Manuals / Avocent / TV and Video / Home Theater Server

Avocent Cyclades-PR4000 installation manual Virtual Private Network Configuration

Models: Cyclades-PR4000

1 174

Download 174 pages 19.29 Kb

Page 142

Cyclades-PR4000

CHAPTER 16 VIRTUAL PRIVATE NETWORK CONFIGURATION

The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network. The basic concepts are presented in Figure 14.1. An IP datagram is sent by a device on the LAN. The message arrives at the router. The router has two tables. One with all the IP addresses contained in the Local Security Network and another with all the IP addresses in the Remote Security Networks. If the source IP address is contained in the Local Security Network list and the destination IP address is contained in the Remote Security Network list, the message is encrypted and encapsulated. The only destination address is that for the remote gateway (defined in the Remote Security Network list). Upon arrival at the remote gateway, the packet is unwrapped and sent to its destination.

PC	Message
PC
		Local
IP Datagram		Gateway
sent by user

Message PC

Remote

Gateway

Header	PR3000 Message
Source IP Address
Destination IP Address
IP Options and Data	Public
	Public

Message

PR4000

Header

Source IP Address

Destination IP Address

IP Options and Data

			As sent by	Network
			local Gateway

			Header with destination:
Conversion			remote security gateway
Conversion			IP Address
performed by Router			IP Address
with Cyclades’ VPN			Encrypted IP Datagram
			Encrypted IP Datagram

As received by remote Gateway

Header with destination: remote security gateway IP Address

Encrypted IP Datagram

FIGURE 14.1 CONVERSION PERFORMED BY CYCLADES’ VIRTUAL PRIVATE NETWORK UTILITY

Chapter 16 - Virtual Private Network Configuration	142

Image 142

Avocent Cyclades-PR4000 installation manual Virtual Private Network Configuration

Contents

Cyclades-PR4000 FCC Warning Statement Cyclades-PR4000 Installation ManualCanadian DOC Notice Table of Contents IP Bridge 119 139 156 HOW to USE this Manual Installation Assumptions Convention Description CONFIG=INTERFACE=LText Conventions IconsCONFIGURATION=ALL Cyclades Technical Support and Contact InformationCyclades Corporation USAWhat is in the BOX Slot with Swan RSV Card or DB-25 Male Swan Expansion CardWith M.34 Interface Provisioning the T1/E1 Dialup Lines Signaling ISDN-PRI CCS or CASNumber of Phone Lines Data/Voice Support Isdn Switch Type ISDN-PRI onlyOne-Way or Two-Way Service Phone Numbers, Hunting Groups, and Hunting SequenceFraming Signaling Method and Dialing Method T1 CAS-BR onlyLine Coding Termination at the Customer PremisesUsing CyROS Menus Lmi-typeANSI, Group of four, None a Discard, save to Flash, or save to Run configuration Special KeysCyros Management Utility CyROS Management UtilityCyROS Management Utility Slot #2 Port #26 Status CyROS Management Utility LCD Operating the Front-Panel DisplayModem Overview Modem OrderSlot/Link Order ND noInterface Overview Interface Overview ScreenSyslog Messages IP TrafficSystem Info Example 1 Using the PR4000 as a Remote Access Server STEP-BY-STEP Instructions for Common ApplicationsNetwork RadiusServer Mask PR4000 Telephone NumberIP MTU Step ONEParameter Example Your Application NATE1/T1 Controller Menu Parameters Step Three Radius Server ParametersStep Four Step FiveInstructions for listing the configuration PR4000 Host 192.168.0.0Host 192.168.0.11Parameter Example Your Application Swan Physical Menu Parameters Global Assigned because the IP Mlppp 10 PPP Encapsulation Menu Parameters11 Static Route Menu Parameters Step SIXStep Seven Configuration =TO Flash Step NineStep Eight Instructions for listing the configuration IP Network Protocol Configuration of the Ethernet InterfaceParameter Description Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW Incoming IP AccountingPR4000 Link PR3000 IP Bridge200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 200.240.240.8 200.240.240.4Other Parameters Swan Interface Clock Source is always ExternalStep TWO Protocol Be used for authentication E1 and T1 INTERFACES, Without Signaling Rest Same as Add GroupOtherwise, see chapter CONFIG=INTERFACE=T1/E1=CHANNEL Menu Item DescriptionHdlc Step Four E1 and T1 INTERFACES, with Signaling Controller Menu TreeCONFIG=CONTROLLER=T1/E1 Integrated Isdn Line CCS Signaling Mode ISDN-PRIBRI Line Router Analog Line Remote Users ISDN-PRI Interface Configuration Menu Tree Timeout function Integrated CAS Line CAS Signaling ModeRouter Analog Line Remote Users Range Parameters Independent of Signaling ModeInterface E1/T1 CAS One Channel All ChannelsChannel Menu CONFIG=INTERFACE=T1/E1=CHANNEL Multilink OptionsInternet Service Provider ModemIP Address PR4000 LANServerIP Address Router a Config Interface E1/T1 Channel SIgnaling=MODEMS =DIGITAL Modem Parameter Description LAN-to-LAN Profile Interface T1/E1 Channel Wizards TS ProfileRAS Profile Copy From ChannelMenu Items Description Ansi12 Parameters SET by the RAS Wizard 13 Parameters SET by the LAN-TO-LAN Wizard Network Protocols Network ProtocolIP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol DATA-LINK Protocols Encapsulation PPP The Point-to-Point ProtocolPPP Menu Char Hdlc PppcharFrame Relay Parameter Description Dlci 200.1.1.1São Paulo Rio de Janeiro Network Salvador Recife NetworkParameter Description Modem or Switch / DCERouter / DTE Step ONE Menu With PAD Packet Assembler/Disassembler Static Routing Routing ProtocolsRouting Strategies Dynamic Routing192.168.100.0 Static Routes142.10.0.0 Mask 10.0.0.0Unnumbered InterfacesAdd Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =PASSWORD CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active Only when Virtual Link Status is Active =IP=OSPF=AREA=AUTHENTICATION TypeBGP-4 Configuration Example System with PR3000 in AS 100 Being Configured 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele BrutusCONFIG=IP=BGP4=GLOBAL CONFIG=IP=BGP4=BGP NETWORK=ADDCONFIG=IP=BGP4=NEIGHBOR=ADD Route Reflector ClientRouting Protocols 107 Up Ro 100.10.0.0/16 Route PR3000 RredParameter Description Routes Seq Rule Message From Tele Popeye Route MapRouting Protocols 110 DiscardedDiscarded RoutesRoutes Seq RuleMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD CYROS, the Operating System Creation of user accounts and passwordsCreation of the host table Slip Detailed information can be accessed via Snmp IP AccountingNAT Network Address Translation PR4000 WithTranslated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time NAT 122 Configuration of IP Filters Rules and FiltersRules List Rule ListExterior Router Perimeter Network Slot 192.168.0.0 Bastion Host 10.0.0.0 Extension to NetworkLet Mail out Exterior RouterLet Telnet Connections Out Filters and Rules 127 TCP Output for IP Filtering Example Interior RouterStop Forged Packets Don’t Allow Access to News Stop Telnets From the Outside Except Bastion HostFilters and Rules 131 Link 33.33.33.1 25% or less Traffic Rule ListsClient B Filters and Rules 133 Filterlist Name traffic1 Output Showing Parameters for Traffic Rule Example Back Operator Start Internal Network IPX Internetwork Packet ExchangeIPX Network Number Mac Address 00 60 2E 00 11Configuring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Routing Frame RelayParameter Value for the Example SAP Service Advertisement Protocol Table Routing Table for the ExampleVirtual Private Network Configuration Virtual Private Network Configuration 143 RSG3 Remote IP Network 9.1 Security Gateway Router Link Link IP10..255.255.0Router IP Address IP172.16.0.0 LinkVirtual Private Network Configuration 145 Virtual Private Network Configuration 146 Appendix a Troubleshooting Test CPU Boot Code stepWhat to Do if the Router Does Not Work or Stops Working Event Port 2 LED Morse codeTesting the Ethernet Interface Testing the WAN Interface Use of a Cross Cable for Testing T1/E1 Ports and Modems Testing the Two T1/E1 PortsHow to Test the Modems DPS Test Results 113 Power Requirements Appendix B. Hardware SpecificationsGeneral Specifications Physical SpecificationsConsole Port External InterfacesConsole Port RTS DTREthernet Port Ethernet PortTPTX+ Tptx TPRX+ Tprx T1 and E1 T1/E1 InterfaceCables Straight-Through CableCross Cable Router-MD / V.35 Cable DB-25 Male Cyclades Router Signal Pin PGndPin 13 B 10 F 15 S 17 T 24 W 11 U DB-25 to M.34 Adapter Cross Cable for Testing the T1/E1 Ports DB-25 Male Modem Cyclades Router Signal Pin PGndISO 2110 Standard Cable TxD/V.35 B TxD/V.35 a RxD/V.35 B RxD/V.35 aE1 / DB-15 Cable RJ-45 MaleProcedure Appendix C Configuration Without a ConsoleRequirements Step One Appendix D Installation of Additional Digital ModemsAppendix D Installation of Additional Digital Modems Step TwoStep Four Step FiveClamp Slot Step SixStep Seven Step Nine Step EightClamp Step Ten Step ElevenIndex 172 Index 173 Cyclades Philippines