Enterasys ANG-1100 User Manual
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Gateway
  5. ANG-1100 Series
  6. User manual
Enterasys ANG-1100 User Manual

Enterasys ANG-1100 User Manual

Aurorean network gateway-1100
Hide thumbs Also See for ANG-1100:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
ANG-1100
ANG-1100
ANG-1100
ANG-1100
User's Guide
User's Guide
User's Guide
User's Guide
Version 2.1
Version 2.1
Version 2.1
Version 2.1

Advertisement

Table of Contents
loading

Related Manuals for Enterasys ANG-1100

Summary of Contents for Enterasys ANG-1100

  • Page 1 Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network ANG-1100 ANG-1100 ANG-1100 ANG-1100 User’s Guide User’s Guide User’s Guide User’s Guide Version 2.1 Version 2.1 Version 2.1 Version 2.1...
  • Page 2 Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
  • Page 3 • This device must accept any interference received, including interference that may cause undesired operation. Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority granted by the FCC or other such agency to operate this equipment.
  • Page 4 This product should be operated from the type of power indicated on the marking label. If you are not sure of the type of power available, consult Enterasys Networks or your local power company. Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the cord.

  • Page 5: Table Of Contents

    About This Guide Contents of the Guide ... ix Conventions Used in This Guide...x Related Publications ... xi Chapter 1 – Overview System Description ...1 Chapter 2 – Installation Unpacking the ANG-1102/1105 ...3 Accessories ...4 Location Planning...4 Connecting Cables ...5 Ethernet Connections ...5 Serial Connection ...7 Connecting Power to the ANG-1102/1105...8...
  • Page 6 Table of Contents Chapter 3 – Configuring the ANG-1100 with Aurorean Web Config Before You Begin ...11 Logging into Web Config ... 13 Setting Your Password ... 14 Viewing VPN Status ... 15 Setting Up the VPN ... 16 Setting Up the Internet Connection... 18 Downloading the Latest Firmware...
  • Page 7 United States Government Restricted Rights ...57 Exclusion of Warranty ...57 No Liability for Consequential Damages ...58 Technical Support...58 Support from Enterasys Networks...58 Returning Products for Repair...59 Index Aurorean Network Gateway-1100 User’s Guide Table of Contents...

  • Page 9: About This Guide

    Aurorean™ Network Gateway-1100 (ANG-1102/1105) from Enterasys Networks. This guide is written for administrators who want to configure the ANG-1100 for their remote clients or experienced users who are knowledgeable of basic networking principles. Contents of the Guide Information in this guide is arranged as follows: ! Chapter 1, Overview highlights the key features of the Aurorean Virtual Network family of enterprise VPN products.

  • Page 10: Conventions Used In This Guide

    Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE CAUTION WARNING Bold Italics SMALL CAPS Courier font Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.

  • Page 11: Related Publications

    ! The Installation & Service Guide which describes how to install and maintain the ANG-3000/7000 series, the Aurorean server which can be used to complete a VPN connection with the ANG-1100. ! A Portable Document File (PDF) version of this manual is available and can be downloaded from the Enterasys.com Web site.

  • Page 13: Chapter 1 - Overview

    This chapter describes the key features of the Aurorean Network Gateway 1100 and how it is used. System Description The ANG-1100, displayed in Figure 1, provides home or small office connectivity to a corporate branch office or headquarters. It supports up to 25 tunnels.

  • Page 14: V Power Supply

    - Initiates tunnel to ANG-3000/7000 - Negotiates tunnel protocols - Encrypts data over tunnel An ANG-1100 comes equipped with the following: ! 110-250V power supply. ! High-performance CPU: 90 MHz internal, 45 MHz external. ! Complete set of diagnostic LEDs which display the server’s operational status.

  • Page 15: Chapter 2 - Installation

    This chapter describes the steps required to unpack, install and connect an Aurorean Network Gateway-1102/1105 onto a desktop. Unpacking the ANG-1102/1105 Remove the ANG-1102/1105 from the shipping box. Save the box in case the unit needs to be returned. Aurorean Network Gateway-1100 User’s Guide Power cord Power...

  • Page 16: Accessories

    Quick Setup card and accessories. See an illustration of the ANG-1105 below. Accessories The ANG-1100 also is shipped with the following accessories: ! One cross-over (red) cable for a direct PC/Network Gateway connection. ! One power supply with an attached cable to connect to the ANG-1100.

  • Page 17: Connecting Cables

    Internet. A serial cable can be used to connect the ANG-1105 to your computer for diagnostic purposes. All interconnections are made at the back of the ANG-1100 (refer to Figure 5). Also, a reset button is located in the rear of the unit.
  • Page 18 Connecting Cables Connecting an ANG-1102/1105 The ANG-1100 is typically set up in the configuration shown below. Cable / DSL Modem To connect the ANG-1100 Ethernet port, perform the following steps: Do one of the following as shown in Figure 7: –...

  • Page 19: Connecting Cables

    PC DSL or cable modem Figure 7 Connecting Cables to the ANG-1100 (ANG-1105 shown) Plug an Ethernet cable into the External port as shown in Figure 7. Plug the opposite end of this cable into a DSL or cable modem.

  • Page 20: Connecting Power To The Ang-1102/1105

    ANG-1100, perform the following steps: Plug the power supply cord into the system’s power socket as shown in Figure 8. Power supply cable Figure 8 Connecting AC Power on the ANG-1100 (ANG-1105 shown) WARNING Aurorean Network Gateway-1100 User’s Guide Chapter 2...
  • Page 21 International customers may swap the electrical cord segment shipped with the ANG-1100 for a cord that meets the proper standard for their country. A custom cord can be inserted in the power supply. Aurorean Network Gateway-1100 User’s Guide...

  • Page 22: Checking Ang-1102/1105 Connections

    ! The WAN LED either blinks when active or remains ON. ! The VPN LED stays ON when a tunnel is connected. The ANG-1100 is now ready for configuration. Refer to Chapter 3 for detailed instructions. If the Power LED flashes at a twice per second interval, boot diagnostics have failed.

  • Page 23: Before You Begin

    Configuring the ANG-1100 with Configuring the ANG-1100 with To configure the ANG-1100, use the Internet browser on your computer and connect to the server via the Web. During the Web session, you run the Aurorean Web Config utility and configure the system. Figure 10 illustrates the process.
  • Page 24 ! If your computer was supplied a static IP address and Gateway by your service provider, you must now accept the address from a DHCP server and remove the gateway for the ANG-1100 to find and connect with the PC.

  • Page 25: Logging Into Web Config

    To log into Web Config, perform the steps below. Point your Web browser at the default trusted IP address of the ANG-1100. In the browser’s Location field at the top of the window, type: http://192.168.1.1 and click OK. The Login window appears as shown in Figure 11.

  • Page 26: Setting Your Password

    Setting Your Password Because the default password is readily available through all ANG-1100 documentation, we strongly recommend that you ensure security by configuring a new password to replace the default password netadmin. If you forget your password after changing it from the factory default, you can return to using netadmin by pressing the Reset button and reinstate all factory default values.

  • Page 27: Viewing Vpn Status

    Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Viewing VPN Status The VPN Status window is the first screen to appear after logging in. At this point, you have just begun configuration so the VPN Status window appears empty. Later, after you have configured a VPN connection to an ANG-3000/7000, the window will display information similar to the data shown in Figure 13.

  • Page 28: Setting Up The Vpn

    Setting Up the VPN The VPN configuration created on the ANG-1100 completes a link with the ANG-3000/7000 on the remote end of this connection. If your network administrator has already set up the ANG-3000/7000 with appropriate User, Password and Group information, after setting up the VPN you will build the site-to-site tunnel connection and be up and running on the corporate LAN.
  • Page 29 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Enter the Name of the remote ANG-3000/7000 you are connecting to.
  • Page 30 Peer to Peer - connectivity for devices on remote networks over tunnels between two ANG-1100 servers, or interoperability between an ANG-1100 and a Cisco, Nortel or Nokia/Checkpoint VPN gateway. This option requires adding the IP address and Subnet Mask of up to 3 remote peers.
  • Page 31 MAC address (refer to “Using Advanced Utilities” on page 35 for more information). If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.

  • Page 32: Setting Up The Internet Connection

    Setting Up the Internet Connection Internet configuration of the External side of the ANG-1100 involves choosing the type of IP address assignment the ANG-1100 will accept. The ANG can accept one of the following: ! A DHCP-assigned IP address - your network automatically sets the ANG’s IP address via the DHCP (Dynamic Host Configuration...
  • Page 33 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home...
  • Page 34 Internet LED will turn on. If a static IP address was configured, the Internet LED will shine immediately. If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.

  • Page 35: Downloading The Latest Firmware

    Downloading the Latest Firmware After logging in, download the latest firmware image to the ANG-1100’s flash memory (provided the MAC address is set for cable service users - refer to page 36) by accessing the FTP server where it is stored. As new firmware becomes available, you can update it again.
  • Page 36 After the firmware image is downloaded, the new image is “flashed” or stored on the ANG-1100. This step takes up to 5 minutes and the photo below shows the activity lights seen on the ANG-1100 when the device’s flash memory is being upgraded with the new firmware image.
  • Page 37 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config After downloading and “flashing” are complete, a status page displays as shown in Figure 18 indicating the process was successful and displays the FTP server IP address and new build filepath.

  • Page 38: Setting Up The Lan

    Setting Up the LAN LAN configuration of the Trusted side of the ANG-1100 involves choosing either to manually set an IP address and subnet for the ANG-1100 or dynamically assign its IP address via your network’s DHCP server. The factory default LAN setting configures the ANG as a DHCP server on the trusted LAN and automatically assign IP addresses to local PCs.
  • Page 39 If you change the default LAN Setup and reboot the ANG-1100, you must release and renew the IP address for all adaptors bound to TCP/IP on your connected computer(s) in order to reconnect with the ANG-1100 and make future changes.

  • Page 40: Setting Up The Firewall

    ANG-1100. Click Reboot Now. If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.
  • Page 41 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Begin Firewall Setup by performing the following steps: Click the Firewall Setup menu option. The Firewall Setup window appears as shown in Figure 21. Help VPN Status VPN Setup Connectivity Setup...

  • Page 42: Setting Your Password

    If you press the Reset button after you have configured your ANG-1100, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the Reset button.
  • Page 43 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup Type the old Password in the field provided. Type a new Password in the field provided. Confirm the new password in the field provided.

  • Page 44: Checking Device Status

    ! Route Table entries detail connected networks, gateways, their associated IP addresses, netmasks and other data. ! Interrupts lists the hardware interrupts supported on the ANG-1100 as well as their vectors and interrupt counters. The two SMC9194 items listed are the Ethernet Trusted and External port interrupts.
  • Page 45 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Aurorean Network Gateway-1100 User’s Guide...

  • Page 46: Route Table

    --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- Configuring the ANG-1100 with Aurorean Web Config Receive errs drop fifo frame packers Gateway Genmask “...

  • Page 47: Using Advanced Utilities

    Using Advanced Utilities Advanced Utilities provided by the ANG-1100 include: ! Setting the MAC Address of a newly attached ANG-1100 when you want to quickly connect to a cable service provider. MAC addresses are used by service providers to identify supported users. The ANG- 1100 can proxy your computer’s MAC address to the ISP but your...

  • Page 48: Using The Configuration Editor

    Do one of the following: ANG-1100 connections broken during a reboot will be lost after service returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before re-initiating the connection resolves the problem. Using the Configuration Editor Knowledgeable network administrators can use the Configuration Editor to modify the ANG-1100’s LINUX 2.0 operating system configuration files.
  • Page 49 Configuration File Edit This Web application allows you to update and delete the system configuration files of the ANG-1100. These files are used to control the ANG-1100 for its VPN functionality, Internet and LAN connectivity, firewall capabilities, networking startup commands and other key features of the ANG-1100 device.
  • Page 50 You can remove the Configuration Editor (along with the Advanced Utilities option) from the main menu by selecting config, deleting the MODEEXPERT on argument and clicking Update. Configuring the ANG-1100 with Aurorean Web Config Aurorean Network Gateway Configuration File Edit...
  • Page 51 Configuring IP Port Forwarding ANG-1100’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1100 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-side hosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.
  • Page 52 Under **Expert-Config**, type the following rules: – – Click Update and Reboot Now when prompted to save the change. Configuring the ANG-1100 with Aurorean Web Config Definition Forward TCP traffic Forward UDP traffic Add the IP port forwarding table entry...
  • Page 53 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Refer to the table below for a sample IP port forwarding configuration: Example The above sample configuration performs the following tasks: ! Clears the IP port forwarding table ! Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to port 23 on the internal server 192.168.0.1...

  • Page 55: Appendix A - Glossary

    Aurorean Network Gateway An Enterasys Networks device that creates a secure virtual private circuit over the Internet between itself and a remote user’s computer. The Aurorean Network Gateway encapsulates data packets using IPSec and encrypts data to prevent third-parties from intercepting and examining it. There are three...
  • Page 56 authentication server (such as a RADIUS or SecurID server). When the network administrator changes tunnel connection parameters, the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request. DHCP Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP addresses.
  • Page 57 Appendix A Glossary Generic Routing Encapsulation (GRE) Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link over the Internet. For PPTP, GRE is used to encapsulate PPP data packets within an IP packet (IP packet headers contain address information necessary for routing, while PPP packets do not).

  • Page 58: Mac Address

    (such as servers and the applications running on them) are consistently available and performing well. In terms of Enterasys Networks products, this person physically installs Aurorean Policy Servers and Aurorean Network Gateways, distributes Aurorean Client Software to remote users, and runs RiverMaster software on his/her computer to manage the entire VPN.
  • Page 59 Appendix A Glossary Point of Presence (POP) In Internet terms, the physical site that contains an ISP’s network equipment. Remote users dial into the POP, authenticate against the ISP’s customer database, and then gain access to the Internet. ISPs typically have POPs scattered throughout their service area, so that can customers can dial a local phone call and avoid paying long- distance charges when accessing the Internet.
  • Page 60 Routers Devices which direct network traffic among LANs or WANs until the data reaches its destination. To do this, routers communicate with one another using dedicated protocols such as IGRP (Interior Gateway Routing Protocol) and BGP (Border Gateway Protocol) to transfer information on network addressing, status, and configuration.

  • Page 61: Appendix B - Specifications

    This appendix details the specifications of the ANG-1100. Category Chassis Depth Width Height Weight Environment Operating Temperature Storage Temperature Humidity Power Supply Power Adapter Processor Memory Storage Hard Drive Devices Aurorean Network Gateway-1100 User’s Guide Table 1 ANG-1100 Specifications Parameters 6”...
  • Page 62 Table 1 ANG-1100 Specifications (Continued) Category Performance Server Capacity Tunnel Performance Hardware acceleration Protocols & Tunnel Protocols Standards Encapsulated LAN Protocols Routing Protocols Authentication Encryption Compression Firewall support Other Operating Type System Parameters concurrent tunnels Up to 3 Mbps with IPSec...
  • Page 63 Appendix B Specifications Table 1 ANG-1100 Specifications (Continued) Category Ethernet Number of Ports Data Transfer Rate 10 Mbps on the ANG-1102, 100 Mbps on the ANG-1105 Connector Serial Number of Ports Safety US/Canada/ Regulations Europe EMCI US, Canada, Europe, Japan,...

  • Page 65: Appendix C - Pin Assignments

    This appendix describes pin assignments for the Ethernet connectors on the ANG-1100. Additionally, the ANG-1105 provides a serial connector. ANG-1100 servers are equipped with either two or five Ethernet ports located at the rear of the chassis, supporting full-duplex 10Base-T transmission.
  • Page 66 LAN 1-4 (TRUSTED) WAN: ANG-1102 (EXTERNAL) WAN: ANG-1105 (EXTERNAL) The ANG-1105 is equipped with a single serial port for debugging purposes. An industry-standard serial cable can be used to connect to the male DB-9 connector. See Figure 2 for serial port pin assignments. Pin 8 Pin 1 Pin 1...
  • Page 67 Appendix C Pin Assignments Pin 1 Pin 6 Aurorean Network Gateway-1100 User’s Guide DB-9 Pin 5 Pin 9 Figure 2 Serial Port Pin Assignments Signal Carrier Detect (CD) Receive Data (RX) Transmit Data (TX) Data Term Ready (DTR) Ground (GND) No Carrier (NC) Request to Send (RTS) Clear to Send (CTS)

  • Page 69: Appendix D - Program License Agreement & Support

    CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the Enterasys software program (“Program”) in the package. The Program may be contained in firmware, chips or other media.

  • Page 70: License

    License License You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement. You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Enterasys.

  • Page 71: United States Government Restricted Rights

    Appendix D Program License Agreement & Support Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S.

  • Page 72: No Liability For Consequential Damages

    OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. Technical Support Enterasys Networks provides easy access to technical support information through a variety of services. Support from Enterasys Networks Enterasys Networks offers two ways of contacting customer support personnel.

  • Page 73: Returning Products For Repair

    Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1102/1105/3000/7000 for repairs. You will receive a Return Material Authorization (RMA) number for the server. Ship the server,...

  • Page 75: Index

    LEDs Interconnects Power connections Power LED specifications unpacking Usage VPN LED WAN LED Aurorean Network Gateway definition Aurorean Network Gateway-1100 See ANG-1100 Aurorean Policy Server definition Aurorean Web Config, definition authentication cables connecting Ethernet – connecting serial requirements Canadian notices...
  • Page 76 Index firewall setup Firewall, definition Flash specifications FTP server Generic Routing Encapsulation (GRE) GRE. See Generic Routing Encapsulation (GRE) installation before you begin connecting cables – connecting power locating a server Intel Flash memory Intelligent Client Routing Internet Service Provider (ISP) definition IP (Internet Protocol) IP address, definition...
  • Page 77 pin assignments DB-9 pin assignments Ethernet Point of Presence (POP), definition Point-to-Point Protocol (PPP), definition Point-to-Point Tunneling Protocol (PPTP) definition definition Power power connections power supply specifications power cord power supply PPP, definition PPPoE PPPoE, definition PPTP, definition processor specifications protocols Quick Setup card regulatory compliance...
  • Page 78 Index VPN. See Virtual Private Network (VPN) Web Config winipcfg WINS proxy Aurorean Network Gateway-1100 User’s Guide...

This manual is also suitable for:

Ang-1102Ang-1105

Table of Contents