Manuals / Enterasys Networks / Computer Equipment / Network Card

Enterasys Networks Network Card manual Setting Up a Aurorean Virtual Network the First Time

Models: Network Card

1 276

Download 276 pages 57.43 Kb

Page 33

Chapter 2	Setting Up a Aurorean Virtual Network the First Time
Getting Started with RiverMaster

Setting Up a Aurorean Virtual Network the First Time

When you start RiverMaster for the first time, you need to perform several basic configuration steps to put your Aurorean Virtual Network into operation. These basic steps are outlined below, with references to the detailed instructions provided throughout this manual.

1Enter the Aurorean VPN name for your Aurorean Virtual Network equipment and enter the IP address(es) of the Aurorean Policy Server(s).

You are prompted to enter these values the first time you start the

RiverMaster application.

2After you login with the default user name and password, set the authentication, encryption, and compression options used during tunnel connections.

These options are set separately for each tunnel protocol (PPTP or

IPSec) as described in Chapter 3.

3Allocate IP addresses for remote users to use when they tunnel into the corporate network.

You can assign a specific address to each remote user or allow users to dynamically draw addresses from a pool. Address pools are created by defining virtual subnets as described in Chapter 3.

4Configure the Aurorean Network Gateway to route packets from remote users through the corporate network.

The Aurorean Network Gateway supports RIP, OSPF, and static routes to forward packets to their destination; to configure these routing protocols, refer to the instructions in Chapter 3.

5Determine how remote Aurorean Client Software users will be authenticated.

–To authenticate against a database residing on the Aurorean Policy Server, you must use the Authorization service as described in Chapter 4.

–To authenticate against an external RADIUS server, you must configure an authorization plug-in as described in Chapter 4.

–To authenticate against an external SecurID server, you must configure an authorization plug-in as described in Chapter 4.

RiverMaster Administrator’s Guide

21

Image 33

Enterasys Networks Network Card manual Setting Up a Aurorean Virtual Network the First Time

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Adding POPs for Corporate ISPs 114 Managing Users & GroupsGenerating Reports Index About This Guide Contents of the GuideAbout This Guide Related Documents Conventions Used in this GuideXii Hardware Requirements System RequirementsInstallation Steps Installing the ApplicationSoftware Requirements Upgrading a Previous ReleaseInstalling the Application When the Welcome window appears, click Next to continueStarting the Application for the First Time To start RiverMaster, perform the following steps First-Time Setup InformationSelect APS Window Do one of the followingRiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster FilesDefault location for this folder is C\Program Files\ Locate the RiverMaster program folderDelete the RiverMaster folder Restart your computer RiverMaster Overview Getting Started with RiverMasterCurre Logging into RiverMaster Logging into RiverMasterLogging into RiverMaster Problem Summary & Users Logged Checking Server StatusChecking Server Status Aurorean Network Gateway Status Information Aurorean Network Gateway StatisticsAurorean Network Gateway Statistics Aurorean Policy Server StatisticsService Function If Stopped Aurorean Policy Server ServicesFTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First TimeAdd user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Configuration Pullout Before You BeginBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Intelligent Client Routing Virtual Subnets for Site-to-Site and Remote Access TunnelsIntelligent Client Routing Enabled Intelligent Client Routing DisabledAurorean NAT ServerNetwork GatewaySite-to-Site Tunnels Site-to-Site ConfigurationAutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway SettingsGeneral Aurorean Network Gateway Settings DNS server addresses tab page appears as shown in Figure Click the DNS tabWins Server Addresses Click the Wins tabNAT Server Address Click the NAT tabClick Apply to save your changes Viewing Aurorean Alternate Address InformationAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this windowTunnel Protocols Tunnel ProtocolsTunnel Protocols window appears as shown in Figure Tunnel Protocol General SettingsTunnel Protocol Authentication Settings Click the Authentication tabParameter Explanation Click the Encryption tab Do one of the followingTunnel Protocol Encryption Settings Tunnel Parameter Explanation Protocol Click the Compression tabTunnel Protocol Compression Settings Enable or disable Mppc as requiredIP Subnetting Virtual SubnettingSample IP subnet window is shown in Figure Virtual SubnettingClick Remove to delete any configured virtual subnets Click AddAdd An IP Virtual Subnet window appears as seen in Figure Sample IPX virtual networks window is shown in Figure IPX Virtual NetworksIPX Subnet Configuration for Remote Clients Routing RoutingRIP Configuration window should appear as shown in Figure Setting Routing Protocol ParametersRIP Routing Protocol Configuration Parameter Meaning Fixed Value Repeat and for each gateway required Do one of the followingOspf Routing Protocol Configuration Ospf Configuration window appears as shown in FigureRouting Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol Choose the version of RIP to use on this interface RIP Interface Configuration window appears as shownDo one of the following Ospf Interface Configuration window appears as shown To enable Ospf on an interface, perform the following stepsStatic parameter tab page is displayed as shown in Figure Do one of the followingRouting Click Add Remote Server Display Adding a Remote ServerAdd Remote Server window appears as shown in Figure Click Add Remote ServerChoose the tunneling protocol IPSec or Pptp Click Add Add Remote Tunnel window appears as shown in FigureAdding a Remote Server Changing Server and Tunnel Properties Select Enabled or Disabled in the Enabled State fieldRemote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Radius Authentication Servers Authorization Plug-in OptionsPlug-in Planning Problem Notification Private/Public Keys for IPSec AuthenticationTrace Levels Trace Messages Display Adding an Authorization Plug-InShows the Configuration pullout Enterasys AuthenticationClick here to update the plug-in Optionally, specify a value in the Num Threads field Radius AuthorizationAdding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value Create New Plug-in window will appear as shown in Figure SecurID AuthorizationAdding an Authorization Plug-In Chapter Click Create Specify SecurID Configuration File WindowChapter Generating Private/Public Keys Chapter Creating a Mailing List Using the Notification Service to Send E-MailChapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter ANG Tunnel Management Service Window Setting Trace LevelsBacking Up the Database Click Set to enable the Trace LevelStarting a Database Backup Click Start on Backup Database Click on Indus River AccessWindow similar to will appear Backing Up the Database100 101 Controlling Remote User Dialing & Access102 TollSaver Database103 Corporate Dial-Up Access104 Corporate105 Creating POP Packages106 Creating POP Packages107 Build Completed Window108 Adding Corporate ISPs109 Click the ISP Properties tab ISP Properties display will appear as show in Figure110 Select the Access Method as follows Script files are not uploaded without the .SCP extension111 112 Adding Corporate ISPs113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 115 Pull-down options appear as shown in below116 This field is currently not implemented117 Script window appears as shown in FigurePage 119 Managing Users & Groups120 Manage Users & Groups Pullout121 Group Policies122 Aurorean Client Installation Kits123 Contents of a Aurorean Client Installation Kit124 Client Synchronization125 126 Group Notices Creating a New GroupOpen the Manage Users and Groups pullout Creating a New Group128 Manage Users and Groups Pullout Group View129 130 Policy Explanation131 Password Policies132 Credit Card Policies133 Tunnel PoliciesAdding Users to a Group Sample User view is shown in Figure134 135 Corporate User Name field, type a name for the userPassword field, type a unique password Department field automatically defaults to the group name136 137 Modifying User & Group Information138 Removing Users & GroupsCreating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139140 Build Client Install Kit WindowDefault Aurorean installation kit file name is Set the Install Kit Options as follows141 142 Advanced Kit Options Window143 144 Kit Complete MessageControlling Client Synchronization Controlling Client Synchronization145 146 Viewing Group PoliciesOpen the Configuration pullout Click the Update tab Building Core Data Files147 148 Build Core Data Files Display149 Uploading Software Synchronization Files150 Upload Software Synchronization Files Display151 Click Upload to copy the file you chose onto the APSSetting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152153 Chapter Managing Users & GroupsClick the arrow in the Group field and select a group Group pull-down screen appears as shown in Figure154 Write your notice in the text box Message you write is limited to 256 characters. See Figure155 Page Monitoring System Activity Current Message Activity157 Open the View System Activity pullout To view message activity, perform the following stepsSample message activity view is shown in Figure Monitoring System Activity159 System Activity Display160 161 Message ID Message Type Detailed Description162 Text163 Tunnelid164 Advanced Message Viewer165 Advanced Message View Setup Example166 Message Type Explanation167 168 Advanced Message Viewer Results Example169 Printing MessagesRiverMaster Options RiverMaster Options window displays as shown in Figure170 171 RiverMaster Options Window172 Tunnel Statistics window appears similar to Figure Viewing Tunnel ActivityViewing Tunnel Activity 173Describes the types of statistics you can choose Value Meaning Trends to Look For174 175 176 Using Snmp to Gather StatisticsGenerating Reports Report ContentsReport Contents Heading Explanation178 179 Network Gateway Report180 Network Gateway Report ValuesNetwork Gateway Report Max Tunnels GRE/IPSEC Display182 Client Anomaly Report183 Client Report184 Client Session Report Values185 Conn SpeedClient Session Summary Report Displays a typical Client Session Summary Report187 Accounting Report188 Displays a typical Accounting Summary ReportDrill-down Accounting Detail Report Accounting Summary ReportChoose from daily, weekly, monthly or custom options Downloading, Viewing and Exporting ReportsDownloading, Viewing and Exporting Reports 190191 192 Report Viewing Window193 Printing ReportsExport window appears as shown in Figure Exporting ReportsSelect Disk file in the Destination field 194195 If you want this export format Go to196 Choose Export File Window197 Exporting Records Window198 Export To Directory window appears as shown in Figure199 Number and Date Format Dialog box appears as shown200 Enter Odbc Table Name dialog box appears as shown201 Select Workbook WindowFormat Options Dialog Box Lines Per Page Dialog Box203 Exporting Reports to a Microsoft Exchange FolderChoose Profile Window Select Exchange Folder in the Destination field and click OK205 Select a folder window appears as shown in Figure206 Click on a folder to store the report and click OK207 Exporting Reports Using MapiSend Mail window appears as shown in Figure Export is now complete208 209 Glossary210 AutoLink Recovery211 Generic Routing Encapsulation GRE212 Network Administrator213 Point-to-Point Tunneling Protocol Pptp214 Remote Client/User215 TollSaver DatabasePage 217 ANG-3000/7000 Preconfiguration Stored on a Floppy DiskAdd Remote ANG window appears as shown in Figure Adding Remote GatewaysAdding Remote Gateways 218219 Add Remote ANG WindowUnder Remote Gateways, click Configure Remote Gateway Configuring ANG IP AddressesRemote ANG Configuration screen appears as shown in Figure 220Enter values in the open fields as follows Configuring Tunnel ProtocolsClick Next 221222 Configuring Tunnel Protocols223 Click on the Authentication tab224 Click the Encryption tab Do one of the following225 Click the Compression tab Compression properties screen appears as shown in Figure226 227 Enable or disable Mppc as required228 Configuring Virtual Subnets229 Configuring Routing Protocols Configuring Routing Protocols230 231 232 Ospf Properties233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 236 Configuring RIP for the Interface237 Configuring Ospf on an Interface Set the RIP Route Importing/Exporting options as follows238 239 Creating Static Routes240 Appendix B241 Creating Remote Connections Creating Remote Connections242 243 Remote Connection Configuration Window244 Tunnel Values section, enter a User Name245 246 Loading the Floppy Disk Loading the Floppy Disk247 248 Remove the floppy diskEnterasys Networks License Agreement License Grant249 Warranty AppendixC250 Limitation of Liability Infringement IndemnificationAppendix C 251International Provisions TerminationApplicable Law 252253 Government Commercial Computer SoftwareSupport from Authorized Resellers Technical SupportSupport from Enterasys Networks 254Symbols Numerics255 256 Index190-208 New257 111 109110 113259 48, 224260 Radius261 203-206262 UDP263