NAT Server, Aurorean, Gateway | Enterasys Networks Network Card

Chapter 3	Before You Begin
Configuring an ANG-3000/7000

NAT Server

RiverMaster’s NAT server feature provides support for security conscious administrators who want to conceal the physical IP address of their system (ANG or another Gateway) without affecting Aurorean service. By configuring a NAT Server with an alias IP address for the ANG (refer to page 41 for instructions), the real IP address of the ANG will remain hidden and any IP address received by the NAT Server will be translated to the real IP address of the destination for all incoming clients. This ensures that clients access the correct IP address and build a tunnel connection to the ANG without revealing physical addresses. The process is reversed for clients on the corporate LAN seeking to dial up remote destinations.

In Figure 15 below, the IP addresses received at the NAT Server for Servers #1, #2 and the ANG are translated into the real IP addresses of the destination servers.

Aurorean Client

INTERNET

		NAT	NAT Server Received IP Addresses
		NAT	Server #1: 165.32.46.34
		Server	Server #1: 165.32.46.34
			Server #2: 165.32.46.115
			ANG: 165.32.46.98
			Aurorean
Server #1	Server #2		Network
200.57.115.15	200.57.115.23	200.57.115.18	Gateway
200.57.115.15	200.57.115.23	200.57.115.18

Aurorean

Policy

Server

PC

PC

Figure 15 Aurorean Virtual Network’s NAT Server Feature

RiverMaster Administrator’s Guide

33

Image 45

Enterasys Networks Network Card manual NAT Server, Aurorean, Gateway

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Adding POPs for Corporate ISPs 114 Managing Users & Groups Generating Reports Index About This Guide Contents of the Guide About This Guide Related Documents Conventions Used in this Guide Xii Hardware Requirements System Requirements Installation Steps Installing the ApplicationSoftware Requirements Upgrading a Previous Release Installing the Application When the Welcome window appears, click Next to continue Starting the Application for the First Time To start RiverMaster, perform the following steps First-Time Setup Information Select APS Window Do one of the following RiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster Files Default location for this folder is C\Program Files\ Locate the RiverMaster program folderDelete the RiverMaster folder Restart your computer RiverMaster Overview Getting Started with RiverMaster Curre Logging into RiverMaster Logging into RiverMaster Logging into RiverMaster Problem Summary & Users Logged Checking Server StatusChecking Server Status Aurorean Network Gateway Status Information Aurorean Network Gateway Statistics Aurorean Network Gateway Statistics Aurorean Policy Server Statistics Service Function If Stopped Aurorean Policy Server Services FTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First Time Add user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Configuration Pullout Before You BeginBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Intelligent Client Routing Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client Routing Enabled Intelligent Client Routing Disabled Aurorean NAT ServerNetwork Gateway Site-to-Site Tunnels Site-to-Site Configuration AutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings DNS server addresses tab page appears as shown in Figure Click the DNS tab Wins Server Addresses Click the Wins tab NAT Server Address Click the NAT tab Click Apply to save your changes Viewing Aurorean Alternate Address InformationAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this window Tunnel Protocols Tunnel Protocols Tunnel Protocols window appears as shown in Figure Tunnel Protocol General Settings Tunnel Protocol Authentication Settings Click the Authentication tab Parameter Explanation Click the Encryption tab Do one of the following Tunnel Protocol Encryption Settings Tunnel Parameter Explanation Protocol Click the Compression tab Tunnel Protocol Compression Settings Enable or disable Mppc as required IP Subnetting Virtual SubnettingSample IP subnet window is shown in Figure Virtual Subnetting Click Remove to delete any configured virtual subnets Click AddAdd An IP Virtual Subnet window appears as seen in Figure Sample IPX virtual networks window is shown in Figure IPX Virtual Networks IPX Subnet Configuration for Remote Clients Routing Routing RIP Configuration window should appear as shown in Figure Setting Routing Protocol Parameters RIP Routing Protocol Configuration Parameter Meaning Fixed Value Repeat and for each gateway required Do one of the following Ospf Routing Protocol Configuration Ospf Configuration window appears as shown in Figure Routing Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol Choose the version of RIP to use on this interface RIP Interface Configuration window appears as shown Do one of the following Ospf Interface Configuration window appears as shown To enable Ospf on an interface, perform the following steps Static parameter tab page is displayed as shown in Figure Do one of the following Routing Click Add Remote Server Display Adding a Remote Server Add Remote Server window appears as shown in Figure Click Add Remote Server Choose the tunneling protocol IPSec or Pptp Click Add Add Remote Tunnel window appears as shown in FigureAdding a Remote Server Changing Server and Tunnel Properties Select Enabled or Disabled in the Enabled State field Remote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Radius Authentication Servers Authorization Plug-in Options Plug-in Planning Problem Notification Private/Public Keys for IPSec Authentication Trace Levels Trace Messages Display Adding an Authorization Plug-In Shows the Configuration pullout Enterasys Authentication Click here to update the plug-in Optionally, specify a value in the Num Threads field Radius Authorization Adding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value Create New Plug-in window will appear as shown in Figure SecurID Authorization Adding an Authorization Plug-In Chapter Click Create Specify SecurID Configuration File Window Chapter Generating Private/Public Keys Chapter Creating a Mailing List Using the Notification Service to Send E-Mail Chapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter ANG Tunnel Management Service Window Setting Trace Levels Backing Up the Database Click Set to enable the Trace Level Starting a Database Backup Click Start on Backup Database Click on Indus River Access Window similar to will appear Backing Up the Database100 101 Controlling Remote User Dialing & Access 102 TollSaver Database 103 Corporate Dial-Up Access 104 Corporate 105 Creating POP Packages 106 Creating POP Packages 107 Build Completed Window 108 Adding Corporate ISPs 109 Click the ISP Properties tab ISP Properties display will appear as show in Figure110 Select the Access Method as follows Script files are not uploaded without the .SCP extension111 112 Adding Corporate ISPs 113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 115 Pull-down options appear as shown in below 116 This field is currently not implemented 117 Script window appears as shown in FigurePage 119 Managing Users & Groups 120 Manage Users & Groups Pullout 121 Group Policies 122 Aurorean Client Installation Kits 123 Contents of a Aurorean Client Installation Kit 124 Client Synchronization 125 126 Group Notices Creating a New GroupOpen the Manage Users and Groups pullout Creating a New Group 128 Manage Users and Groups Pullout Group View 129 130 Policy Explanation 131 Password Policies 132 Credit Card Policies 133 Tunnel Policies Adding Users to a Group Sample User view is shown in Figure134 135 Corporate User Name field, type a name for the user Password field, type a unique password Department field automatically defaults to the group name136 137 Modifying User & Group Information 138 Removing Users & Groups Creating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139 140 Build Client Install Kit Window Default Aurorean installation kit file name is Set the Install Kit Options as follows141 142 Advanced Kit Options Window 143 144 Kit Complete Message Controlling Client Synchronization Controlling Client Synchronization145 146 Viewing Group Policies Open the Configuration pullout Click the Update tab Building Core Data Files147 148 Build Core Data Files Display 149 Uploading Software Synchronization Files 150 Upload Software Synchronization Files Display 151 Click Upload to copy the file you chose onto the APS Setting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152 153 Chapter Managing Users & Groups Click the arrow in the Group field and select a group Group pull-down screen appears as shown in Figure154 Write your notice in the text box Message you write is limited to 256 characters. See Figure155 Page Monitoring System Activity Current Message Activity157 Open the View System Activity pullout To view message activity, perform the following stepsSample message activity view is shown in Figure Monitoring System Activity 159 System Activity Display 160 161 Message ID Message Type Detailed Description 162 Text 163 Tunnelid 164 Advanced Message Viewer 165 Advanced Message View Setup Example 166 Message Type Explanation 167 168 Advanced Message Viewer Results Example 169 Printing Messages RiverMaster Options RiverMaster Options window displays as shown in Figure170 171 RiverMaster Options Window 172 Tunnel Statistics window appears similar to Figure Viewing Tunnel ActivityViewing Tunnel Activity 173 Describes the types of statistics you can choose Value Meaning Trends to Look For174 175 176 Using Snmp to Gather Statistics Generating Reports Report Contents Report Contents Heading Explanation178 179 Network Gateway Report 180 Network Gateway Report Values Network Gateway Report Max Tunnels GRE/IPSEC Display 182 Client Anomaly Report 183 Client Report 184 Client Session Report Values 185 Conn Speed Client Session Summary Report Displays a typical Client Session Summary Report 187 Accounting Report 188 Displays a typical Accounting Summary Report Drill-down Accounting Detail Report Accounting Summary Report Choose from daily, weekly, monthly or custom options Downloading, Viewing and Exporting ReportsDownloading, Viewing and Exporting Reports 190 191 192 Report Viewing Window 193 Printing Reports Export window appears as shown in Figure Exporting ReportsSelect Disk file in the Destination field 194 195 If you want this export format Go to 196 Choose Export File Window 197 Exporting Records Window 198 Export To Directory window appears as shown in Figure 199 Number and Date Format Dialog box appears as shown 200 Enter Odbc Table Name dialog box appears as shown 201 Select Workbook Window Format Options Dialog Box Lines Per Page Dialog Box 203 Exporting Reports to a Microsoft Exchange Folder Choose Profile Window Select Exchange Folder in the Destination field and click OK 205 Select a folder window appears as shown in Figure 206 Click on a folder to store the report and click OK 207 Exporting Reports Using Mapi Send Mail window appears as shown in Figure Export is now complete208 209 Glossary 210 AutoLink Recovery 211 Generic Routing Encapsulation GRE 212 Network Administrator 213 Point-to-Point Tunneling Protocol Pptp 214 Remote Client/User 215 TollSaver DatabasePage 217 ANG-3000/7000 Preconfiguration Stored on a Floppy Disk Add Remote ANG window appears as shown in Figure Adding Remote GatewaysAdding Remote Gateways 218 219 Add Remote ANG Window Under Remote Gateways, click Configure Remote Gateway Configuring ANG IP AddressesRemote ANG Configuration screen appears as shown in Figure 220 Enter values in the open fields as follows Configuring Tunnel ProtocolsClick Next 221 222 Configuring Tunnel Protocols 223 Click on the Authentication tab 224 Click the Encryption tab Do one of the following 225 Click the Compression tab Compression properties screen appears as shown in Figure226 227 Enable or disable Mppc as required 228 Configuring Virtual Subnets 229 Configuring Routing Protocols Configuring Routing Protocols230 231 232 Ospf Properties 233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 236 Configuring RIP for the Interface 237 Configuring Ospf on an Interface Set the RIP Route Importing/Exporting options as follows238 239 Creating Static Routes 240 Appendix B 241 Creating Remote Connections Creating Remote Connections242 243 Remote Connection Configuration Window 244 Tunnel Values section, enter a User Name 245 246 Loading the Floppy Disk Loading the Floppy Disk247 248 Remove the floppy disk Enterasys Networks License Agreement License Grant249 Warranty AppendixC250 Limitation of Liability Infringement IndemnificationAppendix C 251 International Provisions TerminationApplicable Law 252 253 Government Commercial Computer Software Support from Authorized Resellers Technical SupportSupport from Enterasys Networks 254 Symbols Numerics255 256 Index 190-208 New257 111 109110 113 259 48, 224 260 Radius 261 203-206 262 UDP 263