Enterasys Networks ANG-1000 Network Card User Manual

Aurorean™ Virtual Network
ANG-1000
User’s Guide
Version 1.0
Notice
Enterasys Networks and its licensors reserve the right to make changes in specifications and other
information contained in this document without prior notice. The reader should in all cases consult
Enterasys Networks to determine whether any such changes have been made. The hardware, firmware,
or software described in this manual is subject to change without notice.
IN NO EVENT SHALL Enterasys Networks AND ITS LICENSORS BE LIABLE FOR ANY INCIDENTAL, INDIRECT,
SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST
PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN
IF Enterasys Networks AND ITS LICENSORS HAVE BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN,
THE POSSIBILITY OF SUCH DAMAGES.
Part Number: AVN-ANG1-R10
May 2001
Printed in the USA
Enterasys Networks, Inc.
35 Industrial Way
Rochester, NH 03866-5005
Enterasys Networks, Inc. is a subsidiary of Cabletron Systems, Inc.  2001 by Enterasys Networks, Inc. All Rights
Reserved Printed in the United States of America
The Enterasys Networks logo, Aurorean, Prescriptive Diagnostics Engine, RiverMaster, Intelligent Client Routing,
TollSaver are trademarks of Enterasys Networks.
Microsoft, MS, and MS-DOS are registered trademarks and Windows, Windows 95, Windows 98, Windows NT,
Windows 2000 Professional and Windows Millennium are trademarks of Microsoft Corporation in the USA and other
countries.
Virtual Network Computing is a trademark of AT&T Laboratories Cambridge.
ActiveState, ActivePerl, and PerlScript are trademarks of ActiveState Tool Corp.
Other trademarks and trade names used in this publication belong to their respective owners.
Aurorean Virtual Network software includes the following third-party components:
Commercial support for ActivePerl is available through PerlClinic at http://www.ActiveState.com. Peer support resources for
ActivePerl issues can also be found at the ActiveState Web site under support at http://ActiveState.com/support/. The ActiveState
Repository has a large collection of modules and extensions in binary packages that are easy to install and use. To view and
install these packages, use the Perl Package Manager (PPM) which is included with ActivePerl. ActivePerl is the latest Perl
binary distribution from ActiveState and replaces what was previously distributed as Perl for Win32. The latest release of
ActivePerl as well as other professional tools for Perl developers are available from the ActiveState Web site.
Gate Daemon software © 1995 The Regents of the University of Michigan. All rights reserved.
Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators.
A DES implementation written by Eric Young © 1995-1997 Eric Young (eay@cryptsoft.com). All rights reserved.
MD4 and MD5 implementation derived from the RSA Data Security, Inc. MD4 Message-Digest Algorithm and
MD5 Message-Digest Algorithm © 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
ccp.c - PPP Compression Control Protocol © 1994 The Australian National University. All rights reserved.
chap.c - Crytographic Handshake Authentication Protocol © 1991 Gregory M. Christy. All rights reserved.
chap_ms.c - Microsoft MS-CHAP compatible implementation © 1995 Eric Rosenquist, Strata Software Limited
(www.strataware.com). All rights reserved.
fsm.c - {Link, IP} Control Protocol Finite State Machine © 1989 Carnegie Mellon University. All rights reserved.
Routines to compress and uncompress TCP packets (for transmission over low speed serial lines) © 1989 Regents of the
University of California. All rights reserved.
Portions of the Aurorean Client Software are copyrighted to ICE Engineering, Inc. and licensed through a GNU public license. For
more information, including access to the source code, visit their Web site at www.ice.com.
ii
Aurorean Network Gateway-1000 User’s Guide
Federal Communications Commission (FCC) Notices
The Aurorean Network Gateway-100 complies with Title 47 Part 15, Subpart B of FCC Rules. Operation is subject to
the following two conditions:
• This device may not cause harmful interference.
• This device must accept any interference received, including interference that may cause undesired operation.
Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority
granted by the FCC or other such agency to operate this equipment.
There are no user-repairable components in the Aurorean Network Gateway-1000.
Canadian Notices
This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the
interference-causing equipment standard entitled “Digital Apparatus”, ICES-003 of the Department of
Communications (Cet appareil numérique respecte les limites bruits radioélectriques applicables aux appareils
numériques de Classe A prescrites dans la norme sur le matériel brouilleur: “Appareils Numériques”, NMB-003
édictée par le ministre des Communications).
NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets
certain telecommunications network protective, operational and safety requirements. The Department does not
guarantee the equipment will operate to the user's satisfaction.
Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local
telecommunications company. The equipment must also be installed using an acceptable method of connection. In
some cases, the inside wiring associated with a single line individual service may be extended by means of a certified
connector assembly. The customer should be aware that compliance with the above conditions may not prevent
degradation of service in some situations.
Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the
supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the
telecommunications company cause to request the user to disconnect the equipment.
Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines
and internal metallic water pipe system, if present, are connected together. This precaution may be particularly
important in rural areas.
CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate
electric inspection authority, or electrician, as appropriate.
UL Notices
The Aurorean Policy Server and Aurorean Network Gateway have been tested and found to comply with the UL 1950
Revision 3 regulation.
European Notices
The ANG-1000 has been tested and found to comply with the CISPR 22:1997 Class B regulation.
Aurorean Network Gateway-1000 User’s Guide
iii
ELECTRICAL HAZARD: Only qualified personnel should perform installation
procedures.
Important Safety Instructions
1)
Read these instructions carefully. Save these instructions for future reference.
2)
Follow all warnings and instructions marked on the product.
3)
Unplug this product from the wall outlet before cleaning. Do not use liquid cleaners or aerosol cleaners. Use
a damp cloth for cleaning.
4)
Do not use this product near water.
5)
Do not place this product on an unstable cart, stand, or table. The product may fall, causing serious damage
to the product.
6)
Slots and openings in the chassis are provided for ventilation; to ensure reliable operation of the product
and to protect it from overheating, these openings should not be blocked or covered. The openings should
never be blocked by placing the product on a bed, sofa, rug, or other similar surface. This product should
never be placed near or over a radiator or heat register, or in a built-in installation unless the proper
ventilation is provided.
7)
This product should be operated from the type of power indicated on the marking label. If you are not sure of
the type of power available, consult Enterasys Networks or your local power company.
8)
Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the
cord.
9)
If an extension cord is used with this product, make sure that the total ampere rating of the equipment
plugged into the extension cord does not exceed the extension cord ampere rating. Also, make sure that the
total rating of all products plugged into the wall outlet does not exceed the fuse rating.
10) Never push objects of any kind into this product through chassis slots as they may touch dangerous voltage
points or short out parts that could result in a fire or electric shock. Never spill liquid of any kind on the
product.
11) Do not attempt to service this product yourself, as operating or removing covers may expose you to
dangerous voltage points or other risks. Refer all servicing to qualified service personnel.
12) Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following
conditions:
a)
When the power cord or plug is damaged or frayed.
b)
If liquid has been spilled into the product.
c)
If the product has been exposed to rain or water.
d)
If the product does not operate normally when the operating instructions are followed. Adjust only
those controls that are covered by the operating instructions since improper adjustment of other
controls may result in damage and will often require extensive work by a qualified technician to restore
the product to normal condition.
e)
If the product has been dropped or the chassis has been damaged.
f)
If the product exhibits a distinct change in performance, indicating a need for service.
13) Use only the proper type of power supply cord set (provided in your accessories box) for this unit. It should
be a detachable type, UL listed/CSA certified, type SPT-2, rated 7A 125V minimum, VDE approved or
equivalent. Maximum length is 15 feet (4.6 meters).
iv
Aurorean Network Gateway-1000 User’s Guide
Table of Contents
About This Guide
Contents of the Guide ........................................................................................................... ix
Conventions Used in This Guide...........................................................................................x
Related Publications .............................................................................................................. xi
Chapter 1 – Overview
System Description ..................................................................................................................1
Chapter 2 – Installation
Unpacking the ANG-1000 ......................................................................................................3
Accessories ........................................................................................................................4
Location Planning .............................................................................................................4
Connecting Cables ...................................................................................................................4
Ethernet Cables .................................................................................................................5
Connecting an ANG-1000 ....................................................................................... 6
Connecting Power to the ANG-1000.....................................................................................7
Checking ANG-1000 Connections.........................................................................................9
Rear Panel Link LEDs ......................................................................................................9
Front Panel LEDs ..............................................................................................................9
Aurorean Network Gateway-1000 User’s Guide
v
Chapter 3 – Configuring the ANG-1000 with Aurorean Web
Config
Before You Begin .............................................................................................................11
Logging into Web Config .............................................................................................. 13
Viewing VPN Status ...................................................................................................... 14
Downloading the Latest Firmware.............................................................................. 15
Setting Up the VPN ....................................................................................................... 18
Setting Up the Internet Connection............................................................................. 20
Setting Up the LAN ....................................................................................................... 23
Setting Up the Firewall.................................................................................................. 25
Setting Your Password .................................................................................................. 27
Checking Device Status................................................................................................. 28
Using Advanced Utilities.............................................................................................. 31
Using the Configuration Editor ................................................................................... 32
Configuring IP Port Forwarding ......................................................................... 35
vi
Aurorean Network Gateway-1000 User’s Guide
Appendix A – Glossary
Appendix B – Specifications
Appendix C – Pin Assignments
Appendix D – License Agreement & Support
Enterasys Networks License Agreement............................................................................49
License Grant...................................................................................................................49
Warranty...........................................................................................................................50
Infringement Indemnification.......................................................................................51
Limitation of Liability ....................................................................................................51
Termination......................................................................................................................52
International Provisions.................................................................................................52
Applicable Law ...............................................................................................................52
U. S. Government - Commercial Computer Software ...............................................53
Technical Support...................................................................................................................53
Support from Enterasys Networks...............................................................................53
On-line Services ...................................................................................................... 53
Phone Support......................................................................................................... 53
Returning Products for Repair......................................................................................54
Index
Aurorean Network Gateway-1000 User’s Guide
vii
About This Guide
This guide describes how to mount, connect, power-up, and maintain an
Aurorean™ Network Gateway-1000 (ANG-1000) from Enterasys Networks.
This guide is written for administrators who want to configure the ANG-1000
for their remote clients or experienced users who are knowledgeable of basic
networking principles.
Contents of the Guide
Information in this guide is arranged as follows:
H Chapter 1, Overview highlights the key features of the Aurorean
Virtual Network family of enterprise VPN products.
H Chapter 2, Installation describes how to physically mount, connect,
and power-up Aurorean servers.
H Chapter 3, Configuring the ANG-1000 with Aurorean Policy Manager,
details how to configure the server.
H Appendix A, Glossary defines terms used in this manual.
H Appendix B, Specifications provides essential physical and operational
characteristics of the ANG-1000.
H Appendix C, Pin Assignments describes the pinouts of the LAN
connectors.
H Appendix D, License Agreement & Support describes the warranty terms
and support policies covering Enterasys Networks products.
Aurorean Network Gateway-1000 User’s Guide
ix
Conventions Used in This Guide
About This Guide
Conventions Used in This Guide
The following conventions are used in this guide:
NOTE
x
Notes supply additional helpful information,
provide a cross-reference to the source of more
information, or emphasize issues you should
consider when performing an action.
CAUTION
Cautions contain directions that can prevent you
from damaging the product or losing data.
WARNING
Warnings provide directions that you must
follow to avoid harming yourself.
Bold
Text in boldface indicates values you type using
the keyboard or select using the mouse (for
example, a:\setup). Default settings may also
appear in bold.
Italics
Text in italics indicates a variable, important new
term, or the title of a manual.
SMALL CAPS
Small caps specify the keys to press on the
keyboard; a plus sign (+) between keys indicates
that you must press the keys simultaneously (for
example, CTRL+ALT+DEL).
Courier font
Text in this font denotes a file name or directory.
Aurorean Network Gateway-1000 User’s Guide
About This Guide
Related Publications
Related Publications
The following publications are also available with the Aurorean Network
Gateway-1000:
H The ANG-1000 Quick Setup card which highlights the basic steps
required to install the Aurorean Network Gateway-1000.
H The Installation & Service Guide which describes how to install and
maintain the ANG-3000/7000 series, the Aurorean server which can
be used to complete a VPN connection with the ANG-1000.
H A Portable Document File (PDF) version of this manual is available and
can be downloaded from the Enterasys.com Web site. You can view
this manual on-line or print a copy of it using Adobe Acrobat
Reader 3.0 (or later). Acrobat Reader can be downloaded from the
Enterasys web site or the Adobe web site at www.adobe.com.
Aurorean Network Gateway-1000 User’s Guide
xi
1
Overview
This chapter describes the key features of the Aurorean Network
Gateway 1000 and how it is used.
System Description
The ANG-1000, displayed in Figure 1, provides home or small office
connectivity to a corporate branch office or headquarters. It supports up to 25
tunnels.
ANG-1000
Front
ANG-1000
Rear
Figure 1 ANG-1000 Front and Rear Views
Figure 2 illustrates how the ANG-1000 typically connects to the corporate
network.
Aurorean Network Gateway-1000 User’s Guide
1
System Description
Chapter 1
Overview
Hub
- Negotiates tunnel protocols
- Compresses data over tunnel
- Encrypts data over tunnel
ANG-3000/7000
- Authenticates Aurorean
users (or forwards login
requests to RADIUS servers)
- Logs message/alarm activity
- Maintains master TollSaver
database
Cable/DSL modem
INTERNET
Firewall
Router
APS-3000/7000
RiverMaster
ANG-1000
- Initiates tunnel to ANG-3000/7000
- Negotiates tunnel protocols
- Encrypts data over tunnel
Site-to-Site connection
- Defines user/group policies
- Displays message/alarm activity
- Configures system network settings
Figure 2 ANG-1000 Topology
An ANG-1000 comes equipped with the following:
H 100-240V 47-63 Hz power supply.
H High-performance CPU: 91.5 MHz.
H Complete set of diagnostic LEDs that show the server’s operational
status.
H Two 10 Base-T Ethernet ports to connect the system to the network
and the Internet.
2
Aurorean Network Gateway-1000 User’s Guide
2
Installation
This chapter describes the steps required to unpack, install and connect an
Aurorean Network Gateway-1000 onto a desktop.
Unpacking the ANG-1000
Remove the ANG-1000 from the shipping box. Save the box in case the unit
needs to be returned.
Quick
Setup
card
w
er
In
te
rn
et
C
O
M
1
Cables
rn
x te
Ed
te
us
Tr
l
a
C
M
O
N
P
V
EN
TE
N R
E A
TW S
Y
O TS
RM
K
S
Power
supply
Power
cord
2
P
o
e
v
cti
A
A uro
NG
-1re a T
00 n M
0
A
System Software
CD ROM
Figure 3 Removing ANG-1000 from the Shipping Box
Aurorean Network Gateway-1000 User’s Guide
3
Connecting Cables
Chapter 2
Installation
The box contains a CD ROM with this instruction manual in the Adobe PDF
format, a Quick Setup card and accessories.
Accessories
The ANG-1000 also is shipped with the following accessories:
H Two 10baseT cables (blue and orange) to connect to the LAN
ports/hub.
H One cross-over (red) cable for a direct PC/Network Gateway
connection.
H One power supply with an attached cable to connect to the
ANG-1000.
H One power cord to connect the power supply to the AC outlet.
Location Planning
Place the ANG-1000 on a desktop near the following:
H Ethernet wall jack, patch panel, or hub with available ports.
H Near a DSL or Cable modem.
H A grounded wall outlet or uninterruptible power supply (UPS).
Connecting Cables
Ethernet cables are used to connect the ANG-1000 to your computer or LAN
and the Internet.
ANG-1000
Front
ANG-1000
Rear
Figure 4 Front and Rear Views of the ANG-1000
4
Aurorean Network Gateway-1000 User’s Guide
Chapter 2
Installation
Connecting Cables
All interconnections are made at the back of the ANG-1000 (refer to Figure 4).
Although there is no power switch, a reset button is located in the rear of the
unit.
CAUTION
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you supplied must
then be re-entered. We strongly recommend that you do not use the reset
button unless you want the configuration to return to factory defaults.
Ethernet Cables
The ANG-1000 is equipped with two 8-pin modular RJ-45 Ethernet ports
labeled Trusted and External as shown in Figure 5. The Trusted port is
connected to a computer or hub/switch with networked computers. The
External port is connected to a cable or DSL modem.
Power
5Vdc 2
.5A
Truste
d
10 Base External
T
Reset
Figure 5 Location of the Ethernet Ports
The trusted connection can be either a sole desktop computer or a hub that
connects up to 25 tunnels to the network as shown in Figure 6.
Aurorean Network Gateway-1000 User’s Guide
5
Connecting Cables
Chapter 2
Installation
Connecting an ANG-1000
The ANG-1000 is typically set up in the configuration shown below.
INTERNET
Site-to-site tunnel
ANG-3000/7000
User
Cable / DSL
Modem
External
connection
Trusted
connection
or
Hub
Aurorean Network
Gateway-1000
Site-to-site tunnel
Internet connection
Trusted connection
User
User
Figure 6 Connecting the ANG-1000
To connect the ANG-1000 Ethernet port, perform the following steps:
1
Do one of the following as shown in Figure 7:
– If you are connecting to a hub, plug the blue, straight-through
Ethernet cable into the Trusted port of the ANG-1000.
– If you are connecting directly to a computer, attach one end of the
red, cross-over cable to the Trusted port and the other end to an
RJ45 connector on your computer. Skip to Step 3.
2
Plug the opposite end of the blue Ethernet cable into a wall jack,
patch panel, or hub linked to a protected network segment.
The top link LED next to the ANG-1000’s Trusted port will
immediately light if the port is connected to a 10 Mbps network after
the unit is powered up.
6
Aurorean Network Gateway-1000 User’s Guide
Chapter 2
Installation
Connecting Power to the ANG-1000
Optional crossover cable
for direct PC connection
Trusted
External
Figure 7 Connecting Ethernet Cables to an ANG-1000
3
Plug an orange, straight-through Ethernet cable into the External port
as shown in Figure 7.
4
Plug the opposite end of this cable into a DSL or cable modem.
After you connect power, the top External LED at the rear of the
ANG-1000 will be lit the moment the cable it is connected.
NOTE
If you have a DSL modem, you will need to get an IP address from your
provider and configure it before the External LED will light. This
condition may also exist for selective cable customers. Some cable
internet providers require that you supply the MAC address of your
computer. Refer to Chapter 3 for directions.
Connecting Power to the ANG-1000
WARNING
To avoid electrical shock, connect the Aurorean system only to a
grounded (earthed) outlet.
Aurorean Network Gateway-1000 User’s Guide
7
Connecting Power to the ANG-1000
Chapter 2
Installation
A switching power supply including a 6’ power cord and a 7’ electrical cord
with an attached power supply is supplied with each system. To connect
these items to an ANG-1000, perform the following steps:
1
Plug the power supply cord into the system’s power socket as shown
in Figure 8.
Power supply cable
Figure 8 Connecting AC Power on the ANG-1000
2
Plug the correct end of the AC power cord into the power supply and
the other end into a grounded AC outlet or UPS as shown in Figure 9.
The front Power LED will light the moment you power up the unit.
Power supply
AC power cord
Figure 9 Connecting the Power Cable to the Power Supply
NOTE
International customers may swap the electrical cord segment shipped
with the ANG-1000 for a cord that meets the proper standard for their
country. A custom cord can be inserted in the power supply.
8
Aurorean Network Gateway-1000 User’s Guide
Chapter 2
Installation
Checking ANG-1000 Connections
Checking ANG-1000 Connections
The ANG-1000 is now connected and ready for configuration. Check rear and
front LEDS in the manner described below to confirm that the connections are
working properly.
Rear Panel Link LEDs
The two top link LEDs on the rear panel light the moment a connection is
made to the respective network. The two bottom link LEDs light when data is
received and transmitted to the respective network by the ANG-1000. Trusted
and external connections are operational and traffic is being passed as shown
in Figure 10.
TRUSTED
EXTERNAL
Figure 10 Network Connection Indicators
Front Panel LEDs
The two front LEDs behave as follows at when powered up at startup:
H Power LED lights
H Active LED blinks indicating the CPU is active
All front panel LEDs are displayed in Figure 11.
Aurorean Network Gateway-1000 User’s Guide
9
Checking ANG-1000 Connections
Chapter 2
Installation
Figure 11 ANG-1000 Front Panel
After the ANG-1000 is configured and in use, the Internet, VPN, RX and TX
LEDs will light and/or blink. Refer to Figure 12 for behavior of the LEDs.
The ANG-1000 is now ready for configuration. Refer to Chapter 3 for detailed
instructions.
Power
Active
Internet
VPN
TX
RX
On when ANG is powered up
Blinks when CPU is active
On when External network is assigned an IP address
On when a tunnel is connected
Blinks when data is transmitted
Blinks when data is received
Figure 12 ANG-1000 Front Panel LEDs
NOTE
COM1 and COM2 LEDS are not operational at this time.
10
Aurorean Network Gateway-1000 User’s Guide
3
Configuring the ANG-1000 with
Aurorean Web Config
To configure the ANG-1000, use the Internet browser on your computer and
connect to the server via the Web. During the Web session, you run the
Aurorean Web Config utility and configure the system. Figure 13 illustrates
the process.
Aurorean
Network
Gateway
Aurorean
Remotely Control ANG
Policy
Manager
PC Desktop
Figure 13 Configuring the ANG-1000 via Aurorean Web Config
Before You Begin
Before you begin configuration with Web Config, review the following:
H Be sure the ANG-1000 is cabled correctly as described in “Connecting
an ANG-1000” in Chapter 2 of this manual.
H Ask your DSL or cable modem Internet provider and Network
Administrator for any IP addresses, work group, network browsing
or other information you may need to configure the ANG-1000
properly. Minimally, you will need:
–
The IP address of the ANG-3000/7000 you will connect to for
setting up the VPN.
Aurorean Network Gateway-1000 User’s Guide
11
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
–
To configure your PC to include the domain of the corporate
network you will connect to.
To do so on your Windows 95/98/ME/2000 desktop: click
Start, select Settings and double-click Control Panel (Win
2000: Network and Dial-up Connections). Double-click the
Network icon (Win 2000: right click on Local Area
Connection and click Properties), click the Protocols tab,
select TCP/IP Protocol, click Properties, select the DNS tab
and add the Domain Suffix in the field provided. Click OK
twice to close the open windows.
H On your computer, release and renew the IP address for all adaptors
bound to TCP/IP. Refer to the Caution on page 24 for instructions.
H If you have cable service, learn the MAC address of your computer as
described on page 32.
H If your computer was supplied a static IP address and Gateway by
your service provider, you must now accept the address from a DHCP
server and remove the gateway for the ANG-1000 to find and connect
with the PC.
To do so, click Start, select Settings and double-click on Control Panel.
Double-click the Network icon, select the Protocols tab and TCP/IP
Protocol, click on Properties and the IP Address tab. Select the Obtain
an IP address from a DHCP server radio button. Click Advanced,
select the Gateway, click Remove and OK. Click OK twice more to
close the open windows.
H Web Config supports the use of Internet Explorer 5 or Netscape 4
Web browsers.
12
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Logging into Web Config
To log into Web Config, perform the steps below.
1
Point your Web browser at the default trusted IP address of the
ANG-1000. In the browser’s Location field at the top of the window,
type: http://192.168.1.1 or aurorean. (include the dot) and click OK.
The Login window appears as shown in Figure 14.
Figure 14 Login Window
2
Type netadmin in the User Name and Password fields as shown in
Figure 14.
3
Click the checkbox to save your password if you desire and click OK.
The VPN Status window appears as shown in Figure 15.
Aurorean Network Gateway-1000 User’s Guide
13
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Viewing VPN Status
The VPN Status window is the first screen to appear after logging in. At this
point, you have just begun configuration so the VPN Status window appears
empty. Later, after you have configured a VPN connection to an
ANG-3000/7000, the window will display information similar to the data
shown in Figure 15.
Aurorean Network Gateway 1000
VPN Status
Help
Connection
Primary
146.115.206.15
rms3
VPN
Secondary
Username
lcortese
State
Status
Enabled Authenticating
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
Figure 15 VPN Status Window
1
14
Click the Firmware Upgrade menu option and go to the next page.
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Downloading the Latest Firmware
After logging in, download the latest firmware image to the ANG-1000’s flash
memory (provided the MAC address is set for cable service users - refer to
page 32) by accessing the FTP server where it is stored. As new firmware
becomes available, you can update it again. Begin updating your firmware by
performing the following steps:
1
Click the Firmware Upgrade menu option.
The Firmware Upgrade window appears as shown in Figure 16.
Aurorean Network Gateway 1000
Help
Firmware Update
FTP server:
VPN
Firmware image
filepath:
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
Username:
Password:
Confirm:
Apply
Figure 16 Firmware Update Window
2
In the FTP server field, enter the name of the FTP server where the
new ANG image is stored: ang.enterasys.com.
3
Type the full path of the location of the Firmware image:
/ang1000/ANG1000.bin
4
Enter the Username anonymous
5
Enter netadmin in the Password and Confirm fields and click Apply.
The Firmware Update window appears as shown in Figure 17.
6
Click Apply and watch the External/Trusted LEDs on the front panel
blink displaying an inside/outside pattern.
The image is downloaded for15-30 seconds and loaded in flash
memory for another 30-45 seconds. If the LEDs do not blink or only
for a very short interval, the download failed and you must try again.
Aurorean Network Gateway-1000 User’s Guide
15
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Firmware Update
To begin the update of the ANG-1000 firmware image, press the “Apply” button
at the bottom of the screen.
Help
VPN
VPN Status
VPN Setup
For users new to the process of upgrading the ANG-1000 firmware, you will
observe the following behavior once you press the “Apply” button. It is critical not
to disturb the ANG-1000 by disconnecting power or the interface cables during
the firmware update process.
First you’ll see the following activity lights on the ANG-1000:
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
This indicates that the firmware image is being downloaded from the FTP source
you entered in the previous screen. The photo shows a download from an FTP
server on the external interface. These lights will be active during the time needed
to retrieve the firmware image from the specified FTP server. This would take
about 15-30 seconds on a typical connection. If there are no activity lights seen or
if they are seen for a very short period of time, there was an error downloading the
firmware image.
After the firmware image is downloaded, the new image is “flushed” or stored on
the ANG-1000. This step takes about 30-45 seconds and the photo below shows
the activity lights seen on the ANG-1000 when the device’s flash memory is being
upgraded with the new firmware image.
Once the “Apply” is pressed, there will be a delay in displaying the next Web page
for the ANG-1000 Web application. It will only be displayed once the firmware
image is downloaded and the new image is flashed to the ANG-1000. After these
two steps are complete, a status page is displayed to indicate whether or not the
firmware update was successful. If it was successful, the Web page prompts the
user to reboot the ANG-1000 to run with the new firmware image.
To start the firmware image download and update process, press the “Apply”
button now.
<< Back
Figure 17 Second Firmware Update Window
16
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
7
After downloading and “flashing “are complete, a status page displays
as shown in Figure 18 indicating the process was successful and
displaying the FTP server IP address and new build filepath.
Aurorean Network Gateway 1000
Firmware Update
Help
VPN
The Aurorean Network Gateway 1000 has been updated with the changes you
have selected. The following list shows the modifications that have been made:
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Download new firmware image
FTP server: 146.34.69.128
Filepath: NewBuild/Build87/ANG1000-1.0.00-87.bin
Username: anonymous
The Aurorean Network Gateway 1000 needs to be rebooted in order to run with
the changes you have selected. Press the “Reboot Now” button below to reboot
the ANG-1000.
Reboot Now
<<Back
Links
Figure 18 Successful Firmware Update Window
8
Reboot the ANG-1000 by clicking Reboot Now.
The ANG-1000 will take a few moments to accept the new software.
9
To ensure that the image was updated, compare the date last
modified, Release, Build and Patch numbers in the lower left corner
of the VPN Status window as shown in Figure 15 with the previous
release information. The Device Status window also lists this data.
Aurorean Network Gateway Release 1.0 Patch 00 Build 135 (3.3.1)
Page last modified Wed Apr 13 16:52:37 EST 2001
2001 Enterasys Networks. All rights reserved
Figure 19 Image Date and Build Information
Aurorean Network Gateway-1000 User’s Guide
17
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Setting Up the VPN
The VPN configuration created on the ANG-1000 completes a link with the
ANG-3000/7000 on the remote end of this connection. If your network
administrator has already set up the ANG-3000/7000 with appropriate User,
Password and Group information, after setting up the VPN you will build the
site-to-site tunnel connection and be up and running on the corporate LAN.
Begin VPN Setup by performing the following steps:
1
Click the VPN Setup menu option.
The VPN Setup window appears as shown in Figure 20.
Aurorean Network Gateway 1000
Help
VPN
VPN Status
VPN Setup
VPN Setup
Assigned VPN Connections:
There are no network gateway connections currently defined. Please fill in the
information below and add one.
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
Add VPN Connection:
Name:
Gateway:
Username:
Password:
Confirm:
EZ-IPsec (uses EZ-IPSec™auto-configuration)
PPTP
Connection type:
Start network gateway now:
Apply
Global VPN Settings:
Force default route (single VPN only): disabled
Apply
Figure 20 VPN Setup Window
18
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
1
Enter the Name of the remote ANG-3000/7000 you are connecting to.
2
Enter the Gateway IP address of the remote ANG-3000/7000.
3
Enter the Username on the remote ANG-3000/7000.
4
Enter the Password on the remote ANG-3000/7000.
5
Confirm the password on the remote ANG-3000/7000.
6
Select the Connection type: either EZ-IPsec or PPTP.
The EZ-IPsec feature provides one-button configuration for standard
IPSec with IKE tunnels connecting to an ANG-3000/7000. Users of
legacy RiverPilot Release 2.1 and 2.2 as well as users of the Aurorean
Client Release 3.0 can upgrade to 3.1 without having to
uninstall/reinstall their client software.
7
Optional. Click the Start network gateway now checkbox to create
instant access or wait until the other end of the connection is created.
8
Optional. Click Force default route under Global VPN Settings.
Force default route disables the ANG-1000’s Intelligent Client Routing
(ICR) feature which allows users to browse the Internet outside the
tunnel. Be aware that with Force Default enabled, the ANG-1000
transmits all traffic through the tunnel which may cause Web
browsing problems. This feature works with only one tunnel up and
running; it is disabled if you create more than one tunnel.
9
Click Apply.
After applying your changes, a VPN Setup update window appears
displaying configuration revisions.
NOTE
Now that you have set up a site-to-site connection, configuration is
complete unless you want to change the default Internet, LAN, Firewall,
Password default values or your service is a Digital Subscriber Line (DSL)
which requires that you set a PPPoE assigned IP address (refer to “Setting
Up the Internet Connection” on page 20). Some cable internet providers
also require that you specify a MAC address (refer to “Using Advanced
Utilities” on page 31 for more information).
Aurorean Network Gateway-1000 User’s Guide
19
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you supplied must
then be re-entered. We strongly recommend that you do not use the reset
button unless you want the configuration to return to factory defaults.
Setting Up the Internet Connection
Internet configuration of the External side of the ANG-1000 involves choosing
the type of IP address assignment the ANG-1000 will accept. The ANG can
accept one of the following:
H A DHCP-assigned IP address - your network automatically sets the
ANG’s IP address via the DHCP (Dynamic Host Configuration
Protocol) server.
H A Manual-assigned IP address - you or your network administrator
set the ANG’s IP address and associated Subnet, Gateway, and DNS
values. Consult with your Network Administrator for required
values.
H A PPPoE (PPP over Ethernet) assigned IP address - your DSL
provider transparently sets the IP address via the use of a Username
and Password. Obtain this information from your service provider
before you enter this data.
Begin Internet Setup by performing the following steps:
20
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
1
Click the Internet Setup menu option.
The Internet Setup window appears as shown in Figure 21.
Aurorean Network Gateway 1000
Internet Setup
Help
Internet Address Assignment:
VPN
VPN Status
VPN Setup
DHCP assigned IP address
Hostname:
Use Hostname with DHCP
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
Manual assigned IP address
IP Address:
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Subnet:
Gateway:
Primary DNS:
Secondary DNS:
Links
PPPoE assigned address
Config File Editor
Aurorean Products
Enterasys Home
Username:
Password:
Confirm:
Apply
Figure 21 Internet Setup Window
2
Do one of the following:
H Click the DHCP radio button and perform the following steps:
–
–
–
Enter a Hostname for the system.
Optionally, check the Use hostname with DHCP checkbox.
Click Apply.
H Click the Manual assigned IP address radio button and perform
the following steps:
–
–
Specify the ANG-1000’s IP address.
Set the Subnet mask.
Aurorean Network Gateway-1000 User’s Guide
21
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
–
–
–
–
Enter the Gateway IP address.
Specify the Primary DNS IP address.
Set the Secondary DNS IP address.
Click Apply.
H Click the PPPoE assigned IP address radio button and perform
the following steps:
–
–
–
–
3
Specify a Username supplied by your cable/DSL provider.
Enter a Password.
Type the password again in the Confirm field.
Click Apply.
If you chose the Manual or PPPoE options, a window appears
detailing the reconfiguration changes and prompting you to reboot the
ANG-1000. Click Reboot Now.
After a few moments when an IP address has been received for the external
port, the Internet LED will turn on. If a static IP address was configured, the
Internet LED will shine immediately.
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you supplied must
then be re-entered. We strongly recommend that you do not use the reset
button unless you want the configuration to return to factory defaults.
22
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Setting Up the LAN
LAN configuration of the Trusted side of the ANG-1000 involves choosing
either to manually set an IP address and subnet for the ANG-1000 or
dynamically assigning its IP address via your network’s DHCP server.
Begin LAN Setup by performing the following steps:
1
Click the LAN Setup menu option.
The LAN Setup window appears as shown in Figure 22.
Aurorean Network Gateway 1000
LAN Setup
Help
LAN Address Assignment:
VPN
DHCP assigned IP address
VPN Status
VPN Setup
Manual assigned IP address
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
IP address:
192
168
1
1
Subnet:
255
255
255
0
DHCP server enabled
Starting IP address:
1
192
168
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
100
Number of IP addresses:
100
Enable DNS proxy
Links
Enable WINS proxy
Config File Editor
Apply
Figure 22 LAN Setup Window
2
Do one of the following:
H Click the DHCP assigned IP address radio button and perform
the following steps:
–
Click Apply.
Aurorean Network Gateway-1000 User’s Guide
23
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
H Click the Manual assigned IP address radio button and perform
the following steps:
–
–
–
–
–
–
–
–
Set the ANG-1000’s IP address.
Set the Subnet mask.
Optional. Click the DHCP server enabled box if the server is
up and running.
Set the Starting IP address of the range of consecutive IP
addresses you will create for this ANG-1000.
Set the total Number of IP addresses the ANG-1000 can
distribute.
Optional. Keep Enable DNS proxy checked so that the
ANG-1000 will act as a DNS server for all its tunnels. DNS
proxy resolves host names and IP addresses because the
domain server is non-routable, forcing attached hosts to
request these values. If your hosts know the DNS address
they are seeking, you can disable this feature. This option is
on by default.
Optional. Keep Enable WINS proxy checked so that PCs on
the LAN can be notified of WINS servers discovered during
tunnel setup. WINS proxy notifies local PCs of the remote
WINS servers without manual intervention. This option can
be disabled if local PCs already know remote WINS server IP
addresses. This option is on by default.
Click Apply.
CAUTION
If you change the default LAN Setup and reboot the ANG-1000, you must
release and renew the IP address for all adaptors bound to TCP/IP on
your connected computer(s) in order to reconnect with the ANG-1000
and make future changes. Perform the following steps:
- On your desktop, click Start. and Run.
- For Windows 95/98/ME systems, type: winipcfg, click OK, click
Release and click OK. Then click Renew All and click OK.
- For Windows NT/2000 systems, type ipconfig /release and press
ENTER. Then type ipconfig /renew and press ENTER.
- For Macintosh systems, check the TCP-IP control panel.
3
24
If you chose the DHCP option or changed the DNS or WINS default
entries, a window appears detailing the reconfiguration changes and
prompting you to reboot the ANG-1000. Click Reboot Now.
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you supplied must
then be re-entered. We strongly recommend that you do not use the reset
button unless you want the configuration to return to factory defaults.
Setting Up the Firewall
Firewall security is established on the ANG-1000’s Trusted interface by
default. But, you may choose to permit unencrypted traffic over External or
Trusted connections by disabling Web or Telnet access to them.
NOTE
Enabling any of the following options allows Web or Telnet traffic to run
in the clear over the ANG-1000. You can permit the transmission of
unencrypted traffic but the ANG-1000 will drop packets it receives outside
the tunnel. We recommend that you allow Web and Telnet access on the
LAN connection but disable these permissions on the Internet and VPN
Gateway connections.
WARNING
If you leave all three connections disabled, you will be UNABLE TO
CONFIGURE THE ANG-1000 without resetting the system.
Begin Firewall Setup by performing the following steps:
1
Click the Firewall Setup menu option.
The Firewall Setup window appears as shown in Figure 24.
Aurorean Network Gateway-1000 User’s Guide
25
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Aurorean Network Gateway 1000
Firewall Setup
Help
Internet Connection:
VPN
Allow Web configuration access
VPN Status
VPN Setup
Allow Telnet login access
Connectivity Setup
LAN Connection:
Allow Web configuration access
Internet Setup
LAN Setup
Firewall Setup
Allow Telnet login access
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
VPN Gateway Connection:
Allow Web configuration access
Allow Telnet login access
Apply
Figure 23 Firewall Setup Window
2
Enable the option of your choice and click Apply.
NOTE
Experienced administrators can fine tune firewall functionality by editing
the ipfwadm file in the Configuration Editor. For more detailed
information, check the following IPFWADM Web sites:
- www.xos.nl/linux/ipfwadm/paper/
- www.fwtk.org/ipfwadm/faq/ipfwadm-faq.html
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you have changed
from factory defaults, such as firewall rules, will be removed. We
recommend that you save these settings to a Notepad file which you then
can reference if you are compelled to use the reset button.
26
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Setting Your Password
To further ensure security for your ANG-1000, you should configure a new
password to replace the factory-installed password netadmin.
Change the Password by performing the following steps:
1
Click the Set Password menu option.
The Set Password window appears as shown in Figure 24.
Aurorean Network Gateway 1000
Set Password
Help
VPN
Old password:
VPN Status
VPN Setup
New password:
Confirm:
Connectivity Setup
Internet Setup
Apply
Figure 24 Set Password Window
2
Type the old Password in the field provided.
3
Type a new Password in the field provided.
4
Confirm the new password in the field provided.
5
Click Apply.
Aurorean Network Gateway-1000 User’s Guide
27
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Checking Device Status
The Device Status window provides a host of important data to ensure the
ANG-1000 is connected properly and to permit troubleshooting as problems
occur. When consulting Enterasys Customer Support, you will be asked to
display this window.
The following categories are detailed in the Device Status window:
H Version lists the Release, Patch and Build numbers, and internal name
of the ANG-1000’s firmware.
H CPU itemizes Motorola Coldfire chip specifications.
H Memory enumerates ANG-1000 memory values including Total,
Used, Free, Shared, Cached, Buffered and Swapped bytes.
H Interface Configuration describes Trusted (eth0), External (eth1), IPsec
(eth1:0-24), PPTP (ppp0-24) and Local Loopback (lo) port data
including IP and MAC addresses, netmasks, Receive and Transmit
errors and other information. Note that the ppp0 interface is the
Internet, not WAN interface, if the Internet is configured for PPPoE.
H Network Devices tabulates interface Receive and Transmit errors.
H Route Table entries detail connected networks, gateways, their
associated IP addresses, netmasks and other data.
H Interrupts lists the hardware interrupts supported on the ANG-1000
as well as their vectors and interrupt counters. The two SMC9194
items listed are the Ethernet Trusted and External port interrupts.
H System Log categorizes ANG-1000 functions/malfunctions including
routing connections/disconnections.
Check Device Status by performing the following step:
1
Click the Device Status menu option.
The Device Status window appears as shown in Figure 25.
28
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Aurorean Network Gateway 1000
Device Status
Help
Version
Aurorean Network Gateway Release 1.0 Patch 00 Build 135 (3.1.1)
VPN
VPN Status
VPN Setup
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Links
Config File Editor
Aurorean Products
Enterasys Home
CPU
CPU:
MMU:
FPU:
Clocking:
BogoMips:
Calibration:
COLDFIRE (m5307)
none
none
104.6MHz
59.80
29900800 loops
Memory
total:
Mem:
14311424
Swap:
0
Free pages:
Free blks:
Used blks:
MemTotal:
MemFree:
MemShared:
Buffers:
Cached:
SwapTotal:
SwapFree:
used:
1851392
0
3042
4
4
13976
12168
0
296
172
0
0
free:
shared: buffers:
12460032
0
299008
0
(12168kB), %0 Frag, %4 slack
min=1 max=3034 avg=760
min=1 max=1016 afg=263
kB
kB
kB
kB
kB
kB
kB
cached:
102400
Interface Configuration
eth0 Link encap: Ethernet HWaddr 00:DO:CF:00:4D:94
inet addr: 192.168.1.1 Bcast: 192.168.1.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 1381 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 2288 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions:3
Interrupt: 29 Base Address:0x300
eth1 Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95
inet addr: 172.16.2.231 Bcast: 172.16.2.255 Mask: 255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric
RX packets: 43150 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 13959 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 1
Interrupt: 27
Figure 25 Device Status Window
Aurorean Network Gateway-1000 User’s Guide
29
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
eth1:0
Link encap: Ethernet HWaddr 00:D0:CF:00:4D:95
inet addr: 10.120.51.247 P-t-P: 10.120.51.1. Mask:
255.255.255.255
UP POINTOPOINT RUNNING MTU: 1400 Metric:1
RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0
lo
Link encap: Local Loopback
inet addr: 127.0.01 Bcast: 127.255.255.255. Mask: 255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU: 3584 Metric:1
RX packets: 77 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 77 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0
Network Devices
Inter–
face .
lo:
eth0:
eth1:
eth1:0
packets
77
1381
43150
2300
Receive
errs
0
0
0
0
drop
0
0
0
0
fifo
0
0
0
0
frame
0
0
0
0
packers
0
2258
13959
1876
Transmit
errs
0
0
0
0
drop
0
0
0
0
fifo
0
0
0
0
colls
0
0
1
0
carriers
0
0
0
0
Route Table
Kernel IP routing table
Destination
Gateway
192.168.1.0
“
172.16.2.0
“
127.0.0.0
“
default
172.16.2.1
Genmask
255.255.255.0
255.255.255.0
255.0.0.0
0.0.0.0
Flags
U
U
U
UG
Metric
0
0
0
0
Ref
0
0
0
0
Use:
32
5
1
0
Iface
eth0
eth1
lo
eth1
Interrupts
27:
29:
30:
31:
224:
225:
16692
2142
2113573
0
0
0
SMC9194
SMC9194
ColdFire Timer
Reset Button
ColdRire UART
ColdFire UART
System Log
Wed Apr 11 17:07:45 dhcpcd: got in BOUND state
Wed Apr 11 17:08:32 dhcpd: serving 192.168.1.100
Wed Apr 11 17:12:45 dhcpcd: Time to renew the address...
Wed Apr 11 17:12:45 dhcpcd: Renewing: Send request, timeout=e1, tm=3
Wed Apr 11 17:12:45 dhcpcd: setDhcpInfo ip=3f51410f, lease=258, renew=12c, rebind=20d
Wed Apr 11 17:12:45 dhcpcd: got in BOUND state
Wed Apr 11 17:17:45 dhcpcd: Time to renew the address...
Wed Apr 11 17:17:45 dhcpcd: Renewing: Send request, timeout=e1, tm=3
Wed Apr 11 17:17:45 dhcpcd: setDhcpInfo ip=3f51410f, lease=258, renew=12c, rebind=20d
Wed Apr 11 17:17:45 dhcpcd: got in BOUND state
Wed Apr 11 17:18:32 dhcpd: serving 192.168.1.100
Wed Apr 11 17:18:56 IKE: Trace(*) (IKE) Begin QM Initiator (4409f0) to 146.123.34:500
Figure 26 Device Status Window (continued)
30
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Using Advanced Utilities
Advanced Utilities provided by the ANG-1000 include:
H Setting the MAC Address of a newly attached ANG-1000 when you
want to quickly connect to a cable service provider. MAC addresses
are used by service providers to identify supported users. The
ANG-1000 can proxy your computer’s MAC address to the ISP but
your provider may require that you change the default value
reported by the ANG-1000 to reflect the PC’s actual MAC address.
H Clearing the System Logfile - shown in the Device Status window when you want to erase old and display updated information.
H Soft Rebooting to reset the ANG-1000 without recycling power. This
function is similar to pressing CTRL-ALT-DELETE on your computer.
Aurorean Network Gateway 1000
Advanced Utilities
Help
Internet MAC Address Assignment:
VPN
MAC address:
VPN Status
VPN Setup
Apply
Connectivity Setup
Internet Setup
LAN Setup
Firewall Setup
Clear System Logfile:
Apply
ANG-1000 System
Set Password
Device Status
Firmware Update
Advanced Utilities
Soft Reboot ANG-1000:
Apply
Figure 27 Advanced Utilities Window
1
Click the Advanced Utilities menu option.
The Advanced Utilities window appears as shown in Figure 27.
Aurorean Network Gateway-1000 User’s Guide
31
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
2
Do one of the following:
–
To change the ANG-1000’s MAC address to reflect your
computer’s MAC address, first find the computer’s address
by issuing the proper command at a DOS prompt. For
Windows 95/98/ME systems, type winipcfg; for Windows
NT/2000 systems, type ipconfig /all; for Macintosh
systems, check the TCP-IP control panel.
In the command output, look for the Physical or Adapter
Address value. For example:
c:>ipconfig /all
Ethernet adapter E190x1:
Description . . : 3Com 3C90x Ethernet Adapter
Physical Address : 00-10-4B-9D-18-17
Enter the value in the Internet MAC Address Assignment
fields.
Click Apply and Reboot Now when prompted to save the
change.
–
Select Clear System Logfile and click Apply.
–
Select Soft Reboot ANG-1000 and click Apply.
NOTE
ANG-1000 connections broken during a reboot will be lost after service
returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before
re-initiating the connection resolves the problem.
Using the Configuration Editor
Knowledgeable network administrators can use the Configuration Editor to
invoke commands on the ANG-1000’s LINUX 2.0 operating system.
CAUTION
Inexperienced users or those unfamiliar with LINUX attempting to use
this editor may disable the system. We recommend only expert users, in
conjunction with Enterasys Customer Support, use this editor.
32
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
1
Click the Configuration Edit menu option.
The Configuration Edit window appears as shown in Figure 28.
Aurorean Network Gateway 1000
Configuration File Edit
Help
Configuration Files
config
inittab
ipfwrules
options
ripd.conf
start
zebra.conf
ipfwrule.routing
dhcpd.conf
dhcpd.iplist
config.ike
hosts
pppoe
winsd.conf
,netrc
.resolv.conf
config.dat
dhcpd-cache.eth1
hostinfo-eth1
dhcpd.leases
This Web application allows you to update and delete the system configuration
files of the ANG-1000. These files are used to control the ANG-1000 for its VPN
functionality, Internet and LAN connectivity, firewall capabilities, networking
startup commands and other key features of the ANG-1000 device.
Extreme caution needs to be exercised when modifying the system
configuration files of the ANG-1000. The raw contents of the files are exposed
for updating and improper editing could render the ANG-1000 inoperable. Bear
this in mind as you use this Web application.
When the configuration files are modified, the ANG-1000 device may need to
be rebooted in order for the changes to take effect. Other modifications to
configuration files can be made and their effects will be seen in the running
system. If you are not clear as to which type of change you are making, be sure
to click the “Reboot Now” button when prompted.
This list of files on the left displays the files contained in the ANG-1000 RAMbased configuration file directory /etc/config. Most of these files contain
editable text, but some of them are stored as binary data and cannot be edited.
Figure 28 Configuration Edit Window
2
Click on the command of your choice.
3
The arguments of the command you selected are displayed in the
Configuration File Edit window, as shown in Figure 29.
Aurorean Network Gateway-1000 User’s Guide
33
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Aurorean Network Gateway 1000
Configuration File Edit
Help
Configuration Files
config
inittab
ipfwrules
options
ripd.conf
start
zebra.conf
ipfwrule.routing
dhcpd.conf
dhcpd.iplist
config.ike
hosts
pppoe
winsd.conf
.netrc
.resolv.conf
config.dat
dhcpd-cache.eth1
hostinfo-eth1
dhcpd.leases
File:/etc/config/config
oasswd neGpPWI1gigw2
wizard 1
dhcpcd 1
snwantype 1meth0
255,255,255.0
ipeth0 192.168.1.1
uhn 0
dhcpd 1
web0 0
web1 0
web2 0
tel0 0
tel1 0
tel2 0
MODEEXPERT on
WANTYPE 1
Update
Delete
Figure 29 Configuration File Edit Window
4
Edit the UNIX command and click Update or Delete.
NOTE
You can remove the Configuration Editor (along with the Advanced
Utilities option) from the main menu by selecting the config command,
deleting the MODEEXPERT on argument and clicking Update.
34
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
NOTE
If you press the reset button after you have configured your ANG-1000,
you will lose your entire configuration. Any settings you have changed
from factory defaults, such as firewall rules, will be removed. We
recommend that you save these settings to a Notepad file which you then
can reference if you are compelled to use the reset button.
Configuring IP Port Forwarding
ANG-1000’s support of IP Port Forwarding permits you to make servers on
the trusted network of the ANG-1000 available to the rest of the VPN. In
contrast to Network Address Translation (NAT), which allows access to
external-side servers initiated by internal-side hosts, Port Forwarding permits
access to internal-side servers initiated by external-side hosts.
This is accomplished by rewriting the headers of all packets bound for the
ANG-1000 and forwarding them to another host on the trusted-side of the
network, depending on their destination port (port numbers corresponding
to standard, well-known protocols). The IP addresses are re-written so that
incoming IP (TCP and UDP) packets are forwarded to their intended
destinations, and the reply packets are re-written to appear to be coming from
the ANG-1000.
This process requires static, known values for the following:
H The IP address assigned to ANG-1000 by the VPN. This address is in
RiverMaster in the ANG-1000's user account and may not be
assigned dynamically via pools or virtual subnets.
H The IP address of the server on the ANG-1000 trusted network (one
server per protocol). This may not be dynamically assigned by the
ANG-1000 via DHCP.
H The protocol (TCP or UDP) and the protocol port number.
IP Port Forwarding is configured by editing the ipportfw command in the
ipfwrules configuration file in the Config Editor tool of the Web Config. The
ipportfw commands should be entered at the end of the ipfwrules file.
Aurorean Network Gateway-1000 User’s Guide
35
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Refer to the tables below for command usage, switches, arguments, and
definitions.
Usage
ipportfw -A -[t | u] l.l.l.l/lport -R a.a.a.a/rport
add entry
ipportfw -D -[t | u] l.l.l.l/lport
delete entry
l.l.l.l is the address of the VPN interface receiving packets to be forwarded
a.a.a.a is the server address on the LAN
lport is the port being redirected
rport is the port being redirected to
Switch
-t
-u
-A
-C
-D
-R
-L
<arg>
VPN address/port
VPN address/port
None
None
None
IP address/port
None
Definition
Forward TCP traffic
Forward UDP traffic
Add the IP port forwarding table entry
Clear the IP port forwarding table
Delete the IP port forwarding table entry
Define the server IP address
List the IP port forwarding table
Follow the steps below to configure IP port forwarding.
1
Login to Web Config.
2
Click on the Config File Editor menu option.
3
Click on the ipfwrules Configuration File.
4
In the Configuration File Edit window, scroll to the end of the file.
5
Under **Expert-Config**, type the following rules:
–
–
6
36
ipportfw -C
ipportfw -A <-t or -u> <VPN address/local port> -R <local server
IP address/remote port>
Click Update and Reboot Now when prompted to save the change.
Aurorean Network Gateway-1000 User’s Guide
Chapter 3
Configuring the ANG-1000 with Aurorean Web Config
Refer to the table below for a sample IP port forwarding configuration:
Example
ipportfw -C
ipportfw -A -t10.120.50.215/23 -R 192.168.0.1/23
ipportfw -A -t10.120.50.215/21 -R 192.168.0.1/21
ipportfw -A -t10.120.50.215/6000 -R 192.168.0.2/6000
The above sample configuration performs the following tasks:
H Clears the IP port forwarding table
H Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to
port 23 on the internal server 192.168.0.1
H Maps FTP from the VPN address to the same 192.168.0.1 server
H Maps X windows (TCP port 6000) to a different server, 192.168.0.2
Aurorean Network Gateway-1000 User’s Guide
37
A
Glossary
Aurorean Network Gateway
An Enterasys Networks device that creates a secure virtual private circuit
over the Internet between itself and a remote user’s computer. The Aurorean
Network Gateway encapsulates data packets using IPSec and encrypts data
to prevent third-parties from intercepting and examining it. There are three
types of Aurorean Network Gateways:
H Aurorean Network Gateway-7000 - a tunnel server that can
accommodate up to 5000 remote users
H Aurorean Network Gateway-3000 - a tunnel server that can
accommodate up to 500 remote users
H Aurorean Network Gateway-1000 - a tunnel server that establishes a
site-to-site tunnel between itself and either an ANG-7000 or an
ANG-3000 server. It can accommodate up to 25 tunnels.
Aurorean Web Config
Aurorean Web Config is the utility used to configure the Aurorean Network
Gateway-1000. It is Web based and is accessed through the use of a Web
browser.
Aurorean Policy Server
An Enterasys Networks device that manages Aurorean Network
Gateways. Network administrators configure Aurorean Policy Servers
from a RiverMaster computer. The network administrator can create a remote
user database on the Aurorean Policy Server or instruct the Aurorean
Policy Server to authenticate remote users against an external
Aurorean Network Gateway-1000 User’s Guide
39
Appendix A
Glossary
authentication server (such as a RADIUS or SecurID server). When the
network administrator changes tunnel connection parameters, the Aurorean
Policy Server provide updated configuration files to Aurorean Network
Gateways on request.
DHCP
Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP
addresses. The Aurorean Network Gateway-1000 is capable of assigning IP
addresses.
DSL
Refers to Digital Subscriber Lines. DSL technologies use sophisticated
modulation schemes to pack data onto copper wires. They are sometimes
referred to as last-mile technologies because they are used only for
connections from a telephone switching station to a home or office, not
between switching stations. Usually the maximum distance between the
home or office and the switching station has to be around one mile.
Ethernet
The Ethernet originated in 1974 by Xerox to connect many office machines
together to allow communications between them. Coax cable was originally
used. today twisted pair wire can be used and the speeds can be up to 10
megabits per second.
Firewall
A combination of hardware and software which limits the exposure of a
corporate network to outside attack by enforcing a boundary between the
network and the Internet. Firewalls normally fall into one of two categories:
application-level or network-level (often referred to as a packet filter). An
application-level firewall examines traffic at the application level, and only
passes packets that are sent by approved applications (such as FTP, E-mail, or
Telnet). This type of firewall often readdresses outgoing traffic so that it
appears to have originated at the firewall rather than an internal host, thereby
concealing the address of the internal host. A network-level firewall examines
traffic at the network packet level, and filters packets based on the destination
and/or source address.
40
Aurorean Network Gateway-1000 User’s Guide
Appendix A
Glossary
Generic Routing Encapsulation (GRE)
Tunneling protocol developed by Cisco that can encapsulate a wide variety of
protocol packet types inside IP tunnels, creating a virtual point-to-point link
over the Internet. For PPTP, GRE is used to encapsulate PPP data packets
within an IP packet (IP packet headers contain address information necessary
for routing, while PPP packets do not).
Internet Service Provider (ISP)
A vendor who provides direct access to the Internet. ISPs bill users for the
amount of time they are connected, and may also offer additional services
such as Web site hosting, E-mail, or news group readers. Remote users reach
the ISP by dialing into an ISP POP with a computer, modem, and phone line,
or over a dedicated circuit (such as a cable modem connection).
IP
Abbreviation of Internet Protocol, pronounced as two separate letters. IP
specifies the format of packets, also called datagrams, and the addressing
scheme. Most networks combine IP with a higher-level protocol called
Transport Control Protocol (TCP/IP), which establishes a virtual connection
between a destination and a source.
IP Address
An identifier for a computer or device on a TCP/IP network. Networks using
the TCP/IP protocol route messages based on the IP address of the
destination. The format of an IP address is a 32-bit numeric address written as
four numbers separated by periods. Each number can be zero to 255. For
example, 172.16.4.14 could be an IP address.
IP Security Protocol (IPSec)
Short for IPSecurity, a set of protocols developed to support secure exchange
of packets at the IP layer.
Aurorean Network Gateway-1000 User’s Guide
41
Appendix A
Glossary
LAN
Locan Area Network (LAN) connects computers and peripherals together in
an office or a campus to allow the computers to access each other and other
common peripherals.
LEDs
Abbreviation of light emitting diode, an electronic device that lights up when
electricity is passed through it. LEDs are usually red, but the ANG-1000 uses
green LEDs. The LEDs are used to indicators.
Mac Address
Short for Media Access Control address, a hardware address that uniquely
identifies each node on a network.
Network Address Translation (NAT)
Described by Whatis.com as the translation of an Internet Protocol address
used within one network to a different IP address known within another
network. One network is designated the inside network and the other is the
outside. Typically, a company maps its local inside network addresses to one
or more global outside IP addresses and unmaps the global IP addresses on
incoming packets back into local IP addresses. This provides security since
each outgoing or incoming request must undergo a translation process that
also offers the chance to qualify or authenticate the request or match it with a
previous request. NAT also conserves the number of global IP addresses that
a company uses and permits the use of a single IP address to interface with
the world. RiverMaster permits the Aurorean Network Gateway to
be configured as a NAT server.
42
Aurorean Network Gateway-1000 User’s Guide
Appendix A
Glossary
Network Administrator
The person responsible for installing and maintaining a company’s network
equipment, and also insuring that network resources (such as servers and the
applications running on them) are consistently available and performing
well. In terms of Enterasys Networks products, this person physically installs
Aurorean Policy Servers and Aurorean Network Gateways,
distributes Aurorean Client Software to remote users, and runs
RiverMaster software on his/her computer to manage the entire VPN.
Point of Presence (POP)
In Internet terms, the physical site that contains an ISP’s network
equipment. Remote users dial into the POP, authenticate against the ISP’s
customer database, and then gain access to the Internet. ISPs typically have
POPs scattered throughout their service area, so that can customers can dial a
local phone call and avoid paying long- distance charges when accessing the
Internet.
Point-to-Point Protocol (PPP)
The Internet standard for sending network traffic over serial lines, such as
dial-up phone lines. Unlike its predecessor SLIP (Serial Line Internet
Protocol), PPP provides error detection and compression capabilities.
Point-to-Point Tunneling Protocol (PPTP)
A network protocol for linking remote locations over the Internet rather than
over costly long-distance or leased lines. To accomplish this, PPTP
encapsulates other network protocols (such as TCP/IP, IPX, and NetBEUI)
and uses encryption to secure the data sent over the Internet. PPTP was
developed jointly by Microsoft and U.S. Robotics (3Com).
PPPoE
The Point-to-Point over Ethernet protocol provides a connection to the Internet
through a DSL provider. It is also identified as PPPoE.
Aurorean Network Gateway-1000 User’s Guide
43
Appendix A
Glossary
RiverMaster
A management application running on a Windows NT 4.0 Workstation
computer which communicates with Aurorean Policy Servers and
Aurorean Network Gateways. Using RiverMaster, a network
administrator creates user databases, sets policies for user groups, views
activity logs, and generates usage reports.
Routers
Devices which direct network traffic among LANs or WANs until the data
reaches its destination. To do this, routers communicate with one another
using dedicated protocols such as IGRP (Interior Gateway Routing Protocol)
and BGP (Border Gateway Protocol) to transfer information on network
addressing, status, and configuration.
TCP/IP
Abbreviation for Transmission Control Protocol/Internet Protocol. The suite of
communications protocols used to connect hosts on the Internet. TCP/IP uses
several protocols, the two main ones being TCP and IP. TCP/IP is built into
the UNIX operating system and is used by the Internet, making it the de facto
standard for transmitting data over networks. Even network operating
systems that have their own protocols, such as Netware, also support TCP/IP.
Tunneling
Technology that lets a network transport protocol carry information for other
protocols within its own packets. For example, by encapsulating NetBEUI
packets, IP can route them across the Internet, which is not normally possible.
Virtual Private Network (VPN)
An extension of a company’s private network that uses the resources of the
public Internet. While most private networks use dedicated lines and
equipment that are company property, a virtual private network “borrows”
resources from the Internet on an as-needed basis.
44
Aurorean Network Gateway-1000 User’s Guide
B
Specifications
This appendix details the specifications of the ANG-1000.
Table 1 ANG-1000 Specifications
Category
Chassis
Parameters
Depth
6 1/2”
Width
10”
Height
1 /7/8”
Weight
1 lb.
Environment
Operating
Temperature
0° to 70° C
PFC Power
Supply
Power Adapter
Input: 100-240VAC, ~0.4A, 47-63Hz
Regulated UL Listed Class 2 power supply must be used.
Output: 5v VDC, 2.5 Amp
CPU
Processor
Motorola© Coldfire XCF5307 91.5 Mhz
Memory
16 MB DRAM
Storage
Devices
Hard Drive
2 MB Flash
Performance
Server Capacity
> 25 concurrent tunnels
Tunnel
Performance
Up to 3 Mbps with IPSec
Aurorean Network Gateway-1000 User’s Guide
45
Appendix B
Specifications
Table 1 ANG-1000 Specifications (Continued)
Category
Protocols &
Standards
Parameters
Tunnel Protocols
IP Security Protocol (IPSec) as defined in RFC 2401 and 2409
Point-to-Point Tunneling Protocol (PPTP) as defined in
RFC 1234
Generic Routing Encapsulation (GRE) as defined in RFC 1701
and 1702
Encapsulated
LAN Protocols
IP
Routing Protocols
RIP V1, V2
Support for dynamic Virtual Network addressing, local network
addressing, or static routes
Authentication
Challenge Handshake Authentication Protocol (CHAP)
MS-CHAP (Microsoft proprietary version of CHAP)
Encryption
MPPE, 40-bit and 128-bit configurable keys (RC4-compatible)
DES (56-bit) or Triple-DES (168-bit) with IPSec only
Compression
Microsoft Point-to-Point Compression (MPPC)
Number of Ports
Two
Data Transfer Rate
10 Mbps
Connector
8-position modular jack (RJ-45)
Safety
Regulations
US/Canada/
Europe
UL 1950, CSA C22.2 No.950, 73/23/EEC, EN60950, and
IEC950
EMCI
US, Canada,
Europe, Japan,
Australia, New
Zealand, Taiwan,
Russia,
International
FCC Part 15, CSA C108.8, 89/336/EEC, EN55022, EN61000-32, EN61000-3-3, EN50082-1, AS/NZS3548, and VCCI VD3.
Ethernet
46
Aurorean Network Gateway-1000 User’s Guide
C
Pin Assignments
This appendix describes pin assignments for the Ethernet connectors on the
back of the ANG-1000. Because ANG-1000 servers ship with all the cables
required, this information is only necessary if you need to purchase or
fabricate a replacement cable.
ANG-1000 servers are equipped with Ethernet ports located at the rear of the
chassis, supporting full-duplex 10Base-T transmission.
Both port types conform to IEEE 802.3 standards with 8-pin modular RJ-45
connectors. Figure 2 shows the pin assignments for ANG-1000 server
Ethernet ports.
Pin 8
Pin 1
Link 1
(TRUSTED)
Pin 8
Pin 1
Link 2
(EXTERNAL)
Pin
Signal
1
Transmit +
2
Transmit -
3
Receive +
4
Return
5
Return
6
Receive -
7
Return
8
Return
Figure 1
Figure 2 Ethernet Port Pin Assignments
Aurorean Network Gateway-1000 User’s Guide
47
Appendix C
Pin Assignments
Replacement Ethernet cables must meet the following requirements:
H Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring
H Length cannot exceed 328 feet (100 meters)
48
Aurorean Network Gateway-1000 User’s Guide
D
License Agreement & Support
This appendix describes the terms and conditions that govern the use of
Aurorean Virtual Network products (including the warranties) and provides
contact information for obtaining technical support from Enterasys
Networks.
Enterasys Networks License Agreement
PLEASE READ THIS DOCUMENT CAREFULLY BEFORE USING
ENTERASYS SOFTWARE. BY USING THE SOFTWARE PRODUCT SHIPPED
TO YOU BY ENTERASYS OR ITS DISTRIBUTOR (“LICENSED SOFTWARE”)
YOU ACCEPT THE TERMS OF THIS SOFTWARE LICENSE AGREEMENT.
IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT
USE THE SOFTWARE PRODUCT. YOU MAY RETURN THIS PRODUCT TO
ENTERASYS FOR A FULL REFUND.
The Licensed Software is licensed, not sold, to you for use only under the
terms of this license, which represents the complete agreement and
understanding between you and Enterasys. Enterasys reserves any rights not
expressly granted to you. You own the media on which the software is
originally or subsequently recorded or fixed, but Enterasys retains ownership
of all copies of the software itself.
License Grant
Enterasys Networks, Inc., 35 Industrial Way, Rochester, New Hampshire
03866 hereby grants to Licensee a personal, nonexclusive, non-transferable
license to use the Licensed Software on the servers on which the Software is
first installed (“Licensed Servers”) and on an unlimited number of client
processors, subject to the limit on simultaneous users as specified by the
Aurorean Network Gateway-1000 User’s Guide
49
Enterasys Networks License Agreement
Appendix D
License Agreement & Support
scope of the license that Licensee has purchased from Enterasys. Should one
or more the above Licensed Servers be upgraded and/or replaced by other
Enterasys servers purchased by Customer pursuant to Enterasys' then current
upgrade policy, the license may be transferred and the Software may be used
on the replacement server(s). This License shall commence upon the receipt
by Licensee of the Licensed Software and shall continue until Licensee
discontinues use or this Agreement is terminated. No ownership of the
Licensed Software or any of its parts is transferred to Licensee.
Licensee may make copies of the Licensed Software in object code form for
archival and backup purposes only. All copies (including copies of the
documentation) must bear the copyright notice(s) and restricted rights legend
contained in or on the original.
Except as expressly permitted by law without the possibility of contractual
waiver, Licensee agrees that it will not attempt to reverse engineer, reverse
compile or reverse assemble the Licensed Software or otherwise seek to gain
access to source code for the Licensed Software.
Licensee shall take all reasonable steps to protect the Licensed Software and
documentation from unauthorized copying and use. Licensee shall not,
without the express written consent of Enterasys, provide, disclose, transfer
or otherwise make available any Licensed Software, or copies thereof, to any
third party.
Warranty
Enterasys warrants to Licensee that the Licensed Software will, when used in
the specified operating environment, substantially perform in the manner
described in its documentation, as it exists at the date of delivery, for a period
of one year from the date of original delivery to the Licensee. Enterasys's sole
obligation under this warranty shall be limited to using reasonable efforts to
correct reproducible defects and distribute such corrections as part of the next
scheduled maintenance release of the Software. Enterasys does not warrant
that: (i) operation of any of the Licensed Software will be uninterrupted or
error free, or (ii) functions contained in the Licensed Software shall operate in
the combination which may be selected for use by Licensee or meet Licensee's
requirements. Enterasys's warranty obligations shall be void if the Licensed
Software is modified without the written consent of Enterasys.
50
Aurorean Network Gateway-1000 User’s Guide
Appendix D
License Agreement & Support
Enterasys Networks License Agreement
EXCEPT AS SPECIFICALLY PROVIDED HEREIN, THERE ARE NO
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR ANY
IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE.
Infringement Indemnification
Enterasys shall indemnify, defend and hold Customer harmless from and
against any claims, actions, or demands alleging that the Licensed Software
directly infringes any United States patent, trademark, or copyright, or
misappropriates any trade secret right of any third party, provided that
Customer promptly notifies Enterasys of any such claim, allows Enterasys to
control the defense and provides reasonable information and assistance to
Enterasys (at Enterasys' expense) in the defense of the claim. Customer shall
permit Enterasys to replace or modify any affected Licensed Software to
avoid infringement, or to procure for Customer the right to continue to use
such Licensed Software. If neither of such alternatives is reasonably possible,
Enterasys may require Customer to return the affected Licensed Software to
Enterasys and Enterasys' sole liability in regard to such return shall be to
refund the purchase price paid by Customer. Enterasys shall have no
obligation with respect to claims, actions, or demands to the extent that they
are based upon (i) the combination of Licensed Software with any items not
supplied by Enterasys, (ii) any modification or change to the Licensed
Software by Customer, or, (iii) any failure by Customer to implement
modifications or replacements distributed by Enterasys that address any
alleged infringement. This Section states the entire liability of Enterasys with
respect to indemnification or liability for infringement or misappropriation of
patents, copyrights, trademarks, trade secrets or other proprietary rights by
Enterasys or the Licensed Software or any part thereof or by their use or
operation.
Limitation of Liability
ENTERASYS AND ITS LICENSORS' TOTAL LIABILITY FOR ANY CAUSE
OF ACTION ARISING IN CONNECTION WITH THIS AGREEMENT, AND
REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR
IN TORT INCLUDING NEGLIGENCE, SHALL BE LIMITED TO THE
ACTUAL DOLLAR AMOUNT ENTERASYS RECEIVED HEREUNDER
FROM CUSTOMER FOR THE PARTICULAR PRODUCTS WHICH ARE THE
Aurorean Network Gateway-1000 User’s Guide
51
Enterasys Networks License Agreement
Appendix D
License Agreement & Support
SUBJECT MATTER OF THE CAUSE OF ACTION. IN NO EVENT SHALL
ENTERASYS BE LIABLE FOR ANY LOST OR ANTICIPATED PROFITS OR
SAVINGS, OR ANY INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR
CONSEQUENTIAL DAMAGES, REGARDLESS OF THE FORM OF
ACTION, WHETHER IN CONTRACT OR IN TORT INCLUDING
NEGLIGENCE, AND WHETHER OR NOT ENTERASYS WAS ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT PERMIT DISCLAIMERS OF IMPLIED
WARRANTIES OR OF LIABILITY FOR CONSEQUENTIAL OR
INCIDENTAL DAMAGES, SO THE ABOVE DISCLAIMERS MAY NOT
APPLY TO YOU.
Termination
Enterasys may terminate this license agreement and Licensee's right to use
the Licensed Software if Licensee materially breaches the terms of this
Agreement or fails to pay the licensee fee when due, and fails to cure such
breach within thirty days of notice thereof by Enterasys.
International Provisions
Licensee agrees that it shall not directly or indirectly export the Licensed
Software, individually or as part of a system, without first obtaining a license
from the U.S. Department of Commerce or any other appropriate agency of
the U.S. Government, as required. Diversion of products contrary to U.S. law
is prohibited.
Applicable Law
The parties agree that this license shall be governed by the substantive laws of
the Commonwealth of Massachusetts and the United States. The exclusive
jurisdiction for any dispute regarding this Agreement shall be in the United
States of America or, for Licensees located in Europe, London, England. The
parties expressly disclaim the applicability of the U.N. Convention on the
Sales of Goods.
52
Aurorean Network Gateway-1000 User’s Guide
Appendix D
License Agreement & Support
Technical Support
U. S. Government - Commercial Computer Software
This Licensed Software is Commercial Computer Software as provided in 48
CFR 2.101 and is licensed to U.S. Government agencies and personnel only
with the rights set forth in this license. The use of the Licensed Software by
the Government constitutes acknowledgment of Enterasys's proprietary
rights in the Licensed Software. The manufacturer is Enterasys Networks, 35
Industrial Way, Rochester, New Hampshire 03866. The licensee or user of this
product agrees not to remove any of the RESTRICTED RIGHTS legends and
markings included in this software and associated documentation.
Technical Support
Enterasys Networks provides easy access to technical support information
through a variety of services.
Support from Enterasys Networks
Enterasys Networks offers two ways of contacting customer support
personnel.
On-line Services
To receive answers to technical questions on Aurorean Virtual Network
products, send E-mail to:
support@enterasys.com
Please include your name, title, company, and phone number in all
correspondence.
Phone Support
Enterasys Networks customer support personnel are available by calling
1-800-872-8440. When you call, please call from a position where you can
operate the RiverMaster management application or view the server’s LEDs,
and make sure you have the following information ready:
H State of the LEDs on both the front and rear panels of the server(s)
H A list of the error messages appearing in the RiverMaster
message/alarm display
Aurorean Network Gateway-1000 User’s Guide
53
Appendix D
License Agreement & Support
Technical Support
H Details about any recent configuration changes, if applicable
Enterasys Networks also recommends that you have the RiverMaster
Administrator’s Guide on hand when you call.
Returning Products for Repair
After discussing the problem with Enterasys Networks Customer Support or
your authorized Enterasys Networks reseller, you may be asked to return the
APS-3000/7000 or ANG-1000/3000/7000 for repairs. You will receive a
Return Material Authorization (RMA) number for the server. Ship the server,
with the RMA number clearly visible on the outside of the package, to the
following address:
Enterasys Networks
35 Industrial Way
Rochester, NH 03866
Enterasys Networks recommends that you reuse the original shipping box or
equivalent packaging to protect the server during shipment.
NOTE
Products sent to Enterasys Networks without an RMA number will be
returned to the sender unopened, at the sender’s expense.
54
Aurorean Network Gateway-1000 User’s Guide
Index
A
E
Accessories 4
ANG-1000
Accessory Kit 4
Ethernet LEDs 9
Ethernet ports 5
front panel LEDs 10
Interconnects 6
Power connections 7
specifications 45
unpacking 3
Usage ix
Aurorean Network Gateway
definition 39
Aurorean Network Gateway-1000 See ANG-1000
Aurorean Policy Server
definition 39
Aurorean Web Config, definition 39
authentication 46
encryption 46
Ethernet
cable requirements 48
definition 40
port LEDs 6
ports 2, 5
specifications 46
External port connecting cables 7
C
cables
connecting Ethernet 4–7
requirements 48
Canadian notices iii
compliance 46
compression 46
Connecting 7
connector pin assignments 47
connectors Ethernet 47
customer support phone numbers 53
D
DHCP, definition 40
DSL (Digital Subscriber Line) 40
Aurorean Network Gateway-1000 User’s Guide
F
Firewall, definition 40
G
Generic Routing Encapsulation (GRE) 41, 46
GRE. See Generic Routing Encapsulation (GRE)
41
I
installation
before you begin 4
connecting cables 4–7
connecting power 8
locating a server 4
Internet Service Provider (ISP)
definition 41
IP (Internet Protocol) 41
IP address, definition 41
IP Security Protocol (IPSec) 46
definition 41
IPX 43
L
LAN
definition 42
protocols 46
55
Index
LEDs
definition 42
Ethernet ports 6, 9
front panel 9
license agreement 49–53
M
Mac Address, definition 42
N
NAT server
description 42
NetBEUI 43
Network Address Translation (NAT), definition
42
Network Administrator, definition 43
network cable requirements 48
Notices
Canadian iii
FCC iii
General ii
UL iii
O
on-line customer support 53
P
pin assignments Ethernet 47
Point of Presence (POP), definition 43
Point-to-Point Protocol (PPP), definition 43
Point-to-Point Tunneling Protocol (PPTP) 46
definition 43
POP
definition 43
power
connections 8
power supply 8
specifications 45
PPP, definition 43
PPPoE, definition 43
56
PPTP, definition 43
protocols 46
R
regulatory compliance 46
RiverMaster
definition 44
RJ-45
connector pin assignments 47
RMA number 54
Routers, definition 44
routing 46
S
safety compliance 46
Safety Instructions iv
specifications
chassis parameters 45
CPU memory 45
Ethernet port specifications 46
general 45 –46
hard drive specifications 45
operating temperature 45
processor specifications 45
safety regulations 46
server capacity 45
server performance 45
supported protocols 46
System Description 1
T
TCP/IP 43, 44
technical support 53
Trusted port connecting cables 6
tunnel protocols 46
tunneling, definition 44
U
UL notices iii
Aurorean Network Gateway-1000 User’s Guide
Index
V
Virtual Private Network (VPN), definition 44
VPN. See Virtual Private Network (VPN) 44
W
warranty 50
Aurorean Network Gateway-1000 User’s Guide
57