Site-to-Site Tunnels | Enterasys Networks Network Card instruction

Before You Begin

NOTE

Chapter 3 Configuring an ANG-3000/7000

Aurorean’s NAT Server implementation cannot be employed as a client NAT where, for example, it operates within a cable modem/ISP topology. Aurorean’s NAT Server implementation is server-centric.

Site-to-Site Tunnels

Aurorean site-to-site tunnels optimize service between remote offices and their remotely linked corporate LANs. This configuration is similar to a remote access Aurorean connection in the sense that both configurations originate tunnels from an ANG and terminate the tunnel at a remote site. The site-to-site tunnel configuration differs from the typical ANG model in the sense that the remote server and tunnel must be configured with several network values which identify the remote server to the local ANG. Figure 16 displays two site-to-site configurations of Regional Offices A and B connected to a local ANG and both remote offices connected together, as well as a remote access connection into Corporate Headquarters.

Aurorean Client

Aurorean	Regional Office A
Network
Gateway

Aurorean Client

INTERNET

PC

PC

Aurorean

	Corporate
	Headquarters		Aurorean
		Firewall	Network
		Firewall	Gateway
			Gateway
	Server #1	Server #2	Aurorean
	Server #1	Server #2	Policy
			Policy
			Server
	Remote access tunnel

Network Regional Office B

Gateway

PC PC

Site-to-Site tunnel

Figure 16 Site-to-Site Configuration

34	RiverMaster Administrator’s Guide

Image 46

Enterasys Networks Network Card manual Site-to-Site Tunnels, Site-to-Site Configuration

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Managing Users & Groups Adding POPs for Corporate ISPs 114 Generating Reports Index Contents of the Guide About This Guide About This Guide Conventions Used in this Guide Related Documents Xii System Requirements Hardware Requirements Software Requirements Installing the ApplicationInstallation Steps Upgrading a Previous Release When the Welcome window appears, click Next to continue Installing the Application Starting the Application for the First Time First-Time Setup Information To start RiverMaster, perform the following steps Do one of the following Select APS Window RiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster Files Locate the RiverMaster program folder Default location for this folder is C\Program Files\Delete the RiverMaster folder Restart your computer Getting Started with RiverMaster RiverMaster Overview Curre Logging into RiverMaster Logging into RiverMaster Logging into RiverMaster Checking Server Status Problem Summary & Users LoggedChecking Server Status Aurorean Network Gateway Statistics Aurorean Network Gateway Status Information Aurorean Policy Server Statistics Aurorean Network Gateway Statistics Aurorean Policy Server Services Service Function If Stopped FTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First Time Add user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Before You Begin Configuration PulloutBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client Routing Intelligent Client Routing Disabled Intelligent Client Routing Enabled Network NAT ServerAurorean Gateway Site-to-Site Configuration Site-to-Site Tunnels AutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings General Aurorean Network Gateway Settings Click the DNS tab DNS server addresses tab page appears as shown in Figure Click the Wins tab Wins Server Addresses Click the NAT tab NAT Server Address Aurorean Alternate Address Info window appears as shown Viewing Aurorean Alternate Address InformationClick Apply to save your changes Primary addresses cannot be modified in this window Tunnel Protocols Tunnel Protocols Tunnel Protocol General Settings Tunnel Protocols window appears as shown in Figure Click the Authentication tab Tunnel Protocol Authentication Settings Click the Encryption tab Do one of the following Parameter Explanation Tunnel Protocol Encryption Settings Click the Compression tab Tunnel Parameter Explanation Protocol Enable or disable Mppc as required Tunnel Protocol Compression Settings Sample IP subnet window is shown in Figure Virtual SubnettingIP Subnetting Virtual Subnetting Click Add Click Remove to delete any configured virtual subnetsAdd An IP Virtual Subnet window appears as seen in Figure IPX Virtual Networks Sample IPX virtual networks window is shown in Figure IPX Subnet Configuration for Remote Clients Routing Routing Setting Routing Protocol Parameters RIP Configuration window should appear as shown in Figure RIP Routing Protocol Configuration Repeat and for each gateway required Do one of the following Parameter Meaning Fixed Value Ospf Configuration window appears as shown in Figure Ospf Routing Protocol Configuration Routing Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol RIP Interface Configuration window appears as shown Choose the version of RIP to use on this interface Do one of the following To enable Ospf on an interface, perform the following steps Ospf Interface Configuration window appears as shown Do one of the following Static parameter tab page is displayed as shown in Figure Routing Click Add Adding a Remote Server Remote Server Display Click Add Remote Server Add Remote Server window appears as shown in Figure Add Remote Tunnel window appears as shown in Figure Choose the tunneling protocol IPSec or Pptp Click AddAdding a Remote Server Select Enabled or Disabled in the Enabled State field Changing Server and Tunnel Properties Remote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Authorization Plug-in Options Radius Authentication Servers Plug-in Planning Private/Public Keys for IPSec Authentication Problem Notification Trace Levels Adding an Authorization Plug-In Trace Messages Display Enterasys Authentication Shows the Configuration pullout Click here to update the plug-in Radius Authorization Optionally, specify a value in the Num Threads field Adding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value SecurID Authorization Create New Plug-in window will appear as shown in Figure Adding an Authorization Plug-In Chapter Specify SecurID Configuration File Window Click Create Chapter Generating Private/Public Keys Chapter Using the Notification Service to Send E-Mail Creating a Mailing List Chapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter Setting Trace Levels ANG Tunnel Management Service Window Click Set to enable the Trace Level Backing Up the Database Click on Indus River Access Starting a Database Backup Click Start on Backup Database Backing Up the Database Window similar to will appear100 Controlling Remote User Dialing & Access 101 TollSaver Database 102 Corporate Dial-Up Access 103 Corporate 104 Creating POP Packages 105 Creating POP Packages 106 Build Completed Window 107 Adding Corporate ISPs 108 109 ISP Properties display will appear as show in Figure Click the ISP Properties tab110 Script files are not uploaded without the .SCP extension Select the Access Method as follows111 Adding Corporate ISPs 112 113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 Pull-down options appear as shown in below 115 This field is currently not implemented 116 Script window appears as shown in Figure 117Page Managing Users & Groups 119 Manage Users & Groups Pullout 120 Group Policies 121 Aurorean Client Installation Kits 122 Contents of a Aurorean Client Installation Kit 123 Client Synchronization 124 125 126 Open the Manage Users and Groups pullout Creating a New GroupGroup Notices Creating a New Group Manage Users and Groups Pullout Group View 128 129 Policy Explanation 130 Password Policies 131 Credit Card Policies 132 Tunnel Policies 133 Sample User view is shown in Figure Adding Users to a Group134 Corporate User Name field, type a name for the user 135 Department field automatically defaults to the group name Password field, type a unique password136 Modifying User & Group Information 137 Removing Users & Groups 138 Sample Group view is shown in Figure Creating an Aurorean Client Installation KitCreating an Aurorean Client Installation Kit 139 Build Client Install Kit Window 140 Set the Install Kit Options as follows Default Aurorean installation kit file name is141 Advanced Kit Options Window 142 143 Kit Complete Message 144 Controlling Client Synchronization Controlling Client Synchronization145 Viewing Group Policies 146 Building Core Data Files Open the Configuration pullout Click the Update tab147 Build Core Data Files Display 148 Uploading Software Synchronization Files 149 Upload Software Synchronization Files Display 150 Click Upload to copy the file you chose onto the APS 151 Group Notice display appears as shown in Figure Setting Up Group NoticesSetting Up Group Notices 152 Chapter Managing Users & Groups 153 Group pull-down screen appears as shown in Figure Click the arrow in the Group field and select a group154 Message you write is limited to 256 characters. See Figure Write your notice in the text box155 Page Current Message Activity Monitoring System Activity157 Sample message activity view is shown in Figure To view message activity, perform the following stepsOpen the View System Activity pullout Monitoring System Activity System Activity Display 159 160 Message ID Message Type Detailed Description 161 Text 162 Tunnelid 163 Advanced Message Viewer 164 Advanced Message View Setup Example 165 Message Type Explanation 166 167 Advanced Message Viewer Results Example 168 Printing Messages 169 RiverMaster Options window displays as shown in Figure RiverMaster Options170 RiverMaster Options Window 171 172 Viewing Tunnel Activity Viewing Tunnel ActivityTunnel Statistics window appears similar to Figure 173 Value Meaning Trends to Look For Describes the types of statistics you can choose174 175 Using Snmp to Gather Statistics 176 Report Contents Generating Reports Heading Explanation Report Contents178 Network Gateway Report 179 Network Gateway Report Values 180 Max Tunnels GRE/IPSEC Display Network Gateway Report Client Anomaly Report 182 Client Report 183 Client Session Report Values 184 Conn Speed 185 Displays a typical Client Session Summary Report Client Session Summary Report Accounting Report 187 Displays a typical Accounting Summary Report 188 Accounting Summary Report Drill-down Accounting Detail Report Downloading, Viewing and Exporting Reports Downloading, Viewing and Exporting ReportsChoose from daily, weekly, monthly or custom options 190 191 Report Viewing Window 192 Printing Reports 193 Select Disk file in the Destination field Exporting ReportsExport window appears as shown in Figure 194 If you want this export format Go to 195 Choose Export File Window 196 Exporting Records Window 197 Export To Directory window appears as shown in Figure 198 Number and Date Format Dialog box appears as shown 199 Enter Odbc Table Name dialog box appears as shown 200 Select Workbook Window 201 Lines Per Page Dialog Box Format Options Dialog Box Exporting Reports to a Microsoft Exchange Folder 203 Select Exchange Folder in the Destination field and click OK Choose Profile Window Select a folder window appears as shown in Figure 205 Click on a folder to store the report and click OK 206 Exporting Reports Using Mapi 207 Export is now complete Send Mail window appears as shown in Figure208 Glossary 209 AutoLink Recovery 210 Generic Routing Encapsulation GRE 211 Network Administrator 212 Point-to-Point Tunneling Protocol Pptp 213 Remote Client/User 214 TollSaver Database 215Page ANG-3000/7000 Preconfiguration Stored on a Floppy Disk 217 Adding Remote Gateways Adding Remote GatewaysAdd Remote ANG window appears as shown in Figure 218 Add Remote ANG Window 219 Remote ANG Configuration screen appears as shown in Figure Configuring ANG IP AddressesUnder Remote Gateways, click Configure Remote Gateway 220 Click Next Configuring Tunnel ProtocolsEnter values in the open fields as follows 221 Configuring Tunnel Protocols 222 Click on the Authentication tab 223 Click the Encryption tab Do one of the following 224 225 Compression properties screen appears as shown in Figure Click the Compression tab226 Enable or disable Mppc as required 227 Configuring Virtual Subnets 228 229 Configuring Routing Protocols Configuring Routing Protocols230 231 Ospf Properties 232 233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 Configuring RIP for the Interface 236 237 Set the RIP Route Importing/Exporting options as follows Configuring Ospf on an Interface238 Creating Static Routes 239 Appendix B 240 241 Creating Remote Connections Creating Remote Connections242 Remote Connection Configuration Window 243 Tunnel Values section, enter a User Name 244 245 246 Loading the Floppy Disk Loading the Floppy Disk247 Remove the floppy disk 248 License Grant Enterasys Networks License Agreement249 AppendixC Warranty250 Appendix C Infringement IndemnificationLimitation of Liability 251 Applicable Law TerminationInternational Provisions 252 Government Commercial Computer Software 253 Support from Enterasys Networks Technical SupportSupport from Authorized Resellers 254 Numerics Symbols255 Index 256 New 190-208257 110 109111 113 48, 224 259 Radius 260 203-206 261 UDP 262 263