1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Server
  5. Aurorean ANG-3000
  6. Installation & service manual

Enterasys Aurorean ANG-3000 Installation & Service Manual

Virtual network aurorean policy server and aurorean network gateway
Hide thumbs Also See for Aurorean ANG-3000:
Table of Contents

Advertisement

Quick Links

Download this manual
Installation & Service
Installation & Service
Installation & Service
Installation & Service
Aurorean Policy Server
Aurorean Policy Server
Aurorean Policy Server
Aurorean Policy Server
Aurorean Network Gateway
Aurorean Network Gateway
Aurorean Network Gateway
Aurorean Network Gateway
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Guide
Guide
Guide
Guide
Version 3.5
Version 3.5
Version 3.5
Version 3.5

Advertisement

Table of Contents
loading

Related Manuals for Enterasys Aurorean ANG-3000

Summary of Contents for Enterasys Aurorean ANG-3000

  • Page 1 Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Installation & Service Installation & Service Installation & Service Installation & Service Aurorean Policy Server Aurorean Policy Server Aurorean Policy Server Aurorean Policy Server Aurorean Network Gateway Aurorean Network Gateway Aurorean Network Gateway Aurorean Network Gateway Guide...
  • Page 2 Enterasys Networks and its licensors reserve the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
  • Page 3 • These devices must accept any interference received, including interference that may cause undesired opera- tion. NOTICE: The ANG-3000/7000 has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment.
  • Page 4 Do not use these products near water. Do not place these products on an unstable cart, stand, or table. The product may fall, causing serious damage to the product. Enterasys Networks recommends securely fastening the server to a standard 19” equipment rack.

  • Page 5: Table Of Contents

    About This Guide Contents of the Guide ... xi Conventions Used in This Guide... xiii Related Publications ... xiv Chapter 1 – Overview System Description ...1 Aurorean Client Software...2 Aurorean Policy Server ...3 Standard Features... 5 Aurorean Network Gateway...6 Standard Features... 8 RiverMaster Management Application ...9 Aurorean Web Config ...11 Aurorean Software Update Service...11...
  • Page 6 Before You Begin ... 31 Installing APS-3000/7000 Software ... 32 Using the APS-3000/7000 Checklist... 36 Installing New System Software on the ANG-3000/7000... 37 Upgrading Linux Kernel from V3.x to V3.5 ... 38 FTP the New Linux Kernel to the ANG ... 38...
  • Page 7 Change the Time Zone... 40 Change the Date and Time... 40 Reboot the ANG...41 Configuring General Values of the ANG-3000/7000...42 Installing the Indus River Certificate ...43 Using Internet Explorer (5.x or greater versions only) ... 43 Using Netscape (4.x or higher versions only) ... 49 Logging On the ANG ...57...
  • Page 8 Aurorean Network Gateway Specifications... 102 Appendix B – Pin Assignments Ethernet... 105 Serial Ports... 107 Keyboard and Mouse... 108 Appendix C – License Agreement & Support Enterasys Networks, Inc. Program License Agreement ... 109 License ...110 Other Restrictions...110 Applicable Law...110 Export Requirements ...110 viii...
  • Page 9 United States Government Restricted Rights ...111 Exclusion of Warranty ... 111 No Liability for Consequential Damages ...112 Technical Support...112 Support from Enterasys Networks...112 On-line Services ... 112 Phone Support... 113 Returning Products for Repair...113 Appendix D – Aurorean System Upgrades Upgrading from Release 2.x to 3.5...115...

  • Page 11: About This Guide

    ANG. Network Gateways are available in three models: the ANG-1100 for up to 25 tunnels in a home or small office, the ANG-3000 for small- to medium-sized networks (up to 500 simultaneous tunnels) and the ANG-7000 for large enterprise networks (up to 5000 simultaneous tunnels).
  • Page 12 ! Appendix C, License Agreement & Support describes the warranty terms and support policies covering Enterasys Networks products. ! Appendix D, Aurorean System Upgrades, details how to upgrade your Aurorean servers from Release 2.x to 3.5 and Release 3.x to 3.5.

  • Page 13: Conventions Used In This Guide

    About This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE CAUTION WARNING Bold Italics SMALL CAPS Courier font Aurorean Installation & Service Guide Conventions Used in This Guide Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.

  • Page 14: Related Publications

    Acrobat Reader can be downloaded from the CD or the Adobe web site at www.adobe.com. All Aurorean documentation can be found at this URL: http://www.enterasys.com/support/manuals NOTE About This Guide Aurorean Installation & Service Guide...

  • Page 15: Chapter 1 - Overview

    This chapter describes the key features of Aurorean systems: the Aurorean Network Gateway (ANG) and Aurorean Policy Server (APS). These features are synonymous with all ANG/APS system models unless otherwise specified. The chapter also highlights the capabilities of the RiverMaster management application, which you install on a computer to set up and monitor your Aurorean Virtual Network.

  • Page 16: Aurorean Client Software

    System Description ANG-3000/7000 Aurorean Client INTERNET - Selects closest ISP POP - Dials into ISP POP - Negotiates tunnel with Aurorean Network Gateway ISP = Internet Service Provider POP = Point-of-Presence (local office with Internet access equipment) TollSaver = Aurorean database containing ISP POP phone numbers...

  • Page 17: Aurorean Policy Server

    Chapter 1 Overview Aurorean Policy Server Within an Aurorean Virtual Network, the Aurorean Policy Server performs the following primary tasks: ! Manages remote user authentication by authenticating users against user/group databases stored on its own hard drive or by forwarding authentication requests to an external authentication server, such as a RADIUS server.
  • Page 18 System Description APS-3000/7000 FRONT CD ROM drive for installing Aurorean Software updates APS-3000/7000 REAR Floppy disk drive 10/100BaseT Ethernet port to connect trusted LAN (behind firewall) Figure 2 Aurorean Policy Server Front & Rear View Chapter 1 Overview Complete set of diagnostic LEDs Aurorean Installation &...

  • Page 19: Standard Features

    Chapter 1 Overview Standard Features A standard APS comes equipped with the following: ! Low profile (1U) chassis that can be mounted into standard 19” racks (midmount or sliding rail hardware provided). ! 90-135, 180-265 VAC switchable power supply. ! High-performance CPU (800 MHz Pentium III for the APS-7000, 566 MHz Celeron in the APS-3000).

  • Page 20: Aurorean Network Gateway

    ! Reports detailed statistics on each tunnel connection which may be viewed using the RiverMaster management application. Two of the three models of Network Gateways, the ANG-3000 and ANG-7000, are similar in appearance and features, and differ only in capacity and performance.
  • Page 21 Chapter 1 Overview ANG-3000/7000 FRONT Floppy disk drive ANG-3000/7000 REAR 10/100BaseT Ethernet port to connect external LAN (outside firewall) ANG-1100 Front Aurorean Installation & Service Guide Complete set of diagnostic LEDs 10/100BaseT Ethernet port to connect trusted LAN (behind firewall) Figure 3 Aurorean Network Gateways Front &...

  • Page 22: Standard Features

    System Description Standard Features An ANG-3000/7000 comes equipped with the following: ! Low profile (1U) chassis that can be mounted into standard 19” racks (midmount or sliding rail hardware provided). ! 90-135, 180-265 VAC switchable power supply. ! High-performance CPU (800 MHz Pentium III in the ANG-7000, 566 MHz Celeron in the ANG-3000).

  • Page 23: Rivermaster Management Application

    Chapter 1 Overview RiverMaster Management Application After the Aurorean Virtual Network systems are mounted and connected, install the RiverMaster management application on a computer running Windows NT 4.0 (and Service Pack 4 or greater) that is located on the same network segment as the systems.
  • Page 24 System Description Figure 5 shows the RiverMaster graphical interface and highlights the essential tasks supported by each part of the interface. View tunnel statistics (combined) Check system utilization For complete information on RiverMaster software, refer to the RiverMaster Administrator’s Guide supplied with the APS. Figure 5 RiverMaster Management Application Chapter 1 Overview...

  • Page 25: Aurorean Web Config

    Chapter 1 Overview Aurorean Web Config The Aurorean Network Gateway also can be configured using the Aurorean Web Config management application. You access this program, shown in Figure 6, by pointing your Internet browser at the IP address of the Network Gateway.

  • Page 26: Installation Overview

    Chapters 2 and 3. Unpack the system(s) from the shipping box and remove all items. The items Enterasys Networks provides are shown on the Quick Setup card supplied in the box and in Chapter 2 of this manual. If you are...

  • Page 27: Chapter 2 - Mounting & Connecting Systems

    Enterasys Networks also supplies all Ethernet and modem cables necessary to link the system to the corporate network and telephone network.

  • Page 28: Location Planning

    Mounting the ANG/APS-3000/7000 Location Planning Place the Aurorean system near the following: ! Ethernet wall jack, patch panel, or hub with available ports. ! A grounded wall outlet or uninterruptible power supply (UPS). Mounting the ANG/APS-3000/7000 Aurorean models ANG/APS-3000/7000 are designed for use in computer rooms and network equipment closets.
  • Page 29 Chapter 2 Mounting & Connecting Systems Orient the system with the brackets aligned with the desired mounting holes in the rack posts as shown in Figure 8. Insert a screw through each bracket and loosely attach to the rack posts. Do not tighten. Properly align the system in the rack and securely tighten the screws to the rack posts.

  • Page 30: Installing In A Four-Post 19" Rack Or Cabinet With Sliding Rails

    Mounting the ANG/APS-3000/7000 Installing in a Four-Post 19” Rack or Cabinet with Sliding Rails The rail kit contains the following parts: ! Two rail assemblies ! Two front brackets (short) ! Two rear brackets (long) ! One package of ten 10/24 x 0.25” panhead Phillips screws, used to attach the rail chassis sections to the system.

  • Page 31: Attach The Chassis Sections To The System

    Chapter 2 Mounting & Connecting Systems Attach the Chassis Sections to the System To attach the system to the rail chassis sections, perform the following steps: Align the holes in the chassis section with the holes in the system as shown in Figure 10.

  • Page 32: Determine Correct Position For The Rear Brackets

    Mounting the ANG/APS-3000/7000 Fasten the front bracket to the rack section with two 8/32 x 0.38” flathead countersunk Phillips screws, washers, lock-washers and nuts. Attach the washers and nuts in the order shown in Figure 11. Determine Correct Position for the Rear Brackets The exact position of the rear bracket in relation to the rail assembly is determined by the depth of the rack.

  • Page 33: Attach The Rear Brackets To The Rail Assemblies

    Chapter 2 Mounting & Connecting Systems Rack section Hold the rail assembly against the rack to determine which slots to use in the brackets. From the rear of the cabinet, hook the front bracket over the front of the rack. Place the rear bracket so its rack mounting lip is over the back of the rack.

  • Page 34: Install The Assembled Rails Into The Rack

    Mounting the ANG/APS-3000/7000 Place the rail assembly against the rack again by hooking the front bracket over the front of the rack. Slide the rear bracket back until it hooks over the rear of the rack. Hold the rail assembly in place and tighten the screws. Make sure the fit of the rail assembly to the rack is snug.
  • Page 35 Chapter 2 Mounting & Connecting Systems Front bracket Attach the rear bracket to the rack with two screws provided with the rack as shown in Figure 15. Screws provided with the rack Aurorean Installation & Service Guide Figure 14 Attaching Rail Front to the Rack Figure 15 Attaching Back of Rail to the Rack Mounting the ANG/APS-3000/7000 Front chassis...

  • Page 36: Install The System In The Rack

    Mounting the ANG/APS-3000/7000 Install the System in the Rack Hold the system so that the front is facing you. Line up the system so the rollers on the chassis section will enter the channel of the slider section of the rail assembly as shown in Figure 16.

  • Page 37: Secure The System To The Rack

    Chapter 2 Mounting & Connecting Systems Secure the System to the Rack Use the screws provided with the rack to fasten the system’s front flanges to the rack as shown in Figure 17. Removing the System From the Rack If you need to remove the system from the rack perform the following steps: Unscrew the two screws holding the system flanges to the rack.
  • Page 38 Mounting the ANG/APS-3000/7000 Do not block the vents at the front and rear of the server. For electrical safety, verify that the branch circuit supplying power to equipment in the rack can accommodate the addition of the server. The rack should be properly grounded to an Earth ground;...

  • Page 39: Connecting Cables

    Chapter 2 Mounting & Connecting Systems Connecting Cables This section describes how to connect local and remote Aurorean systems. If you are connecting a remote ANG only, skip to Connecting a Aurorean Network Gateway on page 26. Although Aurorean servers are equipped with serial ports, these ports are not normally used for configuration and control.

  • Page 40: Connecting An Ang-3000/7000

    Connecting Cables Connecting an ANG-3000/7000 ANG-3000/7000s are equipped with two 8-pin modular RJ-45 Ethernet ports labeled TRUSTED and EXTERNAL. If you decide to use only one Ethernet port on an Aurorean Network Gateway, you must use the TRUSTED port. The TRUSTED port should be connected to the same network segment as the Aurorean Policy Server, which should reside behind a firewall or a router that provides network protection.
  • Page 41 (outside a firewall). To determine the status of these links, check the LEDs on the front panel as described in Chapter 3. Aurorean Installation & Service Guide (outside firewall) TRUSTED (behind firewall) Figure 20 Connecting Ethernet Cables to an ANG-3000/7000 Connecting Cables...

  • Page 42: Connecting Power

    To avoid electrical shock, connect the Aurorean server only to a grounded (earthed) outlet. To wall socket or uninterruptible power supply (UPS) Figure 21 Connecting AC Power to the ANG-3000/7000 WARNING Chapter 2 Mounting & Connecting Systems Aurorean Installation & Service Guide...

  • Page 43: Controlling System Configuration

    ANG/APS will reside on. This computer will be used to remotely control the Aurorean Policy Server and/or Aurorean Network Gateway during the installation process. Figure 22 illustrates how the systems are properly connected. Aurorean Installation & Service Guide ANG-3000/7000 Common LAN Segment Remote Control Computer Figure 22 Connecting the Systems...

  • Page 45: Chapter 3 - Installing Software & Setting Networking Configurables

    Aurorean Network Gateway and Policy Server. Two other maintenance tasks are also described. The general steps include: ! Installing APS-3000/7000 software. ! Installing new system software on the ANG-3000/7000. ! Configuring general values of the ANG-3000/7000. ! Configuring the Remote ANG-3000/7000.

  • Page 46: Installing Aps-3000/7000 Software

    Installing APS-3000/7000 Software Installing APS-3000/7000 Software Although the APS ships with most of its operating software already factory-installed, you must install some additional software from the Aurorean System Software CD ROM. During this installation, a Configuration Wizard program is launched that captures networking values for the APS, such as IP addresses for the Ethernet interfaces.
  • Page 47 Chapter 3 Installing Software & Setting Networking Configurables Start the VNC application by pointing your Web browser at the APS. In the Location field, type: http://192.168.1.3:5800 The VNC authentication window appears as shown in Figure 24. The IP address you typed includes the port number (5800) with which to access the APS.
  • Page 48 Installing APS-3000/7000 Software To install APS system software, perform the following steps: Using Windows Explorer, open the directory ...\PolicyServer on the CD ROM. Double-click on the Setup.EXE file to launch the application. When the Welcome window appears, accept all defaults and click Next to continue.
  • Page 49 Chapter 3 Installing Software & Setting Networking Configurables When the dialog box prompts you to reconfigure your APS, click Yes. An MS DOS screen appears displaying a Perl script as shown in Figure 26. As prompted, replace the factory default values with the following new parameters.

  • Page 50: Using The Aps-3000/7000 Checklist

    APS and type ping -t x.x.x.x where x.x.x.x is the APS IP address. Wait for the “Reply from x.x.x.x” message to display. All Enterasys services are started, the APS reboots and the VNC remote control session ends. If you are migrating the Management.db from one APS to another, or revising tunnel information stored in the Management.db, you must...

  • Page 51: Installing New System Software On The Ang-3000/7000

    Software CD ROM Figure 27 Installing Aurorean Network Gateway System Software If you are upgrading your ANG-3000/7000 from version 3.x to 3.5only, you must upgrade the Linux kernel before installing new system software. Follow the instructions in the next section.

  • Page 52: Upgrading Linux Kernel From V3.X To V3.5

    Installing New System Software on the ANG-3000/7000 Upgrading Linux Kernel from V3.x to V3.5 FTP the New Linux Kernel to the ANG Insert the Aurorean System Software CD ROM in the APS. Browse to the \3rd Party Support\Linux\Kernel directory on the CD ROM and copy the file Linux-2.2.16-2.i386.rpm to the...

  • Page 53: Transfer The New Ang Installation File To The Ang

    13 Change directory by typing: /home/ftp/pub 14 Issue a list command to verify that the file was transferred to the ANG by typing ls -ltr and pressing Aurorean Installation & Service Guide Installing New System Software on the ANG-3000/7000 ENTER ENTER ENTER...

  • Page 54: Install New Ang System Software

    Installing New System Software on the ANG-3000/7000 Install New ANG System Software On the ANG command line, type: rpm -i --force rts-xxx.i386.rpm where xxx is the correct release, build and patch number (matching the file you transferred from the CD ROM) and press Ignore the error messages: “user build does not exist”...

  • Page 55: Reboot The Ang

    “Reply from 192.168.1.2” message to display. Once you see the above message display, continue with ANG-3000/7000 general configuration on the next page. If you migrate the Management.db from one APS to another, or revise tunnel information stored in the Management.db, you must reboot the ANG following the change because the ANG now transmits information to the APS.

  • Page 56: Configuring General Values Of The Ang-3000/7000

    Configuring General Values of the ANG-3000/7000 Configuring General Values of the ANG-3000/7000 To configure general parameters on the ANG-3000/7000, you must use an Internet browser on your remote control computer and connect via a hub or the provided crossover cable to the Network Gateway. You run Enterasys’s Aurorean Web Config application to configure the system.

  • Page 57: Installing The Indus River Certificate

    Installing the Indus River Certificate Installing the Indus River Certificate provides server administration access to the ANG-3000/7000. The procedure to install the Indus River Certificate differs depending on the browser you are using, Internet Explorer (IE) 5 or higher or Netscape Communicator 4 or higher. Both browsers let you use the certificate either for the duration of the session with the ANG or for all subsequent sessions until the certificate expiration date.
  • Page 58 Configuring General Values of the ANG-3000/7000 Point your Internet Explorer Web browser at the trusted IP address of the Network Gateway by typing the IP address in the Location field, as shown in Figure 29. The Security Alert dialog box appears as shown in Figure 30. This dialog box indicates two “problems”...
  • Page 59 – – Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 30 Internet Explorer Security Alert Window If you want to make the Certificate valid for the current session only, click Yes. The ANG Log On window appears as shown in Figure 29.
  • Page 60 Configuring General Values of the ANG-3000/7000 Click Install Certificate to begin the Indus River Certificate installation process. The Welcome window of the Certificate Manager Import Wizard appears as shown in Figure 32. This application copies certificates and related information from your computer to the certificate store, an area on the server.
  • Page 61 Installing Software & Setting Networking Configurables Figure 32 Internet Explorer Certificate Manager Import Wizard Window Click Next. The Select a Certificate Store window appears as shown in Figure 33. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000...
  • Page 62 Configuring General Values of the ANG-3000/7000 Do one of the following: – – Installing Software & Setting Networking Configurables Figure 33 Internet Explorer Select a Store Window Choose the Automatic option for the certificate store and click Next. • Click Finish when the Completing window appears.

  • Page 63: Using Netscape (4.X Or Higher Versions Only)

    The first Netscape New Site Certificate window appears as shown in Figure 34. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 windows, respectively. The ANG Log On window appears as shown in Figure 41. • Skip to “Logging On the ANG” on page 57 to continue ANG...
  • Page 64 Configuring General Values of the ANG-3000/7000 Click Next. The Netscape More Information window appears as shown in Figure 35. If you want to view the certificate and additional details, click More. The View a Certificate window will appear as shown in Figure 40.
  • Page 65 Chapter 3 Installing Software & Setting Networking Configurables Click Next. The Certificate Acceptance window appears as shown in Figure 36. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 35 Netscape More Information Window...
  • Page 66 Configuring General Values of the ANG-3000/7000 Make one of the following choices: – – – – Installing Software & Setting Networking Configurables Figure 36 Netscape Certificate Acceptance Window Accept the certificate for this session only and click Next. The Netscape Warn Me window appears as shown in Figure 37.
  • Page 67 Click Next. Optionally, you may mark the checkbox to be warned when you next connect to the ANG. The Netscape Finish window appears as shown in Figure 38. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 37 Netscape Warn Me Window...
  • Page 68 Configuring General Values of the ANG-3000/7000 Click Finish. The Certificate Name Check window appears as shown in Figure 39. Netscape reports in this window that the certificate name for the ANG does not match the site name. Disregard this notice. The Certificate Name Check window will appear in all subsequent logins to the ANG.
  • Page 69 If you chose to examine the Indus River Certificate, it appears as shown in Figure 40. After checking the certificate, click OK. The ANG Log On window appears as shown in Figure 41. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 Figure 39 Certificate Name Check Window...
  • Page 70 Configuring General Values of the ANG-3000/7000 The Indus River Certificate is now either accepted for your current Aurorean Virtual Network session or installed permanently for all sessions. Your Netscape browser will display a closed lock in the lower left corner of the browser as well as a closed lock Security icon on the main menu indicating the certificate is in force.

  • Page 71: Logging On The Ang

    Since you previously pointed your Web browser at the 192.168.1.2 IP address, the ANG Log On window appears as shown in Figure 41. Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 CAUTION Figure 41 ANG Log On Window...
  • Page 72 Configuring General Values of the ANG-3000/7000 Enter the default User Name (netadmin) and Password (netadmin) values and click Log On. The Welcome window appears as shown in Figure 42. Installing Software & Setting Networking Configurables Figure 42 ANG Welcome Window Aurorean Installation &...

  • Page 73: Configuring General Parameters

    Chapter 3 Installing Software & Setting Networking Configurables Configuring General Parameters To set the General values of the ANG-3000/7000, perform the following steps: Click on the General main menu option. The General Configuration Window appears as shown in Figure 43.
  • Page 74 ICR, refer to the RiverMaster Administrator’s Guide. We strongly recommend you enable ICR for site-to-site tunnels. To disable ICR for this configuration, consult Enterasys Customer Support. For local ANG configuration only, enter the IP Address of the APS. If you are configuring a remote ANG, skip to Step 8.
  • Page 75 ANG in finding an APS on the network. To permanently specify a default route to the gateway, as well as set other routing values, refer to “Configuring the Remote ANG-3000/7000” on page 65. It is unnecessary to set a default gateway value for a remote ANG because that ANG does not access an APS.
  • Page 76 To finish configuring a remote ANG, change the remote control PC’s IP address to the same network as the ANG. To finish configuring a local ANG, do not change the PC’s IP address and skip to “ANG-3000/7000 Installation and Configuration Checklist” on page 63. NOTE...

  • Page 77: Ang-3000/7000 Installation And Configuration Checklist

    ! Open a Telnet session to the trusted IP, log in and type su -? ! From the /home/ftp/pub directory, type rpm -i --force rts.xxx.i386.rpm (where xxx is the release, build and patch number)? ! Reboot the ANG? Aurorean Installation & Service Guide Configuring General Values of the ANG-3000/7000 NOTE NOTE...
  • Page 78 ! Click the Apply Changes button? ! Click the Restart button? If you successfully completed these steps, do the following: ! Continue ANG-3000/7000 configuration if you are setting up a remote ANG by going to “Configuring the Remote ANG-3000/7000” on page 65.

  • Page 79: Configuring The Remote Ang-3000/7000

    Chapter 3 Installing Software & Setting Networking Configurables Configuring the Remote ANG-3000/7000 Since you have already configured General values for the ANG, you are ready to complete configuration of the Network Gateway. Setting Routing Parameters To set routing parameters of the remote ANG, perform the following steps: Click on the Routing option.

  • Page 80: Setting Ospf Properties

    Configuring the Remote ANG-3000/7000 properties. The values displayed are default parameters. – – – – – If used, type the RIP Password and then confirm the entry in the fields provided. Click Apply Changes. Setting OSPF Properties If your trusted network uses OSPF and you want the ANG to learn and broadcast OSPF routes, perform the following steps: Click the OSPF tab in the Routing Configuration Window.

  • Page 81: Setting Static Routes

    The internal IP address of the ANG is the gateway. Click the Static Routes tab in the Routing Configuration window. The Static Routes configuration window appears as shown in Figure 46. Aurorean Installation & Service Guide NOTE Configuring the Remote ANG-3000/7000...
  • Page 82 Configuring the Remote ANG-3000/7000 Click Add Route. The Add Static Routes window appears as shown in Figure 47. Installing Software & Setting Networking Configurables Figure 46 ANG Static Route Configuration Window Figure 47 ANG Add Static Routes Configuration Window Chapter 3...

  • Page 83: Setting External Routes

    To set up an external route, perform the following steps: Click the External Routes tab in the Routing Configuration window. The External Routes configuration window appears as shown in Figure 48. Aurorean Installation & Service Guide CAUTION Configuring the Remote ANG-3000/7000...
  • Page 84 Configuring the Remote ANG-3000/7000 Click Add Route. The Add External Routes configuration window appears as shown in Figure 49. Installing Software & Setting Networking Configurables Figure 48 ANG External Routes Configuration Window Figure 49 ANG Add External Routes Configuration Window Chapter 3 Aurorean Installation &...

  • Page 85: Configuring Subnet Parameters

    To set the Virtual Subnet parameters of the ANG, perform the following steps: Click on the Subnets main menu option. The Virtual Subnets Configuration window appears as shown in Figure 50. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 50 ANG Virtual Subnets Configuration Window...
  • Page 86 Configuring the Remote ANG-3000/7000 Click Add Subnet. The Add Subnet window appears as shown in Figure 51. Enter an Subnet IP Address and Subnet Mask for the Virtual Subnet in the fields provided. We recommend creating separate groups and assigning separate virtual subnets for all your site-to-site connections.

  • Page 87: Configuring Name Server Parameters

    Enter an IP address for the Primary and Secondary DNS servers in the fields provided. Enter an IP address for the Primary and Secondary WINS servers in the fields provided. Click Apply Changes. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 52 ANG Name Servers Configuration Window...

  • Page 88: Configuring Authentication Parameters

    Configuring the Remote ANG-3000/7000 Configuring Authentication Parameters Authentication for ANGs in a site-to-site configuration is employed for terminating tunnel servers only and for administrator access to the Aurorean Web Config tool. If you are configuring an initiating Network Gateway, skip to “Configuring Protocols Parameters”...
  • Page 89 To create a group which will include users with static IP addresses, leave this field with the default NULL/NULL selected. Click Add Group. Aurorean Installation & Service Guide CAUTION Figure 54 ANG Add Group Window NOTE Configuring the Remote ANG-3000/7000...

  • Page 90: Setting User Parameters

    Configuring the Remote ANG-3000/7000 Setting User Parameters Users on remote ANGs can be either the name chosen for a corresponding site-to-site ANG or administrators who require access to the Aurorean Web Config tool. To set User parameters on the ANG, perform the following steps: Click on the Authentication main menu option.
  • Page 91 (|), forward slash (/), and asterisk (*). Enter a unique password for the user. In the Confirm Password field, retype the same characters you entered in the Password field. Aurorean Installation & Service Guide Figure 56 ANG Add User Window NOTE Configuring the Remote ANG-3000/7000...

  • Page 92: Configuring Protocols Parameters

    Configuring the Remote ANG-3000/7000 Do one of the following: – – In the IP address field, assign a static address to this user. Click Add User. Configuring Protocols Parameters Aurorean Network Gateways support two tunnel protocols: ! IP Security (IPsec) protocol developed by the Internet Engineering Task Force (IETF) that adds security extensions for encryption and message authentication to the IP protocol.
  • Page 93 ARCFOUR-40: Enables a 40-bit key public domain algorithm that is designed to work with Rivest Cipher 4 (RC4), a stream-based cipher method that supports both 40-bit and 128-bit keys. Using RC4, data packets can be encrypted as they are received instead of in blocks. Configuring the Remote ANG-3000/7000...
  • Page 94 Configuring the Remote ANG-3000/7000 Choose the type of Secondary Encryption to employ on the ANG. Secondary encryption is available for clients who do not accept primary encryption, mainly legacy Aurorean Virtual Network 1.x Export clients who have not been updated. Since most clients now can accept the primary encryption choices, we recommend you do not change the default None option.

  • Page 95: Setting Pptp Parameters

    128-bit encryption upgrade available from Microsoft. If 128-bit encryption is chosen, ANGs with 40-bit encryption will not be able to connect over PPTP with Aurorean Virtual Network. Aurorean Installation & Service Guide Figure 58 ANG PPTP Configuration Window NOTE Configuring the Remote ANG-3000/7000...

  • Page 96: Configuring Site-To-Site Parameters

    Configuring the Remote ANG-3000/7000 Choose to Enable or Disable 40-bit Encryption. This option can enable 40-bit key MPPE which generates a key based on a hash of the tunnel’s password and invokes RC4 encryption. This type of encryption is supported by Windows 95/98/NT/2000 computers without any additional software.
  • Page 97 Installing Software & Setting Networking Configurables Click Add Site-to-Site to initiate the tunnel. The Add Site-to-Site configuration window appears as shown in Figure 60. Aurorean Installation & Service Guide Configuring the Remote ANG-3000/7000 Figure 59 ANG Site-to-Site Configuration Window Figure 60 ANG Add Site-to-Site Window...
  • Page 98 Configuring the Remote ANG-3000/7000 Specify a Tunnel Name for the site-to-site tunnel. This name will be used to identify the terminating ANG. It does not need to match the name of the terminating tunnel. Enter the external IP Address of the terminating ANG.

  • Page 99: Backing Up The Ang Configuration

    Chapter 3 Installing Software & Setting Networking Configurables Backing Up the ANG Configuration The optional Backup Configuration option of the Aurorean Web Config lets you save your just-completed ANG configuration to a local/network site or a floppy disk. The configuration file created by this backup process is compressed in a WinZip file as a Unix tar file (config.gz) which bundles the auser.irx, group.irx and config.irx files.
  • Page 100 Backing Up the ANG Configuration Do one or both of the following: – – When the File Download pop up appears, click OK. After the Save As/Unknown File Type dialog box appears, select a directory and click Save. Do not attempt to change the file name. It cannot be renamed. The Download complete window pops up as shown in Figure 62 displaying the file size and the directory where it was stored.

  • Page 101: Viewing Ang Statistics

    Chapter 3 Installing Software & Setting Networking Configurables Viewing ANG Statistics The About window displays useful, real-time (when refreshed) statistics regarding the ANG you are logged into. The information displayed includes: ! Software Version: release, patch and build number of the ANG code ! System Uptime: interval the ANG is operating since the last reboot, time of day, number of users logged on and average load ! System Memory: kilobytes of RAM, as well as free, shared, buffered...
  • Page 102 Viewing ANG Statistics Chapter 3 Installing Software & Setting Networking Configurables Aurorean Installation & Service Guide...
  • Page 103 Chapter 3 Viewing ANG Statistics Installing Software & Setting Networking Configurables Figure 63 ANG About Window Aurorean Installation & Service Guide...

  • Page 105: Chapter 4 - Basic System Operation

    Administrator’s Guide. Powering Up a System To power up a Aurorean APS/ANG-3000/7000 series, locate the power switch (|) on the front panel and press it in, as shown in Figure 64. You must press and hold the switch for 4 seconds to turn power off.
  • Page 106 Powering Up a System Overlord monitors the condition of all other services and restarts a service if it fails to initialize properly or ceases to operate at any point. Overlord may also force a total system reboot if necessary. Authorization provides the mechanism for authenticating remote users against user databases located on either the Aurorean Policy Server or an external authentication server (such as a RADIUS device).

  • Page 107: Checking Leds

    Aurorean APS/ANG-3000/7000 systems contain informative LEDs on the front panel. APS/ANG-3000/7000 Front Panel LEDs Front panel LEDs for the APS/ANG-3000/7000 systems share the same LEDs. Table 1 describes each front panel LED and indicates what action should be taken for each LED state (on, off, or blinking).
  • Page 108 Checking LEDs Table 1 APS/ANG-3000/7000 Front Panel LED Meanings (Continued) This LED... Indicates... This LED lights when a Yellow successful 100Mb link is successful on the Trusted Link 1 Ethernet port. The operating system has booted and the Overlord service is running.
  • Page 109 Chapter 4 Basic System Operation Table 1 APS/ANG-3000/7000 Front Panel LED Meanings (Continued) This LED... Indicates... The system is receiving Green management messages from another Aurorean system over an Ethernet link. Mgmt Aurorean Installation & Service Guide When the LED Do the following...

  • Page 110: Resetting A System

    When you press the Reset button on any APS or ANG (except the ANG-1100), the system performs a full reset which clears memory, reloads the operating system, and starts Enterasys services. Figure 64 shows the location of the reset button on the front panel.

  • Page 111: Appendix A - Specifications

    Aurorean Network Gateways (ANG-3000/7000) and Policy Servers (APS-3000/7000) share many of the same characteristics. This appendix details common specifications of all Aurorean servers, as well as those specific to each server type. Category Chipset APS/ANG- 3000/7000 System Memory Capacity Memory...
  • Page 112 Table 1 Common Specifications (Continued) Category Environment: Ambient ANG/APS- Temperature 3000/7000 Relative Humidity Acoustic Noise PFC Power AC Voltage & Supply: Frequency APS/ANG- DC Power Supply 3000/7000 +5VDC +12VDC +3.3VDC -12VS\DC Safety US/Canada Regulations Europe CE Mark APS/ANG- 3000/7000 International Parameters Operating: 40°...
  • Page 113 Appendix A Specifications Table 1 Common Specifications (Continued) Category United States APS/ANG- Canada 3000/7000I Europe Japan Australia, New Zealand Taiwan Russia International Aurorean Installation & Service Guide Parameters FCC Title 47 CFR Parts 2 and 15, Verified Class A Limit IC ICES-003 Class A Limit EMC Directive, 89/336/EEC EN55022, Class A Limit, Radiated and Conducted Emissions...

  • Page 114: Aurorean Policy Server Specifications

    Aurorean Policy Server Specifications Aurorean Policy Server Specifications Table 2 provides additional information specific to Aurorean Policy Servers. Unless otherwise noted, the information applies to all APS models. Table 2 Aurorean Policy Server Specifications Category Authentication Authentication Services Management Processor Memory Storage Hard Drive...
  • Page 115 Appendix A Specifications Table 2 Aurorean Policy Server Specifications (Continued) Category Ethernet Number of Ports Data Transfer Rate Connector Cabling Aurorean Installation & Service Guide Aurorean Policy Server Specifications Values 10 or 100 Mbps (auto-sensing) 8-position modular jack (RJ-45), Stewart 88-360808 or equivalent Unshielded twisted pair (UTP) 328 ft.

  • Page 116: Aurorean Network Gateway Specifications

    Point-to-Point Tunneling Protocol (PPTP) as defined in RFC 1234 Generic Routing Encapsulation (GRE) as defined in RFC 1701 and 1702 IPX for access to Novell NetWare devices (ANG-3000/7000 only) RIP V1, V2 OSPF Support for dynamic Virtual Network addressing, local network...
  • Page 117 Cabling Aurorean Installation & Service Guide Aurorean Network Gateway Specifications Values ANG-7000: Pentium III 800 MHz ANG-3000: Celeron 566 MHz ANG-7000: 256 MB ANG-3000: 64 MB 3 GB (or larger) EIDE hard disk boot device Standard 3.5” diskette drive 10 or 100 Mbps (auto-sensing)

  • Page 119: Appendix B - Pin Assignments

    Both APS-3000 and APS-7000 models offers a single Ethernet port for connection to a trusted network segment (one protected by a firewall). ANG models ANG-3000 and ANG-7000 offer a similar port and a second port for connection to an unprotected external network segment.
  • Page 120 Ethernet Link 1 (TRUSTED) Link 2 (EXTERNAL) Replacement Ethernet cables must meet the following requirements: ! Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring ! Length cannot exceed 328 feet (100 meters) Pin 8 Pin 1 Pin 1 Pin 8 Figure 1 Ethernet Port Pin Assignments Appendix B Pin Assignments...

  • Page 121: Serial Ports

    Appendix B Pin Assignments Serial Ports Both APS/ANG-3000/7000 models come equipped with front panel (behind the bezel) and rear serial ports intended for debugging and troubleshooting purposes. The front panel serial port is connected in parallel with the serial port located at the rear of the chassis. The serial ports’ NS16C550-compatible UARTS support data transfers at speeds up to 115.2 Kbits/sec with BIOS...

  • Page 122: Keyboard And Mouse

    Aurorean system types (excluding the ANG-1100) offer keyboard and mouse ports located at the rear of the chassis for diagnostic use only. These ports should be used only under the supervision of Enterasys Networks support personnel or qualified reseller technicians.

  • Page 123: Appendix C - License Agreement & Support

    CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the Enterasys software program (“Program”) in the package. The Program may be contained in firmware, chips or other media.

  • Page 124: License

    New Hampshire courts. Export Requirements You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S.

  • Page 125: United States Government Restricted Rights

    Government is subject to restrictions set forth herein. Exclusion of Warranty Except as may be specifically provided by Enterasys in writing, Enterasys makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

  • Page 126: No Liability For Consequential Damages

    No Liability for Consequential Damages No Liability for Consequential Damages IN NO EVENT SHALL ENTERASYS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL,...

  • Page 127: Phone Support

    Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1000/3000/7000 for repairs. You will receive a Return Material Authorization (RMA) number for the server. Ship the server,...

  • Page 129: Appendix D - Aurorean System Upgrades

    This appendix describes the steps to upgrade your Aurorean system from: ! Release 2.x to 3.5 (see below) ! Release 3.x to 3.5 (refer to page 123) Upgrading from Release 2.x to 3.5 This section details the following steps to upgrade from Aurorean 2.x to 3.1.x: ! Backup the APS management database on the RiverMaster computer ! Reconfigure the APS ! FTP the new Linus kernel and install on the ANG...
  • Page 130 Upgrading from Release 2.x to 3.5 Select the Access Service Click here to view the list of services Click Start on Backup Database to copy the database to a directory of your choice on your computer or a system on the network. A window similar to Figure 6 appears.

  • Page 131: Reconfigure The Aps 3000/7000

    Appendix D Aurorean System Upgrades When the backup complete message appears at the bottom of the window, click the download database button and browse to a local directory. Copy the database backup files, management.db and .authlock, to a floppy disk. If you have more that one APS, repeat the previous steps for each.
  • Page 132 From the Services Control Panel, stop the Indus River Database Engine Service. Copy the backup files (management.db and .authlock) to the c:\enterasys\database directory, overwriting the existing files. Insert the CD ROM into the CD ROM drive of the APS. On the CD ROM, browse to the ...\PolicyServer directory and double-click setup.exe.

  • Page 133: Ftp The New Linux Kernel To The Ang

    An MS DOS screen appears with a Perl script as shown in Figure 9. Verify the information displayed is accurate or change as required. 12 Restart the APS. All Enterasys services are started, the APS reboots and the VNC remote control session ends. FTP the New Linux Kernel to the ANG...

  • Page 134: Install The New Linux Kernel

    Upgrading from Release 2.x to 3.5 Type bin and press Type put linux-2.2-16-2.i386.rpm and press When the transfer finishes, type bye or quit to end the FTP session. Install the New Linux Kernel Telnet to the trusted IP address of the ANG and login (the default username and password are netadmin and netadmin).

  • Page 135: Install The Ang Software

    Appendix D Aurorean System Upgrades Install the ANG Software Telnet to the trusted IP address of the ANG and log in (the default username and password are netadmin and netadmin). Type su - root and press Type cd /home/ftp/pub and press Remove the pre-installed ANG software before installing version 3.1.x.

  • Page 136: Upgrade Rivermaster

    Upgrading from Release 2.x to 3.5 3) IPSec Configuration 4) Diagnostics 5) Interfaces and Routing 6) System log files 7) Quit Choose Option 2 (VPN Configuration and Installation Check). The following message will appear: 1. The IPSec Listener is running 2.

  • Page 137: Upgrading Release 3.X To 3.5

    Appendix D Aurorean System Upgrades On your RiverMaster system, go to Add/Remove Programs in the Control Panel and uninstall RiverMaster. Delete the RiverMaster install directory. Its default location is: \Program Files\Indus River Networks. Reboot the RiverMaster PC. Insert the Aurorean System Software CD ROM in the drive, browse to the Aurorean 3.x\RiverMaster directory and double-click the setup.exe file.

  • Page 138: Ang Software Upgrade Preparation (3000/7000 Only)

    Upgrading Release 3.x to 3.5 You will receive a message that tells you that newer data may be available. Click OK. 10 Click Finish to reboot the APS. The Linux kernel must be upgraded before the ANG system software can be upgraded.

  • Page 139: Ang Linux Kernel Upgrade (3000/7000)

    Appendix D Aurorean System Upgrades 10 Type put Linux-2.2.16-2.i386.rpm and press 11 Type put rts-3.5.xx-xxx.i386.rpm and press 12 When the file transfer is complete, type bye and press ANG Linux Kernel Upgrade (3000/7000) This step is required only if the ANG is running Version 3.1.0 or lower. Follow the instructions in “Install the New Linux Kernel”...
  • Page 140 Upgrading Release 3.x to 3.5 Telnet window on the APS or your laptop and Telnet to the trusted interface of the ANG. Log in as netadmin, with the password netadmin. Type su - and press press Run the Admintool script by typing ./admintool to verify proper configuration.

  • Page 141: Index

    AC power supply specifications Access service ANG-3000/7000 specifications APS-3000/7000 specifications Aurorean Network Gateway backup configuration backup configuration button connecting Ethernet cables key lifetimes mounting – restart button specifications standard features system description viewing statistics Aurorean Policy Server connecting Ethernet cables...
  • Page 142 Index floppy drive front panel APS/ANG-3000/7000 LEDs illustration FTP service Generic Routing Encapsulation (GRE) grounding hard drive installation attaching the brackets before you begin – connecting cables – connecting power installing Policy Server software locating a server mounting a rack-style system mounting a system –...
  • Page 143 processor protocols rack-mounting a system – rear panel illustration rebooting the ANG regulatory compliance Reset button Resetting Restart button restarting the ANG RiverMaster checking server status overview RJ-45 connecting cables – connector pin assignments specifications RMA number routing safety compliance serial port services running on APS Set hardware clock...

This manual is also suitable for:

Aurorean ang-7000Aurorean aps-3000Aurorean aps-7000Ang-1000

Table of Contents