Enterasys Networks ANG-1100 manual Configuring IP Port Forwarding

Page 51

Chapter 3

Configuring the ANG-1100 with Aurorean Web Config

NOTE

If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the Reset button.

Configuring IP Port Forwarding

ANG-1100’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1100 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-sidehosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.

This is accomplished by rewriting the headers of all packets bound for the ANG-1100 and forwarding them to another host on the trusted-side of the network, depending on their destination port (port numbers corresponding to standard, well-known protocols). The IP addresses are re-written so that incoming IP (TCP and UDP) packets are forwarded to their intended destinations, and the reply packets are re-written to appear to be coming from the ANG-1100.

This process requires static, known values for the following:

!The IP address assigned to ANG-1100by the VPN. This address is in RiverMaster in the ANG-1100's user account and may not be assigned dynamically via pools or virtual subnets.

!The IP address of the server on the ANG-1100 trusted network (one server per protocol). This may not be dynamically assigned by the ANG-1100 via DHCP.

!The protocol (TCP or UDP) and the protocol port number.

IP Port Forwarding is configured by editing the ipportfw command in the ipfwrules configuration file in the Config Editor tool of the Web Config. The ipportfw commands should be entered at the end of the ipfwrules file.

Aurorean Network Gateway-1100 User’s Guide

39

Image 51

Contents Aurorean Virtual Network ANG-1100 User’s GuideAurorean Network Gateway-1100 User’s Guide Iii Important Safety Instructions Table of Contents Table of Contents Configuring the ANG-1100 with Aurorean WebUnited States Government Restricted Rights Page About This Guide Contents of the GuideConventions Used in This Guide About This Guide Related Publications Related PublicationsPage System Description OverviewSystem Description ANG-1102/1105 TopologyUnpacking the ANG-1102/1105 InstallationAccessories Location PlanningUnpacking the ANG-1102/1105 Chapter Connecting Cables Connecting CablesEthernet Connections Do one of the following as shown in Figure ANG-3000/7000Aurorean Network Serial Connection Reset TER NALConnecting Power to the ANG-1102/1105 Chapter Connecting Power to the ANG-1102/1105Connecting Power to the ANG-1102/1105 Connecting the Power Cable to the Power SupplyChecking ANG-1102/1105 Connections LED behaviorChecking ANG-1102/1105 Connections Chapter Before You Begin Configuring the ANG-1100 with Aurorean Web ConfigConfiguring the ANG-1100 with Aurorean Web Config VPN Status window appears as shown in Figure Logging into Web ConfigTo log into Web Config, perform the steps below Login window appears as shown in FigureSet Password Setting Your PasswordClick the Set Password menu option Set Password window appears as shown in FigureVPN Status Viewing VPN StatusSetting Up the VPN Click the VPN Setup menu optionVPN Setup window appears as shown in Figure Assigned VPN Connections Aurorean Network Gateway VPN SetupSelect one of the following Connection modes Click Apply Setting Up the Internet Connection Click the Internet Setup menu optionInternet Setup window appears as shown in Figure Internet Setup Internet Setup Window Do one of the followingConfiguring the ANG-1100 with Aurorean Web Config Firmware Update Click the Firmware Upgrade menu optionFirmware Upgrade window appears as shown in Figure Firmware Update window appears as shown in FigureSecond Firmware Update Window Image Date and Build Information Aurorean Network Gateway Firmware UpdateLAN Setup Setting Up the LANClick the LAN Setup menu option LAN Setup window appears as shown in FigureConfiguring the ANG-1100 with Aurorean Web Config Setting Up the Firewall Firewall Setup Begin Firewall Setup by performing the following stepsClick the Firewall Setup menu option Firewall Setup window appears as shown in FigureSetting Your Password Set Password Window Checking Device Status Click the Device Status menu optionDevice Status window appears as shown in Figure Device Status Window System Log Network DevicesRoute Table InterruptsUsing Advanced Utilities Advanced Utilities window appears as shown in FigureAdvanced Utilities Using the Configuration Editor Configuration Edit window appears as shown in Figure Click the Configuration Edit menu optionConfiguring the ANG-1100 with Aurorean Web Config Configuring IP Port Forwarding Follow the steps below to configure IP port forwarding Switch Arg DefinitionUsage Example Page Aurorean Policy Server Aurorean Web ConfigGlossary Aurorean Network GatewayFirewall EthernetIP Security Protocol IPSec Internet Service Provider ISPGeneric Routing Encapsulation GRE IP AddressNetwork Address Translation NAT Network Administrator LEDsMac Address PPPoE Point of Presence POPPoint-to-Point Protocol PPP Point-to-Point Tunneling Protocol PptpRouters TunnelingVirtual Private Network VPN Specifications This appendix details the specifications of the ANG-1100Category Parameters Specifications Vcci Page Pin Assignments Ethernet Port Pin Assignments Pin SignalSerial Port Pin Assignments DB-9Page Enterasys Networks, Inc. Program License Agreement Program License Agreement SupportExport Requirements LicenseOther Restrictions Applicable LawExclusion of Warranty United States Government Restricted RightsUnited States Government Restricted Rights No Liability for Consequential Damages Technical SupportSupport from Enterasys Networks Technical Support Returning Products for RepairPage VPN LED IndexLAN IndexPOP Index