Enterasys ANG-1100 User Manual
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Gateway
  5. ANG-1100 Series
  6. User manual
Enterasys ANG-1100 User Manual

Enterasys ANG-1100 User Manual

Enterasys ang-1100 vpn gateways: user guide
Hide thumbs Also See for ANG-1100:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installation Manual
Aurorean™ Virtual Network
ANG-1100
User's Guide
Version 2.2
9033734-02

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANG-1100 and is the answer not in the manual?

Questions and answers

Related Manuals for Enterasys ANG-1100

Summary of Contents for Enterasys ANG-1100

  • Page 1 Aurorean™ Virtual Network ANG-1100 User’s Guide Version 2.2 9033734-02...
  • Page 2 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its Web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.
  • Page 3 • This device must accept any interference received, including interference that may cause undesired operation. Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority granted by the FCC or other such agency to operate this equipment.
  • Page 4 This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program (including any accompanying documentation, hardware or media) (“Program”) in the package and prevails over any additional, conflicting or inconsistent terms and conditions appearing on any purchase order or other document submitted by You.
  • Page 5 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.
  • Page 6 Agreement shall be void and a breach of this Agreement. 12) WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition.

  • Page 7: Declaration Of Conformity

    Conformance to Directive(s)/Product Standards: EC Directive 89/336/EEC Equipment Type/Environment: Networking Equipment, for use in a Commercial Enterasys Networks, Inc. declares that the equipment packaged with this notice conforms to the above directives. Aurorean Network Gateway-1100 User’s Guide Declaration of Conformity 73/23/EEC Manufacturer’s Name:...

  • Page 9: Table Of Contents

    About This Guide Contents of the Guide ... xi Conventions Used in This Guide... xii Related Publications ... xiii Chapter 1 – Overview System Description ...1 Configuration Management ...2 Chapter 2 – Installation Unpacking the ANG-1102/1105 ...5 Accessories ...6 Location Planning...6 Connecting Cables ...7 Ethernet Connections ...7 Serial Connection ...9...
  • Page 10 Chapter 3 – Configuring the ANG-1100 with Aurorean Web Config Before You Begin ... 13 Logging into Web Config... 15 Setting Your Password ... 16 Viewing VPN Status ... 17 Setting Up the VPN ... 18 Setting Up the Internet Connection... 22 Downloading the Latest Firmware...

  • Page 11: About This Guide

    Virtual Network family of enterprise VPN products. Chapter 2, Installation describes how to physically mount, connect, and power-up Aurorean servers. Chapter 3, Configuring the ANG-1100 with Aurorean Policy Manager, details how to configure the server. Appendix A, Glossary defines terms used in this manual.

  • Page 12: Conventions Used In This Guide

    Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE CAUTION WARNING Bold Italics SMALL CAPS Courier font Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.

  • Page 13: Related Publications

    VPN connection with the ANG-1102/1105. A Portable Document File (PDF) version of this manual is available and can be downloaded from the Enterasys.com Web site. You can view this manual on-line or print a copy of it using Adobe Acrobat Reader 3.0 (or later).

  • Page 15: Chapter 1 - Overview

    It supports up to 25 tunnels. An ANG-1102/1105 comes equipped with the following: 110-250V power supply. High-performance CPU: 90 MHz internal, 45 MHz external. Aurorean Network Gateway-1100 User’s Guide Figure 1 ANG-1100 Overview...

  • Page 16: Configuration Management

    Internet. One DB-9 port (ANG-1105) for diagnostics. Configuration Management One or more ANG-1100’s configuration files can be managed remotely by the NetSight Gateway Monitoring Tool (NGMT) application. By using the Cabletron SNMP Enterprise Download MIB, new software images can be downloaded from an FTP server to the ANG-1100.
  • Page 17 Chapter 1 Overview Cable/DSL modem ANG-1102/1105 - Initiates tunnel to ANG-3000/7000 - Negotiates tunnel protocols - Encrypts data over tunnel Aurorean Network Gateway-1100 User’s Guide - Negotiates tunnel protocols - Compresses data over tunnel - Encrypts data over tunnel ANG-3000/7000 Router INTERNET Site-to-Site connection...

  • Page 19: Chapter 2 - Installation

    This chapter describes the steps required to unpack, install and connect an Aurorean Network Gateway-1102/1105 onto a desktop. Unpacking the ANG-1102/1105 Remove the ANG-1102/1105 from the shipping box. Save the box in case the unit needs to be returned. Aurorean Network Gateway-1100 User’s Guide Power cord Power...

  • Page 20: Accessories

    Unpacking the ANG-1102/1105 The box contains a CD ROM with this instruction manual in the Adobe PDF format, a Quick Setup card and accessories. See an illustration of the ANG-1105 below. Accessories The ANG-1102/1105 also is shipped with the following accessories: One cross-over (red) cable for a direct PC/Network Gateway connection.

  • Page 21: Connecting Cables

    All interconnections are made at the back of the ANG-1102/1105 (refer to Figure 5). Also, a reset button is located in the rear of the unit. If you press the Reset button after you have configured your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.
  • Page 22 User Internet connection Trusted connection Figure 6 Connecting the ANG-1100 If you are connecting an ANG-1102 to a hub, plug one end of a straight-through Ethernet cable into the ANG’s trusted port. If you are connecting an ANG-1105 to a PC, plug one end of a straight-through cable into the ANG’s trusted port.

  • Page 23: Serial Connection

    PC DSL or cable modem Figure 7 Connecting Cables to the ANG-1100 (ANG-1105 shown) Plug an Ethernet cable into the External port as shown in Figure 7. Plug the opposite end of this cable into a DSL or cable modem.

  • Page 24: Connecting Power To The Ang-1102/1105

    ANG-1102/1105, perform the following steps: Plug the power supply cord into the system’s power socket as shown in Figure 8. Power supply cable Figure 8 Connecting AC Power on the ANG-1100 (ANG-1105 shown) WARNING Aurorean Network Gateway-1100 User’s Guide Chapter 2...
  • Page 25 Plug the AC power cord into the power supply and the other end into a grounded AC outlet or UPS as shown in Figure 9. The Power LED on the ANG-1100 will light the moment you power up the unit.

  • Page 26: Checking Ang-1102/1105 Connections

    Checking ANG-1102/1105 Connections Checking ANG-1102/1105 Connections The ANG-1102/1105 is now connected and ready for configuration. Check the LEDS in the manner described below to confirm that the connections are working properly. LED behavior The LEDs behave as follows at when powered up at startup: Power LED stays ON for 2-3 seconds indicating boot diagnostics are running followed by boot up of the Linux kernel.

  • Page 27: Before You Begin

    Configuring the ANG-1100 with To configure the ANG-1100, use the Internet browser on your computer and connect to the server via the Web. During the Web session, you run the Aurorean Web Config utility and configure the system. Figure 10 illustrates the process.
  • Page 28 If your computer was supplied a static IP address and Gateway by your service provider, you must now accept the address from a DHCP server and remove the gateway for the ANG-1100 to find and connect with the PC. To do so, click Start, select Settings and double-click on Control Panel.

  • Page 29: Logging Into Web Config

    To log into Web Config, perform the steps below. Point your Web browser at the default trusted IP address of the ANG-1100. In the browser’s Location field at the top of the window, type: http://192.168.1.1 and click OK. The Login window appears as shown in Figure 11.

  • Page 30: Setting Your Password

    The VPN Status window appears as shown in Figure 13. Setting Your Password Because the default password is readily available through all ANG-1100 documentation, we strongly recommend that you ensure security by setting a new password to replace the default password admin, netuser, or netguest.

  • Page 31: Viewing Vpn Status

    Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Type a new Password in the field provided. Confirm the new password in the field provided. Click Apply. Viewing VPN Status The VPN Status window is the first screen to appear after logging in. At this point, you have just begun configuration so the VPN Status window appears empty.

  • Page 32: Setting Up The Vpn

    Setting Up the VPN The VPN configuration created on the ANG-1100 completes a link with the ANG-3000/7000 on the remote end of this connection. If your network administrator has already set up the ANG-3000/7000 with appropriate User, Password and Group information, after setting up the VPN you will build the site-to-site tunnel connection and be up and running on the corporate LAN.
  • Page 33 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Enter the Name of the remote ANG-3000/7000 you are connecting to.
  • Page 34 Peer to Peer - connectivity for devices on remote networks over tunnels between two ANG-1100 servers, or interoperability between an ANG-1100 and a Cisco or Nortel gateway. This option requires adding the IP address and Subnet Mask of up to three remote peers.
  • Page 35 MAC address (refer to “Using Advanced Utilities” on page 37 for more information). If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.

  • Page 36: Setting Up The Internet Connection

    Setting Up the Internet Connection Internet configuration of the External side of the ANG-1100 involves choosing the type of IP address assignment the ANG-1100 will accept. The ANG can accept one of the following: A DHCP-assigned IP address - your network automatically sets the ANG’s IP address via the DHCP (Dynamic Host Configuration...
  • Page 37 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Do one of the following: Aurorean Network Gateway-1100 User’s Guide...
  • Page 38 Internet LED will turn on. If a static IP address was configured, the Internet LED will shine immediately. If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.

  • Page 39: Downloading The Latest Firmware

    Downloading the Latest Firmware After logging in, download the latest firmware image to the ANG-1100’s flash memory (provided the MAC address is set for cable service users - refer to page 38) by accessing the FTP server where it is stored. As new firmware becomes available, you can update it again.

  • Page 40: Firmware Update

    After the firmware image is downloaded, the new image is “flashed” or stored on the ANG-1100. This step takes up to 5 minutes and the photo below shows the activity lights seen on the ANG-1100 when the device’s flash memory is being upgraded with the new firmware image.
  • Page 41 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config After downloading and “flashing” are complete, a status page displays as shown in Figure 18 indicating the process was successful and displays the FTP server IP address and new build filepath.

  • Page 42: Setting Up The Lan

    Setting Up the LAN LAN configuration of the Trusted side of the ANG-1100 involves choosing either to manually set an IP address and subnet for the ANG-1100 or dynamically assign its IP address via your network’s DHCP server. The factory default LAN setting configures the ANG as a DHCP server on the trusted LAN and automatically assign IP addresses to local PCs.
  • Page 43 If you change the default LAN Setup and reboot the ANG-1100, you must release and renew the IP address for all adaptors bound to TCP/IP on your connected computer(s) in order to reconnect with the ANG-1100 and make future changes.

  • Page 44: Setting Up The Firewall

    ANG-1100. Click Reboot Now. If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you supplied must then be re-entered.
  • Page 45 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Begin Firewall Setup by performing the following steps: Click the Firewall Setup menu option. The Firewall Setup window appears as shown in Figure 21. Help VPN Status VPN Setup Connectivity Setup...

  • Page 46: Setting Your Password

    If you press the Reset button after you have configured your ANG-1100, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the Reset button.
  • Page 47 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup Type the old Password in the field provided. Type a new Password in the field provided. Confirm the new password in the field provided.

  • Page 48: Checking Device Status

    Route Table entries detail connected networks, gateways, their associated IP addresses, netmasks and other data. Interrupts lists the hardware interrupts supported on the ANG-1100 as well as their vectors and interrupt counters. The two SMC9194 items listed are the Ethernet Trusted and External port interrupts.
  • Page 49 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1100 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Aurorean Network Gateway-1100 User’s Guide...

  • Page 50: Network Devices

    --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- --- --- -- --:--:-- Configuring the ANG-1100 with Aurorean Web Config Receive errs drop fifo frame packers 2258 13959...

  • Page 51: Using Advanced Utilities

    Using Advanced Utilities Advanced Utilities provided by the ANG-1100 include: Setting the MAC Address of a newly attached ANG-1100 when you want to quickly connect to a cable service provider. MAC addresses are used by service providers to identify supported users. The ANG- 1100 can proxy your computer’s MAC address to the ISP but your...

  • Page 52: Using The Configuration Editor

    Do one of the following: ANG-1100 connections broken during a reboot will be lost after service returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before re-initiating the connection resolves the problem. Using the Configuration Editor Knowledgeable network administrators can use the Configuration Editor to modify the ANG-1100’s LINUX 2.0 operating system configuration files.
  • Page 53 Configuration File Edit This Web application allows you to update and delete the system configuration files of the ANG-1100. These files are used to control the ANG-1100 for its VPN functionality, Internet and LAN connectivity, firewall capabilities, networking startup commands and other key features of the ANG-1100 device.
  • Page 54 You can remove the Configuration Editor (along with the Advanced Utilities option) from the main menu by selecting config, deleting the MODEEXPERT on argument and clicking Update. Configuring the ANG-1100 with Aurorean Web Config Aurorean Network Gateway Configuration File Edit...
  • Page 55 Configuring IP Port Forwarding ANG-1100’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1100 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-side hosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.
  • Page 56 Under **Expert-Config**, type the following rules: – – Click Update and Reboot Now when prompted to save the change. Configuring the ANG-1100 with Aurorean Web Config Definition Forward TCP traffic Forward UDP traffic Add the IP port forwarding table entry...
  • Page 57 Chapter 3 Configuring the ANG-1100 with Aurorean Web Config Refer to the table below for a sample IP port forwarding configuration: Example The above sample configuration performs the following tasks: Clears the IP port forwarding table Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to port 23 on the internal server 192.168.0.1...

  • Page 59: Appendix A - Glossary

    Aurorean Network Gateway An Enterasys Networks device that creates a secure virtual private circuit over the Internet between itself and a remote user’s computer. The Aurorean Network Gateway encapsulates data packets using IPSec and encrypts data to prevent third-parties from intercepting and examining it. There are three...
  • Page 60 authentication server (such as a RADIUS or SecurID server). When the network administrator changes tunnel connection parameters, the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request. DHCP Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP addresses.

  • Page 61: Generic Routing Encapsulation (Gre)

    Appendix A Glossary Generic Routing Encapsulation (GRE) Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link over the Internet. For PPTP, GRE is used to encapsulate PPP data packets within an IP packet (IP packet headers contain address information necessary for routing, while PPP packets do not).

  • Page 62: Mac Address

    (such as servers and the applications running on them) are consistently available and performing well. In terms of Enterasys Networks products, this person physically installs Aurorean Policy Servers and Aurorean Network Gateways, distributes Aurorean Client Software to remote users, and runs RiverMaster software on his/her computer to manage the entire VPN.

  • Page 63: Point-To-Point Protocol (Ppp)

    Appendix A Glossary Point of Presence (POP) In Internet terms, the physical site that contains an ISP’s network equipment. Remote users dial into the POP, authenticate against the ISP’s customer database, and then gain access to the Internet. ISPs typically have POPs scattered throughout their service area, so that can customers can dial a local phone call and avoid paying long- distance charges when accessing the Internet.

  • Page 64: Virtual Private Network (Vpn)

    Role-Based Management Multiple login levels provide a greater measure of security for ANG-1100 configuration. An Admin user retains full control over configuration, while a User can control VPN Setup, DHCP, PPPoE, and Soft Reboot values only. A Guest can control VPN Setup only. All users can change the passwords for their levels only.

  • Page 65: Appendix B - Specifications

    This appendix details the specifications of the ANG-1102/1105. Category Chassis Depth Width Height Weight Environment Operating Temperature Storage Temperature Humidity Power Supply Power Adapter Processor Memory Storage Hard Drive Devices Aurorean Network Gateway-1100 User’s Guide Table 1 ANG-1102/1105 Specifications Parameters 6”...
  • Page 66 Table 1 ANG-1102/1105 Specifications (Continued) Category Performance Server Capacity Tunnel Performance Hardware acceleration Protocols & Tunnel Protocols Standards Encapsulated LAN Protocols Routing Protocols Authentication Encryption Compression Firewall support Other Operating Type System Parameters > 25 concurrent tunnels Up to 3 Mbps with IPSec SafeNet 1140 CryptoCore chip on ANG-1105 IP Security Protocol (IPSec) as defined in RFC 2401 and 2409 Point-to-Point Tunneling Protocol (PPTP) as defined in...
  • Page 67 Appendix B Specifications Table 1 ANG-1102/1105 Specifications (Continued) Category Ethernet Number of Ports Data Transfer Rate 10 Mbps on the ANG-1102, 100 Mbps on the ANG-1105 Connector Serial Number of Ports Safety US/Canada/ Regulations Europe EMCI US, Canada, Europe, Japan, Australia, New Zealand, Taiwan, Russia,...

  • Page 69: Appendix C - Pin Assignments

    This appendix describes pin assignments for the Ethernet connectors on the ANG-1102/1105. Additionally, the ANG-1105 provides a serial connector. ANG-1102/1105 servers are equipped with either two or five Ethernet ports located at the rear of the chassis, supporting full-duplex 10Base-T transmission.
  • Page 70 LAN 1-4 (TRUSTED) WAN: ANG-1102 (EXTERNAL) WAN: ANG-1105 (EXTERNAL) The ANG-1105 is equipped with a single serial port for debugging purposes. An industry-standard serial cable can be used to connect to the male DB-9 connector. See Figure 2 for serial port pin assignments. Pin 8 Pin 1 Pin 1...
  • Page 71 Appendix C Pin Assignments Pin 1 Pin 6 Aurorean Network Gateway-1100 User’s Guide DB-9 Pin 5 Pin 9 Figure 2 Serial Port Pin Assignments Signal Carrier Detect (CD) Receive Data (RX) Transmit Data (TX) Data Term Ready (DTR) Ground (GND) No Carrier (NC) Request to Send (RTS) Clear to Send (CTS)

  • Page 73: Index

    LEDs Interconnects Power connections Power LED specifications unpacking Usage VPN LED WAN LED Aurorean Network Gateway definition Aurorean Network Gateway-1100 See ANG-1100 Aurorean Policy Server definition Aurorean Web Config, definition authentication cables connecting Ethernet – connecting serial requirements Canadian notices...
  • Page 74 encryption environmental parameters Ethernet cable requirements connections definition ports specifications External port connecting cables EZ-IPsec firewall setup Firewall, definition Flash specifications FTP server Generic Routing Encapsulation (GRE) GRE. See Generic Routing Encapsulation (GRE) installation before you begin connecting cables – connecting power locating a server Intel Flash memory...
  • Page 75 Point of Presence (POP), definition Point-to-Point Protocol (PPP), definition Point-to-Point Tunneling Protocol (PPTP) definition definition Power power connections power supply specifications power cord power supply PPP, definition PPPoE PPPoE, definition PPTP, definition processor specifications protocols Quick Setup card regulatory compliance reset button RiverMaster definition...
  • Page 76 Index Web Config winipcfg WINS proxy Aurorean Network Gateway-1100 User’s Guide...

This manual is also suitable for:

Ang-1102Ang-1105

Table of Contents