Manuals / Avocent / TV and Video / Home Theater Server

Avocent Cyclades-PR4000 installation manual Virtual Private Network Configuration 145

Models: Cyclades-PR4000

1 174

Download 174 pages 19.29 Kb

Page 145

Cyclades-PR4000

STEP THREE

Use the menu item INFO =>SHOW ROUTING TABLE to confirm that the other Remote Security Gateways (RSGs), and all the networks included in the Remote Security Networks, are reachable. In the example, this would require that all of the following appear in RSG3’s routing table:

•RSG1 router IP address: 9.9.9.1

•Network connected to RSG1 that will be included in Remote Security Network 1: 10.255.255.0

•RSG2 router IP address: 20.20.20.1

•Network connected to RSG2 that will be included in Remote Security Network 2: 192.168.0.0

These IP addresses should appear as a destination or be contained in one of the destination networks listed in the routing table. If an address is not in the routing table, add it following the instructions given in chapter 11 for static routes.

STEP FOUR

The next step is to define the devices contained in the Local Security Network. Navigate to the menu CONFIG =>SECURITY =>VPN =>LOCAL IP NETWORKS =>ADD NETWORK. Enter the Network IP address and mask for all devices to be included in the local network for VPN purposes. In the example, the networks 10.0.0.0 and 172.16.0.0 must be added.

Traffic from other networks attached to the router will still be routed. The only difference is that the messages will be forwarded without processing and encryption by the VPN software.

STEP FIVE

The Gateways (represented by RSG1 and RSG2 in the example) must be defined. The Router IP address for each gateway is requested, along with a secret. This secret is not global, but rather applies to each pair of RSGs. If RSG3 defines the secret for RSG1 as rumpelstiltskin, then RSG1’s secret for RSG3 must also be rumpelstiltskin. It is critical that the Router IP Address (as described in step two) be used, and not the IP address of the link connected to the IP network (unless the two IP addresses happen to be the same).

Chapter 16 - Virtual Private Network Configuration

145

Image 145

Avocent Cyclades-PR4000 installation manual Virtual Private Network Configuration 145

Contents

Cyclades-PR4000 FCC Warning Statement Cyclades-PR4000 Installation ManualCanadian DOC Notice Table of Contents IP Bridge 119 139 156 HOW to USE this Manual Installation Assumptions Text Conventions CONFIG=INTERFACE=LConvention Description IconsCyclades Technical Support and Contact Information CONFIGURATION=ALLUSA Cyclades CorporationWhat is in the BOX Slot with Swan RSV Card or DB-25 Male Swan Expansion CardWith M.34 Interface Provisioning the T1/E1 Dialup Lines Signaling ISDN-PRI CCS or CASNumber of Phone Lines One-Way or Two-Way Service Isdn Switch Type ISDN-PRI onlyData/Voice Support Phone Numbers, Hunting Groups, and Hunting SequenceLine Coding Signaling Method and Dialing Method T1 CAS-BR onlyFraming Termination at the Customer PremisesUsing CyROS Menus Lmi-typeANSI, Group of four, None a Special Keys Discard, save to Flash, or save to Run configurationCyROS Management Utility Cyros Management UtilityCyROS Management Utility Slot #2 Port #26 Status CyROS Management Utility Operating the Front-Panel Display LCDModem Order Modem OverviewND no Slot/Link OrderInterface Overview Screen Interface OverviewSyslog Messages IP TrafficSystem Info STEP-BY-STEP Instructions for Common Applications Example 1 Using the PR4000 as a Remote Access ServerServer RadiusNetwork Mask PR4000 Telephone NumberParameter Example Your Application Step ONEIP MTU NATE1/T1 Controller Menu Parameters Radius Server Parameters Step ThreeStep Five Step FourInstructions for listing the configuration Host 192.168.0.0PR4000 Host 192.168.0.11Parameter Example Your Application Swan Physical Menu Parameters Global Assigned because the IP 10 PPP Encapsulation Menu Parameters MlpppStep SIX 11 Static Route Menu ParametersStep Seven Configuration =TO Flash Step NineStep Eight Instructions for listing the configuration IP Network Protocol Configuration of the Ethernet InterfaceParameter Description Incoming IP Accounting Config =RULES LIST=IP=CONFIGURE RULES=ADD RULE=ALLOW200.240.240.9 200.240.240.3 200.240.240.2 200.240.240.1 IP BridgePR4000 Link PR3000 200.240.240.8 200.240.240.4Other Parameters Clock Source is always External Swan InterfaceStep TWO Protocol Be used for authentication Rest Same as Add Group E1 and T1 INTERFACES, Without SignalingOtherwise, see chapter Menu Item Description CONFIG=INTERFACE=T1/E1=CHANNELHdlc Step Four Controller Menu Tree E1 and T1 INTERFACES, with SignalingCONFIG=CONTROLLER=T1/E1 Integrated Isdn Line CCS Signaling Mode ISDN-PRIBRI Line Router Analog Line Remote Users ISDN-PRI Interface Configuration Menu Tree Timeout function Integrated CAS Line CAS Signaling ModeRouter Analog Line Remote Users Interface E1/T1 CAS One Channel Parameters Independent of Signaling ModeRange All ChannelsMultilink Options Channel Menu CONFIG=INTERFACE=T1/E1=CHANNELModem Internet Service ProviderIP Address PR4000 LANServerIP Address Router a SIgnaling Config Interface E1/T1 Channel=MODEMS =DIGITAL Modem Parameter Description RAS Profile Interface T1/E1 Channel Wizards TS ProfileLAN-to-LAN Profile Copy From ChannelAnsi Menu Items Description12 Parameters SET by the RAS Wizard 13 Parameters SET by the LAN-TO-LAN Wizard Network Protocol Network ProtocolsIP Protocol Detailed Incoming IP Accounting Transparent Bridge Protocol PPP The Point-to-Point Protocol DATA-LINK Protocols EncapsulationPPP Menu Char Hdlc PppcharFrame Relay Parameter Description 200.1.1.1 DlciSalvador Recife Network São Paulo Rio de Janeiro NetworkParameter Description Modem or Switch / DCERouter / DTE Step ONE Menu With PAD Packet Assembler/Disassembler Routing Strategies Routing ProtocolsStatic Routing Dynamic Routing142.10.0.0 Mask Static Routes192.168.100.0 10.0.0.0Interfaces UnnumberedAdd Static Route Menu Config =STATIC Routes =IP =ADD Route RIP Configuration Ospf Ospf Configuration on the Interface 10Mbps, 65 for T1, 1785 for 56kbps, etc Ospf Global Configurations =PASSWORD CONFIG=STATIC ROUTES=IP=ADD ROUTE=OSPF Advertises this=ROUTING Protocol =OSPF =ADVERTISE this NON-OSPF Interface Applies when Area Range N Status is Active =IP=OSPF=AREA=AUTHENTICATION Type Only when Virtual Link Status is ActiveBGP-4 Configuration 255.255.255.0 200.50.50.0 PR3000 200.200.200.2 Tele Brutus Example System with PR3000 in AS 100 Being ConfiguredCONFIG=IP=BGP4=BGP NETWORK=ADD CONFIG=IP=BGP4=GLOBALRoute Reflector Client CONFIG=IP=BGP4=NEIGHBOR=ADDRouting Protocols 107 Up Ro 100.10.0.0/16 Route PR3000 RredParameter Description Seq Rule Message From Tele Popeye Route Map RoutesRouting Protocols 110 DiscardedDiscarded RoutesRoutes Seq RuleMessage From Tele Popeye Rule CONFIG=IP=BGP4=ROUTE MAP=ADD CONFIG=IP=BGP4=AGGREGATE ADDRESSES=ADD CYROS, the Operating System Creation of user accounts and passwordsCreation of the host table Slip IP Accounting Detailed information can be accessed via SnmpPR4000 With NAT Network Address TranslationTranslated Types of Address Translation Menu Option Description Interface. Five minutes is a reasonable time NAT 122 Rules and Filters Configuration of IP FiltersRule List Rules ListBastion Host 10.0.0.0 Extension to Network Exterior Router Perimeter Network Slot 192.168.0.0Let Mail out Exterior RouterLet Telnet Connections Out Filters and Rules 127 TCP Interior Router Output for IP Filtering ExampleStop Telnets From the Outside Except Bastion Host Stop Forged Packets Don’t Allow Access to NewsFilters and Rules 131 Link 33.33.33.1 25% or less Traffic Rule ListsClient B Filters and Rules 133 Filterlist Name traffic1 Output Showing Parameters for Traffic Rule Example Back Operator Start IPX Network IPX Internetwork Packet ExchangeInternal Network Number Mac Address 00 60 2E 00 11Configuring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Routing Frame RelayParameter Value for the Example Routing Table for the Example SAP Service Advertisement Protocol TableVirtual Private Network Configuration Virtual Private Network Configuration 143 Router IP Address Link IP10..255.255.0RSG3 Remote IP Network 9.1 Security Gateway Router Link IP172.16.0.0 LinkVirtual Private Network Configuration 145 Virtual Private Network Configuration 146 Test CPU Boot Code step Appendix a TroubleshootingEvent Port 2 LED Morse code What to Do if the Router Does Not Work or Stops WorkingTesting the Ethernet Interface Testing the WAN Interface Testing the Two T1/E1 Ports Use of a Cross Cable for Testing T1/E1 Ports and ModemsHow to Test the Modems DPS Test Results 113 General Specifications Appendix B. Hardware SpecificationsPower Requirements Physical SpecificationsConsole Port External InterfacesConsole Port RTS DTREthernet Port Ethernet PortTPTX+ Tptx TPRX+ Tprx T1/E1 Interface T1 and E1Straight-Through Cable CablesCross Cable Router-MD / V.35 Cable DB-25 Male Cyclades Router Signal Pin PGndPin 13 B 10 F 15 S 17 T 24 W 11 U DB-25 to M.34 Adapter Cross Cable for Testing the T1/E1 Ports ISO 2110 Standard Cable Signal Pin PGndDB-25 Male Modem Cyclades Router TxD/V.35 B TxD/V.35 a RxD/V.35 B RxD/V.35 aRJ-45 Male E1 / DB-15 CableProcedure Appendix C Configuration Without a ConsoleRequirements Appendix D Installation of Additional Digital Modems Appendix D Installation of Additional Digital ModemsStep One Step TwoStep Five Step FourClamp Slot Step SixStep Seven Step Nine Step EightClamp Step Eleven Step TenIndex 172 Index 173 Cyclades Philippines