Enterasys ANG-1000 User Manual
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Gateway
  5. ANG-1000
  6. User manual
Enterasys ANG-1000 User Manual

Enterasys ANG-1000 User Manual

Aurorean network gateway
Hide thumbs Also See for ANG-1000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation and Servicing Manual
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
Aurorean™ Virtual Network
ANG-1000
ANG-1000
ANG-1000
ANG-1000
User's Guide
User's Guide
User's Guide
User's Guide
Version 1.0
Version 1.0
Version 1.0
Version 1.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANG-1000 and is the answer not in the manual?

Questions and answers

Related Manuals for Enterasys ANG-1000

Summary of Contents for Enterasys ANG-1000

  • Page 1 Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network Aurorean™ Virtual Network ANG-1000 ANG-1000 ANG-1000 ANG-1000 User’s Guide User’s Guide User’s Guide User’s Guide Version 1.0 Version 1.0 Version 1.0 Version 1.0...
  • Page 2 35 Industrial Way Rochester, NH 03866-5005 Enterasys Networks, Inc. is a subsidiary of Cabletron Systems, Inc.  2001 by Enterasys Networks, Inc. All Rights Reserved Printed in the United States of America The Enterasys Networks logo, Aurorean, Prescriptive Diagnostics Engine, RiverMaster, Intelligent Client Routing, TollSaver are trademarks of Enterasys Networks.
  • Page 3 • This device must accept any interference received, including interference that may cause undesired operation. Modifications or changes made to this device, and not approved by Enterasys Networks may void the authority granted by the FCC or other such agency to operate this equipment.
  • Page 4 This product should be operated from the type of power indicated on the marking label. If you are not sure of the type of power available, consult Enterasys Networks or your local power company. Do not allow anything to rest on the power cord. Do not locate this product where persons will walk on the cord.

  • Page 5: Table Of Contents

    Unpacking the ANG-1000 ...3 Accessories ...4 Location Planning ...4 Connecting Cables ...4 Ethernet Cables ...5 Connecting an ANG-1000 ... 6 Connecting Power to the ANG-1000...7 Checking ANG-1000 Connections...9 Rear Panel Link LEDs ...9 Front Panel LEDs ...9 Aurorean Network Gateway-1000 User’s Guide...
  • Page 6 Chapter 3 – Configuring the ANG-1000 with Aurorean Web Config Before You Begin ...11 Logging into Web Config ... 13 Viewing VPN Status ... 14 Downloading the Latest Firmware... 15 Setting Up the VPN ... 18 Setting Up the Internet Connection... 20 Setting Up the LAN ...
  • Page 7 Appendix A – Glossary Appendix B – Specifications Appendix C – Pin Assignments Appendix D – License Agreement & Support Enterasys Networks License Agreement...49 License Grant...49 Warranty...50 Infringement Indemnification...51 Limitation of Liability ...51 Termination...52 International Provisions...52 Applicable Law ...52 U. S. Government - Commercial Computer Software ...53 Technical Support...53...

  • Page 9: About This Guide

    This guide describes how to mount, connect, power-up, and maintain an Aurorean™ Network Gateway-1000 (ANG-1000) from Enterasys Networks. This guide is written for administrators who want to configure the ANG-1000 for their remote clients or experienced users who are knowledgeable of basic networking principles.

  • Page 10: Conventions Used In This Guide

    Conventions Used in This Guide Conventions Used in This Guide The following conventions are used in this guide: NOTE CAUTION WARNING Bold Italics SMALL CAPS Courier font Notes supply additional helpful information, provide a cross-reference to the source of more information, or emphasize issues you should consider when performing an action.

  • Page 11: Related Publications

    The following publications are also available with the Aurorean Network Gateway-1000: H The ANG-1000 Quick Setup card which highlights the basic steps required to install the Aurorean Network Gateway-1000. H The Installation & Service Guide which describes how to install and maintain the ANG-3000/7000 series, the Aurorean server which can be used to complete a VPN connection with the ANG-1000.

  • Page 13: Chapter 1 - Overview

    This chapter describes the key features of the Aurorean Network Gateway 1000 and how it is used. System Description The ANG-1000, displayed in Figure 1, provides home or small office connectivity to a corporate branch office or headquarters. It supports up to 25 tunnels.
  • Page 14 - Initiates tunnel to ANG-3000/7000 - Negotiates tunnel protocols - Encrypts data over tunnel An ANG-1000 comes equipped with the following: H 100-240V 47-63 Hz power supply. H High-performance CPU: 91.5 MHz. H Complete set of diagnostic LEDs that show the server’s operational status.

  • Page 15: Chapter 2 - Installation

    This chapter describes the steps required to unpack, install and connect an Aurorean Network Gateway-1000 onto a desktop. Unpacking the ANG-1000 Remove the ANG-1000 from the shipping box. Save the box in case the unit needs to be returned. Aurorean Network Gateway-1000 User’s Guide...

  • Page 16: Accessories

    H Ethernet wall jack, patch panel, or hub with available ports. H Near a DSL or Cable modem. H A grounded wall outlet or uninterruptible power supply (UPS). Connecting Cables Ethernet cables are used to connect the ANG-1000 to your computer or LAN and the Internet. ANG-1000 Front Figure 4 Front and Rear Views of the ANG-1000 Aurorean Network Gateway-1000 User’s Guide...

  • Page 17: Ethernet Cables

    Chapter 2 Installation All interconnections are made at the back of the ANG-1000 (refer to Figure 4). Although there is no power switch, a reset button is located in the rear of the unit. If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration.

  • Page 18: Connecting An Ang-1000

    Connecting Cables Connecting an ANG-1000 The ANG-1000 is typically set up in the configuration shown below. Cable / DSL Modem To connect the ANG-1000 Ethernet port, perform the following steps: Do one of the following as shown in Figure 7: –...

  • Page 19: Connecting Power To The Ang-1000

    After you connect power, the top External LED at the rear of the ANG-1000 will be lit the moment the cable it is connected. If you have a DSL modem, you will need to get an IP address from your provider and configure it before the External LED will light.
  • Page 20 The front Power LED will light the moment you power up the unit. International customers may swap the electrical cord segment shipped with the ANG-1000 for a cord that meets the proper standard for their country. A custom cord can be inserted in the power supply.

  • Page 21: Checking Ang-1000 Connections

    Chapter 2 Installation Checking ANG-1000 Connections The ANG-1000 is now connected and ready for configuration. Check rear and front LEDS in the manner described below to confirm that the connections are working properly. Rear Panel Link LEDs The two top link LEDs on the rear panel light the moment a connection is made to the respective network.
  • Page 22 Checking ANG-1000 Connections After the ANG-1000 is configured and in use, the Internet, VPN, RX and TX LEDs will light and/or blink. Refer to Figure 12 for behavior of the LEDs. The ANG-1000 is now ready for configuration. Refer to Chapter 3 for detailed instructions.

  • Page 23: Before You Begin

    Configuring the ANG-1000 with Configuring the ANG-1000 with To configure the ANG-1000, use the Internet browser on your computer and connect to the server via the Web. During the Web session, you run the Aurorean Web Config utility and configure the system. Figure 13 illustrates the process.
  • Page 24 H If your computer was supplied a static IP address and Gateway by your service provider, you must now accept the address from a DHCP server and remove the gateway for the ANG-1000 to find and connect with the PC.

  • Page 25: Logging Into Web Config

    To log into Web Config, perform the steps below. Point your Web browser at the default trusted IP address of the ANG-1000. In the browser’s Location field at the top of the window, type: http://192.168.1.1 or aurorean. (include the dot) and click OK.

  • Page 26: Viewing Vpn Status

    Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Click the Firmware Upgrade menu option and go to the next page. Configuring the ANG-1000 with Aurorean Web Config Aurorean Network Gateway 1000 VPN Status Secondary Connection Primary rms3 146.115.206.15...

  • Page 27: Downloading The Latest Firmware

    Configuring the ANG-1000 with Aurorean Web Config Downloading the Latest Firmware After logging in, download the latest firmware image to the ANG-1000’s flash memory (provided the MAC address is set for cable service users - refer to page 32) by accessing the FTP server where it is stored. As new firmware becomes available, you can update it again.
  • Page 28 After the firmware image is downloaded, the new image is “flushed” or stored on the ANG-1000. This step takes about 30-45 seconds and the photo below shows the activity lights seen on the ANG-1000 when the device’s flash memory is being upgraded with the new firmware image.
  • Page 29 Links Reboot the ANG-1000 by clicking Reboot Now. The ANG-1000 will take a few moments to accept the new software. To ensure that the image was updated, compare the date last modified, Release, Build and Patch numbers in the lower left corner of the VPN Status window as shown in Figure 15 with the previous release information.

  • Page 30: Setting Up The Vpn

    Setting Up the VPN The VPN configuration created on the ANG-1000 completes a link with the ANG-3000/7000 on the remote end of this connection. If your network administrator has already set up the ANG-3000/7000 with appropriate User, Password and Group information, after setting up the VPN you will build the site-to-site tunnel connection and be up and running on the corporate LAN.
  • Page 31 Force default route disables the ANG-1000’s Intelligent Client Routing (ICR) feature which allows users to browse the Internet outside the tunnel. Be aware that with Force Default enabled, the ANG-1000 transmits all traffic through the tunnel which may cause Web browsing problems.

  • Page 32: Setting Up The Internet Connection

    Setting Up the Internet Connection Internet configuration of the External side of the ANG-1000 involves choosing the type of IP address assignment the ANG-1000 will accept. The ANG can accept one of the following: H A DHCP-assigned IP address - your network automatically sets the ANG’s IP address via the DHCP (Dynamic Host Configuration...
  • Page 33 Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Click the Internet Setup menu option. The Internet Setup window appears as shown in Figure 21. Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1000 System...
  • Page 34 Internet LED will turn on. If a static IP address was configured, the Internet LED will shine immediately. If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered.

  • Page 35: Setting Up The Lan

    Setting Up the LAN LAN configuration of the Trusted side of the ANG-1000 involves choosing either to manually set an IP address and subnet for the ANG-1000 or dynamically assigning its IP address via your network’s DHCP server. Begin LAN Setup by performing the following steps: Click the LAN Setup menu option.
  • Page 36 – Click Apply. CAUTION If you change the default LAN Setup and reboot the ANG-1000, you must release and renew the IP address for all adaptors bound to TCP/IP on your connected computer(s) in order to reconnect with the ANG-1000 and make future changes.

  • Page 37: Setting Up The Firewall

    Chapter 3 Configuring the ANG-1000 with Aurorean Web Config If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you supplied must then be re-entered. We strongly recommend that you do not use the reset button unless you want the configuration to return to factory defaults.
  • Page 38 IPFWADM Web sites: - www.xos.nl/linux/ipfwadm/paper/ - www.fwtk.org/ipfwadm/faq/ipfwadm-faq.html If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button.

  • Page 39: Setting Your Password

    Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Setting Your Password To further ensure security for your ANG-1000, you should configure a new password to replace the factory-installed password netadmin. Change the Password by performing the following steps: Click the Set Password menu option.

  • Page 40: Checking Device Status

    Checking Device Status The Device Status window provides a host of important data to ensure the ANG-1000 is connected properly and to permit troubleshooting as problems occur. When consulting Enterasys Customer Support, you will be asked to display this window.
  • Page 41 Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Help VPN Status VPN Setup Connectivity Setup Internet Setup LAN Setup Firewall Setup ANG-1000 System Set Password Device Status Firmware Update Advanced Utilities Links Config File Editor Aurorean Products Enterasys Home Aurorean Network Gateway-1000 User’s Guide...

  • Page 42: Route Table

    Wed Apr 11 17:17:45 dhcpcd: setDhcpInfo ip=3f51410f, lease=258, renew=12c, rebind=20d Wed Apr 11 17:17:45 dhcpcd: got in BOUND state Wed Apr 11 17:18:32 dhcpd: serving 192.168.1.100 Wed Apr 11 17:18:56 IKE: Trace(*) (IKE) Begin QM Initiator (4409f0) to 146.123.34:500 Configuring the ANG-1000 with Aurorean Web Config Receive errs drop...

  • Page 43: Using Advanced Utilities

    Using Advanced Utilities Advanced Utilities provided by the ANG-1000 include: H Setting the MAC Address of a newly attached ANG-1000 when you want to quickly connect to a cable service provider. MAC addresses are used by service providers to identify supported users. The ANG-1000 can proxy your computer’s MAC address to the ISP but...

  • Page 44: Using The Configuration Editor

    Do one of the following: ANG-1000 connections broken during a reboot will be lost after service returns. Idling the traffic stream (Telnet, e.g.) for a couple minutes before re-initiating the connection resolves the problem. Using the Configuration Editor Knowledgeable network administrators can use the Configuration Editor to invoke commands on the ANG-1000’s LINUX 2.0 operating system.
  • Page 45 Configuration File Edit This Web application allows you to update and delete the system configuration files of the ANG-1000. These files are used to control the ANG-1000 for its VPN functionality, Internet and LAN connectivity, firewall capabilities, networking startup commands and other key features of the ANG-1000 device.
  • Page 46 You can remove the Configuration Editor (along with the Advanced Utilities option) from the main menu by selecting the config command, deleting the MODEEXPERT on argument and clicking Update. Configuring the ANG-1000 with Aurorean Web Config Aurorean Network Gateway 1000 Configuration File Edit...

  • Page 47: Configuring Ip Port Forwarding

    Configuring IP Port Forwarding ANG-1000’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1000 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-side hosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.
  • Page 48 Under **Expert-Config**, type the following rules: – – Click Update and Reboot Now when prompted to save the change. Configuring the ANG-1000 with Aurorean Web Config Definition Forward TCP traffic Forward UDP traffic Add the IP port forwarding table entry...
  • Page 49 Chapter 3 Configuring the ANG-1000 with Aurorean Web Config Refer to the table below for a sample IP port forwarding configuration: Example The above sample configuration performs the following tasks: H Clears the IP port forwarding table H Maps telnet (TCP port 23) from the VPN address (10.120.50.215) to port 23 on the internal server 192.168.0.1...

  • Page 51: Appendix A - Glossary

    Aurorean Network Gateway An Enterasys Networks device that creates a secure virtual private circuit over the Internet between itself and a remote user’s computer. The Aurorean Network Gateway encapsulates data packets using IPSec and encrypts data to prevent third-parties from intercepting and examining it. There are three...
  • Page 52 authentication server (such as a RADIUS or SecurID server). When the network administrator changes tunnel connection parameters, the Aurorean Policy Server provide updated configuration files to Aurorean Network Gateways on request. DHCP Dynamic Host Configuration Protocol (DHCP) servers are used to assign IP addresses.

  • Page 53: Generic Routing Encapsulation (Gre)

    Appendix A Glossary Generic Routing Encapsulation (GRE) Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link over the Internet. For PPTP, GRE is used to encapsulate PPP data packets within an IP packet (IP packet headers contain address information necessary for routing, while PPP packets do not).

  • Page 54: Mac Address

    LEDs Abbreviation of light emitting diode, an electronic device that lights up when electricity is passed through it. LEDs are usually red, but the ANG-1000 uses green LEDs. The LEDs are used to indicators. Mac Address Short for Media Access Control address, a hardware address that uniquely identifies each node on a network.

  • Page 55: Network Administrator

    (such as servers and the applications running on them) are consistently available and performing well. In terms of Enterasys Networks products, this person physically installs Aurorean Policy Servers and Aurorean Network Gateways, distributes Aurorean Client Software to remote users, and runs RiverMaster software on his/her computer to manage the entire VPN.

  • Page 56: Virtual Private Network (Vpn)

    RiverMaster A management application running on a Windows NT 4.0 Workstation computer which communicates with Aurorean Policy Servers and Aurorean Network Gateways. Using RiverMaster, a network administrator creates user databases, sets policies for user groups, views activity logs, and generates usage reports. Routers Devices which direct network traffic among LANs or WANs until the data reaches its destination.

  • Page 57: Appendix B - Specifications

    This appendix details the specifications of the ANG-1000. Category Chassis Depth Width Height Weight Environment Operating Temperature PFC Power Power Adapter Supply Processor Memory Storage Hard Drive Devices Performance Server Capacity Tunnel Performance Aurorean Network Gateway-1000 User’s Guide Table 1 ANG-1000 Specifications Parameters 6 1/2”...
  • Page 58 Table 1 ANG-1000 Specifications (Continued) Category Protocols & Tunnel Protocols Standards Encapsulated LAN Protocols Routing Protocols Authentication Encryption Compression Ethernet Number of Ports Data Transfer Rate Connector Safety US/Canada/ Regulations Europe EMCI US, Canada, Europe, Japan, Australia, New Zealand, Taiwan,...

  • Page 59: Appendix C - Pin Assignments

    ANG-1000 servers are equipped with Ethernet ports located at the rear of the chassis, supporting full-duplex 10Base-T transmission. Both port types conform to IEEE 802.3 standards with 8-pin modular RJ-45 connectors.
  • Page 60 Appendix C Pin Assignments Replacement Ethernet cables must meet the following requirements: H Category 3, 4, or 5 unshielded twisted-pair (UTP) wiring H Length cannot exceed 328 feet (100 meters) Aurorean Network Gateway-1000 User’s Guide...

  • Page 61: Appendix D - License Agreement & Support

    License Grant Enterasys Networks, Inc., 35 Industrial Way, Rochester, New Hampshire 03866 hereby grants to Licensee a personal, nonexclusive, non-transferable license to use the Licensed Software on the servers on which the Software is first installed (“Licensed Servers”) and on an unlimited number of client...

  • Page 62: Warranty

    Enterasys Networks License Agreement scope of the license that Licensee has purchased from Enterasys. Should one or more the above Licensed Servers be upgraded and/or replaced by other Enterasys servers purchased by Customer pursuant to Enterasys' then current upgrade policy, the license may be transferred and the Software may be used on the replacement server(s).

  • Page 63: Infringement Indemnification

    REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT INCLUDING NEGLIGENCE, SHALL BE LIMITED TO THE ACTUAL DOLLAR AMOUNT ENTERASYS RECEIVED HEREUNDER FROM CUSTOMER FOR THE PARTICULAR PRODUCTS WHICH ARE THE Aurorean Network Gateway-1000 User’s Guide Enterasys Networks License Agreement...

  • Page 64: Termination

    Enterasys Networks License Agreement SUBJECT MATTER OF THE CAUSE OF ACTION. IN NO EVENT SHALL ENTERASYS BE LIABLE FOR ANY LOST OR ANTICIPATED PROFITS OR SAVINGS, OR ANY INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, REGARDLESS OF THE FORM OF...

  • Page 65: U. S. Government - Commercial Computer Software

    The use of the Licensed Software by the Government constitutes acknowledgment of Enterasys's proprietary rights in the Licensed Software. The manufacturer is Enterasys Networks, 35 Industrial Way, Rochester, New Hampshire 03866. The licensee or user of this product agrees not to remove any of the RESTRICTED RIGHTS legends and markings included in this software and associated documentation.

  • Page 66: Returning Products For Repair

    Returning Products for Repair After discussing the problem with Enterasys Networks Customer Support or your authorized Enterasys Networks reseller, you may be asked to return the APS-3000/7000 or ANG-1000/3000/7000 for repairs. You will receive a Return Material Authorization (RMA) number for the server. Ship the server,...

  • Page 67: Index

    Accessory Kit Ethernet LEDs Ethernet ports front panel LEDs Interconnects Power connections specifications unpacking Usage Aurorean Network Gateway definition Aurorean Network Gateway-1000 See ANG-1000 Aurorean Policy Server definition Aurorean Web Config, definition authentication cables connecting Ethernet – requirements Canadian notices compliance...
  • Page 68 Index LEDs definition Ethernet ports front panel license agreement – Mac Address, definition NAT server description NetBEUI Network Address Translation (NAT), definition Network Administrator, definition network cable requirements Notices Canadian General on-line customer support pin assignments Ethernet Point of Presence (POP), definition Point-to-Point Protocol (PPP), definition Point-to-Point Tunneling Protocol (PPTP) definition...
  • Page 69 Index Virtual Private Network (VPN), definition VPN. See Virtual Private Network (VPN) warranty Aurorean Network Gateway-1000 User’s Guide...

Table of Contents

Save PDF