Virtual Private Network Configuration | Avocent Cyclades-PR2000

Cyclades-PR2000

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION

The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network. The basic concepts are presented in Figure 14.1. An IP datagram is sent by a device on the LAN. The message arrives at the router. The router has two tables. One with all the IP addresses contained in the Local Security Network and another with all the IP addresses in the Remote Security Networks. If the source IP address is contained in the Local Security Network list and the destination IP address is contained in the Remote Security Network list, the message is encrypted and encapsulated. The only destination address is that for the remote gateway (defined in the Remote Security Network list). Upon arrival at the remote gateway, the packet is unwrapped and sent to its destination.

PC	Message
PC
		Local
IP Datagram		Gateway
sent by user

Message PC

Remote

Gateway

Header	PR3000	Message
Source IP Address		Message
Source IP Address
Destination IP Address
IP Options and Data		Public
		Public

Message

PR4000

Header

Source IP Address

Destination IP Address

IP Options and Data

			As sent by	Network
			local Gateway

			Header with destination:
Conversion			remote security gateway
Conversion			IP Address
performed by Router			IP Address
with Cyclades’ VPN			Encrypted IP Datagram
			Encrypted IP Datagram

As received by remote Gateway

Header with destination: remote security gateway IP Address

Encrypted IP Datagram

FIGURE 14.1 CONVERSION PERFORMED BY CYCLADES’ VIRTUAL PRIVATE NETWORK UTILITY

Chapter 14 - Virtual Private Network Configuration

115

Image 115

Avocent Cyclades-PR2000 installation manual Virtual Private Network Configuration

Contents

Cyclades-PR2000 FCC Warning Statement Cyclades-PR2000 Installation ManualCanadian DOC Notice Table of Contents Static Routing Dynamic Routing 112 127 HOW to USE this Manual Text Conventions Installation Assumptions Icon Meaning Why CONFIG=INTERFACE=LConvention Description Icons Cyclades Technical Support and Contact Information CONFIGURATION=ALL USA Cyclades Corporation To Wall Outlet Gender Changer DB-25 DB-9 Male What is in the BOXInterface DB-25 Male RS-232 Modem With DB-25 Interface RJ-45 Male RJ-45 to DB-25 Login Prompt and Main Menu Using CyROS Menus Lmi-typeANSI, Group of four, None Ansi Special Keys CONFIGURATION=TO Flash CyROS Management Utility Cyros Management Utility Cyclades-PR2000 PR2000 Host 192.168.0.30 255.255.255.0 STEP-BY-STEP Instructions for Common ApplicationsRS-232 Modem Network IP PC192.168.0.0 Host NAT Step ONEParameter Example Your Application IP MTU Step Three Step TWO Swan Network Protocol IP Menu Parameters Mlppp Step Four Step SIX Step Five Step Eight Step SevenStep Nine Instructions for listing the configuration Instructions for creating a backup of the configuration file 200.240.230.1 Example 2 a LAN-to-LAN Example Using Frame RelayNetwork IP Mask ETH0 PR2000 10 Ethernet Network Protocol Menu Parameters 11 Swan Physical Menu Parameters 12 Swan Network Protocol IP Menu Parameters LMI Snap IPCIR Dlci 14 DLC Configuration Menu Parameters 15 Static Route Menu Parameters Instructions for creating a backup of the configuration file Example 3 Link Backup 17 Traffic Control Parameters 18 Addition of the Primary Main Link Swan 20 Multilink Circuit Attributes This parameter has no effect for link backup. For load 21 Static Backup Route Parameters Instructions for creating a backup of the configuration file IP Network Protocol Configuration of the Ethernet InterfaceParameter Description Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW 200.240.240.8 200.240.240.4 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 PR2000 Link PR3000 Other Parameters Clock Source is always External Swan and Async Interfaces Step TWO Protocol Be used for authentication Network Protocol Network Protocols IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols Encapsulation PPP Menu Char Hdlc PppcharFrame Relay T391 Interval between the LMI Status Enquiry messages N391 CONFIG=INTERFACE=SWAN =TRAFFIC Control =GENERAL =BANDWIDTH 200.1.1.1 Dlci Salvador Recife Network São Paulo Rio de Janeiro Network For static address mapping Router / DTE Switch / DCE Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 Menu With PAD Packet Assembler/Disassembler Dynamic Routing Routing ProtocolsRouting Strategies Static Routing 10.0.0.0 Static Routes142.10.0.0 Mask 192.168.100.0 Interfaces Unnumbered Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =PASSWORD CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is Active BGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR2000 in AS 100 Being Configured CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBAL Route Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADD Step Three Up Ro 100.10.0.0/16 Route PR3000 RredParameter Description Seq Rule Message From Tele Popeye Route Map Routes Parameter Description DiscardedDiscarded RoutesRoutes Seq RuleMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD CYROS, the Operating System Creation of user accounts and passwordsCreation of the host table Slip IP Accounting Detailed information can be accessed via Snmp Server 192.168.0.31 NAT Network Address TranslationGlobal Address Range Ftp Network Server Mask Networks 192.168.0.0 Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time Step Four Rules and Filters Configuration of IP Filters Rule List Rules List Bastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0 Let Mail out Exterior RouterLet Telnet Connections Out Filters and Rules 100 Output for Exterior Router Example Filters and Rules 102 Interior Router Stop Forged Packets Don’t Allow Access to NewsStop Telnets From the Outside Except Bastion Host Output for Interior Router Example Link 33.33.33.1 25% or less Traffic Rule ListsClient B Filters and Rules 106 Output Showing Parameters for Traffic Rule Example Filters and Rules 108 Port 25 Smtp Mail Server Web ServerMail Server Web Client 10 Output Showing Parameters for Traffic Rule Example Internal Network IPX Internetwork Packet ExchangeNumber Mac Address 00 60 2E 00 11 Configuring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Routing Frame RelayParameter Value for the Example Routing Table for the Example SAP Service Advertisement Protocol Table Virtual Private Network Configuration Virtual Private Network Configuration 116 IP172.16.0.0 Link Link IP10..255.255.0Router IP Address RSG3 Remote IP Network 9.1 Security Gateway Router Link Virtual Private Network Configuration 118 Virtual Private Network Configuration 119 CPU Appendix a TroubleshootingBoot Code step Test Event CPU LED Morse code What to Do if the Router Does Not Work or Stops Working Host host00 Testing the Ethernet Interface Figure A.3 General Statistics Table Testing the WAN Interfaces Appendix a Troubleshooting 124 LEDs Cyclades PR2000 Appendix B Hardware Specifications WAN Interfaces External InterfacesLAN Interface Console Interface Asynchronous Interface Straight-Through Cable Cables TxClkDTE a Female Retention Screw Male DB-25 Female Signal Pin PGndDB-25 M.34 Adaptor TxClkDTE B Cross Cable ASY/Modem Cable Cross Cable Signal Pin Pin Signal PGnd TxD RxD20 DTR Figure B.10 Loopback Connector DB-25 Male DB-25 Loopback Connector Procedure Appendix C Configuration Without a ConsoleRequirements Snmp RIP Cyclades Philippines