Manuals / Enterasys Networks / Computer Equipment / Network Card

Enterasys Networks Network Card Authorization Plug-in Options, Radius Authentication Servers

Models: Network Card

1 276

Download 276 pages 57.43 Kb

Page 88

Before You Begin	Chapter 4
	Setting Up Aurorean Services

Authorization Plug-in Options

Within a Aurorean Virtual Network, the APS coordinates remote user authentication. Using an internal software service known as Authentication and a series of “plug-ins”, the APS can authenticate remote users in three ways:

HUsing the Enterasys Authentication plug-in, remote users are authenticated against a database residing on the APS’s hard drive.

HUsing the RADIUS plug-in, the APS acts as a RADIUS client, forwarding authentication requests from Aurorean users to a RADIUS server.

HUsing the RSA Security SecurID plug-in, the APS acts as a native ACE/Client, forwarding authentication requests from Aurorean users directly to an ACE/Server. This plug-in supports the fail-over function of automatically connecting to a slave ACE/Server if the master fails.

RADIUS Authentication Servers

Aurorean Virtual Network systems support a wide range of RADIUS servers, including:

HMicrosoft RADIUS

HFunk Software’s Steel-Belted RADIUS

HRSA Security ACE/Server that supports RADIUS extensions. This allows remote users to not only authenticate against a centralized authentication database, but also to take advantage of the strong security offered by SecurID passcodes.

HNovell’s BorderManager™ Authentication Services (BMAS) running on a RADIUS server. BMAS is an interface that links dial-in users to the network through Novell Directory Services (NDS™). Support for BorderManager is seamless and it requires no configuration on the APS. Refer to BorderManager Enterprise Edition documentation for more information.

76	RiverMaster Administrator’s Guide

Image 88

Enterasys Networks Network Card manual Authorization Plug-in Options, Radius Authentication Servers

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Managing Users & Groups Adding POPs for Corporate ISPs 114Generating Reports Index Contents of the Guide About This GuideAbout This Guide Conventions Used in this Guide Related DocumentsXii System Requirements Hardware RequirementsInstalling the Application Installation StepsSoftware Requirements Upgrading a Previous ReleaseWhen the Welcome window appears, click Next to continue Installing the ApplicationStarting the Application for the First Time First-Time Setup Information To start RiverMaster, perform the following stepsDo one of the following Select APS WindowRiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster FilesLocate the RiverMaster program folder Default location for this folder is C\Program Files\Delete the RiverMaster folder Restart your computer Getting Started with RiverMaster RiverMaster OverviewCurre Logging into RiverMaster Logging into RiverMasterLogging into RiverMaster Checking Server Status Problem Summary & Users LoggedChecking Server Status Aurorean Network Gateway Statistics Aurorean Network Gateway Status InformationAurorean Policy Server Statistics Aurorean Network Gateway StatisticsAurorean Policy Server Services Service Function If StoppedFTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First TimeAdd user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Before You Begin Configuration PulloutBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Virtual Subnets for Site-to-Site and Remote Access Tunnels Intelligent Client RoutingIntelligent Client Routing Disabled Intelligent Client Routing EnabledNAT Server AuroreanNetwork GatewaySite-to-Site Configuration Site-to-Site TunnelsAutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway SettingsGeneral Aurorean Network Gateway Settings Click the DNS tab DNS server addresses tab page appears as shown in FigureClick the Wins tab Wins Server AddressesClick the NAT tab NAT Server AddressViewing Aurorean Alternate Address Information Click Apply to save your changesAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this windowTunnel Protocols Tunnel ProtocolsTunnel Protocol General Settings Tunnel Protocols window appears as shown in FigureClick the Authentication tab Tunnel Protocol Authentication SettingsClick the Encryption tab Do one of the following Parameter ExplanationTunnel Protocol Encryption Settings Click the Compression tab Tunnel Parameter Explanation ProtocolEnable or disable Mppc as required Tunnel Protocol Compression SettingsVirtual Subnetting IP SubnettingSample IP subnet window is shown in Figure Virtual SubnettingClick Add Click Remove to delete any configured virtual subnetsAdd An IP Virtual Subnet window appears as seen in Figure IPX Virtual Networks Sample IPX virtual networks window is shown in FigureIPX Subnet Configuration for Remote Clients Routing RoutingSetting Routing Protocol Parameters RIP Configuration window should appear as shown in FigureRIP Routing Protocol Configuration Repeat and for each gateway required Do one of the following Parameter Meaning Fixed ValueOspf Configuration window appears as shown in Figure Ospf Routing Protocol ConfigurationRouting Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol RIP Interface Configuration window appears as shown Choose the version of RIP to use on this interfaceDo one of the following To enable Ospf on an interface, perform the following steps Ospf Interface Configuration window appears as shownDo one of the following Static parameter tab page is displayed as shown in FigureRouting Click Add Adding a Remote Server Remote Server DisplayClick Add Remote Server Add Remote Server window appears as shown in FigureAdd Remote Tunnel window appears as shown in Figure Choose the tunneling protocol IPSec or Pptp Click AddAdding a Remote Server Select Enabled or Disabled in the Enabled State field Changing Server and Tunnel PropertiesRemote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Authorization Plug-in Options Radius Authentication ServersPlug-in Planning Private/Public Keys for IPSec Authentication Problem NotificationTrace Levels Adding an Authorization Plug-In Trace Messages DisplayEnterasys Authentication Shows the Configuration pulloutClick here to update the plug-in Radius Authorization Optionally, specify a value in the Num Threads fieldAdding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value SecurID Authorization Create New Plug-in window will appear as shown in FigureAdding an Authorization Plug-In Chapter Specify SecurID Configuration File Window Click CreateChapter Generating Private/Public Keys Chapter Using the Notification Service to Send E-Mail Creating a Mailing ListChapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter Setting Trace Levels ANG Tunnel Management Service WindowClick Set to enable the Trace Level Backing Up the DatabaseClick on Indus River Access Starting a Database Backup Click Start on Backup DatabaseBacking Up the Database Window similar to will appear100 Controlling Remote User Dialing & Access 101TollSaver Database 102Corporate Dial-Up Access 103Corporate 104Creating POP Packages 105Creating POP Packages 106Build Completed Window 107Adding Corporate ISPs 108109 ISP Properties display will appear as show in Figure Click the ISP Properties tab110 Script files are not uploaded without the .SCP extension Select the Access Method as follows111 Adding Corporate ISPs 112113 Adding POPs for Corporate ISPs Adding POPs for Corporate ISPs114 Pull-down options appear as shown in below 115This field is currently not implemented 116Script window appears as shown in Figure 117Page Managing Users & Groups 119Manage Users & Groups Pullout 120Group Policies 121Aurorean Client Installation Kits 122Contents of a Aurorean Client Installation Kit 123Client Synchronization 124125 126 Creating a New Group Group NoticesOpen the Manage Users and Groups pullout Creating a New GroupManage Users and Groups Pullout Group View 128129 Policy Explanation 130Password Policies 131Credit Card Policies 132Tunnel Policies 133Sample User view is shown in Figure Adding Users to a Group134 Corporate User Name field, type a name for the user 135Department field automatically defaults to the group name Password field, type a unique password136 Modifying User & Group Information 137Removing Users & Groups 138Creating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139Build Client Install Kit Window 140Set the Install Kit Options as follows Default Aurorean installation kit file name is141 Advanced Kit Options Window 142143 Kit Complete Message 144Controlling Client Synchronization Controlling Client Synchronization145 Viewing Group Policies 146Building Core Data Files Open the Configuration pullout Click the Update tab147 Build Core Data Files Display 148Uploading Software Synchronization Files 149Upload Software Synchronization Files Display 150Click Upload to copy the file you chose onto the APS 151Setting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152Chapter Managing Users & Groups 153Group pull-down screen appears as shown in Figure Click the arrow in the Group field and select a group154 Message you write is limited to 256 characters. See Figure Write your notice in the text box155 Page Current Message Activity Monitoring System Activity157 To view message activity, perform the following steps Open the View System Activity pulloutSample message activity view is shown in Figure Monitoring System ActivitySystem Activity Display 159160 Message ID Message Type Detailed Description 161Text 162Tunnelid 163Advanced Message Viewer 164Advanced Message View Setup Example 165Message Type Explanation 166167 Advanced Message Viewer Results Example 168Printing Messages 169RiverMaster Options window displays as shown in Figure RiverMaster Options170 RiverMaster Options Window 171172 Viewing Tunnel Activity Tunnel Statistics window appears similar to FigureViewing Tunnel Activity 173Value Meaning Trends to Look For Describes the types of statistics you can choose174 175 Using Snmp to Gather Statistics 176Report Contents Generating ReportsHeading Explanation Report Contents178 Network Gateway Report 179Network Gateway Report Values 180Max Tunnels GRE/IPSEC Display Network Gateway ReportClient Anomaly Report 182Client Report 183Client Session Report Values 184Conn Speed 185Displays a typical Client Session Summary Report Client Session Summary ReportAccounting Report 187Displays a typical Accounting Summary Report 188Accounting Summary Report Drill-down Accounting Detail ReportDownloading, Viewing and Exporting Reports Choose from daily, weekly, monthly or custom optionsDownloading, Viewing and Exporting Reports 190191 Report Viewing Window 192Printing Reports 193Exporting Reports Export window appears as shown in FigureSelect Disk file in the Destination field 194If you want this export format Go to 195Choose Export File Window 196Exporting Records Window 197Export To Directory window appears as shown in Figure 198Number and Date Format Dialog box appears as shown 199Enter Odbc Table Name dialog box appears as shown 200Select Workbook Window 201Lines Per Page Dialog Box Format Options Dialog BoxExporting Reports to a Microsoft Exchange Folder 203Select Exchange Folder in the Destination field and click OK Choose Profile WindowSelect a folder window appears as shown in Figure 205Click on a folder to store the report and click OK 206Exporting Reports Using Mapi 207Export is now complete Send Mail window appears as shown in Figure208 Glossary 209AutoLink Recovery 210Generic Routing Encapsulation GRE 211Network Administrator 212Point-to-Point Tunneling Protocol Pptp 213Remote Client/User 214TollSaver Database 215Page ANG-3000/7000 Preconfiguration Stored on a Floppy Disk 217Adding Remote Gateways Add Remote ANG window appears as shown in FigureAdding Remote Gateways 218Add Remote ANG Window 219Configuring ANG IP Addresses Under Remote Gateways, click Configure Remote GatewayRemote ANG Configuration screen appears as shown in Figure 220Configuring Tunnel Protocols Enter values in the open fields as followsClick Next 221Configuring Tunnel Protocols 222Click on the Authentication tab 223Click the Encryption tab Do one of the following 224225 Compression properties screen appears as shown in Figure Click the Compression tab226 Enable or disable Mppc as required 227Configuring Virtual Subnets 228229 Configuring Routing Protocols Configuring Routing Protocols230 231 Ospf Properties 232233 Configuring Routing Interfaces Configuring Routing Interfaces234 235 Configuring RIP for the Interface 236237 Set the RIP Route Importing/Exporting options as follows Configuring Ospf on an Interface238 Creating Static Routes 239Appendix B 240241 Creating Remote Connections Creating Remote Connections242 Remote Connection Configuration Window 243Tunnel Values section, enter a User Name 244245 246 Loading the Floppy Disk Loading the Floppy Disk247 Remove the floppy disk 248License Grant Enterasys Networks License Agreement249 AppendixC Warranty250 Infringement Indemnification Limitation of LiabilityAppendix C 251Termination International ProvisionsApplicable Law 252Government Commercial Computer Software 253Technical Support Support from Authorized ResellersSupport from Enterasys Networks 254Numerics Symbols255 Index 256New 190-208257 109 111110 11348, 224 259Radius 260203-206 261UDP 262263