Aurorean™ Virtual Network ANG-1000 User’s Guide Version 1.
Notice Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Federal Communications Commission (FCC) Notices The Aurorean Network Gateway-100 complies with Title 47 Part 15, Subpart B of FCC Rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operation.
ELECTRICAL HAZARD: Only qualified personnel should perform installation procedures. Important Safety Instructions 1) Read these instructions carefully. Save these instructions for future reference. 2) Follow all warnings and instructions marked on the product. 3) Unplug this product from the wall outlet before cleaning. Do not use liquid cleaners or aerosol cleaners. Use a damp cloth for cleaning. 4) Do not use this product near water.
Table of Contents About This Guide Contents of the Guide ........................................................................................................... ix Conventions Used in This Guide...........................................................................................x Related Publications .............................................................................................................. xi Chapter 1 – Overview System Description ............................................
Chapter 3 – Configuring the ANG-1000 with Aurorean Web Config Before You Begin .............................................................................................................11 Logging into Web Config .............................................................................................. 13 Viewing VPN Status ...................................................................................................... 14 Downloading the Latest Firmware...........................................
Appendix A – Glossary Appendix B – Specifications Appendix C – Pin Assignments Appendix D – License Agreement & Support Enterasys Networks License Agreement............................................................................49 License Grant...................................................................................................................49 Warranty...........................................................................................................................
About This Guide This guide describes how to mount, connect, power-up, and maintain an Aurorean™ Network Gateway-1000 (ANG-1000) from Enterasys Networks. This guide is written for administrators who want to configure the ANG-1000 for their remote clients or experienced users who are knowledgeable of basic networking principles.
Conventions Used in This Guide About This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE x Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action. CAUTION Cautions contain directions that can prevent you from damaging the product or losing data. WARNING Warnings provide directions that you must follow to avoid harming yourself.
About This Guide Related Publications Related Publications The following publications are also available with the Aurorean Network Gateway-1000: H The ANG-1000 Quick Setup card which highlights the basic steps required to install the Aurorean Network Gateway-1000. H The Installation & Service Guide which describes how to install and maintain the ANG-3000/7000 series, the Aurorean server which can be used to complete a VPN connection with the ANG-1000.
1 Overview This chapter describes the key features of the Aurorean Network Gateway 1000 and how it is used. System Description The ANG-1000, displayed in Figure 1, provides home or small office connectivity to a corporate branch office or headquarters. It supports up to 25 tunnels. ANG-1000 Front ANG-1000 Rear Figure 1 ANG-1000 Front and Rear Views Figure 2 illustrates how the ANG-1000 typically connects to the corporate network.
System Description Chapter 1 Overview Hub - Negotiates tunnel protocols - Compresses data over tunnel - Encrypts data over tunnel ANG-3000/7000 - Authenticates Aurorean users (or forwards login requests to RADIUS servers) - Logs message/alarm activity - Maintains master TollSaver database Cable/DSL modem INTERNET Firewall Router APS-3000/7000 RiverMaster ANG-1000 - Initiates tunnel to ANG-3000/7000 - Negotiates tunnel protocols - Encrypts data over tunnel Site-to-Site connection - Defines user
2 Installation This chapter describes the steps required to unpack, install and connect an Aurorean Network Gateway-1000 onto a desktop. Unpacking the ANG-1000 Remove the ANG-1000 from the shipping box. Save the box in case the unit needs to be returned.
Connecting Cables Chapter 2 Installation The box contains a CD ROM with this instruction manual in the Adobe PDF format, a Quick Setup card and accessories. Accessories The ANG-1000 also is shipped with the following accessories: H Two 10baseT cables (blue and orange) to connect to the LAN ports/hub. H One cross-over (red) cable for a direct PC/Network Gateway connection. H One power supply with an attached cable to connect to the ANG-1000. H One power cord to connect the power supply to the AC outlet.
Chapter 2 Installation Connecting Cables All interconnections are made at the back of the ANG-1000 (refer to Figure 4). Although there is no power switch, a reset button is located in the rear of the unit. CAUTION If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered. We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults.
Connecting Cables Chapter 2 Installation Connecting an ANG-1000 The ANG-1000 is typically set up in the configuration shown below.
Chapter 2 Installation Connecting Power to the ANG-1000 Optional crossover cable for direct PC connection Trusted External Figure 7 Connecting Ethernet Cables to an ANG-1000 3 Plug an orange, straight-through Ethernet cable into the External port as shown in Figure 7. 4 Plug the opposite end of this cable into a DSL or cable modem. After you connect power, the top External LED at the rear of the ANG-1000 will be lit the moment the cable it is connected.
Connecting Power to the ANG-1000 Chapter 2 Installation A switching power supply including a 6’ power cord and a 7’ electrical cord with an attached power supply is supplied with each system. To connect these items to an ANG-1000, perform the following steps: 1 Plug the power supply cord into the system’s power socket as shown in Figure 8.
Chapter 2 Installation Checking ANG-1000 Connections Checking ANG-1000 Connections The ANG-1000 is now connected and ready for configuration. Check rear and front LEDS in the manner described below to confirm that the connections are working properly. Rear Panel Link LEDs The two top link LEDs on the rear panel light the moment a connection is made to the respective network. The two bottom link LEDs light when data is received and transmitted to the respective network by the ANG-1000.
Checking ANG-1000 Connections Chapter 2 Installation Figure 11 ANG-1000 Front Panel After the ANG-1000 is configured and in use, the Internet, VPN, RX and TX LEDs will light and/or blink. Refer to Figure 12 for behavior of the LEDs. The ANG-1000 is now ready for configuration. Refer to Chapter 3 for detailed instructions.
3 Configuring the ANG-1000 with Aurorean Web Config To configure the ANG-1000, use the Internet browser on your computer and connect to the server via the Web. During the Web session, you run the Aurorean Web Config utility and configure the system. Figure 13 illustrates the process.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config – To configure your PC to include the domain of the corporate network you will connect to. To do so on your Windows 95/98/ME/2000 desktop: click Start, select Settings and double-click Control Panel (Win 2000: Network and Dial-up Connections).
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Logging into Web Config To log into Web Config, perform the steps below. 1 Point your Web browser at the default trusted IP address of the ANG-1000. In the browser’s Location field at the top of the window, type: http://192.168.1.1 or aurorean. (include the dot) and click OK. The Login window appears as shown in Figure 14. Figure 14 Login Window 2 Type netadmin in the User Name and Password fields as shown in Figure 14.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Viewing VPN Status The VPN Status window is the first screen to appear after logging in. At this point, you have just begun configuration so the VPN Status window appears empty. Later, after you have configured a VPN connection to an ANG-3000/7000, the window will display information similar to the data shown in Figure 15. Aurorean Network Gateway 1000 VPN Status Help Connection Primary 146.115.206.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Downloading the Latest Firmware After logging in, download the latest firmware image to the ANG-1000’s flash memory (provided the MAC address is set for cable service users - refer to page 32) by accessing the FTP server where it is stored. As new firmware becomes available, you can update it again. Begin updating your firmware by performing the following steps: 1 Click the Firmware Upgrade menu option.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Firmware Update To begin the update of the ANG-1000 firmware image, press the “Apply” button at the bottom of the screen. Help VPN VPN Status VPN Setup For users new to the process of upgrading the ANG-1000 firmware, you will observe the following behavior once you press the “Apply” button. It is critical not to disturb the ANG-1000 by disconnecting power or the interface cables during the firmware update process.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config 7 After downloading and “flashing “are complete, a status page displays as shown in Figure 18 indicating the process was successful and displaying the FTP server IP address and new build filepath. Aurorean Network Gateway 1000 Firmware Update Help VPN The Aurorean Network Gateway 1000 has been updated with the changes you have selected.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Setting Up the VPN The VPN configuration created on the ANG-1000 completes a link with the ANG-3000/7000 on the remote end of this connection. If your network administrator has already set up the ANG-3000/7000 with appropriate User, Password and Group information, after setting up the VPN you will build the site-to-site tunnel connection and be up and running on the corporate LAN.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config 1 Enter the Name of the remote ANG-3000/7000 you are connecting to. 2 Enter the Gateway IP address of the remote ANG-3000/7000. 3 Enter the Username on the remote ANG-3000/7000. 4 Enter the Password on the remote ANG-3000/7000. 5 Confirm the password on the remote ANG-3000/7000. 6 Select the Connection type: either EZ-IPsec or PPTP.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config NOTE If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered. We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config 1 Click the Internet Setup menu option. The Internet Setup window appears as shown in Figure 21.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config – – – – Enter the Gateway IP address. Specify the Primary DNS IP address. Set the Secondary DNS IP address. Click Apply. H Click the PPPoE assigned IP address radio button and perform the following steps: – – – – 3 Specify a Username supplied by your cable/DSL provider. Enter a Password. Type the password again in the Confirm field. Click Apply.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Setting Up the LAN LAN configuration of the Trusted side of the ANG-1000 involves choosing either to manually set an IP address and subnet for the ANG-1000 or dynamically assigning its IP address via your network’s DHCP server. Begin LAN Setup by performing the following steps: 1 Click the LAN Setup menu option. The LAN Setup window appears as shown in Figure 22.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config H Click the Manual assigned IP address radio button and perform the following steps: – – – – – – – – Set the ANG-1000’s IP address. Set the Subnet mask. Optional. Click the DHCP server enabled box if the server is up and running. Set the Starting IP address of the range of consecutive IP addresses you will create for this ANG-1000. Set the total Number of IP addresses the ANG-1000 can distribute. Optional.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config NOTE If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered. We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults. Setting Up the Firewall Firewall security is established on the ANG-1000’s Trusted interface by default.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Aurorean Network Gateway 1000 Firewall Setup Help Internet Connection: VPN Allow Web configuration access VPN Status VPN Setup Allow Telnet login access Connectivity Setup LAN Connection: Allow Web configuration access Internet Setup LAN Setup Firewall Setup Allow Telnet login access ANG-1000 System Set Password Device Status Firmware Update Advanced Utilities VPN Gateway Connection: Allow Web configuration access Allow Telnet login acc
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Setting Your Password To further ensure security for your ANG-1000, you should configure a new password to replace the factory-installed password netadmin. Change the Password by performing the following steps: 1 Click the Set Password menu option. The Set Password window appears as shown in Figure 24.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Checking Device Status The Device Status window provides a host of important data to ensure the ANG-1000 is connected properly and to permit troubleshooting as problems occur. When consulting Enterasys Customer Support, you will be asked to display this window. The following categories are detailed in the Device Status window: H Version lists the Release, Patch and Build numbers, and internal name of the ANG-1000’s firmware.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Aurorean Network Gateway 1000 Device Status Help Version Aurorean Network Gateway Release 1.0 Patch 00 Build 135 (3.1.1) VPN VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1000 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home CPU CPU: MMU: FPU: Clocking: BogoMips: Calibration: COLDFIRE (m5307) none none 104.6MHz 59.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config eth1:0 Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95 inet addr: 10.120.51.247 P-t-P: 10.120.51.1. Mask: 255.255.255.255 UP POINTOPOINT RUNNING MTU: 1400 Metric:1 RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0 TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0 collisions: 0 lo Link encap: Local Loopback inet addr: 127.0.01 Bcast: 127.255.255.255. Mask: 255.0.0.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Using Advanced Utilities Advanced Utilities provided by the ANG-1000 include: H Setting the MAC Address of a newly attached ANG-1000 when you want to quickly connect to a cable service provider. MAC addresses are used by service providers to identify supported users.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config 2 Do one of the following: – To change the ANG-1000’s MAC address to reflect your computer’s MAC address, first find the computer’s address by issuing the proper command at a DOS prompt. For Windows 95/98/ME systems, type winipcfg; for Windows NT/2000 systems, type ipconfig /all; for Macintosh systems, check the TCP-IP control panel. In the command output, look for the Physical or Adapter Address value.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config 1 Click the Configuration Edit menu option. The Configuration Edit window appears as shown in Figure 28. Aurorean Network Gateway 1000 Configuration File Edit Help Configuration Files config inittab ipfwrules options ripd.conf start zebra.conf ipfwrule.routing dhcpd.conf dhcpd.iplist config.ike hosts pppoe winsd.conf ,netrc .resolv.conf config.dat dhcpd-cache.eth1 hostinfo-eth1 dhcpd.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Aurorean Network Gateway 1000 Configuration File Edit Help Configuration Files config inittab ipfwrules options ripd.conf start zebra.conf ipfwrule.routing dhcpd.conf dhcpd.iplist config.ike hosts pppoe winsd.conf .netrc .resolv.conf config.dat dhcpd-cache.eth1 hostinfo-eth1 dhcpd.leases File:/etc/config/config oasswd neGpPWI1gigw2 wizard 1 dhcpcd 1 snwantype 1meth0 255,255,255.0 ipeth0 192.168.1.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config NOTE If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Refer to the tables below for command usage, switches, arguments, and definitions. Usage ipportfw -A -[t | u] l.l.l.l/lport -R a.a.a.a/rport add entry ipportfw -D -[t | u] l.l.l.l/lport delete entry l.l.l.l is the address of the VPN interface receiving packets to be forwarded a.a.a.
Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Refer to the table below for a sample IP port forwarding configuration: Example ipportfw -C ipportfw -A -t10.120.50.215/23 -R 192.168.0.1/23 ipportfw -A -t10.120.50.215/21 -R 192.168.0.1/21 ipportfw -A -t10.120.50.215/6000 -R 192.168.0.2/6000 The above sample configuration performs the following tasks: H Clears the IP port forwarding table H Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to port 23 on the internal server 192.168.0.
A Glossary Aurorean Network Gateway An Enterasys Networks device that creates a secure virtual private circuit over the Internet between itself and a remote user’s computer. The Aurorean Network Gateway encapsulates data packets using IPSec and encrypts data to prevent third-parties from intercepting and examining it.
Appendix A Glossary authentication server (such as a RADIUS or SecurID server). When the network administrator changes tunnel connection parameters, the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request. DHCP Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP addresses. The Aurorean Network Gateway-1000 is capable of assigning IP addresses. DSL Refers to Digital Subscriber Lines.
Appendix A Glossary Generic Routing Encapsulation (GRE) Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link over the Internet. For PPTP, GRE is used to encapsulate PPP data packets within an IP packet (IP packet headers contain address information necessary for routing, while PPP packets do not). Internet Service Provider (ISP) A vendor who provides direct access to the Internet.
Appendix A Glossary LAN Locan Area Network (LAN) connects computers and peripherals together in an office or a campus to allow the computers to access each other and other common peripherals. LEDs Abbreviation of light emitting diode, an electronic device that lights up when electricity is passed through it. LEDs are usually red, but the ANG-1000 uses green LEDs. The LEDs are used to indicators.
Appendix A Glossary Network Administrator The person responsible for installing and maintaining a company’s network equipment, and also insuring that network resources (such as servers and the applications running on them) are consistently available and performing well.
Appendix A Glossary RiverMaster A management application running on a Windows NT 4.0 Workstation computer which communicates with Aurorean Policy Servers and Aurorean Network Gateways. Using RiverMaster, a network administrator creates user databases, sets policies for user groups, views activity logs, and generates usage reports. Routers Devices which direct network traffic among LANs or WANs until the data reaches its destination.
B Specifications This appendix details the specifications of the ANG-1000. Table 1 ANG-1000 Specifications Category Chassis Parameters Depth 6 1/2” Width 10” Height 1 /7/8” Weight 1 lb. Environment Operating Temperature 0° to 70° C PFC Power Supply Power Adapter Input: 100-240VAC, ~0.4A, 47-63Hz Regulated UL Listed Class 2 power supply must be used. Output: 5v VDC, 2.5 Amp CPU Processor Motorola© Coldfire XCF5307 91.
Appendix B Specifications Table 1 ANG-1000 Specifications (Continued) Category Protocols & Standards Parameters Tunnel Protocols IP Security Protocol (IPSec) as defined in RFC 2401 and 2409 Point-to-Point Tunneling Protocol (PPTP) as defined in RFC 1234 Generic Routing Encapsulation (GRE) as defined in RFC 1701 and 1702 Encapsulated LAN Protocols IP Routing Protocols RIP V1, V2 Support for dynamic Virtual Network addressing, local network addressing, or static routes Authentication Challenge Handsh
C Pin Assignments This appendix describes pin assignments for the Ethernet connectors on the back of the ANG-1000. Because ANG-1000 servers ship with all the cables required, this information is only necessary if you need to purchase or fabricate a replacement cable. ANG-1000 servers are equipped with Ethernet ports located at the rear of the chassis, supporting full-duplex 10Base-T transmission. Both port types conform to IEEE 802.3 standards with 8-pin modular RJ-45 connectors.
Appendix C Pin Assignments Replacement Ethernet cables must meet the following requirements: H Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring H Length cannot exceed 328 feet (100 meters) 48 Aurorean Network Gateway-1000 User’s Guide
D License Agreement & Support This appendix describes the terms and conditions that govern the use of Aurorean Virtual Network products (including the warranties) and provides contact information for obtaining technical support from Enterasys Networks. Enterasys Networks License Agreement PLEASE READ THIS DOCUMENT CAREFULLY BEFORE USING ENTERASYS SOFTWARE.
Enterasys Networks License Agreement Appendix D License Agreement & Support scope of the license that Licensee has purchased from Enterasys. Should one or more the above Licensed Servers be upgraded and/or replaced by other Enterasys servers purchased by Customer pursuant to Enterasys' then current upgrade policy, the license may be transferred and the Software may be used on the replacement server(s).
Appendix D License Agreement & Support Enterasys Networks License Agreement EXCEPT AS SPECIFICALLY PROVIDED HEREIN, THERE ARE NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR ANY IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.
Enterasys Networks License Agreement Appendix D License Agreement & Support SUBJECT MATTER OF THE CAUSE OF ACTION. IN NO EVENT SHALL ENTERASYS BE LIABLE FOR ANY LOST OR ANTICIPATED PROFITS OR SAVINGS, OR ANY INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE, AND WHETHER OR NOT ENTERASYS WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Appendix D License Agreement & Support Technical Support U. S. Government - Commercial Computer Software This Licensed Software is Commercial Computer Software as provided in 48 CFR 2.101 and is licensed to U.S. Government agencies and personnel only with the rights set forth in this license. The use of the Licensed Software by the Government constitutes acknowledgment of Enterasys's proprietary rights in the Licensed Software.
Appendix D License Agreement & Support Technical Support H Details about any recent configuration changes, if applicable Enterasys Networks also recommends that you have the RiverMaster Administrator’s Guide on hand when you call. Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1000/3000/7000 for repairs.
Index A E Accessories 4 ANG-1000 Accessory Kit 4 Ethernet LEDs 9 Ethernet ports 5 front panel LEDs 10 Interconnects 6 Power connections 7 specifications 45 unpacking 3 Usage ix Aurorean Network Gateway definition 39 Aurorean Network Gateway-1000 See ANG-1000 Aurorean Policy Server definition 39 Aurorean Web Config, definition 39 authentication 46 encryption 46 Ethernet cable requirements 48 definition 40 port LEDs 6 ports 2, 5 specifications 46 External port connecting cables 7 C cables connecting Ethe
Index LEDs definition 42 Ethernet ports 6, 9 front panel 9 license agreement 49–53 M Mac Address, definition 42 N NAT server description 42 NetBEUI 43 Network Address Translation (NAT), definition 42 Network Administrator, definition 43 network cable requirements 48 Notices Canadian iii FCC iii General ii UL iii O on-line customer support 53 P pin assignments Ethernet 47 Point of Presence (POP), definition 43 Point-to-Point Protocol (PPP), definition 43 Point-to-Point Tunneling Protocol (PPTP) 46 defi
Index V Virtual Private Network (VPN), definition 44 VPN.