:
! Aurorean Network Gateway-7000 - a tunnel server that can
accommodate up to 5000 remote users
! Aurorean Network Gateway-3000 - a tunnel server that can
accommodate up to 500 remote users
! Aurorean Network Gateway-1102/1105 - a tunnel server that
establishes a site- to-site t unnel between itself an d an ANG-700 0/3000
server. It can accommodate up to 25 tunnels.
A
Glossary
Glossary
GlossaryGlossary
Aurorean Web Config
Aurorean Web Config is the utility used to configure the Aurorean Network
Gateway-1102/1 1 05. It is Web based and is acces sed t hrough the use of a Web
browser.
Aurorean Policy Server
An Enterasys Networks device that manages Aurorean Network
Gateways. Network administrators configure Aurorean Policy Servers
from a
user database on the Aurorean Policy Server or instruct the Aurorean
Policy Server to authenticate remote users against an external
Aurorean Network Gateway-1100 User’s Guide 41
RiverMaster computer. The network administrator can create a remote
Page 56
DHCP
DSL
Appendix A
Glossary
authentication server (such as a RADIUS or SecurID server). When the
network administrator changes tunnel connection parameters, the Aurorean
Policy Server provide updated configuration files to Aurorean Network
Gateways on request.
Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP
addresses. The Au ror ean Network Gateway- 1 102/1105 is capabl e of assigni ng
IP addresses.
Refers to Digital Subscriber Lines. DSL technologies use sophisticated
modulation schemes to pack data onto copper wires. They are sometimes
referred to as last-mile technologies because they are used only for
connections from a telephone switching station to a home or office, not
between switching stations. Usually the maxi mum distance between the
home or office and the switching station has to be around one mile.
Ethernet
The Ethernet originated in 1974 by Xerox to connect many office machines
together to allow communications between them. Coax cable was originally
used. today twisted pair wire can be used and the speeds can be up to 10
megabits per second.
Firewall
A combination of hardware and software which lim its the exposure of a
corporate network to outside attack by enforcing a boundary between the
network and the Internet. Firewalls normally fall into one of two categories:
application-level or network-level (often referred to as a packet filter). An
application-level firewall examines traffic at the application level, a nd only
passes packets that are sent by approved applications (such as FTP, E-mail, or
Telnet). This type of firewall often readdresses outgoing traffic so that it
appears to have originated at the firewall rather than an internal host, thereby
concealing the address of the internal host. A network-level firewall examines
traffic at the network packet level, and filters packets based on the destination
and/or source address.
42 Aurorean Network Gateway-1100 User’s Guide
Page 57
Appendix A
Glossary
Generic Routing Encapsulation (GRE )
Intern et Service Provider (ISP)
IP
T unneling pro tocol developed by Cisco that can encapsulate a wide variety of
protocol packet types inside IP tunnels, creating a virtual point-to-point link
over the Internet. For PPTP, GRE is used to encapsulate PPP data packets
within an IP packet (IP packet headers contain address info rmation necessary
for routing, while PPP packets do not).
A vendor who provides direct access to the Internet. ISPs bill users for the
amount of time they are connected, and may also offer additional services
such as Web site hosting, E- mail, or news group readers. Remote users reach
the ISP by dialing into an ISP POP with a computer, modem, and phone line,
or over a dedicated circuit (such as a cable modem connection).
Abbreviation of Internet Protocol, pronounced as two separate letters. IP
specifies the format of packets, also called datagrams, and the addressing
scheme. Most networks combine IP with a higher-level protocol called
Transport Control Protocol (TCP/IP), which establishes a virtual connection
between a destination and a source.
IP Address
An identifier for a computer or device on a TCP/IP network. Networks using
the TCP/IP protocol route messages based on the IP address of the
destination. The format o f an IP addr ess is a 32 -bit numeric ad dress wri tten as
four numbers separated by periods. Each number can be zero to 255. For
example, 172.16.4.14 could be an IP address.
IP Security Protocol (IPSec)
Short for IPSecurity, a set of protocols developed to support secure exchange
of packets at the IP layer.
Aurorean Network Gateway-1100 User’s Guide 43
Page 58
LAN
Locan Area Network (LAN) connects computers and peripherals together in
an office or a campus to allow the computers to access each other and other
common peripherals.
LEDs
Abbreviation of light emitting diode, an electronic device that lights up when
electricity is passed through it. LEDs are usually red, but the ANG-1102/1105
uses green LEDs. The LEDs are used to indicators.
Mac Address
Short for Media Access Control address, a hardware address that uniquely
identifies each node on a network.
Network Address Translation (NAT)
Described by Whatis.com as the translation of an Internet Protocol address
used within one network to a different IP address known within another
network. One network is designated the inside network and the other is the
outside. Typically, a company maps its local ins id e network addresses to one
or more global outside IP addresses and unmaps the global IP add resses on
incoming packets back into local IP addresses. This provides security since
each outgoing or incoming request must undergo a translation process that
also offers the chance to qualify or authenticate the request or match it with a
previous request. NAT also conserves the number of global IP addresses that
a company uses and permits the use of a single IP address to interface with
the world.
Appendix A
Glossary
Network Administrator
The person responsible for installing and maintaining a company’s network
equipment, and also insuring that network resources (such as servers and the
applications running on them) are cons istently available and performing
well. In terms of Enterasys Networks products, this person physically installs
Aurorean Policy Servers and Aurorean Network Gateways,
distributes Aurorean Client Software
RiverMaster
44 Aurorean Network Gateway-1100 User’s Guide
software on his/her computer to manage the entire VPN.
to remote users, and runs
Page 59
Appendix A
Glossary
Point of Presence (POP)
Point-to-Point Protocol (PPP)
Point-to-Point Tunneling Protocol (PPTP)
In Internet terms, the physical site that contains an ISP’s network
equipment. Remote users dial into the POP, authenticate against the ISP’s
customer database, and then gain access to the Internet. ISPs typically have
POPs scattered throughout their service area, so that can customers can dial a
local phone call and avoid paying long- distance charges when accessing the
Internet.
The Internet standard for sending network traffic over serial lines, such as
dial-up phone lines. Unlike its predecessor SLIP (Serial Line Internet
Protocol), PPP provides error detection and compression capabilities.
A network protocol for linking remote locations over the Intern et rath er th an
over costly long-distance or leased lines. To accomplish this, PPTP
encapsulates other network protocols (such as TCP/IP, IPX, and NetBEUI)
and uses encryption to secure the data sent over the Internet. PPTP was
developed jointly by Microsoft and U.S . Robotics (3Com).
PPPoE
The Point-to-Point over Ethernet protocol provides a connection to the Internet
through a DSL provider. It is also identified as PPPoE.
RiverMaster
A management application running on a Windows NT 4.0 Workstation
computer which communicates with Aurorean Policy Servers and
Aurorean Network Gateways. Using RiverMaster, a network
administrator creates user databases, sets policies for user groups, views
activity logs, and generates usage reports.
Aurorean Network Gateway-1100 User’s Guide 45
Page 60
Routers
Devices which direct network traffic among LANs or WANs until the data
reaches its destination. To do this, routers communicate with one another
using dedicated protocols such as IGRP (Interior Gateway Routing Protocol)
and BGP (Border Gateway Protocol) to transfer information on network
addressing, status, and configuration.
TCP/IP
Abbreviation for Transmission Control Protocol/Internet Protocol. The suite of
communications protocols used to connect hosts on the Internet. TCP/IP uses
several protocols, the two main ones being TCP and IP. TCP/IP is built into
the UNIX operating system and is used by the Internet, making it the de facto
standard for transmitting data over networks. Even networ k operating
systems that have their own protocols, such as Netware, also support TCP/IP.
Tunneling
Technology that lets a network transport protocol carry information for other
protocols within its own packets. For example, by encapsulating NetB E U I
packets, IP can route them across the Internet, which is not normally possible.
Appendix A
Glossary
Virtual Private Network (VPN)
An extension of a company’s private network that uses the resources of the
public Internet. While most private networks use dedicated lines and
equipment that are company property, a virtual private network “borrows”
resources from the Internet on an as-needed basis.
46 Aurorean Network Gateway-1100 User’s Guide
Page 61
This appendix details the specifications of the ANG-1100.
Tab le 1 ANG-1100 Specifications
Category Parameters
Chassis Depth 6” (16 cm)
Width 10” (25 cm)
Height 1.5” (4 cm)
Weight 1 lb. (.5 kg)
B
Specifications
Specifications
SpecificationsSpecifications
Environment Operating
Temperature
Storage
Temperature
Humidity 0 to 95%, non-condensing
Power Supply Power Adapter External universal, auto switching: 110-250 VAC
CPU Processor Motorola© Coldfire XCF5307 at 90 Mhz internal, 45 MHz
Memory 16 MB Micron SRAM with clock speed of 45MHz
Storage
Devices
Aurorean Network Gateway-1100 User’s Guide 47
Hard Drive 4 MB Intel Flash
0° to 40° C (32° to 104° F)
-20° to +70° C (-4° to +158° F)
Regulated UL Listed Class 2 power supply must be used.
Output: 5V, 4.0 Amp
external
Page 62
Table 1 ANG-1100 Specifications (Continued)
Category Parameters
Performance Ser ver Capacity > 25 concurrent tunnels
Appendix B
Specifications
Protocols &
Standards
Tunnel
Performance
Hardware
acceleration
Tunnel Protocols IP Security Protocol (IPSec) as defined in RFC 2401 and 2409
Encapsulated
LAN Protocols
Routing Protocols RIP V1, V2
Authentication HMAC SHA1 and MD5
Encryption MPPE, 40- and 128-bit configurable keys (RC4-compatible)
Up to 3 Mbps with IPSec
SafeNet 1140 CryptoCore chip on ANG-1105
Point-to-Point Tunneling Protocol (PPTP) as defined in
RFC 1234
Generic Routing Encapsulation (GRE) as defined in RFC 1701
and 1702
Internet Key Exchange (IKE)
PPP over Ethernet (PPPOE)
IP
Support for dynamic Virtual Network addressing, local network
addressing, or static routes
Challenge Handshake Authentication Protocol (CHAP)
MS-CHAP (Microsoft proprietary version of CHAP)
IPSec, 40- and 128-bit configurable keys (RC-4 compatible)
DES (56-bit) or Triple-DES (168-bit) with IPSec only
Compression Microsoft Point-to-Point Compression (MPPC)
Firewall support Port filtering and packet inspection firewall
NAT Gateway to mask internal devi ce addresses
Other DHCP Server
Operating
System
48 Aurorean Network Gateway-1100 User’s Guide
Type Version of Linux (uClinux 2.04)
Page 63
Appendix B
Specifications
Table 1 ANG-1100 Specifications (Continued)
Category Parameters
Ethernet Number of Ports Two (ANG-1102) or five (ANG-1105)
Data Transfer Rate 10 Mbps on the ANG-1102, 100 Mbps on the ANG-1105
Connector 8-position modular jack (RJ-45)
Serial Number of Ports One DB-9 jack on the ANG-1105 as a console interface
Safety
Regulations
EMCI US, Canada,
US/Canada/
Europe
Europe, Japan,
Australia, New
Zealand, Taiwan,
Russia,
International
UL 1950, CSA c22.2 No.950, 73/23/ EEC, EN60 950, a nd IEC950
FCC Part 15 Class B; CSA C108.8, 89/336/EEC, EN55022,
EN61000-3-2; EN61000-3-3; EN55024; AS/NZS 3548, and
VCCI V3.
Aurorean Network Gateway-1100 User’s Guide 49
Page 64
Page 65
C
Pin Assignments
Pin Assignments
Pin AssignmentsPin Assignments
This appendix describes pin assignments for the Ethernet connectors on the
ANG-1100. Additionally, the ANG-1105 provides a serial connector.
ANG-1100 servers ar e equipped with either two or five E thernet ports located
at the rear of the chassis, supporting full-duplex 10Base-T tran smission.
Connections from your PC to the ANG-1105 require the use of a straight-
through cable (not supplied); PC connections to the ANG-1102 require a
crossover cable or a straight-through cable if using a hub.
Both Ethernet port types conform to IEEE 80 2.3 standar ds with 8-pin modular
RJ-45 connectors. Figure 1 shows the pin assignments for ANG-1100 server
Ethernet ports.
Replacement Ethernet cables must meet the following requirements:
! Category 3, 4, or 5 unshielded twisted-pair (UTP) wi ring
! Length cannot exceed 328 feet (100 meters)
Aurorean Network Gateway-1100 User’s Guide 51
Page 66
Appendix C
Pin Assignments
LAN 1-4
(TRUSTED)
WAN: ANG-1102
(EXTERNAL)
WAN: ANG-1105
(EXTERNAL)
Pin 8
Pin 8
Pin 1Pin 8
Pin 1
Pin 1
Pin Signal
1Transmit +
2Transmit 3Receive +
4 Return
5 Return
6Receive 7 Return
8 Return
Pin Signal
1 Transmit 2 Transmit +
3Receive 4 Return
5 Return
6Receive+
7 Return
8 Return
Figure 1 Ethernet Port Pin Assignments
The ANG-1105 is equipped with a single serial port for debugging purposes.
An industry-standard serial cable can be used to connect to the male DB-9
connector. See Figure 2 for serial port pin assignments.
52 Aurorean Network Gateway-1100 User’s Guide
Page 67
Appendix C
Pin Assignments
DB-9
Pin 1 Pin 5
Pin 6 Pin 9
Figure 2 Serial Port Pin Assignments
Pin Signal
1 Carrier Detect (CD)
2 Receive Data (RX)
3 Transmit Data (TX)
4 Data Term Ready (DTR)
5 Ground (GND)
6 No Carrier (NC)
7 Request to Send (RTS)
8 Clear to Send (CTS)
9 No Carrier (NC)
Aurorean Network Gateway-1100 User’s Guide 53
Page 68
Page 69
Progr am License Agreement &
Progr am License Agreement &
Progr am License Agreement &Progr am License Agreement &
This appendix describes the terms and conditions tha t govern the use of
Aurorean Virtual Network 1100 products and provides contact information
for obtaining technical support from Enterasys Networks.
Enterasys Networks, Inc. Program License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
This document is an agreement (“Agreement”) between You, the end user,
and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and
obligations with respect to the Enterasys software program (“Program”) in
the package. The Program may be contained in firmware, chips or other
media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO
BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH
INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND
DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF
THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO
ENTERASYS OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS
FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.
D
Support
Support
SupportSupport
IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT
Enterasys Networks:
(603) 332-9400. Attn: Legal Department.
Aurorean Network Gateway-1100 User’s Guide 55
Page 70
License Appendix D
Program License Agreement & Support
License
You have the right to use only the one (1) copy of the Program provided in
this package subject to the terms and conditions of this License Agreement.
You may not copy, reproduce or transmit any part of the Program except as
permitted by the Copyright Act of the United States or as authorized in
writing by Enterasys.
Other Restrictions
You may not reverse engineer, decompile, or disassemble the Program.
Applicable Law
This License Agreement shall be interpreted and governed under the laws
and in the state and federal courts of New Hampshire. You accept the
personal jurisdiction and venue of the New Hampshire courts.
Export Requirements
You understand that Enterasys and its Affiliates are subject to regulation by
agencies of the U.S. Government, including the U.S. Department of
Commerce, which prohibit export or diversion of certain technical products
to certain countries, unless a license to export the product is obtained from the
U.S. Government or an exception from obtaining such licen se may be relied
upon by the exporting party.
If the Program is exported from the United States pursuant to the License
Exception CIV under the U.S. Export Administration Regulations, You agree
that You are a civil end user of the Program and agree that You will use the
Program for civil end uses only and not for military purposes.
If the Program is exported from the United States pursuant to the License
Exception TSR under the U.S. Export Administration Regulations, in addition
to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You
agree not to (i) reexport or release the Program, the source code for the
Program or technology to a national of a country in Country Groups D:1 or
E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba,
56 Aurorean Network Gateway-1100 User’s Guide
Page 71
Appendix D United States Government Restricted Rights
Program License Agreement & Support
Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya,
Lithuania, Moldova, North Korea, the People’s Republic of China, Romania,
Russia, Rwanda, Tajikistan, Turkmenistan, Ukra ine, Uzbekistan, Vietnam, or
such other countries as may be designated by the United States Government),
(ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product
of the Program or the technology, if such foreign produced direct product is
subject to national security controls as identified on the U.S. Commerce
Control List, or (iii) if the direct product of the technology is a complete plant
or any major component of a plant, export to Country Groups D:1 or E:2 the
direct product of the plant or a major component thereof, if such foreign
produced direct product is subject to national security controls as identified
on the U.S. Commerce Control List or is subject to State Department controls
under the U.S. Munitions List.
United States Government Restricted Rights
The enclosed Product (i) was developed solely at private expense; (ii) contains
“restricted computer software” submitted with restricted rights in accordance
with section 52.227-19 (a) through (d) of the Commercial Computer Software-
Restricted Rights Clause and its successors, and (iii) in a ll respects is
proprietary data belonging to Enterasys and/or its suppliers. For Department
of Defense units, the Product is considered commercial computer software in
accordance with DFARS section 227.7202-3 and its successors, and use,
duplication, or disclosure by the Government is subject to restrictions set
forth herei n.
Exclusion of Warranty
Except as may be specifically provided by Enterasys in writing, Entera sys
makes no warranty, expressed or implied, concerning the Program (including
its documentation and media).
ENTERASYS DISCLAIMS ALL WARRANT IES, OTHER THAN THOSE
SUPPLIED TO YOU BY Enterasys IN WRITING, EITHER EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE,
WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN
MATERIALS, AND ANY ACCOMPANYING HARDWARE.
Aurorean Network Gateway-1100 User’s Guide 57
Page 72
No Liability for Consequential Damages Appendix D
Program License Agreement & Support
No Liability for Consequential Damages
IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION,
DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS
INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL,
INCIDENTA L, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER
LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS
ENTERASYS PRODUCT, EVEN IF ENTERASYS HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION
OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE
ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.
Technical Support
Enterasys Networks provides easy access to technical support information
through a variety of services.
Support from Enter a sys Networks
Enterasys Networks offers two ways of contacting customer support
personnel.
On-line Services
To receive answers to technical questions on Aurorean Virtual Network
products, send E-mail to:
support@enterasys.com
Please include your name, title, company, and phone number in all
correspondence.
58 Aurorean Network Gateway-1100 User’s Guide
Page 73
Appendix D Technical Support
Program License Agreement & Support
Phone Support
Enterasys Networks customer support personnel are available by calling
1-800-872-8440. When you call, please call from a position where you can
operate the RiverMaster management application or view the server’s LEDs,
and make sure you have the following information ready:
! State of the LEDs on both the front and rear panels of the server(s)
! A list of the error messages appearing in the RiverMaster
message/alarm display
! Details about any recent configuration changes, if applicable
Enterasys Networks also recommends that you have the RiverMaster
Administrator’s Guide on hand when you call.
Returning Products for Repair
After discussing the problem with Enterasys Networks Customer Support or
your authorized Enterasys Networks reseller, you may be asked to return the
APS-3000/7000 or ANG-1102/1105/3000/7000 for repairs. You will receive a
Return Material Authorization (RMA) number for the server. Ship the server,
with the RMA number clearly visible on the outside of the package, to the
following address:
Enterasys Networks
35 Industrial Way
Rochester, NH 03866
Enterasys Networks recommends that you reuse the original shipping box or
equivalent packaging to protect the server during shipment.
NOTE
Products sent to Enterasys Networks without an RMA number will be
returned to the sender unopened, at the sender’s expense.
Aurorean Network Gateway-1100 User’s Guide 59
Page 74
Page 75
Index
Index
IndexIndex
A
accessories 4
cross-over cable 4
power cord 4
power supply 4
ANG-1100
accessories
Ethernet LEDs 10
Ethernet po rts 5
front panel LEDs 10
Interconnects 6
Power connections 8
Power LED 10
specifications 47
unpacking 3
Usage ix
VPN LED 10
WAN LED 10
Aurorean Network Gateway
definition
Aurorean Network Gateway-1100 See ANG-1100
Aurorean Policy Server
definition
Aurorean Web Config, definition 41
authentication 48
4
41
41
configuring IP port forwarding 37
Connecting 8
connecting power 8
connector pin assignments 51
connectors
Ethernet
serial 52
cross-over cable 4
customer support phone numbers 59
51
D
DB-9
connecting to the ANG
pin assignments 52
default password 13
default trusted IP address 13
default user name 13
device status 30
DHCP 18, 19, 24, 25
DHCP, definition 42
Digital Subscriber Line 18
DNS proxy 25
downloading firmware 21
DSL 20
DSL (Digital Subscriber Line) 42
7
C
cables
connecting Ethernet
connecting serial 7
requirements 51
Canadian notices iii
CD ROM 4
chassis dimensions 47
checking device status 30
Coldfire processor 30, 47
compliance 49
compression 48
Aurorean Network Gateway-1100 User’s Guide 61
5–7
E
encryption 48
environmental parameters 47
Ethernet
cable requirements
connections 5
definition 42
ports 2, 5
specifications 49
External port connecting cables 7
EZ-IPsec 17
51
Page 76
Index
F
firewall setup 26
Firewall, definition 42
Flash specifications 47
FTP server 21, 23
G
Generic Routing Encapsulation (GRE) 43, 48
GRE. See Generic Routing Encapsulation (GRE)
43
I
installation
before you be gin
connecting cables 5–7
connecting power 8
locating a server 4
Intel Flash memory 47
Intelligent Client Routing 17
Internet Service Provider (ISP)
definition
IP (Internet Protocol) 43
IP address, definition 43
IP Security Protocol (IPSec) 48
definition 43
ipconfig 25, 34
ipfwadm file 27
IPX 45
4
43
L
LAN
definition
LEDs 10
protocols 48
44
LEDs
definition
Ethernet ports 10
front panel 10
LANs 10
power 10
VPN 10
WANs 10
license agreement 55–58
Linux 34, 48
logging into Web Config 13
44
M
MAC address 12, 18, 21, 33, 34
Mac Address, definition 44
memory specifications 47
Micron SRAM 47
N
NAT server 37
description 44
netadmin 28
netadmin default password 13
netadmin default username 13
NetBEUI 45
Network Address Translation (NAT), definition
44
Network Administrator, definition 44
network cable requirements 51
Notices
Canadian
FCC iii
General ii
UL iii
iii
O
on-line customer support 58
P
password 28
62 Aurorean Network Gateway-1100 User’s Guide
Page 77
Index
pin assignments DB-9 52
pin assignments Ethernet 51
Point of Presence (POP), definition 45
Point-to-Point Protocol (PPP), definition 45
Point-to-Point Tunneling Protocol (PPTP) 48
definition 45
POP
definition
Power 8
power
connections
power supply 9
specifications 47
power cord 4, 8
power supply 4, 9
PPP, definition 45
PPPoE 18, 20
PPPoE, definition 45
PPTP, definition 45
processor specifications 47
protocols 48
45
8
Q
Quick Setup card 4
R
regulatory compliance 49
reset button 5, 14, 26, 28, 37
RiverMaster
definition
RJ-45
connector pin assignments
RJ-45 ports 5
RMA number 59
Routers, definition 46
routing 48
45
51
S
safety compliance 49
Safety Instructions iv
serial connection (ANG-1105 only) 7
setting up the firewall 26
setting up the LAN 24
setting your password 28
specifications
chassis parameters
CPU memor y 47
data transfer rate 49
EMC 49
Ethernet port specifications 49
general 47–49
hard drive specifications 47
hardware acceleration 48
operating system 48
operating temperature 47
power supply output 47
processor specifications 47
safety regulations 49
serial port specifications 49
server capacity 48
server performance 48
supported protocols 48
System Description 1
system logfile 33, 34
47
T
TCP/IP 45, 46
technical support 58
Trusted port connecting cables 6
tunnel protocols 48
tunneling, definition 46
U
UL notices iii
using the configuration editor 34
V
viewing VPN status 15
Virtual Private Network (VPN), definition 46
VPN configuration 16
VPN Status 23
VPN status 15
Aurorean Network Gateway-1100 User’s Guide 63
Page 78
Index
VPN. See Virtual Private Network (VPN) 46
W
Web Config 13
winipcfg 25
WINS proxy 25
64 Aurorean Network Gateway-1100 User’s Guide
Loading...