Before You Begin | Enterasys Networks Network Card manual

Before You Begin

Chapter 3

Configuring an ANG-3000/7000

Virtual subnets can use both legitimate IP addresses (unique addresses purchased and registered by your company) and non-routable address ranges reserved for private network use only. These reserved address ranges include:

H10.0.0.0 to 10.255.255.254 on a Class A network

H172.16.0.0 to 172.30.255.254 on a Class B network. Although 172.31.0.0 to 172.31.255.254 is also a reserved range, you cannot define virtual subnets within this range because addresses in that range may be taken by the ANG for internal use.

H192.168.0.0 to 192.168.255.254 on a Class C network

These addresses are not routable outside your corporate network. By using these addresses for remote clients, you can preserve the routable IP addresses for LAN devices.

NOTE

If you allocate addresses from one of these non-routable ranges and you want remote clients to be able to browse the Internet while connected, you must enable the Intelligent Client Routing described on page 31 or use network address translation.

There are several advantages to using virtual subnets over other IP address allocation techniques:

HThe ANG can advertise the virtual subnets before remote clients connect. Using the other techniques, the ANG would only create a host route when the client connected. Because routing protocols may take as long as 30 seconds per router to propagate a host route, the client may remain unreachable for a period of time.

HCreating individual host routes for each remote client as they connect may overload the network’s routers. Because ANG-5000s support 5000 tunnels (ANG-3000s support 500 tunnels), each router may become burdened with 5000 routes in its route table.Virtual subnets can be quickly and easily scaled up to accommodate large number of remote clients. You can modify the subnet mask for an existing virtual subnet to provide additional addresses or create entire new virtual subnets.

28	RiverMaster Administrator’s Guide

Image 40

Enterasys Networks Network Card manual Before You Begin

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Managing Users & Groups Adding POPs for Corporate ISPs 114 Generating Reports Index Contents of the Guide About This Guide About This Guide Conventions Used in this Guide Related Documents Xii System Requirements Hardware Requirements Installing the Application Installation StepsSoftware Requirements Upgrading a Previous Release When the Welcome window appears, click Next to continue Installing the Application Starting the Application for the First Time First-Time Setup Information To start RiverMaster, perform the following steps Do one of the following Select APS Window RiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster Files Locate the RiverMaster program folder Default location for this folder is C\Program Files\Delete the RiverMaster folder Restart your computer Getting Started with RiverMaster RiverMaster Overview Curre Logging into RiverMaster Logging into RiverMaster Logging into RiverMaster Checking Server Status Problem Summary & Users LoggedChecking Server Status Aurorean Network Gateway Statistics Aurorean Network Gateway Status Information Aurorean Policy Server Statistics Aurorean Network Gateway Statistics Aurorean Policy Server Services Service Function If Stopped FTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First Time Add user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Before You Begin Configuration PulloutBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client Routing Intelligent Client Routing Disabled Intelligent Client Routing Enabled NAT Server AuroreanNetwork Gateway Site-to-Site Configuration Site-to-Site Tunnels AutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings Click the DNS tab DNS server addresses tab page appears as shown in Figure Click the Wins tab Wins Server Addresses Click the NAT tab NAT Server Address Viewing Aurorean Alternate Address Information Click Apply to save your changesAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this window Tunnel Protocols Tunnel Protocols Tunnel Protocol General Settings Tunnel Protocols window appears as shown in Figure Click the Authentication tab Tunnel Protocol Authentication Settings Click the Encryption tab Do one of the following Parameter Explanation Tunnel Protocol Encryption Settings Click the Compression tab Tunnel Parameter Explanation Protocol Enable or disable Mppc as required Tunnel Protocol Compression Settings Virtual Subnetting IP SubnettingSample IP subnet window is shown in Figure Virtual Subnetting Click Add Click Remove to delete any configured virtual subnetsAdd An IP Virtual Subnet window appears as seen in Figure IPX Virtual Networks Sample IPX virtual networks window is shown in Figure IPX Subnet Configuration for Remote Clients Routing Routing Setting Routing Protocol Parameters RIP Configuration window should appear as shown in Figure RIP Routing Protocol Configuration Repeat and for each gateway required Do one of the following Parameter Meaning Fixed Value Ospf Configuration window appears as shown in Figure Ospf Routing Protocol Configuration Routing Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol RIP Interface Configuration window appears as shown Choose the version of RIP to use on this interface Do one of the following To enable Ospf on an interface, perform the following steps Ospf Interface Configuration window appears as shown Do one of the following Static parameter tab page is displayed as shown in Figure Routing Click Add Adding a Remote Server Remote Server Display Click Add Remote Server Add Remote Server window appears as shown in Figure Add Remote Tunnel window appears as shown in Figure Choose the tunneling protocol IPSec or Pptp Click AddAdding a Remote Server Select Enabled or Disabled in the Enabled State field Changing Server and Tunnel Properties Remote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Authorization Plug-in Options Radius Authentication Servers Plug-in Planning Private/Public Keys for IPSec Authentication Problem Notification Trace Levels Adding an Authorization Plug-In Trace Messages Display Enterasys Authentication Shows the Configuration pullout Click here to update the plug-in Radius Authorization Optionally, specify a value in the Num Threads field Adding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value SecurID Authorization Create New Plug-in window will appear as shown in Figure Adding an Authorization Plug-In Chapter Specify SecurID Configuration File Window Click Create Chapter Generating Private/Public Keys Chapter Using the Notification Service to Send E-Mail Creating a Mailing List Chapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter Setting Trace Levels ANG Tunnel Management Service Window Click Set to enable the Trace Level Backing Up the Database Click on Indus River Access Starting a Database Backup Click Start on Backup Database Backing Up the Database Window similar to will appear100 Controlling Remote User Dialing & Access 101 TollSaver Database 102 Corporate Dial-Up Access 103 Corporate 104 Creating POP Packages 105 Creating POP Packages 106 Build Completed Window 107 Adding Corporate ISPs 108 109 ISP Properties display will appear as show in Figure Click the ISP Properties tab110 Script files are not uploaded without the .SCP extension Select the Access Method as follows111 Adding Corporate ISPs 112 113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 Pull-down options appear as shown in below 115 This field is currently not implemented 116 Script window appears as shown in Figure 117Page Managing Users & Groups 119 Manage Users & Groups Pullout 120 Group Policies 121 Aurorean Client Installation Kits 122 Contents of a Aurorean Client Installation Kit 123 Client Synchronization 124 125 126 Creating a New Group Group NoticesOpen the Manage Users and Groups pullout Creating a New Group Manage Users and Groups Pullout Group View 128 129 Policy Explanation 130 Password Policies 131 Credit Card Policies 132 Tunnel Policies 133 Sample User view is shown in Figure Adding Users to a Group134 Corporate User Name field, type a name for the user 135 Department field automatically defaults to the group name Password field, type a unique password136 Modifying User & Group Information 137 Removing Users & Groups 138 Creating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139 Build Client Install Kit Window 140 Set the Install Kit Options as follows Default Aurorean installation kit file name is141 Advanced Kit Options Window 142 143 Kit Complete Message 144 Controlling Client Synchronization Controlling Client Synchronization145 Viewing Group Policies 146 Building Core Data Files Open the Configuration pullout Click the Update tab147 Build Core Data Files Display 148 Uploading Software Synchronization Files 149 Upload Software Synchronization Files Display 150 Click Upload to copy the file you chose onto the APS 151 Setting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152 Chapter Managing Users & Groups 153 Group pull-down screen appears as shown in Figure Click the arrow in the Group field and select a group154 Message you write is limited to 256 characters. See Figure Write your notice in the text box155 Page Current Message Activity Monitoring System Activity157 To view message activity, perform the following steps Open the View System Activity pulloutSample message activity view is shown in Figure Monitoring System Activity System Activity Display 159 160 Message ID Message Type Detailed Description 161 Text 162 Tunnelid 163 Advanced Message Viewer 164 Advanced Message View Setup Example 165 Message Type Explanation 166 167 Advanced Message Viewer Results Example 168 Printing Messages 169 RiverMaster Options window displays as shown in Figure RiverMaster Options170 RiverMaster Options Window 171 172 Viewing Tunnel Activity Tunnel Statistics window appears similar to FigureViewing Tunnel Activity 173 Value Meaning Trends to Look For Describes the types of statistics you can choose174 175 Using Snmp to Gather Statistics 176 Report Contents Generating Reports Heading Explanation Report Contents178 Network Gateway Report 179 Network Gateway Report Values 180 Max Tunnels GRE/IPSEC Display Network Gateway Report Client Anomaly Report 182 Client Report 183 Client Session Report Values 184 Conn Speed 185 Displays a typical Client Session Summary Report Client Session Summary Report Accounting Report 187 Displays a typical Accounting Summary Report 188 Accounting Summary Report Drill-down Accounting Detail Report Downloading, Viewing and Exporting Reports Choose from daily, weekly, monthly or custom optionsDownloading, Viewing and Exporting Reports 190 191 Report Viewing Window 192 Printing Reports 193 Exporting Reports Export window appears as shown in FigureSelect Disk file in the Destination field 194 If you want this export format Go to 195 Choose Export File Window 196 Exporting Records Window 197 Export To Directory window appears as shown in Figure 198 Number and Date Format Dialog box appears as shown 199 Enter Odbc Table Name dialog box appears as shown 200 Select Workbook Window 201 Lines Per Page Dialog Box Format Options Dialog Box Exporting Reports to a Microsoft Exchange Folder 203 Select Exchange Folder in the Destination field and click OK Choose Profile Window Select a folder window appears as shown in Figure 205 Click on a folder to store the report and click OK 206 Exporting Reports Using Mapi 207 Export is now complete Send Mail window appears as shown in Figure208 Glossary 209 AutoLink Recovery 210 Generic Routing Encapsulation GRE 211 Network Administrator 212 Point-to-Point Tunneling Protocol Pptp 213 Remote Client/User 214 TollSaver Database 215Page ANG-3000/7000 Preconfiguration Stored on a Floppy Disk 217 Adding Remote Gateways Add Remote ANG window appears as shown in FigureAdding Remote Gateways 218 Add Remote ANG Window 219 Configuring ANG IP Addresses Under Remote Gateways, click Configure Remote GatewayRemote ANG Configuration screen appears as shown in Figure 220 Configuring Tunnel Protocols Enter values in the open fields as followsClick Next 221 Configuring Tunnel Protocols 222 Click on the Authentication tab 223 Click the Encryption tab Do one of the following 224 225 Compression properties screen appears as shown in Figure Click the Compression tab226 Enable or disable Mppc as required 227 Configuring Virtual Subnets 228 229 Configuring Routing Protocols Configuring Routing Protocols230 231 Ospf Properties 232 233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 Configuring RIP for the Interface 236 237 Set the RIP Route Importing/Exporting options as follows Configuring Ospf on an Interface238 Creating Static Routes 239 Appendix B 240 241 Creating Remote Connections Creating Remote Connections242 Remote Connection Configuration Window 243 Tunnel Values section, enter a User Name 244 245 246 Loading the Floppy Disk Loading the Floppy Disk247 Remove the floppy disk 248 License Grant Enterasys Networks License Agreement249 AppendixC Warranty250 Infringement Indemnification Limitation of LiabilityAppendix C 251 Termination International ProvisionsApplicable Law 252 Government Commercial Computer Software 253 Technical Support Support from Authorized ResellersSupport from Enterasys Networks 254 Numerics Symbols255 Index 256 New 190-208257 109 111110 113 48, 224 259 Radius 260 203-206 261 UDP 262 263