Enterasys Networks ANG-1000 manual Configuring IP Port Forwarding

Page 47

Chapter 3

Configuring the ANG-1000 with Aurorean Web Config

NOTE

If you press the reset button after you have configured your ANG-1000, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the reset button.

Configuring IP Port Forwarding

ANG-1000’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1000 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-sidehosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.

This is accomplished by rewriting the headers of all packets bound for the ANG-1000 and forwarding them to another host on the trusted-side of the network, depending on their destination port (port numbers corresponding to standard, well-known protocols). The IP addresses are re-written so that incoming IP (TCP and UDP) packets are forwarded to their intended destinations, and the reply packets are re-written to appear to be coming from the ANG-1000.

This process requires static, known values for the following:

HThe IP address assigned to ANG-1000by the VPN. This address is in RiverMaster in the ANG-1000's user account and may not be assigned dynamically via pools or virtual subnets.

HThe IP address of the server on the ANG-1000 trusted network (one server per protocol). This may not be dynamically assigned by the ANG-1000 via DHCP.

HThe protocol (TCP or UDP) and the protocol port number.

IP Port Forwarding is configured by editing the ipportfw command in the ipfwrules configuration file in the Config Editor tool of the Web Config. The ipportfw commands should be entered at the end of the ipfwrules file.

Aurorean Network Gateway-1000 User’s Guide

35

Image 47

Contents Aurorean Virtual Network ANG-1000 User’s GuideAurorean Network Gateway-1000 User’s Guide Iii Important Safety Instructions Table of Contents Configuring the ANG-1000 with Aurorean Web Vii Page About This Guide Contents of the GuideConventions Used in This Guide About This Guide Related Publications Related PublicationsPage ANG-1000 Front Rear OverviewSystem Description System Description ANG-1000 TopologyUnpacking the ANG-1000 InstallationLocation Planning Connecting CablesAccessories Ethernet Cables PowerConnecting Cables Aurorean Network Gateway-1000 Do one of the following as shown in FigureANG-3000/7000 Chapter Connecting Power to the ANG-1000 Connecting Power to the ANG-1000Connecting the Power Cable to the Power Supply Front Power LED will light the moment you power up the unitChapter Checking ANG-1000 Connections Checking ANG-1000 ConnectionsRear Panel Link LEDs Front Panel LEDsInternet PowerCOM1 and COM2 Leds are not operational at this time ActiveBefore You Begin Configuring the ANG-1000 with Aurorean Web ConfigConfiguring the ANG-1000 with Aurorean Web Config VPN Status window appears as shown in Figure Logging into Web ConfigTo log into Web Config, perform the steps below Login window appears as shown in FigureVPN Viewing VPN StatusDownloading the Latest Firmware Click the Firmware Upgrade menu optionFirmware Upgrade window appears as shown in Figure Firmware Update window appears as shown in FigureSecond Firmware Update Window ANG-1000 will take a few moments to accept the new software Aurorean Network Gateway Firmware UpdateAurorean Network Gateway VPN Setup Setting Up the VPNClick the VPN Setup menu option VPN Setup window appears as shown in FigureClick Apply Setting Up the Internet Connection Do one of the following Click the Internet Setup menu optionInternet Setup window appears as shown in Figure Configuring the ANG-1000 with Aurorean Web Config LAN Setup Setting Up the LANClick the LAN Setup menu option LAN Setup window appears as shown in FigureConfiguring the ANG-1000 with Aurorean Web Config Firewall Setup window appears as shown in Figure Setting Up the FirewallBegin Firewall Setup by performing the following steps Click the Firewall Setup menu optionConnectivity Setup LAN Connection Aurorean Network Gateway Firewall SetupSet Password Setting Your PasswordClick the Set Password menu option Set Password window appears as shown in FigureDevice Status window appears as shown in Figure Checking Device StatusClick the Device Status menu option Device Status Window System Log Network DevicesRoute Table InterruptsAdvanced Utilities Using Advanced UtilitiesClick the Advanced Utilities menu option Advanced Utilities window appears as shown in Figure Using the Configuration Editor Configuration Edit window appears as shown in Figure Click the Configuration Edit menu optionFile/etc/config/config Configuring IP Port Forwarding Usage Follow the steps below to configure IP port forwardingSwitch Arg Definition Example Page Aurorean Policy Server Aurorean Web ConfigGlossary Aurorean Network GatewayFirewall EthernetIP Security Protocol IPSec Internet Service Provider ISPGeneric Routing Encapsulation GRE IP AddressNetwork Address Translation NAT LEDsMac Address Point-to-Point Tunneling Protocol Pptp Network AdministratorPoint of Presence POP Point-to-Point Protocol PPPVirtual Private Network VPN RiverMasterRouters TunnelingCategory Parameters SpecificationsThis appendix details the specifications of the ANG-1000 Specifications Link 2 External Pin SignalPin Assignments Link 1 TrustedPin Assignments License Grant License Agreement & SupportEnterasys Networks License Agreement Warranty Appendix D Infringement IndemnificationLimitation of Liability Applicable Law TerminationInternational Provisions Support from Enterasys Networks Technical SupportGovernment Commercial Computer Software Technical Support Returning Products for RepairIndex POP IndexIndex