Manuals / Avocent / Computer Equipment / Network Router

Avocent Cyclades-PR2000 installation manual Virtual Private Network Configuration, PR3000, PR4000

Models: Cyclades-PR2000

1 136

Download 136 pages 56.31 Kb

Page 115

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION

Cyclades-PR2000

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION

The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network. The basic concepts are presented in Figure 14.1. An IP datagram is sent by a device on the LAN. The message arrives at the router. The router has two tables. One with all the IP addresses contained in the Local Security Network and another with all the IP addresses in the Remote Security Networks. If the source IP address is contained in the Local Security Network list and the destination IP address is contained in the Remote Security Network list, the message is encrypted and encapsulated. The only destination address is that for the remote gateway (defined in the Remote Security Network list). Upon arrival at the remote gateway, the packet is unwrapped and sent to its destination.

PC	Message
PC
		Local
IP Datagram		Gateway
sent by user

Message PC

Remote

Gateway

Header	PR3000	Message
Source IP Address		Message
Source IP Address
Destination IP Address
IP Options and Data		Public
		Public

Message

PR4000

Header

Source IP Address

Destination IP Address

IP Options and Data

			As sent by	Network
			local Gateway

			Header with destination:
Conversion			remote security gateway
Conversion			IP Address
performed by Router			IP Address
with Cyclades’ VPN			Encrypted IP Datagram
			Encrypted IP Datagram

As received by remote Gateway

Header with destination: remote security gateway IP Address

Encrypted IP Datagram

FIGURE 14.1 CONVERSION PERFORMED BY CYCLADES’ VIRTUAL PRIVATE NETWORK UTILITY

Chapter 14 - Virtual Private Network Configuration

115

Image 115

Avocent Cyclades-PR2000 installation manual Virtual Private Network Configuration, PR3000, PR4000

Contents

Cyclades Corporation Installation ManualAccess Router Cyclades-PR2000FCC Warning Statement Cyclades-PR2000 Installation ManualCanadian DOC Notice Special Keys Table of ContentsIP Bridge Static Routing OSPF Configuration on the InterfaceOSPF Global Configurations The IP ProtocolCreation of user accounts and passwords The LAN Interface DB-25 Loopback ConnectorTable of Contents The WAN InterfacesCHAPTER 1 HOW TO USE THIS MANUAL Text Conventions Installation AssumptionsIcon ConventionDescription IconsCyclades Technical Support and Contact Information Cyclades-PR2000 Cyclades CorporationChapter 1 - How to Use This Manual Phone + 01 510 Fax + 01 510 41829 Albrae Street Fremont, CA USADB-25 CHAPTER 2 WHAT IS IN THE BOXBack Panel of PR2000 Back Panel of PR2000 Quick Installation ManualConfig Chapter 3 Using CyROS MenusConnection Using the Console Cable and a Computer or Terminal PR2000 login super PR2000 PasswordAll menus have the following elements Special Keys Cyros Management Utility The CyROS Management UtilityCyclades-PR2000 Chapter 3 - Using CyROS MenusNetwork Mask Example 1 Connection to an Internet Access Provider via ModemCHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS Speed 38.4kFIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationYour Application STEP TWOParameter ExampleFIGURE 4.4 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationFIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERS ParameterExample Your ApplicationParameter ParameterExample Your ApplicationYour Application STEP SEVENParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration file100.130.130.1 Example 2 A LAN-to-LAN Example Using Frame RelayCentral Offices Remote Site’sFIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationDSU/CSU, the Clock Source is External ParameterExample Your ApplicationFIGURE 4.12 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationYour Application sending end must be using the same headerParameter ExampleYour Application FIGURE 4.14 DLC CONFIGURATION MENU PARAMETERSParameter ExampleFIGURE 4.15 STATIC ROUTE MENU PARAMETERS ParameterExample Your ApplicationChapter 4 - Step-by-Step Instructions Instructions for creating a backup of the configuration fileInstructions for listing the configuration Cyclades-PR2000FIGURE 4.16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANS Example 3 Link BackupParameter ParameterExample Your ApplicationParameter ParameterExample Your ApplicationExample This parameter has no effect for link backup. For loadThis parameter has no effect for link backup. For load ParameterYour Application FIGURE 4.21 STATIC BACKUP ROUTE PARAMETERSParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration fileDescription CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACEThe IP Network Protocol ParameterDescription ParameterIncoming IP Accounting FIGURE 5.1 IP BRIDGE EXAMPLE IP BridgeParameter Other ParametersDescription the Clock Source is always External CHAPTER 6 THE SWAN AND ASYNC INTERFACESParameter DescriptionSTEP TWO Description ParameterCHAPTER 7 NETWORK PROTOCOLS ConfigParameter The IP ProtocolDescription Description ParameterDetailed Incoming IP Accounting For the Spanning Tree Algorithm, a priority is given to each link in the router and to The Transparent Bridge ProtocolParameter DescriptionParameter CHAPTER 8 DATA-LINK PROTOCOLS ENCAPSULATIONPPP The Point-to-Point Protocol Applies when Enable Van Jacobson IP Header Compression is Yes . ThisDescription ParameterLCP Link Control Protocol messages are normally exchanged to monitor the status of Description CHARcommunication. When Start is used, a connection is attempted as soon as the line ParameterTraffic Control based on Data Link Connection PPPCHARHDLC Frame RelayParameter end must be using the same header type NLPID or SNAP as the router on the receiving endDescription 200.1.1.1 DLCI200.1.1.4 200.1.1.3 Router200.1.1.1 200.1.1.2Description ParameterFIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLE X.25Switch / DCE X.25Parameter X.25 Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25Description Parameter X.25 Menu ContinuedDescription Parameter X.25 with PAD Packet Assembler/DisassemblerDescription Static Routing CHAPTER 9 ROUTING PROTOCOLS Routing StrategiesDynamic Routing 142.10.0.4 Static RoutesNetwork 142.10.0.3A Network Slot192.168.100.1 ETH0Parameter Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is usedDescription Parameter RIP ConfigurationDescription AREA Backbone OSPFAREA AN AUTONOMOUS SYSTEMParameter OSPF Configuration on the InterfaceDescription are configured in CONFIG = INTERFACE =LINK =NETWORK PROTOCOL =IP Parameter OSPF Global ConfigurationsDescription Description ParameterDescription ParameterDescription ParameterParameter only when Virtual Link Status is ActiveDescription BGP-4 Configuration Tele Popeye FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED200.50.50.0 Description ParameterDescription ParameterDescription ParameterCONFIG=IP=BGP4=NEIGHBOR=ADD continued Parameter esir dDescription ROUTE MAP Parameter Applies only for Access List Type equal to AS Path. Limits the search on AS number toDescription FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST Parameter Alters the weight used to determine the best path. This value replaces the importanceDescription Description ParameterCHAPTER 10 CYROS, THE OPERATING SYSTEM Creation of user accounts and passwordsCreation of the host table User Name Password User Type Super, Usr, Auto, or PPPAuto IP Accounting 200.240.230.2 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION200.200.200.11 200.200.200.10 NAT Local Addresses # address range NAT Enabled NAT mode Expanded Port map translation EnabledUDP Timeout min DNS Timeout min TCP Timeout min TCP flags Timeout min NAT Global Addresses # address range 1 200.240.230.225 toTypes of Address Translation Description Menu OptionDescription Menu OptionDescription ParameterDescription ParameterCHAPTER 12 RULES AND FILTERS Configuration of IP FiltersFIGURE 12.1 THE RULES LIST MENU TREE ConfigSame as Add Rule ListFIGURE 12.2 FIREWALL EXAMPLE Exterior Router DENYSteps necessary to activate filtering on the exterior router in the example Destination IP Operator FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLELinked exterioroutFIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED Interior Router PERMITFilterlist Name slot1in FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLEDestination Port Operator Traffic Rule Lists 3 Service Prioritization 11.11.11.0 FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLEDestination Port Page Port Any PortRequests DataThe configured rules will appear as shown in the following listing FIGURE 13.1 IPX NETWORK EXAMPLE CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGEETH0 SlotConfiguring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Value for the Example Frame RelayX.25 RoutingFIGURE 13.2 ROUTING TABLE FOR THE EXAMPLE The SAP Service Advertisement Protocol TablePR3000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATIONPR4000 Page REMOTE SECURITY NETWORK REMOTE SECURITY NETWORKLOCAL SECURITY NETWORK PR2000STEP THREE Description ParameterTest APPENDIX A TROUBLESHOOTINGWhat to Do if the Login Screen Does Not Appear When Using a Console Boot Code stepEvent What to Do if the Router Does Not Work or Stops WorkingCPU LED Morse code Testing the Ethernet Interface Testing the WAN Interfaces The next 4 columns indicate bytes and packets sent and received Cyclades - PR2000 LEDsSafety APPENDIX B HARDWARE SPECIFICATIONS General SpecificationsPower Requirements external DC adapter Physical SpecificationsETHERNET PORT External InterfacesThe WAN Interfaces The LAN InterfaceCONSOLE PORT The Asynchronous InterfaceASYNCHRONOUS PORT The Console InterfaceThe Straight-Through Cable CablesFIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALE DB-25 - M.34 AdaptorSignal The ASY/Modem CableThe Cross Cable SignalFIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE Cyclades-PR2000 DB-25 Loopback ConnectorFIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALE Appendix B - Hardware SpecificationsProcedure APPENDIX C CONFIGURATION WITHOUT A CONSOLERequirements Index C CablesCyclades Philippines