Aurorean network gateway-1000 version 1.1 (3 pages)
Summary of Contents for Enterasys Aurorean ANG-3000
Page 1
Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Installation & Service Installation & Service Installation & Service Installation & Service Aurorean Policy Server Aurorean Policy Server Aurorean Policy Server Aurorean Policy Server Aurorean Network Gateway Aurorean Network Gateway Aurorean Network Gateway Aurorean Network Gateway Guide...
Page 2
Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Page 3
• These devices must accept any interference received, including interference that may cause undesired opera- tion. NOTICE: The ANG-3000/7000 has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment.
Page 4
Do not use these products near water. Do not place these products on an unstable cart, stand, or table. The product may fall, causing serious damage to the product. Enterasys Networks recommends securely fastening the server to a standard 19” equipment rack.
About This Guide Contents of the Guide ... xi Conventions Used in This Guide... xiii Related Publications ... xiv Chapter 1 – Overview System Description ...1 Aurorean Client Software...2 Aurorean Policy Server ...3 Standard Features... 5 Aurorean Network Gateway...6 Standard Features... 8 RiverMaster Management Application ...9 Aurorean Web Config ...11 Aurorean Software Update Service...11...
Page 6
Before You Begin ... 31 Installing APS-3000/7000 Software ... 32 Using the APS-3000/7000 Checklist... 36 Installing New System Software on the ANG-3000/7000... 37 Upgrading Linux Kernel from V3.x to V3.5 ... 38 FTP the New Linux Kernel to the ANG ... 38...
Page 7
Change the Time Zone... 40 Change the Date and Time... 40 Reboot the ANG...41 Configuring General Values of the ANG-3000/7000...42 Installing the Indus River Certificate ...43 Using Internet Explorer (5.x or greater versions only) ... 43 Using Netscape (4.x or higher versions only) ... 49 Logging On the ANG ...57...
Page 8
Aurorean Network Gateway Specifications... 102 Appendix B – Pin Assignments Ethernet... 105 Serial Ports... 107 Keyboard and Mouse... 108 Appendix C – License Agreement & Support Enterasys Networks, Inc. Program License Agreement ... 109 License ...110 Other Restrictions...110 Applicable Law...110 Export Requirements ...110 viii...
Page 9
United States Government Restricted Rights ...111 Exclusion of Warranty ... 111 No Liability for Consequential Damages ...112 Technical Support...112 Support from Enterasys Networks...112 On-line Services ... 112 Phone Support... 113 Returning Products for Repair...113 Appendix D – Aurorean System Upgrades Upgrading from Release 2.x to 3.5...115...
ANG. Network Gateways are available in three models: the ANG-1100 for up to 25 tunnels in a home or small office, the ANG-3000 for small- to medium-sized networks (up to 500 simultaneous tunnels) and the ANG-7000 for large enterprise networks (up to 5000 simultaneous tunnels).
Page 12
! Appendix C, License Agreement & Support describes the warranty terms and support policies covering Enterasys Networks products. ! Appendix D, Aurorean System Upgrades, details how to upgrade your Aurorean servers from Release 2.x to 3.5 and Release 3.x to 3.5.
About This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE CAUTION WARNING Bold Italics SMALL CAPS Courier font Aurorean Installation & Service Guide Conventions Used in This Guide Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.
Acrobat Reader can be downloaded from the CD or the Adobe web site at www.adobe.com. All Aurorean documentation can be found at this URL: http://www.enterasys.com/support/manuals NOTE About This Guide Aurorean Installation & Service Guide...
This chapter describes the key features of Aurorean systems: the Aurorean Network Gateway (ANG) and Aurorean Policy Server (APS). These features are synonymous with all ANG/APS system models unless otherwise specified. The chapter also highlights the capabilities of the RiverMaster management application, which you install on a computer to set up and monitor your Aurorean Virtual Network.
System Description ANG-3000/7000 Aurorean Client INTERNET - Selects closest ISP POP - Dials into ISP POP - Negotiates tunnel with Aurorean Network Gateway ISP = Internet Service Provider POP = Point-of-Presence (local office with Internet access equipment) TollSaver = Aurorean database containing ISP POP phone numbers...
Chapter 1 Overview Aurorean Policy Server Within an Aurorean Virtual Network, the Aurorean Policy Server performs the following primary tasks: ! Manages remote user authentication by authenticating users against user/group databases stored on its own hard drive or by forwarding authentication requests to an external authentication server, such as a RADIUS server.
Page 18
System Description APS-3000/7000 FRONT CD ROM drive for installing Aurorean Software updates APS-3000/7000 REAR Floppy disk drive 10/100BaseT Ethernet port to connect trusted LAN (behind firewall) Figure 2 Aurorean Policy Server Front & Rear View Chapter 1 Overview Complete set of diagnostic LEDs Aurorean Installation &...
Chapter 1 Overview Standard Features A standard APS comes equipped with the following: ! Low profile (1U) chassis that can be mounted into standard 19” racks (midmount or sliding rail hardware provided). ! 90-135, 180-265 VAC switchable power supply. ! High-performance CPU (800 MHz Pentium III for the APS-7000, 566 MHz Celeron in the APS-3000).
! Reports detailed statistics on each tunnel connection which may be viewed using the RiverMaster management application. Two of the three models of Network Gateways, the ANG-3000 and ANG-7000, are similar in appearance and features, and differ only in capacity and performance.
Page 21
Chapter 1 Overview ANG-3000/7000 FRONT Floppy disk drive ANG-3000/7000 REAR 10/100BaseT Ethernet port to connect external LAN (outside firewall) ANG-1100 Front Aurorean Installation & Service Guide Complete set of diagnostic LEDs 10/100BaseT Ethernet port to connect trusted LAN (behind firewall) Figure 3 Aurorean Network Gateways Front &...
System Description Standard Features An ANG-3000/7000 comes equipped with the following: ! Low profile (1U) chassis that can be mounted into standard 19” racks (midmount or sliding rail hardware provided). ! 90-135, 180-265 VAC switchable power supply. ! High-performance CPU (800 MHz Pentium III in the ANG-7000, 566 MHz Celeron in the ANG-3000).
Chapter 1 Overview RiverMaster Management Application After the Aurorean Virtual Network systems are mounted and connected, install the RiverMaster management application on a computer running Windows NT 4.0 (and Service Pack 4 or greater) that is located on the same network segment as the systems.
Page 24
System Description Figure 5 shows the RiverMaster graphical interface and highlights the essential tasks supported by each part of the interface. View tunnel statistics (combined) Check system utilization For complete information on RiverMaster software, refer to the RiverMaster Administrator’s Guide supplied with the APS. Figure 5 RiverMaster Management Application Chapter 1 Overview...
Chapter 1 Overview Aurorean Web Config The Aurorean Network Gateway also can be configured using the Aurorean Web Config management application. You access this program, shown in Figure 6, by pointing your Internet browser at the IP address of the Network Gateway.
Chapters 2 and 3. Unpack the system(s) from the shipping box and remove all items. The items Enterasys Networks provides are shown on the Quick Setup card supplied in the box and in Chapter 2 of this manual. If you are...
Mounting the ANG/APS-3000/7000 Location Planning Place the Aurorean system near the following: ! Ethernet wall jack, patch panel, or hub with available ports. ! A grounded wall outlet or uninterruptible power supply (UPS). Mounting the ANG/APS-3000/7000 Aurorean models ANG/APS-3000/7000 are designed for use in computer rooms and network equipment closets.
Page 29
Chapter 2 Mounting & Connecting Systems Orient the system with the brackets aligned with the desired mounting holes in the rack posts as shown in Figure 8. Insert a screw through each bracket and loosely attach to the rack posts. Do not tighten. Properly align the system in the rack and securely tighten the screws to the rack posts.
Mounting the ANG/APS-3000/7000 Installing in a Four-Post 19” Rack or Cabinet with Sliding Rails The rail kit contains the following parts: ! Two rail assemblies ! Two front brackets (short) ! Two rear brackets (long) ! One package of ten 10/24 x 0.25” panhead Phillips screws, used to attach the rail chassis sections to the system.
Chapter 2 Mounting & Connecting Systems Attach the Chassis Sections to the System To attach the system to the rail chassis sections, perform the following steps: Align the holes in the chassis section with the holes in the system as shown in Figure 10.
Mounting the ANG/APS-3000/7000 Fasten the front bracket to the rack section with two 8/32 x 0.38” flathead countersunk Phillips screws, washers, lock-washers and nuts. Attach the washers and nuts in the order shown in Figure 11. Determine Correct Position for the Rear Brackets The exact position of the rear bracket in relation to the rail assembly is determined by the depth of the rack.
Chapter 2 Mounting & Connecting Systems Rack section Hold the rail assembly against the rack to determine which slots to use in the brackets. From the rear of the cabinet, hook the front bracket over the front of the rack. Place the rear bracket so its rack mounting lip is over the back of the rack.
Mounting the ANG/APS-3000/7000 Place the rail assembly against the rack again by hooking the front bracket over the front of the rack. Slide the rear bracket back until it hooks over the rear of the rack. Hold the rail assembly in place and tighten the screws. Make sure the fit of the rail assembly to the rack is snug.
Page 35
Chapter 2 Mounting & Connecting Systems Front bracket Attach the rear bracket to the rack with two screws provided with the rack as shown in Figure 15. Screws provided with the rack Aurorean Installation & Service Guide Figure 14 Attaching Rail Front to the Rack Figure 15 Attaching Back of Rail to the Rack Mounting the ANG/APS-3000/7000 Front chassis...
Mounting the ANG/APS-3000/7000 Install the System in the Rack Hold the system so that the front is facing you. Line up the system so the rollers on the chassis section will enter the channel of the slider section of the rail assembly as shown in Figure 16.
Chapter 2 Mounting & Connecting Systems Secure the System to the Rack Use the screws provided with the rack to fasten the system’s front flanges to the rack as shown in Figure 17. Removing the System From the Rack If you need to remove the system from the rack perform the following steps: Unscrew the two screws holding the system flanges to the rack.
Page 38
Mounting the ANG/APS-3000/7000 Do not block the vents at the front and rear of the server. For electrical safety, verify that the branch circuit supplying power to equipment in the rack can accommodate the addition of the server. The rack should be properly grounded to an Earth ground;...
Chapter 2 Mounting & Connecting Systems Connecting Cables This section describes how to connect local and remote Aurorean systems. If you are connecting a remote ANG only, skip to Connecting a Aurorean Network Gateway on page 26. Although Aurorean servers are equipped with serial ports, these ports are not normally used for configuration and control.
Connecting Cables Connecting an ANG-3000/7000 ANG-3000/7000s are equipped with two 8-pin modular RJ-45 Ethernet ports labeled TRUSTED and EXTERNAL. If you decide to use only one Ethernet port on an Aurorean Network Gateway, you must use the TRUSTED port. The TRUSTED port should be connected to the same network segment as the Aurorean Policy Server, which should reside behind a firewall or a router that provides network protection.
Page 41
(outside a firewall). To determine the status of these links, check the LEDs on the front panel as described in Chapter 3. Aurorean Installation & Service Guide (outside firewall) TRUSTED (behind firewall) Figure 20 Connecting Ethernet Cables to an ANG-3000/7000 Connecting Cables...
To avoid electrical shock, connect the Aurorean server only to a grounded (earthed) outlet. To wall socket or uninterruptible power supply (UPS) Figure 21 Connecting AC Power to the ANG-3000/7000 WARNING Chapter 2 Mounting & Connecting Systems Aurorean Installation & Service Guide...
ANG/APS will reside on. This computer will be used to remotely control the Aurorean Policy Server and/or Aurorean Network Gateway during the installation process. Figure 22 illustrates how the systems are properly connected. Aurorean Installation & Service Guide ANG-3000/7000 Common LAN Segment Remote Control Computer Figure 22 Connecting the Systems...
Aurorean Network Gateway and Policy Server. Two other maintenance tasks are also described. The general steps include: ! Installing APS-3000/7000 software. ! Installing new system software on the ANG-3000/7000. ! Configuring general values of the ANG-3000/7000. ! Configuring the Remote ANG-3000/7000.
Installing APS-3000/7000 Software Installing APS-3000/7000 Software Although the APS ships with most of its operating software already factory-installed, you must install some additional software from the Aurorean System Software CD ROM. During this installation, a Configuration Wizard program is launched that captures networking values for the APS, such as IP addresses for the Ethernet interfaces.
Page 47
Chapter 3 Installing Software & Setting Networking Configurables Start the VNC application by pointing your Web browser at the APS. In the Location field, type: http://192.168.1.3:5800 The VNC authentication window appears as shown in Figure 24. The IP address you typed includes the port number (5800) with which to access the APS.
Page 48
Installing APS-3000/7000 Software To install APS system software, perform the following steps: Using Windows Explorer, open the directory ...\PolicyServer on the CD ROM. Double-click on the Setup.EXE file to launch the application. When the Welcome window appears, accept all defaults and click Next to continue.
Page 49
Chapter 3 Installing Software & Setting Networking Configurables When the dialog box prompts you to reconfigure your APS, click Yes. An MS DOS screen appears displaying a Perl script as shown in Figure 26. As prompted, replace the factory default values with the following new parameters.
APS and type ping -t x.x.x.x where x.x.x.x is the APS IP address. Wait for the “Reply from x.x.x.x” message to display. All Enterasys services are started, the APS reboots and the VNC remote control session ends. If you are migrating the Management.db from one APS to another, or revising tunnel information stored in the Management.db, you must...
Software CD ROM Figure 27 Installing Aurorean Network Gateway System Software If you are upgrading your ANG-3000/7000 from version 3.x to 3.5only, you must upgrade the Linux kernel before installing new system software. Follow the instructions in the next section.
Installing New System Software on the ANG-3000/7000 Upgrading Linux Kernel from V3.x to V3.5 FTP the New Linux Kernel to the ANG Insert the Aurorean System Software CD ROM in the APS. Browse to the \3rd Party Support\Linux\Kernel directory on the CD ROM and copy the file Linux-2.2.16-2.i386.rpm to the...
13 Change directory by typing: /home/ftp/pub 14 Issue a list command to verify that the file was transferred to the ANG by typing ls -ltr and pressing Aurorean Installation & Service Guide Installing New System Software on the ANG-3000/7000 ENTER ENTER ENTER...
Installing New System Software on the ANG-3000/7000 Install New ANG System Software On the ANG command line, type: rpm -i --force rts-xxx.i386.rpm where xxx is the correct release, build and patch number (matching the file you transferred from the CD ROM) and press Ignore the error messages: “user build does not exist”...
“Reply from 192.168.1.2” message to display. Once you see the above message display, continue with ANG-3000/7000 general configuration on the next page. If you migrate the Management.db from one APS to another, or revise tunnel information stored in the Management.db, you must reboot the ANG following the change because the ANG now transmits information to the APS.
Configuring General Values of the ANG-3000/7000 Configuring General Values of the ANG-3000/7000 To configure general parameters on the ANG-3000/7000, you must use an Internet browser on your remote control computer and connect via a hub or the provided crossover cable to the Network Gateway. You run Enterasys’s Aurorean Web Config application to configure the system.
Installing the Indus River Certificate Installing the Indus River Certificate provides server administration access to the ANG-3000/7000. The procedure to install the Indus River Certificate differs depending on the browser you are using, Internet Explorer (IE) 5 or higher or Netscape Communicator 4 or higher. Both browsers let you use the certificate either for the duration of the session with the ANG or for all subsequent sessions until the certificate expiration date.
Page 58
Configuring General Values of the ANG-3000/7000 Point your Internet Explorer Web browser at the trusted IP address of the Network Gateway by typing the IP address in the Location field, as shown in Figure 29. The Security Alert dialog box appears as shown in Figure 30. This dialog box indicates two “problems”...
Page 59
– – Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 30 Internet Explorer Security Alert Window If you want to make the Certificate valid for the current session only, click Yes. The ANG Log On window appears as shown in Figure 29.
Page 60
Configuring General Values of the ANG-3000/7000 Click Install Certificate to begin the Indus River Certificate installation process. The Welcome window of the Certificate Manager Import Wizard appears as shown in Figure 32. This application copies certificates and related information from your computer to the certificate store, an area on the server.
Page 61
Installing Software & Setting Networking Configurables Figure 32 Internet Explorer Certificate Manager Import Wizard Window Click Next. The Select a Certificate Store window appears as shown in Figure 33. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000...
Page 62
Configuring General Values of the ANG-3000/7000 Do one of the following: – – Installing Software & Setting Networking Configurables Figure 33 Internet Explorer Select a Store Window Choose the Automatic option for the certificate store and click Next. • Click Finish when the Completing window appears.
The first Netscape New Site Certificate window appears as shown in Figure 34. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 windows, respectively. The ANG Log On window appears as shown in Figure 41. • Skip to “Logging On the ANG” on page 57 to continue ANG...
Page 64
Configuring General Values of the ANG-3000/7000 Click Next. The Netscape More Information window appears as shown in Figure 35. If you want to view the certificate and additional details, click More. The View a Certificate window will appear as shown in Figure 40.
Page 65
Chapter 3 Installing Software & Setting Networking Configurables Click Next. The Certificate Acceptance window appears as shown in Figure 36. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 35 Netscape More Information Window...
Page 66
Configuring General Values of the ANG-3000/7000 Make one of the following choices: – – – – Installing Software & Setting Networking Configurables Figure 36 Netscape Certificate Acceptance Window Accept the certificate for this session only and click Next. The Netscape Warn Me window appears as shown in Figure 37.
Page 67
Click Next. Optionally, you may mark the checkbox to be warned when you next connect to the ANG. The Netscape Finish window appears as shown in Figure 38. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 37 Netscape Warn Me Window...
Page 68
Configuring General Values of the ANG-3000/7000 Click Finish. The Certificate Name Check window appears as shown in Figure 39. Netscape reports in this window that the certificate name for the ANG does not match the site name. Disregard this notice. The Certificate Name Check window will appear in all subsequent logins to the ANG.
Page 69
If you chose to examine the Indus River Certificate, it appears as shown in Figure 40. After checking the certificate, click OK. The ANG Log On window appears as shown in Figure 41. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 39 Certificate Name Check Window...
Page 70
Configuring General Values of the ANG-3000/7000 The Indus River Certificate is now either accepted for your current Aurorean Virtual Network session or installed permanently for all sessions. Your Netscape browser will display a closed lock in the lower left corner of the browser as well as a closed lock Security icon on the main menu indicating the certificate is in force.
Since you previously pointed your Web browser at the 192.168.1.2 IP address, the ANG Log On window appears as shown in Figure 41. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 CAUTION Figure 41 ANG Log On Window...
Page 72
Configuring General Values of the ANG-3000/7000 Enter the default User Name (netadmin) and Password (netadmin) values and click Log On. The Welcome window appears as shown in Figure 42. Installing Software & Setting Networking Configurables Figure 42 ANG Welcome Window Aurorean Installation &...
Chapter 3 Installing Software & Setting Networking Configurables Configuring General Parameters To set the General values of the ANG-3000/7000, perform the following steps: Click on the General main menu option. The General Configuration Window appears as shown in Figure 43.
Page 74
ICR, refer to the RiverMaster Administrator’s Guide. We strongly recommend you enable ICR for site-to-site tunnels. To disable ICR for this configuration, consult Enterasys Customer Support. For local ANG configuration only, enter the IP Address of the APS. If you are configuring a remote ANG, skip to Step 8.
Page 75
ANG in finding an APS on the network. To permanently specify a default route to the gateway, as well as set other routing values, refer to “Configuring the Remote ANG-3000/7000” on page 65. It is unnecessary to set a default gateway value for a remote ANG because that ANG does not access an APS.
Page 76
To finish configuring a remote ANG, change the remote control PC’s IP address to the same network as the ANG. To finish configuring a local ANG, do not change the PC’s IP address and skip to “ANG-3000/7000 Installation and Configuration Checklist” on page 63. NOTE...
! Open a Telnet session to the trusted IP, log in and type su -? ! From the /home/ftp/pub directory, type rpm -i --force rts.xxx.i386.rpm (where xxx is the release, build and patch number)? ! Reboot the ANG? Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 NOTE NOTE...
Page 78
! Click the Apply Changes button? ! Click the Restart button? If you successfully completed these steps, do the following: ! Continue ANG-3000/7000 configuration if you are setting up a remote ANG by going to “Configuring the Remote ANG-3000/7000” on page 65.
Chapter 3 Installing Software & Setting Networking Configurables Configuring the Remote ANG-3000/7000 Since you have already configured General values for the ANG, you are ready to complete configuration of the Network Gateway. Setting Routing Parameters To set routing parameters of the remote ANG, perform the following steps: Click on the Routing option.
Configuring the Remote ANG-3000/7000 properties. The values displayed are default parameters. – – – – – If used, type the RIP Password and then confirm the entry in the fields provided. Click Apply Changes. Setting OSPF Properties If your trusted network uses OSPF and you want the ANG to learn and broadcast OSPF routes, perform the following steps: Click the OSPF tab in the Routing Configuration Window.
The internal IP address of the ANG is the gateway. Click the Static Routes tab in the Routing Configuration window. The Static Routes configuration window appears as shown in Figure 46. Aurorean Installation & Service Guide NOTE Configuring the Remote ANG-3000/7000...
Page 82
Configuring the Remote ANG-3000/7000 Click Add Route. The Add Static Routes window appears as shown in Figure 47. Installing Software & Setting Networking Configurables Figure 46 ANG Static Route Configuration Window Figure 47 ANG Add Static Routes Configuration Window Chapter 3...
To set up an external route, perform the following steps: Click the External Routes tab in the Routing Configuration window. The External Routes configuration window appears as shown in Figure 48. Aurorean Installation & Service Guide CAUTION Configuring the Remote ANG-3000/7000...
Page 84
Configuring the Remote ANG-3000/7000 Click Add Route. The Add External Routes configuration window appears as shown in Figure 49. Installing Software & Setting Networking Configurables Figure 48 ANG External Routes Configuration Window Figure 49 ANG Add External Routes Configuration Window Chapter 3 Aurorean Installation &...
To set the Virtual Subnet parameters of the ANG, perform the following steps: Click on the Subnets main menu option. The Virtual Subnets Configuration window appears as shown in Figure 50. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 50 ANG Virtual Subnets Configuration Window...
Page 86
Configuring the Remote ANG-3000/7000 Click Add Subnet. The Add Subnet window appears as shown in Figure 51. Enter an Subnet IP Address and Subnet Mask for the Virtual Subnet in the fields provided. We recommend creating separate groups and assigning separate virtual subnets for all your site-to-site connections.
Enter an IP address for the Primary and Secondary DNS servers in the fields provided. Enter an IP address for the Primary and Secondary WINS servers in the fields provided. Click Apply Changes. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 52 ANG Name Servers Configuration Window...
Configuring the Remote ANG-3000/7000 Configuring Authentication Parameters Authentication for ANGs in a site-to-site configuration is employed for terminating tunnel servers only and for administrator access to the Aurorean Web Config tool. If you are configuring an initiating Network Gateway, skip to “Configuring Protocols Parameters”...
Page 89
To create a group which will include users with static IP addresses, leave this field with the default NULL/NULL selected. Click Add Group. Aurorean Installation & Service Guide CAUTION Figure 54 ANG Add Group Window NOTE Configuring the Remote ANG-3000/7000...
Configuring the Remote ANG-3000/7000 Setting User Parameters Users on remote ANGs can be either the name chosen for a corresponding site-to-site ANG or administrators who require access to the Aurorean Web Config tool. To set User parameters on the ANG, perform the following steps: Click on the Authentication main menu option.
Page 91
(|), forward slash (/), and asterisk (*). Enter a unique password for the user. In the Confirm Password field, retype the same characters you entered in the Password field. Aurorean Installation & Service Guide Figure 56 ANG Add User Window NOTE Configuring the Remote ANG-3000/7000...
Configuring the Remote ANG-3000/7000 Do one of the following: – – In the IP address field, assign a static address to this user. Click Add User. Configuring Protocols Parameters Aurorean Network Gateways support two tunnel protocols: ! IP Security (IPsec) protocol developed by the Internet Engineering Task Force (IETF) that adds security extensions for encryption and message authentication to the IP protocol.
Page 93
ARCFOUR-40: Enables a 40-bit key public domain algorithm that is designed to work with Rivest Cipher 4 (RC4), a stream-based cipher method that supports both 40-bit and 128-bit keys. Using RC4, data packets can be encrypted as they are received instead of in blocks. Configuring the Remote ANG-3000/7000...
Page 94
Configuring the Remote ANG-3000/7000 Choose the type of Secondary Encryption to employ on the ANG. Secondary encryption is available for clients who do not accept primary encryption, mainly legacy Aurorean Virtual Network 1.x Export clients who have not been updated. Since most clients now can accept the primary encryption choices, we recommend you do not change the default None option.
128-bit encryption upgrade available from Microsoft. If 128-bit encryption is chosen, ANGs with 40-bit encryption will not be able to connect over PPTP with Aurorean Virtual Network. Aurorean Installation & Service Guide Figure 58 ANG PPTP Configuration Window NOTE Configuring the Remote ANG-3000/7000...
Configuring the Remote ANG-3000/7000 Choose to Enable or Disable 40-bit Encryption. This option can enable 40-bit key MPPE which generates a key based on a hash of the tunnel’s password and invokes RC4 encryption. This type of encryption is supported by Windows 95/98/NT/2000 computers without any additional software.
Page 97
Installing Software & Setting Networking Configurables Click Add Site-to-Site to initiate the tunnel. The Add Site-to-Site configuration window appears as shown in Figure 60. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 59 ANG Site-to-Site Configuration Window Figure 60 ANG Add Site-to-Site Window...
Page 98
Configuring the Remote ANG-3000/7000 Specify a Tunnel Name for the site-to-site tunnel. This name will be used to identify the terminating ANG. It does not need to match the name of the terminating tunnel. Enter the external IP Address of the terminating ANG.
Chapter 3 Installing Software & Setting Networking Configurables Backing Up the ANG Configuration The optional Backup Configuration option of the Aurorean Web Config lets you save your just-completed ANG configuration to a local/network site or a floppy disk. The configuration file created by this backup process is compressed in a WinZip file as a Unix tar file (config.gz) which bundles the auser.irx, group.irx and config.irx files.
Page 100
Backing Up the ANG Configuration Do one or both of the following: – – When the File Download pop up appears, click OK. After the Save As/Unknown File Type dialog box appears, select a directory and click Save. Do not attempt to change the file name. It cannot be renamed. The Download complete window pops up as shown in Figure 62 displaying the file size and the directory where it was stored.
Chapter 3 Installing Software & Setting Networking Configurables Viewing ANG Statistics The About window displays useful, real-time (when refreshed) statistics regarding the ANG you are logged into. The information displayed includes: ! Software Version: release, patch and build number of the ANG code ! System Uptime: interval the ANG is operating since the last reboot, time of day, number of users logged on and average load ! System Memory: kilobytes of RAM, as well as free, shared, buffered...
Page 102
Viewing ANG Statistics Chapter 3 Installing Software & Setting Networking Configurables Aurorean Installation & Service Guide...
Page 103
Chapter 3 Viewing ANG Statistics Installing Software & Setting Networking Configurables Figure 63 ANG About Window Aurorean Installation & Service Guide...
Administrator’s Guide. Powering Up a System To power up a Aurorean APS/ANG-3000/7000 series, locate the power switch (|) on the front panel and press it in, as shown in Figure 64. You must press and hold the switch for 4 seconds to turn power off.
Page 106
Powering Up a System Overlord monitors the condition of all other services and restarts a service if it fails to initialize properly or ceases to operate at any point. Overlord may also force a total system reboot if necessary. Authorization provides the mechanism for authenticating remote users against user databases located on either the Aurorean Policy Server or an external authentication server (such as a RADIUS device).
Aurorean APS/ANG-3000/7000 systems contain informative LEDs on the front panel. APS/ANG-3000/7000 Front Panel LEDs Front panel LEDs for the APS/ANG-3000/7000 systems share the same LEDs. Table 1 describes each front panel LED and indicates what action should be taken for each LED state (on, off, or blinking).
Page 108
Checking LEDs Table 1 APS/ANG-3000/7000 Front Panel LED Meanings (Continued) This LED... Indicates... This LED lights when a Yellow successful 100Mb link is successful on the Trusted Link 1 Ethernet port. The operating system has booted and the Overlord service is running.
Page 109
Chapter 4 Basic System Operation Table 1 APS/ANG-3000/7000 Front Panel LED Meanings (Continued) This LED... Indicates... The system is receiving Green management messages from another Aurorean system over an Ethernet link. Mgmt Aurorean Installation & Service Guide When the LED Do the following...
When you press the Reset button on any APS or ANG (except the ANG-1100), the system performs a full reset which clears memory, reloads the operating system, and starts Enterasys services. Figure 64 shows the location of the reset button on the front panel.
Aurorean Network Gateways (ANG-3000/7000) and Policy Servers (APS-3000/7000) share many of the same characteristics. This appendix details common specifications of all Aurorean servers, as well as those specific to each server type. Category Chipset APS/ANG- 3000/7000 System Memory Capacity Memory...
Page 112
Table 1 Common Specifications (Continued) Category Environment: Ambient ANG/APS- Temperature 3000/7000 Relative Humidity Acoustic Noise PFC Power AC Voltage & Supply: Frequency APS/ANG- DC Power Supply 3000/7000 +5VDC +12VDC +3.3VDC -12VS\DC Safety US/Canada Regulations Europe CE Mark APS/ANG- 3000/7000 International Parameters Operating: 40°...
Page 113
Appendix A Specifications Table 1 Common Specifications (Continued) Category United States APS/ANG- Canada 3000/7000I Europe Japan Australia, New Zealand Taiwan Russia International Aurorean Installation & Service Guide Parameters FCC Title 47 CFR Parts 2 and 15, Verified Class A Limit IC ICES-003 Class A Limit EMC Directive, 89/336/EEC EN55022, Class A Limit, Radiated and Conducted Emissions...
Aurorean Policy Server Specifications Aurorean Policy Server Specifications Table 2 provides additional information specific to Aurorean Policy Servers. Unless otherwise noted, the information applies to all APS models. Table 2 Aurorean Policy Server Specifications Category Authentication Authentication Services Management Processor Memory Storage Hard Drive...
Page 115
Appendix A Specifications Table 2 Aurorean Policy Server Specifications (Continued) Category Ethernet Number of Ports Data Transfer Rate Connector Cabling Aurorean Installation & Service Guide Aurorean Policy Server Specifications Values 10 or 100 Mbps (auto-sensing) 8-position modular jack (RJ-45), Stewart 88-360808 or equivalent Unshielded twisted pair (UTP) 328 ft.
Point-to-Point Tunneling Protocol (PPTP) as defined in RFC 1234 Generic Routing Encapsulation (GRE) as defined in RFC 1701 and 1702 IPX for access to Novell NetWare devices (ANG-3000/7000 only) RIP V1, V2 OSPF Support for dynamic Virtual Network addressing, local network...
Page 117
Cabling Aurorean Installation & Service Guide Aurorean Network Gateway Specifications Values ANG-7000: Pentium III 800 MHz ANG-3000: Celeron 566 MHz ANG-7000: 256 MB ANG-3000: 64 MB 3 GB (or larger) EIDE hard disk boot device Standard 3.5” diskette drive 10 or 100 Mbps (auto-sensing)
Both APS-3000 and APS-7000 models offers a single Ethernet port for connection to a trusted network segment (one protected by a firewall). ANG models ANG-3000 and ANG-7000 offer a similar port and a second port for connection to an unprotected external network segment.
Page 120
Ethernet Link 1 (TRUSTED) Link 2 (EXTERNAL) Replacement Ethernet cables must meet the following requirements: ! Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring ! Length cannot exceed 328 feet (100 meters) Pin 8 Pin 1 Pin 1 Pin 8 Figure 1 Ethernet Port Pin Assignments Appendix B Pin Assignments...
Appendix B Pin Assignments Serial Ports Both APS/ANG-3000/7000 models come equipped with front panel (behind the bezel) and rear serial ports intended for debugging and troubleshooting purposes. The front panel serial port is connected in parallel with the serial port located at the rear of the chassis. The serial ports’ NS16C550-compatible UARTS support data transfers at speeds up to 115.2 Kbits/sec with BIOS...
Aurorean system types (excluding the ANG-1100) offer keyboard and mouse ports located at the rear of the chassis for diagnostic use only. These ports should be used only under the supervision of Enterasys Networks support personnel or qualified reseller technicians.
CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the Enterasys software program (“Program”) in the package. The Program may be contained in firmware, chips or other media.
New Hampshire courts. Export Requirements You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S.
Government is subject to restrictions set forth herein. Exclusion of Warranty Except as may be specifically provided by Enterasys in writing, Enterasys makes no warranty, expressed or implied, concerning the Program (including its documentation and media).
No Liability for Consequential Damages No Liability for Consequential Damages IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL,...
Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1000/3000/7000 for repairs. You will receive a Return Material Authorization (RMA) number for the server. Ship the server,...
This appendix describes the steps to upgrade your Aurorean system from: ! Release 2.x to 3.5 (see below) ! Release 3.x to 3.5 (refer to page 123) Upgrading from Release 2.x to 3.5 This section details the following steps to upgrade from Aurorean 2.x to 3.1.x: ! Backup the APS management database on the RiverMaster computer ! Reconfigure the APS ! FTP the new Linus kernel and install on the ANG...
Page 130
Upgrading from Release 2.x to 3.5 Select the Access Service Click here to view the list of services Click Start on Backup Database to copy the database to a directory of your choice on your computer or a system on the network. A window similar to Figure 6 appears.
Appendix D Aurorean System Upgrades When the backup complete message appears at the bottom of the window, click the download database button and browse to a local directory. Copy the database backup files, management.db and .authlock, to a floppy disk. If you have more that one APS, repeat the previous steps for each.
Page 132
From the Services Control Panel, stop the Indus River Database Engine Service. Copy the backup files (management.db and .authlock) to the c:\enterasys\database directory, overwriting the existing files. Insert the CD ROM into the CD ROM drive of the APS. On the CD ROM, browse to the ...\PolicyServer directory and double-click setup.exe.
An MS DOS screen appears with a Perl script as shown in Figure 9. Verify the information displayed is accurate or change as required. 12 Restart the APS. All Enterasys services are started, the APS reboots and the VNC remote control session ends. FTP the New Linux Kernel to the ANG...
Upgrading from Release 2.x to 3.5 Type bin and press Type put linux-2.2-16-2.i386.rpm and press When the transfer finishes, type bye or quit to end the FTP session. Install the New Linux Kernel Telnet to the trusted IP address of the ANG and login (the default username and password are netadmin and netadmin).
Appendix D Aurorean System Upgrades Install the ANG Software Telnet to the trusted IP address of the ANG and log in (the default username and password are netadmin and netadmin). Type su - root and press Type cd /home/ftp/pub and press Remove the pre-installed ANG software before installing version 3.1.x.
Upgrading from Release 2.x to 3.5 3) IPSec Configuration 4) Diagnostics 5) Interfaces and Routing 6) System log files 7) Quit Choose Option 2 (VPN Configuration and Installation Check). The following message will appear: 1. The IPSec Listener is running 2.
Appendix D Aurorean System Upgrades On your RiverMaster system, go to Add/Remove Programs in the Control Panel and uninstall RiverMaster. Delete the RiverMaster install directory. Its default location is: \Program Files\Indus River Networks. Reboot the RiverMaster PC. Insert the Aurorean System Software CD ROM in the drive, browse to the Aurorean 3.x\RiverMaster directory and double-click the setup.exe file.
Upgrading Release 3.x to 3.5 You will receive a message that tells you that newer data may be available. Click OK. 10 Click Finish to reboot the APS. The Linux kernel must be upgraded before the ANG system software can be upgraded.
Appendix D Aurorean System Upgrades 10 Type put Linux-2.2.16-2.i386.rpm and press 11 Type put rts-3.5.xx-xxx.i386.rpm and press 12 When the file transfer is complete, type bye and press ANG Linux Kernel Upgrade (3000/7000) This step is required only if the ANG is running Version 3.1.0 or lower. Follow the instructions in “Install the New Linux Kernel”...
Page 140
Upgrading Release 3.x to 3.5 Telnet window on the APS or your laptop and Telnet to the trusted interface of the ANG. Log in as netadmin, with the password netadmin. Type su - and press press Run the Admintool script by typing ./admintool to verify proper configuration.
AC power supply specifications Access service ANG-3000/7000 specifications APS-3000/7000 specifications Aurorean Network Gateway backup configuration backup configuration button connecting Ethernet cables key lifetimes mounting – restart button specifications standard features system description viewing statistics Aurorean Policy Server connecting Ethernet cables...
Page 142
Index floppy drive front panel APS/ANG-3000/7000 LEDs illustration FTP service Generic Routing Encapsulation (GRE) grounding hard drive installation attaching the brackets before you begin – connecting cables – connecting power installing Policy Server software locating a server mounting a rack-style system mounting a system –...
Page 143
processor protocols rack-mounting a system – rear panel illustration rebooting the ANG regulatory compliance Reset button Resetting Restart button restarting the ANG RiverMaster checking server status overview RJ-45 connecting cables – connector pin assignments specifications RMA number routing safety compliance serial port services running on APS Set hardware clock...