Virtual Private Network Configuration 119 | Avocent Cyclades-PR2000

Cyclades-PR2000

STEP SIX

Now, the Remote Security Networks must be defined. This is done in the CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORKS =>ADD NETWORK menu. The IP address and network mask must be defined for all remote devices to be included in the remote network for VPN communication. The Remote Security Gateway IP address (set in step five) must also be given for each network. In the example, the RSG IP address for the network 10.255.255.0 is 9.9.9.1, and the RSG IP address for the network 192.168.0.0 is 20.20.20.1.

STEP SEVEN

The last step is to activate VPN and configure the VPN options. Be aware that after activating VPN on the local network, data sent to the remote network will not be forwarded until VPN is configured and activated on that network too. The VPN Options Menu parameters should be set using the guidelines given below. The options should be defined identically for all Remote Security Gateways in a VPN.

VPN Options Menu CONFIG =>SECURITY =>VPN =>OPTIONS

Parameter	Description
Cyclades VPN Status	Activates the Virtual Private Network. Warning: until VPN is activated on both ends of
	a given tunnel, all traffic will halt.
Tunnel Keepalive	Keepalive messages are sent across each tunnel with this frequency, to make sure
Timeout	that the router on the other end of the connection is operating.
Tunnel Keepalive	If a keepalive message reply is not received, the router sends the request again this
Retries	number of times.
Tunnel Inactivity	If no messages are passed for this time period (keepalive messages not included), the
Timeout	tunnel will be disconnected.
Time Interval for VPN	This is the time between retries (for either tunnel creation or keepalive requests that
Retries	are not acknowledged).

Chapter 14 - Virtual Private Network Configuration

119

Image 119

Avocent Cyclades-PR2000 installation manual Virtual Private Network Configuration 119

Contents

Cyclades-PR2000 Canadian DOC Notice Cyclades-PR2000 Installation ManualFCC Warning Statement Table of Contents Static Routing Dynamic Routing 112 127 HOW to USE this Manual Text Conventions Installation Assumptions Icon Meaning Why CONFIG=INTERFACE=LConvention Description Icons Cyclades Technical Support and Contact Information CONFIGURATION=ALL USA Cyclades Corporation Interface What is in the BOXTo Wall Outlet Gender Changer DB-25 DB-9 Male DB-25 Male RS-232 Modem With DB-25 Interface RJ-45 Male RJ-45 to DB-25 Login Prompt and Main Menu Using CyROS Menus Lmi-typeANSI, Group of four, None Ansi Special Keys CONFIGURATION=TO Flash CyROS Management Utility Cyros Management Utility Cyclades-PR2000 PR2000 Host 192.168.0.30 255.255.255.0 STEP-BY-STEP Instructions for Common ApplicationsRS-232 Modem Network IP PC192.168.0.0 Host NAT Step ONEParameter Example Your Application IP MTU Step Three Step TWO Swan Network Protocol IP Menu Parameters Mlppp Step Four Step SIX Step Five Step Nine Step SevenStep Eight Instructions for listing the configuration Instructions for creating a backup of the configuration file 200.240.230.1 Example 2 a LAN-to-LAN Example Using Frame RelayNetwork IP Mask ETH0 PR2000 10 Ethernet Network Protocol Menu Parameters 11 Swan Physical Menu Parameters 12 Swan Network Protocol IP Menu Parameters CIR Snap IPLMI Dlci 14 DLC Configuration Menu Parameters 15 Static Route Menu Parameters Instructions for creating a backup of the configuration file Example 3 Link Backup 17 Traffic Control Parameters 18 Addition of the Primary Main Link Swan 20 Multilink Circuit Attributes This parameter has no effect for link backup. For load 21 Static Backup Route Parameters Instructions for creating a backup of the configuration file Parameter Description Configuration of the Ethernet InterfaceIP Network Protocol Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW 200.240.240.8 200.240.240.4 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 PR2000 Link PR3000 Other Parameters Clock Source is always External Swan and Async Interfaces Step TWO Protocol Be used for authentication Network Protocol Network Protocols IP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols Encapsulation PPP Menu Char Frame Relay PppcharHdlc T391 Interval between the LMI Status Enquiry messages N391 CONFIG=INTERFACE=SWAN =TRAFFIC Control =GENERAL =BANDWIDTH 200.1.1.1 Dlci Salvador Recife Network São Paulo Rio de Janeiro Network For static address mapping Router / DTE Switch / DCE Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25 Menu With PAD Packet Assembler/Disassembler Dynamic Routing Routing ProtocolsRouting Strategies Static Routing 10.0.0.0 Static Routes142.10.0.0 Mask 192.168.100.0 Interfaces Unnumbered Add Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=PASSWORD Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is Active BGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR2000 in AS 100 Being Configured CONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBAL Route Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADD Step Three Parameter Description Route PR3000 RredUp Ro 100.10.0.0/16 Seq Rule Message From Tele Popeye Route Map Routes Parameter Description Message From Tele Popeye Rule Seq RuleDiscardedDiscarded RoutesRoutes CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD Creation of the host table Creation of user accounts and passwordsCYROS, the Operating System Slip IP Accounting Detailed information can be accessed via Snmp Server 192.168.0.31 NAT Network Address TranslationGlobal Address Range Ftp Network Server Mask Networks 192.168.0.0 Translated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time Step Four Rules and Filters Configuration of IP Filters Rule List Rules List Bastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0 Let Telnet Connections Out Exterior RouterLet Mail out Filters and Rules 100 Output for Exterior Router Example Filters and Rules 102 Stop Telnets From the Outside Except Bastion Host Stop Forged Packets Don’t Allow Access to NewsInterior Router Output for Interior Router Example Client B Traffic Rule ListsLink 33.33.33.1 25% or less Filters and Rules 106 Output Showing Parameters for Traffic Rule Example Filters and Rules 108 Mail Server Web Client Mail Server Web ServerPort 25 Smtp 10 Output Showing Parameters for Traffic Rule Example Number Mac Address 00 60 2E 00 11 IPX Internetwork Packet ExchangeInternal Network Enabling IPX Configuring the Ethernet InterfaceConfiguring Other Interfaces Parameter Value for the Example Frame RelayRouting Routing Table for the Example SAP Service Advertisement Protocol Table Virtual Private Network Configuration Virtual Private Network Configuration 116 IP172.16.0.0 Link Link IP10..255.255.0Router IP Address RSG3 Remote IP Network 9.1 Security Gateway Router Link Virtual Private Network Configuration 118 Virtual Private Network Configuration 119 CPU Appendix a TroubleshootingBoot Code step Test Event CPU LED Morse code What to Do if the Router Does Not Work or Stops Working Host host00 Testing the Ethernet Interface Figure A.3 General Statistics Table Testing the WAN Interfaces Appendix a Troubleshooting 124 LEDs Cyclades PR2000 Appendix B Hardware Specifications LAN Interface External InterfacesWAN Interfaces Console Interface Asynchronous Interface Straight-Through Cable Cables TxClkDTE a Female Retention Screw Male DB-25 Female Signal Pin PGndDB-25 M.34 Adaptor TxClkDTE B Cross Cable ASY/Modem Cable 20 DTR Signal Pin Pin Signal PGnd TxD RxDCross Cable Figure B.10 Loopback Connector DB-25 Male DB-25 Loopback Connector Requirements Appendix C Configuration Without a ConsoleProcedure Snmp RIP Cyclades Philippines