Configuring an ANG-3000/7000 | Enterasys Networks Network Card

Before You Begin	Chapter 3
	Configuring an ANG-3000/7000

HUsing RiverMaster, adding a static route for all addresses in the Virtual Subnet #1 range with the router’s IP address as the default gateway.

HOn the router, create a static route to forward all packets addressed with IP addresses in the Virtual Subnet #1 range to the IP address of the ANG Trusted interface.

With this arrangement, remote clients that receive addresses from Virtual Subnet #1 will be able to access Server #2. Without a static route, remote clients that receive addresses from Virtual Subnet #2 will be unable to access Server #2 or any other device on the 200.100.201.0 segment

Virtual Subnets for Site-to-Site and Remote Access Tunnel Servers

When you set up a site-to-site tunnel in conjunction with remote access service, we recommend creating separate groups and assigning separate virtual subnets for all your site-to-site and remote access users. This is necessary because RIP does not forward knowledge of a route over the interface from which it learned of that route. So if a remote client and a site-to- site tunnel obtain their virtual IP addresses from the same virtual subnet on the terminating ANG, then that remote access client will not be able to learn the routes that are known to the initiator of the site-to-site tunnel. This condition does not apply to a terminating ANG, though.

As shown in Figure 13, if ANG1 initiates a tunnel connection to ANG2, RIP will broadcast knowledge of ANG1’s associated networks A, B and C to ANG2 just as it will propagate knowledge of ANG2’s associated networks X, Y and Z to ANG1. Then, if the virtual subnet 10.10.10.0 is created on ANG2 for use by ANG1 site-to-site clients and is shared with remote Aurorean clients, the Aurorean users cannot access networks A,B, and C on ANG1 because they have no knowledge of those networks.

To remedy this situation, create virtual subnet 187.14.57.0 on ANG2 for Aurorean users. RIP will broadcast knowledge of this route to ANG2 enabling Aurorean users to dial into ANG1 as well as ANG2.

30	RiverMaster Administrator’s Guide

Image 42

Enterasys Networks Network Card manual Configuring an ANG-3000/7000

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Managing Users & Groups Adding POPs for Corporate ISPs 114 Generating Reports Index Contents of the Guide About This Guide About This Guide Conventions Used in this Guide Related Documents Xii System Requirements Hardware Requirements Software Requirements Installing the ApplicationInstallation Steps Upgrading a Previous Release When the Welcome window appears, click Next to continue Installing the Application Starting the Application for the First Time First-Time Setup Information To start RiverMaster, perform the following steps Do one of the following Select APS Window RiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster Files Default location for this folder is C\Program Files\ Locate the RiverMaster program folderDelete the RiverMaster folder Restart your computer Getting Started with RiverMaster RiverMaster Overview Curre Logging into RiverMaster Logging into RiverMaster Logging into RiverMaster Problem Summary & Users Logged Checking Server StatusChecking Server Status Aurorean Network Gateway Statistics Aurorean Network Gateway Status Information Aurorean Policy Server Statistics Aurorean Network Gateway Statistics Aurorean Policy Server Services Service Function If Stopped FTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First Time Add user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Configuration Pullout Before You BeginBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client Routing Intelligent Client Routing Disabled Intelligent Client Routing Enabled Network NAT ServerAurorean Gateway Site-to-Site Configuration Site-to-Site Tunnels AutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings Click the DNS tab DNS server addresses tab page appears as shown in Figure Click the Wins tab Wins Server Addresses Click the NAT tab NAT Server Address Aurorean Alternate Address Info window appears as shown Viewing Aurorean Alternate Address InformationClick Apply to save your changes Primary addresses cannot be modified in this window Tunnel Protocols Tunnel Protocols Tunnel Protocol General Settings Tunnel Protocols window appears as shown in Figure Click the Authentication tab Tunnel Protocol Authentication Settings Click the Encryption tab Do one of the following Parameter Explanation Tunnel Protocol Encryption Settings Click the Compression tab Tunnel Parameter Explanation Protocol Enable or disable Mppc as required Tunnel Protocol Compression Settings Sample IP subnet window is shown in Figure Virtual SubnettingIP Subnetting Virtual Subnetting Click Remove to delete any configured virtual subnets Click AddAdd An IP Virtual Subnet window appears as seen in Figure IPX Virtual Networks Sample IPX virtual networks window is shown in Figure IPX Subnet Configuration for Remote Clients Routing Routing Setting Routing Protocol Parameters RIP Configuration window should appear as shown in Figure RIP Routing Protocol Configuration Repeat and for each gateway required Do one of the following Parameter Meaning Fixed Value Ospf Configuration window appears as shown in Figure Ospf Routing Protocol Configuration Routing Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol RIP Interface Configuration window appears as shown Choose the version of RIP to use on this interface Do one of the following To enable Ospf on an interface, perform the following steps Ospf Interface Configuration window appears as shown Do one of the following Static parameter tab page is displayed as shown in Figure Routing Click Add Adding a Remote Server Remote Server Display Click Add Remote Server Add Remote Server window appears as shown in Figure Choose the tunneling protocol IPSec or Pptp Click Add Add Remote Tunnel window appears as shown in FigureAdding a Remote Server Select Enabled or Disabled in the Enabled State field Changing Server and Tunnel Properties Remote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Authorization Plug-in Options Radius Authentication Servers Plug-in Planning Private/Public Keys for IPSec Authentication Problem Notification Trace Levels Adding an Authorization Plug-In Trace Messages Display Enterasys Authentication Shows the Configuration pullout Click here to update the plug-in Radius Authorization Optionally, specify a value in the Num Threads field Adding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value SecurID Authorization Create New Plug-in window will appear as shown in Figure Adding an Authorization Plug-In Chapter Specify SecurID Configuration File Window Click Create Chapter Generating Private/Public Keys Chapter Using the Notification Service to Send E-Mail Creating a Mailing List Chapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter Setting Trace Levels ANG Tunnel Management Service Window Click Set to enable the Trace Level Backing Up the Database Click on Indus River Access Starting a Database Backup Click Start on Backup Database Window similar to will appear Backing Up the Database100 Controlling Remote User Dialing & Access 101 TollSaver Database 102 Corporate Dial-Up Access 103 Corporate 104 Creating POP Packages 105 Creating POP Packages 106 Build Completed Window 107 Adding Corporate ISPs 108 109 Click the ISP Properties tab ISP Properties display will appear as show in Figure110 Select the Access Method as follows Script files are not uploaded without the .SCP extension111 Adding Corporate ISPs 112 113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 Pull-down options appear as shown in below 115 This field is currently not implemented 116 Script window appears as shown in Figure 117Page Managing Users & Groups 119 Manage Users & Groups Pullout 120 Group Policies 121 Aurorean Client Installation Kits 122 Contents of a Aurorean Client Installation Kit 123 Client Synchronization 124 125 126 Open the Manage Users and Groups pullout Creating a New GroupGroup Notices Creating a New Group Manage Users and Groups Pullout Group View 128 129 Policy Explanation 130 Password Policies 131 Credit Card Policies 132 Tunnel Policies 133 Adding Users to a Group Sample User view is shown in Figure134 Corporate User Name field, type a name for the user 135 Password field, type a unique password Department field automatically defaults to the group name136 Modifying User & Group Information 137 Removing Users & Groups 138 Sample Group view is shown in Figure Creating an Aurorean Client Installation KitCreating an Aurorean Client Installation Kit 139 Build Client Install Kit Window 140 Default Aurorean installation kit file name is Set the Install Kit Options as follows141 Advanced Kit Options Window 142 143 Kit Complete Message 144 Controlling Client Synchronization Controlling Client Synchronization145 Viewing Group Policies 146 Open the Configuration pullout Click the Update tab Building Core Data Files147 Build Core Data Files Display 148 Uploading Software Synchronization Files 149 Upload Software Synchronization Files Display 150 Click Upload to copy the file you chose onto the APS 151 Group Notice display appears as shown in Figure Setting Up Group NoticesSetting Up Group Notices 152 Chapter Managing Users & Groups 153 Click the arrow in the Group field and select a group Group pull-down screen appears as shown in Figure154 Write your notice in the text box Message you write is limited to 256 characters. See Figure155 Page Monitoring System Activity Current Message Activity157 Sample message activity view is shown in Figure To view message activity, perform the following stepsOpen the View System Activity pullout Monitoring System Activity System Activity Display 159 160 Message ID Message Type Detailed Description 161 Text 162 Tunnelid 163 Advanced Message Viewer 164 Advanced Message View Setup Example 165 Message Type Explanation 166 167 Advanced Message Viewer Results Example 168 Printing Messages 169 RiverMaster Options RiverMaster Options window displays as shown in Figure170 RiverMaster Options Window 171 172 Viewing Tunnel Activity Viewing Tunnel ActivityTunnel Statistics window appears similar to Figure 173 Describes the types of statistics you can choose Value Meaning Trends to Look For174 175 Using Snmp to Gather Statistics 176 Report Contents Generating Reports Report Contents Heading Explanation178 Network Gateway Report 179 Network Gateway Report Values 180 Max Tunnels GRE/IPSEC Display Network Gateway Report Client Anomaly Report 182 Client Report 183 Client Session Report Values 184 Conn Speed 185 Displays a typical Client Session Summary Report Client Session Summary Report Accounting Report 187 Displays a typical Accounting Summary Report 188 Accounting Summary Report Drill-down Accounting Detail Report Downloading, Viewing and Exporting Reports Downloading, Viewing and Exporting ReportsChoose from daily, weekly, monthly or custom options 190 191 Report Viewing Window 192 Printing Reports 193 Select Disk file in the Destination field Exporting ReportsExport window appears as shown in Figure 194 If you want this export format Go to 195 Choose Export File Window 196 Exporting Records Window 197 Export To Directory window appears as shown in Figure 198 Number and Date Format Dialog box appears as shown 199 Enter Odbc Table Name dialog box appears as shown 200 Select Workbook Window 201 Lines Per Page Dialog Box Format Options Dialog Box Exporting Reports to a Microsoft Exchange Folder 203 Select Exchange Folder in the Destination field and click OK Choose Profile Window Select a folder window appears as shown in Figure 205 Click on a folder to store the report and click OK 206 Exporting Reports Using Mapi 207 Send Mail window appears as shown in Figure Export is now complete208 Glossary 209 AutoLink Recovery 210 Generic Routing Encapsulation GRE 211 Network Administrator 212 Point-to-Point Tunneling Protocol Pptp 213 Remote Client/User 214 TollSaver Database 215Page ANG-3000/7000 Preconfiguration Stored on a Floppy Disk 217 Adding Remote Gateways Adding Remote GatewaysAdd Remote ANG window appears as shown in Figure 218 Add Remote ANG Window 219 Remote ANG Configuration screen appears as shown in Figure Configuring ANG IP AddressesUnder Remote Gateways, click Configure Remote Gateway 220 Click Next Configuring Tunnel ProtocolsEnter values in the open fields as follows 221 Configuring Tunnel Protocols 222 Click on the Authentication tab 223 Click the Encryption tab Do one of the following 224 225 Click the Compression tab Compression properties screen appears as shown in Figure226 Enable or disable Mppc as required 227 Configuring Virtual Subnets 228 229 Configuring Routing Protocols Configuring Routing Protocols230 231 Ospf Properties 232 233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 Configuring RIP for the Interface 236 237 Configuring Ospf on an Interface Set the RIP Route Importing/Exporting options as follows238 Creating Static Routes 239 Appendix B 240 241 Creating Remote Connections Creating Remote Connections242 Remote Connection Configuration Window 243 Tunnel Values section, enter a User Name 244 245 246 Loading the Floppy Disk Loading the Floppy Disk247 Remove the floppy disk 248 Enterasys Networks License Agreement License Grant249 Warranty AppendixC250 Appendix C Infringement IndemnificationLimitation of Liability 251 Applicable Law TerminationInternational Provisions 252 Government Commercial Computer Software 253 Support from Enterasys Networks Technical SupportSupport from Authorized Resellers 254 Symbols Numerics255 Index 256 190-208 New257 110 109111 113 48, 224 259 Radius 260 203-206 261 UDP 262 263