Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Nlynx Manuals
  4. Firewall
  5. interlynx/ts
  6. User manual

Nlynx interlynx/ts User Manual

Hide thumbs

Advertisement

Quick Links

Download this manual
InterLynx/TS
Virtual Private Network and Firewall
User's Guide
and
Reference Manual
Rev 1.02 July, 2002

Advertisement

loading
Need help?

Need help?

Do you have a question about the interlynx/ts and is the answer not in the manual?

Questions and answers

Summary of Contents for Nlynx interlynx/ts

  • Page 1 InterLynx/TS Virtual Private Network and Firewall User’s Guide Reference Manual Rev 1.02 July, 2002...
  • Page 2 InterLynx/TS Users Guide Table of Contents Introduction Capabilities, features, functions and specs ....Chapter 1 Installing the Hardware ....... . .
  • Page 3 Low cost communications is now available over the Internet, while the InterLynx/TS provides the high level of security you need. It is a Firewall with plenty of firepower. Built on a heavy-duty platform with a high-speed CPU, the IL/TS has the power to block unwanted traffic, both inbound and outbound.

  • Page 4: Specifications

    ♦ 1 10/100 RJ45 Ethernet port (rear) for connection Wireless Option: Available Q3 2002 to external network. Package includes: InterLynx/TS unit, CD ROM ♦ 4 10/100 RJ45 Ethernet ports (front) for (User Guide/Reference Manual), Power Cord, two the local network.
  • Page 5 InterLynx/TS User’s Manual_________________________________________________________________ Chapter 1 _______________________________________________Installing InterLynx/TS Hardware 1. Unpack the InterLynx/TS unit from its shipping carton. Verify that the InterLynx/TS shipping carton contains the following parts: ü InterLynx/TS Unit ü Power Cord ü User’s Manual (CD ROM) ü Ethernet Cable ü...

  • Page 6: Troubleshooting

    3) Set the voltage switch to the appropriate setting for your area. An improper setting will damage the power supply and may cause personal injury. 4) Connect the female end of the power cord into the AC power connector on the back of the InterLynx/TS. 5) Plug the male end of the power cord into a wall outlet.
  • Page 7 InterLynx/TS User’s Manual_________________________________________________________________ Example Topologies...
  • Page 8 Use the steps below to bring up the TCP/IP properties for the PC: 1. On the PC that will communicate with InterLynx/TS press Start, and then highlight Settings, and then highlight Control Panel (Win95, Win98, or ME) or Network and Dial-up Connections (Win2000 and XP).
  • Page 9 TCP/IP for that Ethernet card and press the Properties button. 4. The TCP/IP properties window should now be displayed. If the InterLynx/TS will be acting as the DHCP Server (A server that distributes IP address) for the network, then make sure the Obtain IP Address automatically radio button is selected.
  • Page 10 5. If you would like to manually assign an IP address to the PC make sure the Specify an IP address radio button is selected. The default IP address for the InterLynx/TS is 192.168.1.254 with a /24 subnet (255.255.255.0). The IP address given to the PC must be on the 192.168.1.0 network in order to communicate with the InterLynx/TS.
  • Page 11 Part I – Accessing the InterLynx/TS Via Web Browser The first step in connecting to the InterLynx/TS is to open a browser window and type in the URL of the unit as shown below. Once the URL has been entered press ‘Return.’ The example below uses the URL ‘https://192.168.1.254.’...
  • Page 12 InterLynx/TS User’s Manual_________________________________________________________________ For Netscape, the following are displayed (appearance differs slightly based on version): Press the ‘Continue’ button when the box below is displayed. When the box below is displayed press ‘Continue.’...
  • Page 13 InterLynx/TS User’s Manual_________________________________________________________________ 1. The first screen to appear is the InterLynx/TS login screen. Here, you will enter the default password, changemenow, and press the ‘Enter’ key. Troubleshooting a failed browser connection to the InterLynx/TS: 1. There is already a device on the LAN at address 192.168.1.254. Either the IL/TS or the other device needs to be isolated until the IP configuration can be changed.
  • Page 14 InterLynx/TS User’s Manual_________________________________________________________________ Part II – Changing The System Password After logging into the InterLynx/TS: 1. Change the System Password: a. Click on System Settings in the left menu area. b. Click the Change Password button, this will bring up the Change Password page.
  • Page 15 The System Settings page also displays the version of Firmware running on the unit, and displays the Host name for the InterLynx/TS. Remote Administration (HTTPS and/or SSH) to the InterLynx/TS can be configured along with the Date and Time. Please refer to the following sections on how to...
  • Page 16 InterLynx/TS User’s Manual_________________________________________________________________ Part III – Configuring Remote Administration to the InterLynx/TS 1. To temporarily enable Remote Administration over the Internet, check one or both of the boxes as noted below: • Enable SSH For Remote Administration – Allows a secure shell connection (command line).
  • Page 17 InterLynx/TS User’s Manual_________________________________________________________________ 3. Make sure the correct Time Zone is chosen for the InterLynx/TS, by using the pull-down menu. 4. The next step is enabling (recommended) the Network Time Protocol Time Sync, by checking the enable box. In the Time Server fields the URLs for of the NTP Servers need to be added. Here are 3 Time Server URLs that can be used: ns.arc.nasa.gov (NASA)
  • Page 18 InterLynx/TS User’s Manual_________________________________________________________________ Part VI – Saving the current configuration on the InterLynx/TS 1. To save the current InterLynx/TS configuration file, press the Back Up Current Configuration To PC button from the System Settings page. 2. The Backup Current Configuration To PC page should appear. Now press the Get Current...
  • Page 19 InterLynx/TS User’s Manual_________________________________________________________________ 3. A File Download box will appear, choose Save. 4. After choosing Save, the Save As window will appear, allowing the file to be saved to any Directory on the PC or to a floppy disk. Select the location to save the backup file, and click on the Save button.
  • Page 20 InterLynx/TS User’s Manual_________________________________________________________________ 6. The saving of a configuration file to a PC is now complete. The Backup Current Configuration To PC window will now appear, click on Return To System Settings. 7. The Backup Current Configuration To PC window will appear, press the Return To System Settings button.
  • Page 21 InterLynx/TS User’s Manual_________________________________________________________________ Part VII – Restoring a Saved configuration to the InterLynx/TS 1. To Restore a saved configuration from a PC to the InterLynx/TS, press the Load Saved Configuration From PC button on the System Settings page. 2. The Load Saved Configuration From PC page will appear, click on the Browse button to locate the saved configuration file on the PC or type in the location of the file..
  • Page 22 InterLynx/TS User’s Manual_________________________________________________________________ 3. After pressing the Browse button, the Choose file window will appear. Locate the file that was previously saved, highlight the file and make sure it appears in the File name text field. Press the Open button.
  • Page 23 InterLynx/TS can be established in approximately one to two minutes. Press OK to start the reboot process. At this point the InterLynx/TS will be rebooted and the new setting will be active. 10. Click on any of the blue menu icons bring up the password prompt to log back into the InterLynx/TS. 3-13...
  • Page 24 1. Click on the Retrieve Software Update button to open the Retrieve Software Update window. 2. In the Retrieve Software Update window, type the URL that Technical Support will provide for upgrading the firmware on the InterLynx/TS. After typing in the URL, click the Get Software Update button.
  • Page 25 Press OK to continue. 6. After pressing the OK button, another dialogue box will appear indicating that communication to the InterLynx/TS can be reestablished in 1 to 2 minutes. Press OK to reboot the InterLynx/TS. 3-15...
  • Page 26 Network Settings page. • TrustedLan (Internal): o The InterLynx/TS internal IP address is 192.168.1.254 with a Netmask of 255.255.255.0 by default. This can be changed to fit into an existing IP network by typing in the new IP Address and Netmask and pressing the Apply button.
  • Page 27 The DHCP client feature for the External Interface (Internet) is currently unavailable. If the InterLynx/TS will be getting its’ external IP address from an ISP or other DHCP server, then the Dynamic IP Address box must be checked for the external interface.
  • Page 28 Firewall Permissions and Advanced Firewall Settings Part I – Selecting the appropriate Firewall level to use 1. After logging into the InterLynx/TS, click on the Firewall Permissions button on the left hand side of the screen. That will open the Firewall Permissions page.
  • Page 29 InterLynx/TS User’s Manual_________________________________________________________________ 3. To change the Current Level of the InterLynx/TS, follow these steps: a. Click on the arrow in the drop down box, and select the level of firewall to be used. b. Click on the Apply Changes button. The screen will refresh and show the newly selected level...
  • Page 30 Note: When a Firewall Level is chosen the InterLynx/TS will allow requests by the Services, that are on that level and all Services that are on the lower Firewall Levels. For example: If the InterLynx/TS is set to Firewall Level 2, that means that telnet requests are allowed outbound as well as requests for the Services that are set for...
  • Page 31 Direction – This can either be outbound (to the Internet) or inbound (from the Internet). b. Service – This refers to Services that are defined on the InterLynx/TS whether they are predefined (p) or user defined (u) Services. i.e. telnet, web, DNS, ftp etc…...
  • Page 32 8. To see if the permit was added to the correct level, click on the Display All Permissions button. A table of all the Permissions that have been created on the InterLynx/TS will appear in the table. All the defined services can be viewed by scrolling thru the list. Once the Permit has been verified in the table click the Close Table button.
  • Page 33 InterLynx/TS User’s Manual_________________________________________________________________ Part III – Deleting Firewall level 1. After logging into the InterLynx/TS, click on the Firewall Permissions button on the left hand side of the screen. That will open the Firewall Permissions page. 2. To remove a permit from the Firewall Permissions table, click on the Delete button in the Action column.
  • Page 34 InterLynx/TS User’s Manual_________________________________________________________________ 3. After deleting the permit the table will be updated showing only the permits that are configured for the current level of the firewall or below. 4. Click the Save Settings to Flash button, to make the changes permanent.
  • Page 35 Any of the following options can be enabled by checking the box to the right of each one and then pressing the Apply Changes button.: • Allow Ping Out: Allow clients behind the InterLynx/TS to ping machines on the Internet. This is a relatively safe setting and may be left enabled.
  • Page 36 InterLynx/TS User’s Manual_________________________________________________________________ • IP Blocking: You can provide a list of IP addresses or URLs that are to be blocked by the InterLynx/TS. o Enter the URL to be blocked in the text box and press the Add button.
  • Page 37 InterLynx/TS User’s Manual_________________________________________________________________ o To remove any of the URLs, highlight the URL and then press the Delete button o A Microsoft dialogue box will appear verifying the deletion of the URL. Click OK. o The screen will refresh and the URL will no longer be in the list of blocked URLs.
  • Page 38 This function allows devices outside the internal LAN to communicate with internal devices by redirecting the Services created on the InterLynx/TS. 1. After logging into the InterLynx/TS, click on the Firewall Permissions button in the left side menu. 2. When the Firewall Permissions page is shown, click on Port Forwarding button to open the Port Forwarding Page.
  • Page 39 • Redirect Service - will define the service as well as the port number for the forwarded service. Note: If this field is left blank, the InterLynx/TS will use the same service that is selected in the Service to Forward field.
  • Page 40 • Redirect Service - will define the service as well as the port number for the forwarded service. Note: If this field is left blank, the InterLynx/TS will use the same service that is selected in the Service to Forward field.
  • Page 41 InterLynx/TS User’s Manual_________________________________________________________________ 2. After the new service has been created and verified, return to the Advanced Firewall, Port Forward page. 3. In the Port Forward page the new service will be used to define the new forwarding rule. 4. The new Service to Forward is telnetx, (created in the Define Services page) select telnetx in the Service to Forward field.
  • Page 42 Adding and Deleting Firewall Services on the InterLynx/TS Part I – Adding a new Service a. After logging into the InterLynx/TS, click on the Define Services button on the left hand side of the screen. That will open the Define Services page.
  • Page 43 Check the tcp radio button in the Protocol field. d. In the Port(s) type in the required port numbers 143 and 993. Separate the two numbers with a comma. e. Click on the Add This Service button, to add the new Service to the InterLynx/TS.
  • Page 44 InterLynx/TS User’s Manual_________________________________________________________________ f. After pressing the Add This Service button, the updated Define Services page will appear with the latest Services appearing in the bottom of the table. g. Now click on the yellow Save Setting to Flash button, to make the changes permanent.
  • Page 45 InterLynx/TS User’s Manual_________________________________________________________________ 4. Adding a new Service (GRE). a. Click on the Add A Service button to add a new Service. b. In the Name field type GRE. c. In the Description field enter: IP Protocol 47 d. Check the other radio button in the Protocol field and type 47 in the Protocol # box.
  • Page 46 InterLynx/TS User’s Manual_________________________________________________________________ f. Click on the Add This Service button, to add the new Service to the InterLynx/TS. h. After pressing the Add This Service button, the updated Define Services page will appear with the latest Services appearing in the bottom of the table.
  • Page 47 InterLynx/TS User’s Manual_________________________________________________________________ Part II – Deleting A Defined Service **NOTE: A Predefined Service (p) cannot be deleted from the Define Services table. 1. Click on the Define Services button on the left side of the screen, this will open the Define Services page.
  • Page 48 InterLynx/TS User’s Manual_________________________________________________________________ d. Once the Service to be deleted is selected, press the Delete Service button. e. The updated Define Services table will appear with the remaining Services for the InterLynx/TS listed in the table. f. Now click on the yellow Save Setting to Flash button, to make the changes permanent.

  • Page 49: Static Routes

    2) A route via, or next hop, which is the IP address of the router. This must be on the same subnet as the InterLynx/TS. In the example below, a static route will need to be added to the InterLynx/TS. The steps will be shown following the example.
  • Page 50 InterLynx/TS User’s Manual_________________________________________________________________ Adding a Static route 1. Click on the Static Routes icon on the tool bar on the left side of the screen. This will bring up the Static routes page. 2. Next step is to click on the Add A Route button.
  • Page 51 6. To delete a route click on the Delete under the Delete Column. Click yes on the dialogue box that pops up. Click on the yellow Save Settings to Flash icon to make the changes permanent. 7. For a complete list of routes associated with the InterLynx/TS, press the ‘Routing Table’ button.
  • Page 52 InterLynx/TS User’s Manual_________________________________________________________________ Chapter 8 ___________________InterLynx/TS-to-InterLynx/TS VPN Configuration Using RSA Key NOTE: The recommended Security authentication method is RSA key. RSA key provides greater security over Shared Secret in the fact that RSA key uses a Public and a Private key pair, where as with Shared Secret the VPN devices share the same authentication key.
  • Page 53 Subnet This is the IP address range (the IL/TS default is 192.168.1.0) that is being used on the internal side of the VPN device. Note: The internal subnets must be unique in order for the VPN traffic to be passed thru the InterLynx/TS units. i.e. Both units cannot have the same internal IP address range of 192.168.1.0.
  • Page 54 The screen will refresh and display the parameters that were entered for that connection. **NOTE: These parameters must be entered the same way on the other InterLynx/TS, except for the Location setting. One InterLynx/TS must be configured as the Host and the other InterLynx/TS set for...
  • Page 55 7. Click on Return to VPN to see all the VPN connections that have been configured for this InterLynx/TS. This page will also show the status of the VPN (Up or Down). 8. Once the VPN(s) are done being configured proceed to the next section.
  • Page 56 InterLynx/TS User’s Manual_________________________________________________________________ Part II – Generating the RSA KEY Authentication: 1. From the Virtual Private Network page press the Generate RSA Key Pair button to start the process of generating the new key pair. 2. After pressing the Generate RSA Key Pair button, a dialogue box will appear to explain the key...
  • Page 57 Press OK. 4. Once the key generating process is complete another dialogue box will appear asking if you would like to export the public key from the router (InterLynx/TS). Press OK to continue the process.
  • Page 58 InterLynx/TS User’s Manual_________________________________________________________________ 5. The next step of the process is saving the file to a PC by pressing the Save button. 6. After pressing the Save button, the Save As window will pop up so that the file can be stored in any folder on the PC.
  • Page 59 Return To VPN button. 9. At this point the RSA Key Pair has been generated and needs to be imported into the InterLynx/TS that is at the other end of the VPN. Proceed to the next section for instructions on Importing the Public RSA...
  • Page 60 Part III – Importing the Public RSA Key into the remote InterLynx/TS: 1. Log into the remote (not the unit that the RSA Key was exported from) InterLynx/TS. 2. Click on the Virtual Private Network button on the left side of the screen. This will bring up the Virtual Private Network page.
  • Page 61 InterLynx/TS User’s Manual_________________________________________________________________ 4. Press the Import Public RSA Key button to bring up the Import Public Key page and begin the process of importing the public key to the router( InterLynx/TS ). 8-10...
  • Page 62 InterLynx/TS User’s Manual_________________________________________________________________ 5. Click the Browse button to find the exported RSA Key that was saved as a .txt file on the PC. 6. Locate and highlight the file, and make sure it shows up in the file name text field. Press the Open button to select the file.
  • Page 63 7. Press the Load This Key button to begin the import process to the InterLynx/TS. 8. After the file is successfully loaded onto the InterLynx/TS a message box will appear, choose OK and then press the Return to Virtual Private Network button. At this point the configuration of the VPN between the Host and the Client (remote) sites are complete.
  • Page 64 Note: The instructions that are explained below must be implemented on the InterLynx/TS configured as the Host first and then the Client (remote) InterLynx/TS. If this order is not followed the units may not negotiate the VPN connection correctly and may require a manual start of the VPN.
  • Page 65 InterLynx/TS that is configured as a Host in a “ready” state. 6. Steps 1 – 3 must repeated on the Client (remote) InterLynx/TS so the new VPN settings can be activated and allow the Client (remote) InterLynx/TS to initiate the VPN negotiation process, since it is configured to Auto Start the Connection at boot (or when IPSec is restarted).
  • Page 66 InterLynx/TS User’s Manual_________________________________________________________________ Chapter 9 _______________InterLynx/TS-to-InterLynx/TS VPN Configuration Using Shared Secret NOTE: The recommended Security authentication method is RSA key. RSA key provides greater security over Shared Secret in the fact that RSA key uses a Public and a Private key pair, where as with Shared Secret the VPN devices share the same authenticate key.
  • Page 67 Subnet This is the IP address range (the IL/TS default is 192.168.1.0) that is being used on the internal side of the VPN device. Note: The internal subnets must be unique in order for the VPN traffic to be passed thru the InterLynx/TS units. i.e. Both units cannot have the same internal IP address range of 192.168.1.0.
  • Page 68 The screen will refresh and display the parameters that were entered for that connection. **NOTE: These parameters must be entered the same way on the other InterLynx/TS, except for the Location setting. One InterLynx/TS must be configured as the Host and the other InterLynx/TS set for Client.
  • Page 69 7. Click on the Return to VPN button to see all the VPN connections that have been configured for this InterLynx/TS. This page will also show the status of the VPN (UP or DOWN). 8. Once the VPN(s) are done being configured proceed to the next section.
  • Page 70 Note: The instructions that are explained below must be implemented on the InterLynx/TS configured as the Host first and then the Client (remote) InterLynx/TS. If this order is not followed the units may not negotiate the VPN connection correctly and may require a manual start of the VPN.
  • Page 71 InterLynx/TS that is configured as a Host in a “ready” state. 6. Steps 1 – 3 must repeated on the Client (remote) InterLynx/TS so the new VPN settings can be activated and allow the Client (remote) InterLynx/TS to initiate the VPN negotiation process, since it is configured to Auto Start the Connection at boot (or when IPSec is restarted).
  • Page 72 This chapter will cover viewing Log files, configuring for a Syslog Host, and IP Logging options. Enabling IP Logging 1. After logging into the InterLynx/TS, click on the Logs button on the left side of the screen. This will open the IP Logging page.
  • Page 73 IP Address of the machine that is the Syslog Host and then press the Apply Changes button. NOTE: When this option is active, the log files will be unavailable to view from the InterLynx/TS. The website www.kiwisyslog.com...
  • Page 74 Configuring the Print Server on the InterLynx/TS: Press the ‘Print Server’ icon located on the left hand side of the screen. There are two ways to configure the Print Server on the InterLynx/TS. They are explained in the following sections Network and Parallel.
  • Page 75 The printer will be available as \\hostname\printer name. For example if the hostname of the InterLynx/TS is gateway1 and the printer name is laser1, by browsing to “gateway1” in Network Neighborhood, and double-clicking , “laser1” would be displayed as the available printer resource.