Chapter 3

Configuring the ANG-1100 with Aurorean Web Config

NOTE

If you press the Reset button after configuring your ANG-1100, you will lose your entire configuration. Any settings you have changed from factory defaults, such as firewall rules, will be removed. We recommend that you save these settings to a Notepad file which you then can reference if you are compelled to use the Reset button.

Configuring IP Port Forwarding

ANG-1100’s support of IP Port Forwarding permits you to make servers on the trusted network of the ANG-1100 available to the rest of the VPN. In contrast to Network Address Translation (NAT), which allows access to external-side servers initiated by internal-sidehosts, Port Forwarding permits access to internal-side servers initiated by external-side hosts.

This is accomplished by rewriting the headers of all packets bound for the ANG-1100 and forwarding them to another host on the trusted-side of the network, depending on their destination port (port numbers corresponding to standard, well-known protocols). The IP addresses are re-written so that incoming IP (TCP and UDP) packets are forwarded to their intended destinations, and the reply packets are re-written to appear to be coming from the ANG-1100.

This process requires static, known values for the following:

!The IP address assigned to ANG-1100by the VPN. This address is in RiverMaster in the ANG-1100's user account and may not be assigned dynamically via pools or virtual subnets.

!The IP address of the server on the ANG-1100 trusted network (one server per protocol). This may not be dynamically assigned by the ANG-1100 via DHCP.

!The protocol (TCP or UDP) and the protocol port number.

IP Port Forwarding is configured by editing the ipportfw command in the ipfwrules configuration file in the Config Editor tool of the Web Config. The ipportfw commands should be entered at the end of the ipfwrules file.

Aurorean Network Gateway-1100 User’s Guide

39

Page 51
Image 51
Enterasys Networks ANG-1100 manual Configuring IP Port Forwarding