Configuring Tunnel Protocols, 221 | Enterasys Networks Network Card

Appendix B

Configuring Tunnel Protocols

ANG-3000/7000 Preconfiguration Stored on a Floppy Disk

2Enter values in the open fields as follows:

–ANG name: A designation for the gateway

–Domain name: A Fully Qualified Domain Name (FQDN). Verify that the name is “fully-qualified” (not already in use within your domain) before entering it in this field. Domain names should follow the standard practice of period separators (for example, APS7000.mycompany.com)

–Trusted IP Address and Subnet Mask: IP addresses and subnet of the ANG’s trusted interface

–Trusted IP Gateway: IP address of a gateway server on the trusted side of the network to which the ANG can route traffic

–External IP Address and Subnet Mask: IP address and subnet mask of the ANG’s external interface

3Click Next.

The Tunnel Protocols window appears with the General tab selected as shown in Figure 123.

Configuring Tunnel Protocols

This section describes how to configure the ANG’s two supported tunnel protocols:

HPoint-to-Point Tunneling Protocol (PPTP) developed by Microsoft, 3Com and others that uses Point-to-Point (PPP) protocol and Generic Routing Encapsulation (GRE) to route packets through the Internet.

HIP Security (IPSec) protocol developed by the Internet Engineering Task Force (IETF) that adds security extensions for encryption and message authentication to IP protocol.

RiverMaster Administrator’s Guide

221

Image 233

Enterasys Networks Network Card Configuring Tunnel Protocols, Enter values in the open fields as follows, Click Next, 221

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Adding POPs for Corporate ISPs 114 Managing Users & Groups Generating Reports Index About This Guide Contents of the Guide About This Guide Related Documents Conventions Used in this Guide Xii Hardware Requirements System Requirements Installation Steps Installing the ApplicationSoftware Requirements Upgrading a Previous Release Installing the Application When the Welcome window appears, click Next to continue Starting the Application for the First Time To start RiverMaster, perform the following steps First-Time Setup Information Select APS Window Do one of the following RiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster Files Delete the RiverMaster folder Restart your computer Default location for this folder is C\Program Files\Locate the RiverMaster program folder RiverMaster Overview Getting Started with RiverMaster Curre Logging into RiverMaster Logging into RiverMaster Logging into RiverMaster Checking Server Status Problem Summary & Users LoggedChecking Server Status Aurorean Network Gateway Status Information Aurorean Network Gateway Statistics Aurorean Network Gateway Statistics Aurorean Policy Server Statistics Service Function If Stopped Aurorean Policy Server Services FTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First Time Add user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Before You Begin Configuration PulloutBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Intelligent Client Routing Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client Routing Enabled Intelligent Client Routing Disabled Aurorean NAT ServerNetwork Gateway Site-to-Site Tunnels Site-to-Site Configuration AutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings DNS server addresses tab page appears as shown in Figure Click the DNS tab Wins Server Addresses Click the Wins tab NAT Server Address Click the NAT tab Click Apply to save your changes Viewing Aurorean Alternate Address InformationAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this window Tunnel Protocols Tunnel Protocols Tunnel Protocols window appears as shown in Figure Tunnel Protocol General Settings Tunnel Protocol Authentication Settings Click the Authentication tab Parameter Explanation Click the Encryption tab Do one of the following Tunnel Protocol Encryption Settings Tunnel Parameter Explanation Protocol Click the Compression tab Tunnel Protocol Compression Settings Enable or disable Mppc as required IP Subnetting Virtual SubnettingSample IP subnet window is shown in Figure Virtual Subnetting Add An IP Virtual Subnet window appears as seen in Figure Click Remove to delete any configured virtual subnetsClick Add Sample IPX virtual networks window is shown in Figure IPX Virtual Networks IPX Subnet Configuration for Remote Clients Routing Routing RIP Configuration window should appear as shown in Figure Setting Routing Protocol Parameters RIP Routing Protocol Configuration Parameter Meaning Fixed Value Repeat and for each gateway required Do one of the following Ospf Routing Protocol Configuration Ospf Configuration window appears as shown in Figure Routing Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol Choose the version of RIP to use on this interface RIP Interface Configuration window appears as shown Do one of the following Ospf Interface Configuration window appears as shown To enable Ospf on an interface, perform the following steps Static parameter tab page is displayed as shown in Figure Do one of the following Routing Click Add Remote Server Display Adding a Remote Server Add Remote Server window appears as shown in Figure Click Add Remote Server Adding a Remote Server Choose the tunneling protocol IPSec or Pptp Click AddAdd Remote Tunnel window appears as shown in Figure Changing Server and Tunnel Properties Select Enabled or Disabled in the Enabled State field Remote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Radius Authentication Servers Authorization Plug-in Options Plug-in Planning Problem Notification Private/Public Keys for IPSec Authentication Trace Levels Trace Messages Display Adding an Authorization Plug-In Shows the Configuration pullout Enterasys Authentication Click here to update the plug-in Optionally, specify a value in the Num Threads field Radius Authorization Adding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value Create New Plug-in window will appear as shown in Figure SecurID Authorization Adding an Authorization Plug-In Chapter Click Create Specify SecurID Configuration File Window Chapter Generating Private/Public Keys Chapter Creating a Mailing List Using the Notification Service to Send E-Mail Chapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter ANG Tunnel Management Service Window Setting Trace Levels Backing Up the Database Click Set to enable the Trace Level Starting a Database Backup Click Start on Backup Database Click on Indus River Access 100 Window similar to will appearBacking Up the Database 101 Controlling Remote User Dialing & Access 102 TollSaver Database 103 Corporate Dial-Up Access 104 Corporate 105 Creating POP Packages 106 Creating POP Packages 107 Build Completed Window 108 Adding Corporate ISPs 109 110 Click the ISP Properties tabISP Properties display will appear as show in Figure 111 Select the Access Method as followsScript files are not uploaded without the .SCP extension 112 Adding Corporate ISPs 113 114 Adding POPs for Corporate ISPsAdding POPs for Corporate ISPs 115 Pull-down options appear as shown in below 116 This field is currently not implemented 117 Script window appears as shown in FigurePage 119 Managing Users & Groups 120 Manage Users & Groups Pullout 121 Group Policies 122 Aurorean Client Installation Kits 123 Contents of a Aurorean Client Installation Kit 124 Client Synchronization 125 126 Group Notices Creating a New GroupOpen the Manage Users and Groups pullout Creating a New Group 128 Manage Users and Groups Pullout Group View 129 130 Policy Explanation 131 Password Policies 132 Credit Card Policies 133 Tunnel Policies 134 Adding Users to a GroupSample User view is shown in Figure 135 Corporate User Name field, type a name for the user 136 Password field, type a unique passwordDepartment field automatically defaults to the group name 137 Modifying User & Group Information 138 Removing Users & Groups Creating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139 140 Build Client Install Kit Window 141 Default Aurorean installation kit file name isSet the Install Kit Options as follows 142 Advanced Kit Options Window 143 144 Kit Complete Message 145 Controlling Client SynchronizationControlling Client Synchronization 146 Viewing Group Policies 147 Open the Configuration pullout Click the Update tabBuilding Core Data Files 148 Build Core Data Files Display 149 Uploading Software Synchronization Files 150 Upload Software Synchronization Files Display 151 Click Upload to copy the file you chose onto the APS Setting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152 153 Chapter Managing Users & Groups 154 Click the arrow in the Group field and select a groupGroup pull-down screen appears as shown in Figure 155 Write your notice in the text boxMessage you write is limited to 256 characters. See Figure Page 157 Monitoring System ActivityCurrent Message Activity Open the View System Activity pullout To view message activity, perform the following stepsSample message activity view is shown in Figure Monitoring System Activity 159 System Activity Display 160 161 Message ID Message Type Detailed Description 162 Text 163 Tunnelid 164 Advanced Message Viewer 165 Advanced Message View Setup Example 166 Message Type Explanation 167 168 Advanced Message Viewer Results Example 169 Printing Messages 170 RiverMaster OptionsRiverMaster Options window displays as shown in Figure 171 RiverMaster Options Window 172 Tunnel Statistics window appears similar to Figure Viewing Tunnel ActivityViewing Tunnel Activity 173 174 Describes the types of statistics you can chooseValue Meaning Trends to Look For 175 176 Using Snmp to Gather Statistics Generating Reports Report Contents 178 Report ContentsHeading Explanation 179 Network Gateway Report 180 Network Gateway Report Values Network Gateway Report Max Tunnels GRE/IPSEC Display 182 Client Anomaly Report 183 Client Report 184 Client Session Report Values 185 Conn Speed Client Session Summary Report Displays a typical Client Session Summary Report 187 Accounting Report 188 Displays a typical Accounting Summary Report Drill-down Accounting Detail Report Accounting Summary Report Choose from daily, weekly, monthly or custom options Downloading, Viewing and Exporting ReportsDownloading, Viewing and Exporting Reports 190 191 192 Report Viewing Window 193 Printing Reports Export window appears as shown in Figure Exporting ReportsSelect Disk file in the Destination field 194 195 If you want this export format Go to 196 Choose Export File Window 197 Exporting Records Window 198 Export To Directory window appears as shown in Figure 199 Number and Date Format Dialog box appears as shown 200 Enter Odbc Table Name dialog box appears as shown 201 Select Workbook Window Format Options Dialog Box Lines Per Page Dialog Box 203 Exporting Reports to a Microsoft Exchange Folder Choose Profile Window Select Exchange Folder in the Destination field and click OK 205 Select a folder window appears as shown in Figure 206 Click on a folder to store the report and click OK 207 Exporting Reports Using Mapi 208 Send Mail window appears as shown in FigureExport is now complete 209 Glossary 210 AutoLink Recovery 211 Generic Routing Encapsulation GRE 212 Network Administrator 213 Point-to-Point Tunneling Protocol Pptp 214 Remote Client/User 215 TollSaver DatabasePage 217 ANG-3000/7000 Preconfiguration Stored on a Floppy Disk Add Remote ANG window appears as shown in Figure Adding Remote GatewaysAdding Remote Gateways 218 219 Add Remote ANG Window Under Remote Gateways, click Configure Remote Gateway Configuring ANG IP AddressesRemote ANG Configuration screen appears as shown in Figure 220 Enter values in the open fields as follows Configuring Tunnel ProtocolsClick Next 221 222 Configuring Tunnel Protocols 223 Click on the Authentication tab 224 Click the Encryption tab Do one of the following 225 226 Click the Compression tabCompression properties screen appears as shown in Figure 227 Enable or disable Mppc as required 228 Configuring Virtual Subnets 229 230 Configuring Routing ProtocolsConfiguring Routing Protocols 231 232 Ospf Properties 233 234 Configuring Routing InterfacesConfiguring Routing Interfaces 235 236 Configuring RIP for the Interface 237 238 Configuring Ospf on an InterfaceSet the RIP Route Importing/Exporting options as follows 239 Creating Static Routes 240 Appendix B 241 242 Creating Remote ConnectionsCreating Remote Connections 243 Remote Connection Configuration Window 244 Tunnel Values section, enter a User Name 245 246 247 Loading the Floppy DiskLoading the Floppy Disk 248 Remove the floppy disk 249 Enterasys Networks License AgreementLicense Grant 250 WarrantyAppendixC Limitation of Liability Infringement IndemnificationAppendix C 251 International Provisions TerminationApplicable Law 252 253 Government Commercial Computer Software Support from Authorized Resellers Technical SupportSupport from Enterasys Networks 254 255 SymbolsNumerics 256 Index 257 190-208New 111 109110 113 259 48, 224 260 Radius 261 203-206 262 UDP 263