Hp sa3110, sa3150, sa3400, sa3450 installation guide

hewlett-packard

vpn server appliance

sa3110/s a31 50/sa34 00 /sa3 450

installation guide

Hewlett-Packard Company

HP: 5971-0872

P/N: A5 2437-00 1

March 2001

ii

Disclaimer

Disclaimer

DisclaimerDisclaimer

Information in this document is provided in connection with
Hewlett-Packard Company products. No license, express or
implied, by estoppel or otherwise, to any intellectual property
rights is granted by this d ocument. Except as provided in
Hewlett-Packard Company’s Terms and Conditi on s of Sale for
such products, Hewlett-Packard Company assumes no liability
whatsoever, and Hewlett-Packard Company disclaims any
express or implied warranty, relating to sale and/or use of
Hewlett-Packard Company products including liability or
warranties relating to fitness for a particular purpose,
merchantability, or infringement of any patent, copyright or
other intellectual property right. Hewlett-Packard Company
products are not intended for use in medical, life saving, or life
sustaining applications.

Hewlett-Packard Company may make changes to specifications
and product descriptions at any time, without notice.

Hewlett-Packard VPN Server Appliance SA3110/SA3150/

This

SA3400/SA3450 Installation Guide

described in it is furnished under license and may only be used
or copied in accordance with the terms of the license. The
information in this manual is furnished for informational use
only, is subject to change withou t notice, an d should not be
construed as a commitment by Hewlett-Packard Company.
Hewlett-Packar d Comp any assumes no respo nsibility or li ability
for any errors or inaccuracies that may appear in thi s document
or any software that may be provided in association with this
document.

, as well as the software

Except as permitted by such license, no part of this document
may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means without the express written consent
of Hewlett-Packard Company.

Copyright © Hewlett-Packard Company 2001.

iii

Statement of Compliance for the HP VPN

Statement of Compliance for the HP VPN

Statement of Compliance for the HP VPN Statement of Compliance for the HP VPN

Server Appliance SA3110

Server Appliance SA3110

Server Appliance SA3110Server Appliance SA3110

This produ ct follows the provisions of the Europea n Directive
1999/5/EC.

Dette produkt er i overensstemmelse med det europæiske
direktiv 1999/5/EC

Dit product is in navolging van de bepalingen van Europees
Directief 1999/5/EC.

Tämä tuote noudattaa EU-direktiivin 1999/5/EC määräyksiä.
Ce produit est conforme aux exigences de la Directive

Européenne 1999/5/EC.
Dieses Produkt entspricht den Bestimmungen der Europäischen

Richtlinie 1999/5/EC

Фп рсп ъьн бхфь рлзс пЯ фйт рс пвлЭшейт фзт ЕхсщрбъкЮт
П дзгЯбт 1999/5/Е

Þessi vara stenst reglugerð Evrópska Efnahags Bandalagsins
númer 1999/5/EC

Questo prodotto è conforme alla Direttiva Europea 1999/5/EC.
Dette pro du ktet er i hen hold til best em mels ene i d et eur opei sk e

direktivet 1 999/5/EC.
Este produto cumpre com as normas da Diretiva Européia 1999/

5/EC.
Este producto cumple con las normas del Directivo Europeo

1999/5/EC.
Denna produkt har till verk at s i enl ighe t med EG- direktiv 1999/5/

EC.

C.

iv

Contents

Contents

ContentsContents

Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii

Statement of Compliance for the HP VPN Server Appliance SA3110 . . . . . . . . . . . . . . iv

Getting Started

Getting Started

Getting StartedGetting Started

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Required Components of a VPN Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Before You Install

Before You Install

Before You InstallBefore You Install

Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Installation Preparation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Performing the Initial Hardware Setup

Performing the Initial Hardware Setup

Performing the Initial Hardware SetupPerforming the Initial Hardware Setup

Performing the Initial Hardware Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Preparing to Configure a New VPN Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Setting Up a Basic Routing Mode Configuration on a New Device . . . . . . . . . . . . . . . 3-5

Using Bridge Mode With the VPN Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Connecting the Device to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Configuring Syslog for Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Installing HP SA3000 Series VPN Manager

Installing HP SA3000 Series VPN Manager

Installing HP SA3000 Series VPN ManagerInstalling HP SA3000 Series VPN Manager

Overview to Installing HP SA3000 Series VPN Manager . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Installing VPN Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Adding a VPN Device With VPN Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

Saving New Device Information to a Configuration File. . . . . . . . . . . . . . . . . . . . . . . . 4-7

Installing HP SA3000 Series VPN Client

Installing HP SA3000 Series VPN Client

Installing HP SA3000 Series VPN ClientInstalling HP SA3000 Series VPN Client

Overview to Installing HP SA3000 Series VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Installing VPN Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3

Configuring the VPN Client for a Basic Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

Supplementary Procedures

Supplementary Procedures

Supplementary ProceduresSupplementary Procedures

Supplementary Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Installing or Replacing the X.21 or V.35 Serial Card in the VPN Device . . . . . . . . . . . 6-2

Using the Copy Command (TFTP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6

Capturing a Terminal Emulation Session as Text. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-8

Viewing a Terminal Emulation Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Deleting the Current VPN Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10

Restoring the VPN Device Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

v

Viewing the IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12

Using Telnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-15

Appendix — Network Infrastructure Checklists

Appendix — Network Infrastructure Checklists

Appendix — Network Infrastructure ChecklistsAppendix — Network Infrastructure Checklists

Appendix — Network Infrastructure Checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Router Checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Firewall Checklists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4

Using An Existing Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6

Internal Network Checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7

Authentication Checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11

Port Combinations Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-12

Index

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Index Index

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index-1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Index-1

Index-1Index-1

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

vi

Getting Started

Getting Started

Getting StartedGetting Started

Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Required Components of a VPN Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3

GG

Ge

G
ee

et

tt

tt

tt

ti

ii

in

nn

ng

gg

g

S

SS

St

tt

ta

aa

ar

rr

rt

tt

te

ee

ed

dd

d

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

dd

d

ee

ed

tt

te

rr

rt

aa

ar

tt

ta

SS

St

S

gg

g

nn

ng

ii

in

tt

ti

tt

tt

ee

et
G

GG

Ge

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

Getting Started

Getting Started

1

Purpose

Purpose The purpose of this Installation Guide is to provide you with

PurposePurpose

Overview

Overview This manual contai ns six chapters and one appen d ix that tell

OverviewOverview

Chapter and

Chapter and

Chapter and Chapter and
Appendix

Appendix

Appendix Appendix
Contents

Contents

ContentsContents

Getting Started

Getting StartedGetting Started

installation instructions for Release 6.8.2 of the HP VPN Server
Appliance SA3110/S A3150/SA3400/SA3450. The term VPN device
is used in this document to refer to all of these devices.

you:

• System hardware and software requirements for your VPN
device

• The function of each required component of your VPN
device

• Installation instructions for each of the components of the
VPN device

• Upgrade instructions for your VPN device

• Supplementary procedures for the VPN device

The following list describes the contents and purpose of each
chapter, and the appendix.

1. Getting Started
This chapter gives an overview of the structure of this

manual and explains the function of each installation
component.

2. Before You Install
This chapter lists t h e s ys t em hardware and software

requirements for installing the VPN device and gives an
overview of installation prerequisites and steps.

3. Performing the Initial Hardware Setup
This chapter tells you how to perform the initial hardware

setup, connect your VPN device to the network, and set up a
basic routing mode or bridge mode configuration on a new
VPN device.

4. Installing HP SA3000 Series VPN Manager
This chapter tells you how to install the VPN Manager

software on your PC, create a device list with entries for your

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide 1-1

Getting Started

VPN device, add your VPN device (meaning that the VPN
Manager software "sees" the device, and knows it is
accessible), and save your VPN device list and conf iguration
information to a f ile .

5. Installing HP SA3000 Series VPN Client
This chapter tells you how to install the VPN Cl ient software

on your PC.

6. Supplementary Procedures
This chapter give s instructio ns for th e follow ing procedures :

• Install ing or Replacing the X.21 or V.35 Serial Card in the

VPN device

• Using the copy command

• Capturing a terminal emulation session as text

• Viewing a terminal emulation session

• Deleting the current VPN device configuration

• Reconfiguring the VPN device

• Viewing the IP configuration

• Using Telnet

7. Appendix — Network Infr astr uctu r e Chec kli sts
This appendix p rovides checkli st tables t o complet e, to help

you ga ther all y our netw ork inf ormati on togeth er, befo re you
install your VPN device.

1-2 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Functions of the

Functions of the

Functions of the Functions of the
VPN Device

VPN Device

VPN DeviceVPN Device

Required Components of a VPN Device

Required Components of a VPN Device

Required Components of a VPN Device

Required Components of a VPN DeviceRequired Components of a VPN Device

There are three primary required components for a new VPN
device:

• VPN device

• VPN Manager

• VPN Client

This section explains th e functions of each of these three
primary components.

The VPN device is a hardware/software security system that
processes data p ackets as they pass between the publi c side a nd
the private side of a network.

The device can be added to your network as the primary firewall,
work in conjunction with an existing firewall, function as a
bridge , wor k in conj unction with ro ut e rs, an d in conj unction
with more than one VPN device can be used for load balancing
and re dundancy for VPN Cl ient connec t ions.

The VPN device performs three major functions:

• At the communications level, the VPN device can act eithe r
as an IP router or as an IP bridge; that is, it oper ate s at layer
3, not layer 2.

• As a packet encryptor, the VPN device can selectively
encrypt and decrypt data b ased on source and dest in ation
addresses and ports. This p ro v id es the flexibi lit y of sending
both encrypted and clear data using the same infrastructure,
without compromising your centrally managed security
policy.

• As a firewall, the VPN device can be used as a packet filter
and a stateful inspection prox y. The VPN device goes further
than traditional fir ewalls, how ever, by adding au thentication
to the creation of tunnel s , which a llo w s the creation of truly
secure virtual private networks for VPN tunnels that
terminate outside the firewall.

Functions of

Functions of

Functions of Functions of
VPN Manager

VPN Manager

VPN Manager VPN Manager

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

VPN Manager is a graphical tool, based in any Win32 operating

x

syste m, includ ing Windows 9
that lets you configure the VPN device. It enable s administrators

, Windows NT, or Windows 2000,

1-3

Getting Started

Functions of

Functions of

Functions of Functions of
VPN Client

VPN Client

VPN Client VPN Client

to centrally manage multiple VPN devices across multiple sites
within a network.

VPN Manager also works with the external authentication
servers that define and grant access to VPN Client u se rs.

VPN Client is a software- bas ed package that allows for
encryption in cooperation with the Windows 95, Windows 98,
Windows 2000, o r Windows NT TC P/IP stack. This configuration
permits true virtual private networking and allows you to form
encrypted tunnels to other VPN device series products. This
provides desktop-to-gateway security within a local area
network or across any wide area network.

Because all HP VPN products operate at the network layer, the
VPN Client is complete ly transparent to users and works with
most applications. Users can dial in to any Internet service
provider (ISP) and use the VPN Clien t to create a secu re channel
back to your network, which eliminates the need for expensive
dial-in equipment and toll-charges.

The VPN Client allows you to create and config ure tunnels
through whic h encr ypte d data can travel sa fe l y withou t ri sk of
tampering. After connecting to your local ISP or company LAN,
only the IP traffic that the VPN Client is configured to process
passes down the tunnel to the opposing VPN device. All other IP
activities, such as Web browsing, cannot pass down the tunnel
unless the VPN Client determines otherwise.

1-4 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Before You Install

Before You Install

Before You InstallBefore You Install

Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3

Installation Preparation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-4

BB

Be

B
ee

ef

ff

fo

oo

or

rr

re

ee

e

Y

YY

Yo
oo

ou

uu

u

I

II

In

nn

ns

ss

st

tt

ta

aa

al

ll

ll

ll

l

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

ll

l

ll

ll

aa

al

tt

ta

ss

st

nn

ns

II

In

I

uu

u

oo

ou
YY

Yo

Y

ee

e

rr

re

oo

or

ff

fo

ee

ef
B

BB

Be

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

2

VPN Manager

VPN Manager

VPN Manager VPN Manager
Requ iremen t s

Requ iremen t s

Requ iremen t sRequ iremen t s

Before You Installl

Hardware and Software Requirements

Hardware and Software Requirements

Hardware and Software RequirementsHardware and Software Requirements

This section lists the system hardware and software
requirement s for installing each of the following:

• VPN device

• HP SA3000 Series VPN Manager, Release 6.8.2

• HP SA3000 Series VPN Client, Release 6.8.2

The hardware and software requirements for VPN Manager
Release 6.8.2 include:

• PC or PC-compatible desktop computer

• Windo ws 9 5 (B) or OSR2 , Wi ndows 98, Window s N T 4.0 , or
Windows 2000 (Workstation or Server version with Service
Pack 4, minimum, for year-2000 capability) running on:

— Intel Pentium® 100 MHz (minimum) processor perfor-

mance level or better
— At least 5 MB of free disk space
— At least 32 MB of RAM
— Support for Win sock 2.0

VPN Client

VPN Client

VPN Client VPN Client
Requ iremen t s

Requ iremen t s

Requ iremen t sRequ iremen t s

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide 2-1

The hardware and software requirements for HP SA3000 Series
VPN Client Release 6.8.2 include:

• PC or PC-compatible desktop computer

• Windows 95 (B) or OSR2 or Windows 98 running on:
— Intel Pentium 90 MHz (minimum) processor or better
— At least 5 MB of free disk space
— At least 32 MB of RAM
— Dial-Up Networking Release 1.3 or later
— Support for Winsock 2.0 (required for protocol 99 and

IPSec features)

• Windows NT 4.0 (Service Pack 4 or later) running on:
— Intel Pentium 90 MHz (minimum) processor or better
— At least 5 MB of free disk space
— At least 32 MB of RAM

• Windows 2000 Professional running on:

Before You Install

— Intel Pentium 133 MHz (minimum) processor or better
— 2 GB hard drive with 650 MB minimum free disk space
— 64 MB minimum RAM

2-2 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Installa t ion Ov ervie w

Installation Overview

Installation Overview

Installation OverviewInstallation Overview

The following flowchart provides an overview of the installation
process for your VPN device:

Complete preinstallation requirements

Perform the initial hardware setup

Set up a basic routing mode configuration

and connect the device to the network

Install and configure the
VPN Manager software

Install and configure the

VPN Client software

Related Info

Related Info Installation Preparation Checklist (page 2-4)

Related InfoRelated Info

Refer to the Installation
Preparation Checklist in
Chapter 2

Refer to Chapter 3

Refer to Chapter 3

Refer to Chapter 4

Refer to Chapter 5

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide 2-3

Before You Install

Installation Preparation Checkli st

Installation Preparation Checkli st

Installation Preparation Checkli stInstallation Preparation Checkli st

Before you install the VPN device, complete the following tasks:
___Map out your current network topology, and determine IP

addresses and default gateways. Having the IP address scheme
already decided helps you configure the unit.

Refer to the Appendix, "Network Infrastructure Checklists,"
for checklists to complete on your network’s infrastructure.
The che c k lists can h elp you gather the network informa t i on
you need to complete the VPN device installation.

The VPN devices can be integrated into your existing
network in a variety of configurations. However , when these
devices are added to an existing network, 80 percent of
network administrators use one of the following
configurations:

• One-Armed Router C onfiguration

• In-Line Router Configuration

• In-Parallel Configuration
For more complete inform ation on these configurations, see

Network Layout Reference Guide

the

.

___Before you per form the initial har dware setup, y o u must
have the follow ing in formatio n and termin al emu lation program
available:

• Serial communication port number on your computer to
which the console cable is connected and the IP address of
the device

• IP and subnet mask addresses for the two Ethernet
interfaces

• Default gateway IP address for the device

• Terminal emulation program such as HyperTerminal to
communicate with a VPN device when the device is in a
factory-default s t ate

___If the VPN device is behind your firewall, provide UDP 2233,
for IPSec, or protocol 99, for access to the device from the
Internet and, if you use certificate authentication, provide UDP
10027 for the X.509 certificate authority through your firewall.
For information on how to configure your firewall, please
contact the manufacturer.

2-4 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Installation Preparation Checklist

___If you use a different subn et when creating site-to-site
tunne ls, make the pro per rou ting changes for your organi zatio n.
For example, if your internal network is 10.0.0.0 and you assign
an incoming address from 192.168.x.x, all internal routers must
be configured to send all 192.168.0.0 traffic to the VPN device.

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide 2-5

Before You Install

2-6 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Performing the Initial Hardware Setup

Performing the Initial Hardware Setup

Performing the Initial Hardware SetupPerforming the Initial Hardware Setup

Performing the Initial Hardware Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Preparing to Configure a New VPN Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2

Setting Up a Basic Routing Mode Configuration on a New Device . . . . . . . . . . . . . . . .3-5

Using Bridge Mode With the VPN Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-10

Connecting the Device to the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13

Configuring Syslog for Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-14

PP

Pe

P
ee

er

rr

rf

ff

fo

oo

or

rr

rm

mm

mi
ii

in

nn

ng

gg

g

t

tt

th

hh

he

ee

e

I

II

In

nn

ni

ii

it

tt

ti

ii

ia

aa

al

ll

l

H

HH

Ha
aa

ar

rr

rd

dd

dw

ww

wa
aa

ar

rr

re

ee

e

S

SS

Se

ee

et

tt

tu

uu

up

pp

p

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

pp

p

uu

up

tt

tu

ee

et

SS

Se

S

ee

e

rr

re

aa

ar
ww

wa

dd

dw

rr

rd

aa

ar
HH

Ha

H

ll

l

aa

al

ii

ia

tt

ti

ii

it

nn

ni

II

In

I

ee

e

hh

he

tt

th

t

gg

g

nn

ng

ii

in
mm

mi

rr

rm

oo

or

ff

fo

rr

rf

ee

er
P

PP

Pe

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

Performing the I nitial Hardware Se tu p

Performing the Initial Hardware Setup

3

Next Step

Next Step Preparing to Configure a New VPN Device (page 3-2)

Next StepNext Step

Performing the Initial Hardware Setup

Performing the Initial Hardware SetupPerforming the Initial Hardware Setup

In this chapter, you complete the following tasks:

1. Physically con nec t the sup plie d DB-9 cable t o y our VPN
device and your PC.

2. Check power supply voltage setting.

3. Turn on the VPN device.

4. Create a console window with your terminal emulation
program.

5. Establish an initial session between your PC and your VPN
device.

6. Run your setup script.

7. Configure Syslog for tr oublesh ooting.

8. Connect your device to the network.

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide 3-1

Performing t h e Init ial Hardware Setu p

Preparing to Configure a New VPN Device

Preparing to Configure a New VPN Device

Preparing to Configure a New VPN DevicePreparing to Configure a New VPN Device

A set of keys is packed in the shipping container. These are
universal keys that fit any HP VPN device. Keep the keys in a saf e
place. It is n ot n eces s a ry to lock the device.

In preparation for configuring you r new VPN device, you mu st
complete the follo wing task s:

1. Insert the flash card into the device.

2. Connect the supplied DB-9 cable to your device.

3. Set power supply voltage.

4. Turn on the device.

5. Create a console window with your terminal emulation

When the VPN device is in a factory-default state, the only way
to communicate wi th it is thro ugh the cons ole cable. You ru n the
console cable between the serial port on the device and the
serial port on the computer on which you want to have the
console window.

program.

After you make the physical connection, you open a console
window so you can run the setup script to configure the new
device.

Inserting the

Inserting the

Inserting the Inserting the
Flash Card

Flash Card

Flash CardFlash Card

3-2 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Packed inside the shipp ing container is a flash card. To insert the
flash card into the VPN device:

1. Unwrap the flash card.

2. Open the front panel of the device by twisting the lock
mechanism clockw ise.

The front panel drops down.

3. Insert the flash card vertically in the flash card receptacle.

4. Close the front panel.

5. Secure the front panel by twisting the lock mechanism
counterclockwise.

Connecting the

Connecting the

Connecting the Connecting the
Cable and

Cable and

Cable and Cable and
Powering On the

Powering On the

Powering On the Powering On the
Device

Device

Device Device

Creat ing a

Creat ing a

Creat ing a Cr eati ng a
Console

Console

Console Console
Window

Window

WindowWindow

Preparing to Configure a New VPN Device

To connect the cable and turn on t he device:

1. Connect the supplied DB-9 console cable to the console port
of the VPN device and to the COM port on your PC. Make a
note of the communication port number on your PC .

2. Ensure that the voltage switch is set to the proper voltage
used in your environment.

3. Plug in the power cable.

4. Turn on the VPN device by setting the power switch to the 1
(one) position.

To create a Console window:

1. In the Start menu:

• For NT systems, select Programs, then Accesso ries, then

HyperTerminal.

• For Windows 98 systems, select Programs, then

Accessories, th en Communicat io ns, then
HyperTerminal.

The HyperTerminal window appears.

2. In the File menu, select New Connection.
The Connection Description window appears.

3. In the Name field, enter a name for the session. The Hewlett­Packard Company recommends that you call the session
Console.

4. In the Icon list box, select an ico n to represent the session on
your des ktop.

5. Click OK.
The Phone Number window appears.

6. In the Connect drop-down menu, select Direct to Com

N

where
connected the console cable.

7. Click OK.
The COM

8. In the Bits per second drop-down menu, select 9600.

9. In the Flow control drop-down menu, select None.

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

is the number of the serial port to which you

N

Properties window appears.

N

,

3-3

Performing t h e Init ial Hardware Setu p

10. Click OK.
You return to the terminal emulation program window,

where the cursor is blinking in an otherwise blank white
screen. You now have an active console session and can
communicate from your computer to the device.

Next Step

Next Step Setting Up a Basic Routing Mode Configuration on a New Device

Next StepNext Step

(page 3-4)

3-4 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide

Setting Up a Basic Ro uting Mode Configuration on a New Device

Setting Up a Basic Routing Mode

Setting Up a Basic Routing Mode

Setting Up a Basic Routing Mode Setting Up a Basic Routing Mode
Configuration on a New Device

Configuration on a New Device

Configuration on a New DeviceConfiguration on a New Device

In this sectio n, to set up a basi c routing m ode configur ation, you
complete the following tasks:

• Establish an initial session between your PC and your VPN
device.

• Run y our set up script.

Prerequisites

Prerequisites Before you set up a basic routing mode configuration you must

PrerequisitesPrerequisites

have gathered the following information and completed the
following tasks:

• You must have created a console window before setting up
the device. See the previous sectio n, "Preparin g to Configure
a New VPN device."

• You must know the IP address and subnet mask for the red
Ethernet interface E0 and for t he black Ethernet interface E1
and the IP address for the default gateway.

• You want the device to be in normal mode before you start
configuring it through the setup script. Allow the device 60
secon ds to boot th rough safe mode into normal mode. After
60 seconds, enter the command

enable

.

Establishing an

Establishing an

Establishing an Establishing an
Initial Session

Initial Session

Initial SessionInitial Session

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Installation Guide

To set up the basic configuration of the VPN device, first
establish a session between your PC and the device:

1. Ensure that t he power swi tc h o n t he device is in the 1 (one)
position.

2. At your desktop, open the Console window.
This window is emp ty.

3. To capture the session to a file, select Transfer, then select
Capture Text.

4. In the File menu, select Save.
The Save window appears.

5. In the Save in field, select the folder in which you want to
keep the session file.

3-5

Performing t h e Init ial Hardware Setu p

6. In the File name field, select the file name you want to give

7. Click Save.

8. Press Enter three times.

9. Press the space bar or press Enter to scroll through the

10. To accept the license agreement terms, press Y.

11. Wait 60 seconds.

the session file.

You return to the HyperTerminal window.

The license agreement appears in the Console window.

license agreement.

This creates a file called license.txt that tells the operating
system to forego displaying the license agreement the next
time that the VPN device starts.

Next, a name-and-state prompt similar to this one appears on
the screen:

hostname:SAFE

>

The device changes from safe mode to normal mode. The
device must be in normal mode before you run the setup
script for it.

12. At the name-and-state prompt, enter

enable

.

A password prompt appears on the screen.

13. At the password prompt, enter

admin

The default password from the factory is

.

admin

in all

lowercase letters.
Note:

Note: Passwords are case sensitive.

Note: Note:
As you enter the password, a row of asterisks (*) appears.

When the VPN device acc epts the password, the word

Passed

appears on the screen. Then the name-and-state

prompt appears again:

hostname:NORMAL#

3-6 Hewlett-Packard VPN Server Appliance SA3 110/SA3150/SA3400/SA3450 Inst all ation Guide