Related Manuals for Compatible Systems IntraPort A00-1869
Summary of Contents for Compatible Systems IntraPort A00-1869
-
Page 1: Installation Guide
IntraPort Enterprise-8 VPN Access Server Installation Guide Compatible Systems Corporation 4730 Walnut Street Suite 102 Boulder, Colorado 80301 303-444-9532 800-356-0283 http://www.compatible.com... - Page 2 IntraPort Enterprise-8 VPN Access Server Installation Guide, Version 1 Copyright © 1999, Compatible Systems Corporation All rights reserved. IntraPort Enterprise, RISC Router, MicroRouter and CompatiView are trademarks of Compatible Systems Corporation. Other trademarks are the property of their respective holders. Part number: A00-1869 FCC Notice: This product has been certified to comply with the limits for a Class A computing device, pursuant to Subpart J of Part 15 of FCC Rules.
-
Page 3: Table Of Contents
Introduction to the IntraPort Enterprise-8 BOUT EMOTE LIENT -8 I NTRA NTERPRISE NSTALLATION -8 M NTRA NTERPRISE ANUAL Chapter 1 - Getting Started OTES Please Read the Manuals Warranty and Service Getting Help with the IntraPort Enterprise-8 EED TO Supplied with the IntraPort Enterprise-8 Additional Items Needed for Installation Chapter 2 - Mounting Instructions LACEMENT... - Page 4 Suggested for AppleTalk Configuring the Server for LAN-to-LAN Tunnels Required for LAN-to-LAN Tunnel Configurations Suggested for LAN-to-LAN Tunnel Configurations Configuring the Server for IP and IPX Client Tunnels Required for Client Tunnel Configurations Suggested for Client Tunnel Configurations VPN User Database...
- Page 5 Appendix B - Downloading Software From Compatible Systems Appendix C - Security Dynamics ACE/Server Information Appendix D - Adding or Replacing RIOP Cards Appendix E - When the “Over Temp” Light Comes On EPLACING OR LEANING THE NTRAPORT Appendix F - Terms and Conditions...
- Page 6 Figure 8. Placing the Unit in a Standard Equipment Rack Figure 8.1. Placing the Unit in a Telco Rack Figure 9. Securing the Unit to the Rack Figure 10. IntraPort Enterprise-8 VPN Access Server Figure 11. Detail of RIOP Cards Figure 12. Detail of Power Units Figure 13.
-
Page 7: Introduction To The Intraport Enterprise-8
Install the IntraPort Enterprise-8 hardware on your Ethernet LAN and connect the 10/100 twisted-pair Ethernet interfaces to Fast Ethernet or Ethernet hubs. Select the management tool you wish to use with the server. If you want to use the CompatiView management software, you must install the software on a Windows PC computer which is connected to your network. -
Page 8: Intraport Enterprise-8 Manual Overview
The manual is divided into several sections that should provide you with the basic information you will need to use the IntraPort Enterprise-8 on your network. For the latest documentation on Compatible Systems products, including the most current version of this manual, visit the Technical Support section of our Web site. -
Page 9: Chapter 1 - Getting Started
You can also request technical support by filling out a brief form. Technical support requests received via the Web form will receive expedited treatment. You may also call Compatible Systems Corporation or send support questions via e-mail to support@compatible.com. Compatible Systems' phone number is listed on the front of this guide. -
Page 10: What You Will Need To Get Started
If you choose to rack-mount the IntraPort Enterprise-8, you will need to provide your own screws or clips to secure the mounting brackets to the equipment rack. A more detailed list of the items needed for mounting the server is in Chapter 2 - Mounting Instructions. -
Page 11: Chapter 2 - Mounting Instructions
The IntraPort Enterprise-8 VPN Access Server is designed to be mounted in a 19-inch equip- ment rack or in a Telco rack. Compatible Systems provides all the parts necessary for securing the supplied mounting brackets and ears to the device; however, due to the variety of equip- ment racks and mounting techniques, you will need to provide your own screws or clips to secure the mounting brackets and ears to the equipment rack. -
Page 12: Parts And Tools
• Changing the Power Supply Voltage Settings The default setting for the voltage switches on the server’s power supplies is for a low input voltage (marked 115V on the switch). If your electrical system requires a high input voltage on the power supplies, you must change it manually on the device before plugging the device in. -
Page 13: Installing Mounting Ears And Handles
Figure 2. Installing Mounting Ears and Handles for a Standard Equipment Rack Figure 2.1. Installing Mounting Ears for a Telco Rack The mounting ears should be installed on the IntraPort Enterprise-8 VPN Access Server whether you are planning to rack-mount it or not. The handles need not be installed for Telco rack mounts because there is not enough finger room to use them, but the handles are recom- mended for all other installations. -
Page 14: Rack-Mount Brackets
Chapter 2 - Mounting Instructions Rack-Mount Brackets Figure 3. Rack-Mount Brackets Brackets (shown in Figure 3) are provided for mounting the IntraPort Enterprise-8 in a stan- dard 19-inch equipment rack or a Telco rack. Note that the left bracket features a fold-down shelf which maintains the proper alignment of the brackets in the rack, but does not bear the weight of the unit. -
Page 15: Right Bracket Installation
Chapter 2 - Mounting Instructions Right Bracket Installation Figure 4. Fastening the Right Bracket to the Rack It is recommended that you mark on the equipment rack exactly where you want the top of the two mounting brackets to go on the device in order to make sure that they are level with each other (using a level if necessary). -
Page 16: Left Bracket Installation
Chapter 2 - Mounting Instructions Left Bracket Installation Figure 5. Fastening the Left Bracket to the Rack It is recommended that you mark on the equipment rack exactly where you want the top of the two mounting brackets to go on the device in order to make sure that they are level with each other. -
Page 17: Securing The Shelf
Chapter 2 - Mounting Instructions Securing the Shelf Figure 6. Lowering the Shelf Lower the shelf onto the tabs protruding from the right bracket as shown in Figure 6 and use the thumb screws to fasten the shelf to the bracket. The brackets and shelf should look like Figure 6.1 when fully installed. -
Page 18: Moving The Unit Into The Rack
Chapter 2 - Mounting Instructions Moving the Unit into the Rack Never attempt to move the server using the RIOP card handles or the filter cover opening. They will not support the weight of the device. Use the built-in side handles and either the large mounting handles, if you have installed them, or the very bottom of the chassis to move Figure 7. -
Page 19: Placing The Unit In An Equipment Rack
Chapter 2 - Mounting Instructions Placing the Unit in an Equipment Rack Figure 8. Placing the Unit in a Standard Equipment Rack Figure 8.1. Placing the Unit in a Telco Rack Slide the unit back into the rack until the mounting ears are flush with the sides of the rack. -
Page 20: Securing The Unit To The Rack
Chapter 2 - Mounting Instructions Securing the Unit to the Rack Figure 9. Securing the Unit to the Rack Using your own screws or clips, secure the mounting ears to the rack as shown in Figure 9, using two screws at the top of each mounting ear and two screws at the bottom of each mounting ear. -
Page 21: Chapter 3 - Network Installation
Note: Ethernet cables and cable connectors are not supplied with the IntraPort Enter- prise-8. Category 5 cabling is required for 100 BaseT operation. Please contact your reseller or your Compatible Systems representative for information on obtaining the correct Ethernet cabling supplies. -
Page 22: Connecting The Server To The Ethernet
The other option is to set up the server behind your firewall using the Ethernet interfaces on slots 0, 2, 4, and 6 only. In this scenario, the other slots are not used You will also have to set up your firewall to allow IPSec traffic through. -
Page 23: Connecting A Management Console
1 stop bit and no Flow Control. v Note: Each RIOP card in the IntraPort Enterprise-8 also has an AUX interface. These are modem connections which should only be used in consultation with Compatible Systems’ Technical Support staff, who will provide instruction on their use. -
Page 24: Chapter 4 - Compatiview Software Installation
Chapter 4 - CompatiView Software Installation All of the products in Compatible Systems’ internetworking and VPN families, including the IntraPort Enterprise-8, can be managed from a single GUI management platform called CompatiView. CompatiView for Windows is included on the CD-ROM which was shipped with your IntraPort Enterprise-8 VPN Access Server. -
Page 25: Transport Protocols And Compatiview
IntraPort Enterprise-8 VPN Access Server. To initially contact the server over IP using CompatiView, you must first enter a valid IP address into the server. You can do this either on a console directly connected to the server or by setting a workstation’s IP address to 198.41.12.2 with a Class C subnet mask (255.255.255.0) so that it can communicate over... -
Page 26: Chapter 5 - Command Line Management
You can temporarily reconfigure an IP host in order to set the server’s IP parameters to allow in-band Telnet access. If you wish to set the server’s basic IP parameters in this fashion, the host must be on the same Ethernet segment as one of the server’s Ethernet interfaces. You can then do the following: See the next section allow Telnet access from hosts on its network. -
Page 27: Setting Up Telnet Operation
After you have set these IP parameters and saved the changes, you can use Telnet to access the server from any node on your IP network. Invoke the Telnet client on your local host with the IP address of the server you wish to manage. -
Page 28: Chapter 6 - Basic Configuration Guide
This chapter briefly discusses the major parameters that must be set in order to use the IntraPort Enterprise-8 VPN Access Server. Detailed information on the meaning of the server’s parameters is provided in the Compati- View Management Software Reference Guide and the Text-Based Configuration and Command Line Management Reference Guide. -
Page 29: Ip Settings For Setups Behind A Firewall
Chapter 6 - Basic Configuration Guide Use the IP Connection Dialog Box to set address parameters for Ethernet 1:0, 3:0, 5:0 and 7:0. These Ethernet interfaces do not have any other settings available because they only handle IPSec traffic and do not do routing. Use the IPSec Gateway Dialog Box (under Global/IPSec Gateway) to set the IPSec Gateway address. -
Page 30: Ipx Protocol
Phase 2 Ethernet 2:0, AppleTalk Phase 2 Ethernet 4:0 and AppleTalk Phase 2 Ethernet 6:0 sections. Configuring the Server for LAN-to-LAN Tunnels Required for LAN-to-LAN Tunnel Configurations LAN-to-LAN tunneling requires that you set parameters for a VPN port on each end of a tunnel, so you must repeat this setup on the remote end. -
Page 31: Configuring The Server For Ip And Ipx Client Tunnels
If you are using a RADIUS server for user authentication (either alone or through an ACE/Server), you will need to set up VPN users on those servers. If not, then you must enter the following information for each user into the VPN user database: •... -
Page 32: Setting Up Radius Authentication
Note: Although MacRADIUS servers offer a GUI, the custom attribute settings will require that you enter users in the Users text file. See the user manual for your server for more infor- mation on exporting, editing and importing the Users text file. -
Page 33: Setting Up Securid Authentication
IntraPort’s IP address. After the first exchange, the Sent Node Secret checkbox in the ACE/Server’s Add Client dialog box (which can be accessed using the Add Client option under the Client menu) will be checked. The checkbox will be grayed out until this initial exchange has taken place. -
Page 34: Saving A Configuration File To Flash Rom
Saving a Configuration File to Flash ROM Once a configuration is complete, you can save it to the server’s Flash ROM. Until saved, all changes are made in a separate buffer and the server’s interfaces continue to run as before the changes were made. -
Page 35: Chapter 7 - Shipping Defaults
Chapter 7 - Shipping Defaults Default Password • letmein Ethernet Interfaces IP Defaults • Ethernet 0:0 is on • Address: 198.41.12.1 • Subnet mask: 255.255.255.0 • Broadcast address: 198.41.12.255 • Mode: Routed • All other Ethernet interfaces are off IPX Defaults •... -
Page 36: Chapter 8 - Led Patterns And Test Switch Settings
Note: Any continuous flashing pattern not noted in this chapter may be caused by a hard- ware failure. Please call Compatible Systems’ Technical Support if your server shows a hard- ware failure. Over Temp The server is above the proper operating temperature. -
Page 37: Intraport Enterprise-8 Switch Settings
RIOP card’s switch is when the card is unable to communi- cate with the backplane for some reason. M Caution: Settings marked with an asterisk may erase your Flash ROM. Please do not use these settings without first contacting Compatible Systems’ Technical Support. Normal Operation Unused*... -
Page 38: Appendix A - Connector And Cable Pin Outs
Appendix A - Connector and Cable Pin Outs Pin Outs for DB-25 Male to DB-25 Female Console Cable The cable supplied with the IntraPort Enterprise-8 is twenty-five conductors, straight through. Connections on the console interface follow the standard RS-232C pin outs. Appendix A - Connector and Cable Pin Outs... - Page 39 Appendix B - Downloading Software From Compatible Systems The latest versions of operating software for all Compatible Systems products are available at our Web site. The latest version of CompatiView management software is also available. To download software, follow the instructions below: v Note: These files are also accessible directly via Anonymous FTP at ftp.compatible.com/files/.
- Page 40 Appendix C - Security Dynamics ACE/Server Information Appendix C - Security Dynamics ACE/Server Information ACE/Server software and SecurID tokens can be purchased directly from Security Dynamics Technologies, Inc. Use the following information to contact Security Dynamics for more infor- mation: Security Dynamics Technologies, Inc.
-
Page 41: Figure 13. Removing And Replacing An Riop Card Or Cover Plate
Appendix D - Adding or Replacing RIOP Cards The modular design of the IntraPort Enterprise-8 VPN Access Server allows you to add, remove or replace the RIOP cards without disconnecting the device. Be sure to keep a cover plate over any empty slots to maintain proper air ventilation and minimize dust accumulation. -
Page 42: Nterprise -8 A Ir F Ilter
Changing or cleaning the filter is a simple process. v Note: If either of the supplied filters is worn out or cannot be thoroughly cleaned, you may order a replacement filter from Compatible Systems Corporation at the number in the front of this manual. - Page 43 (c) that as a result of the purchase of the Products from Compatible Systems, the Customer will have good title to the Products, free and clear of all liens and encumbrances.
- Page 44 CLAIM IS BASED ON STRICT LIABILITY, BREACH OF WARRANTY, NEGLIGENCE, OR ANY OTHER CAUSE WHATSOEVER, WHETHER OR NOT SIMILAR. This limitation on remedies shall apply even if Compatible Systems is advised of the possibility and nature of any special, consequential, or incidental damages.