SnapGear 1.7.8 manual Introduction

Page 4

1. Introduction

This chapter provides an overview of your SnapGear appliance’s features and capabilities, and explains how to install and configure your SnapGear appliance.

The SnapGear appliance enables small to medium-sized businesses to securely interconnect computers on your office network to the Internet. The SnapGear appliance has all the features a business needs to take full advantage of the Internet. Regardless of whether you are connecting to the Internet for the first time or looking for a cost-effective and safe VPN solution, the SnapGear appliance will meet your needs.

The SnapGear appliance simply and securely interconnects your network to the Internet using a robust embedded firewall. Shielded behind a NAT gateway, your office computers are protected from outside threats. The SnapGear appliance filters and checks data packets to prevent unauthorized Internet applications accessing your network.

The SnapGear appliance provides your network with a Virtual Private Network (VPN) server. A VPN enables remote workers or branch offices to securely access your company network to send and receive data at a very low cost. With the SnapGear appliance, you can remotely access your office network securely using the Internet. The SnapGear appliance can also connect to external VPNs as a client.

Using your SnapGear appliance, everyone on your office LAN can access the Internet using a single connection. Your entire network can log on to the Internet using only one ISP account through one analog modem, DSL or ISDN line. This eliminates separate connections and ISP charges for each individual user. Using a dial-in modem connected to your SnapGear appliance, your remote staff can also securely access your office network using direct-dial.

This manual describes how to take advantage of the features of your SnapGear appliance, including setting up an Internet connection, a secure firewall and a VPN. It also describes how to set up the SnapGear appliance on your existing or new network using the web configuration interface.

Installing your SnapGear appliance into a well-planned network is quick and easy. Although network planning and design is outside the scope of this manual, please take the time to plan your network prior to installing your SnapGear appliance.

1

Introduction

Image 4
Contents Rev May 2nd Table of contents Virtual Private Networking Introduction Terminology Term MeaningLAN Document conventions TCP/IPInstalling and configuring your SnapGear appliance Step ChapterLEDs Your SnapGear applianceLabel Activity Description SnapGear appliance back panels Network interconnections SnapGear appliance features Software featuresLAN link features Internet link featuresDial-in connection features Environmental features Static IP reset Getting startedNew Networks 10.0.0.0 10.255.255.255 10/8 prefix192.168.0.0 192.168.0.255 192.168.0/24 prefix Configuring the SnapGear appliance on your network Page Set up IP addresses Your SnapGear appliance was found on the network Multiple SnapGear appliances were found on the networkYour SnapGear appliance needs an IP address Administrative password SnapGear Management Console web administration pagesInitial setup using Linux Using linsetipUsing an existing local Dhcp or Bootp server Ping -b subnet broadcast address Arp -aConfiguring a new local Dhcp or Bootp server Edit the /etc/inetd.conf fileSnapGear Quick Setup LAN port quick setup LAN port quick setupISP connection quick setup ISP connection quick setupGetting started Configuring the PCs on your network TCP/IP properties Connecting to the Internet Physically connect modem deviceConnect to Internet cable modem Select Internet connectionConnect to Internet Adsl Connect to Internet direct Connect to Internet modemISP. The Password and Confirm Password fields must Field DescriptionAdvanced configuration option Internet failoverFollowing figure shows the failover configuration screen Failed connection Configure PCs to use SnapGear appliance Internet gateway Establishing the connectionDial-in server configuration Dial-in server configuration Dial-in setup Dial-in setupField Description Dial-in user accounts Dial-in user account creationFollowing figure shows the user maintenance screen Dial-in password error Account listRemote user configuration For Windows 95 and WindowsServer types Windows Connect to dialogue boxClick Next to continue 11 Connection availability 13 Remote access login screen Network configuration IP configurationNetwork configuration Advanced IP configuration Advanced IP configurationNetwork configuration Dhcp server configuration Dhcp serverNetwork configuration Traffic shaping Advanced networkingAdditional routes Incoming access FirewallIncoming access administration services Incoming access configurationExternal access to services Configure external access to servicesPort forwarding configuration Port forwardingOutgoing access Security group classes configurationOutgoing access settings Firewall rulesIntrusion detection and blocking configuration Intrusion detection and blockingPage Content filtering Content filtering Filtering levels and reporting Filtering Level Description1VPN tunneling using the Pptp server Virtual Private NetworkingPptp client setup Pptp client configuration Pptp server setup Enable and configure the Pptp VPN server Pptp server setupField Description Configuring user accounts for VPN server 4PPTP VPN server accounts screenVirtual Private Networking Configuring the remote VPN client VPN Pptp IP addressVirtual Private Networking VPN client setup Windows 95 and WindowsYour VPN client is now set up correctly Windows NT Network and dial-up connections This displays the Destination Address window Connecting the remote VPN client IPSec setup 12 IPSec setup13 Add new IPSec connection Virtual Private Networking 14 Automatic keying setup Aggressive mode phase 1 settings Technique DescriptionIPSec interoperability System PasswordTime server Diagnostics AdvancedFlash upgrade Reset buttonTechnical support Technical supportAppendix a LED status patterns LED Pattern Status ActionAccess Logging Appendix B System LogDefault Deny Eth0Eth1 PppCreating Custom Log Rules Forward Iptables -I Forward -j LOG -i eth+ -o eth+ -p tcp Administrative Access Logging Rate LimitingBoot Log Messages