Manuals / Enterasys Networks / Computer Equipment / Network Card

Enterasys Networks Network Card manual Plug-in Planning

Models: Network Card

1 276

Download 276 pages 57.43 Kb

Page 89

Chapter 4

Before You Begin

Setting Up Aurorean Services

NOTE

Enterasys Networks continually tests interoperability with other RADIUS server vendors. Contact Enterasys Networks Customer Support for an up-to-date list of approved RADIUS servers.

Plug-in Planning

You can add multiple plug-ins for RADIUS or SecurID authentication. Typically, you add one plug-in for each RADIUS or SecurID authentication server on your network and preserve the Enterasys Authentication plug-in for RiverMaster logins. One plug-in must be designated as the default plug-in. When you set up your Aurorean Virtual Network for the first time, the default plug-in is Enterasys Authentication.

When Aurorean users attempt to tunnel into the corporate network, they must present a VPN user name and password for authentication. If the Aurorean Client user presents a simple user name such as BSmith, the user is authenticated against the default plug-in. Aurorean users have the ability to override the default and select another plug-in by adding an “@” symbol and the identifier for the plug-in. For example, if you add a RADIUS plug-in with the identifier RADIUS1, a Aurorean Client user can select this plug-in by entering a VPN user name such as BSmith@RADIUS1.

Threads

You can accelerate the authentication of multiple users logging in at the same time by increasing the number of threads (logins in progress) the authenticating server will handle. This function is useful if you discover that users are exceeding the timeout value allowed for authentication and are not being connected because too many clients are dialing in simultaneously.

For instructions on customizing the Enterasys Authentication plug-in and adding RADIUS and SecurID plug-ins, refer to “Adding an Authorization Plug-In” on page 80.

RiverMaster Administrator’s Guide

77

Image 89

Enterasys Networks Network Card manual Plug-in Planning

Contents

RiverMaster Administrator’s Guide Office Table of Contents Configuring an ANG-3000/7000 Setting Up Aurorean Services Adding POPs for Corporate ISPs 114 Managing Users & GroupsGenerating Reports Index About This Guide Contents of the GuideAbout This Guide Related Documents Conventions Used in this GuideXii Hardware Requirements System RequirementsInstallation Steps Installing the ApplicationSoftware Requirements Upgrading a Previous ReleaseInstalling the Application When the Welcome window appears, click Next to continueStarting the Application for the First Time To start RiverMaster, perform the following steps First-Time Setup InformationSelect APS Window Do one of the followingRiverMaster Login Window RiverMaster Main Interface Removing RiverMaster Files Removing RiverMaster FilesDelete the RiverMaster folder Restart your computer Default location for this folder is C\Program Files\Locate the RiverMaster program folder RiverMaster Overview Getting Started with RiverMasterCurre Logging into RiverMaster Logging into RiverMasterLogging into RiverMaster Checking Server Status Problem Summary & Users LoggedChecking Server Status Aurorean Network Gateway Status Information Aurorean Network Gateway StatisticsAurorean Network Gateway Statistics Aurorean Policy Server StatisticsService Function If Stopped Aurorean Policy Server ServicesFTP Aurorean Policy Server Services Setting Up a Aurorean Virtual Network the First Time Setting Up a Aurorean Virtual Network the First TimeAdd user accounts to each group as described in Chapter Setting Up a Aurorean Virtual Network the First Time Page Configuring an ANG-3000/7000 Before You Begin Configuration PulloutBefore You Begin Allocating IP/IPX Addresses to Remote Clients Before You Begin Remote Client Virtual Subnet Usage Configuring an ANG-3000/7000 Intelligent Client Routing Virtual Subnets for Site-to-Site and Remote Access TunnelsIntelligent Client Routing Enabled Intelligent Client Routing DisabledAurorean NAT ServerNetwork GatewaySite-to-Site Tunnels Site-to-Site ConfigurationAutoLink Recovery Primary Aurorean System General Aurorean Network Gateway Settings General Aurorean Network Gateway SettingsGeneral Aurorean Network Gateway Settings DNS server addresses tab page appears as shown in Figure Click the DNS tabWins Server Addresses Click the Wins tabNAT Server Address Click the NAT tabClick Apply to save your changes Viewing Aurorean Alternate Address InformationAurorean Alternate Address Info window appears as shown Primary addresses cannot be modified in this windowTunnel Protocols Tunnel ProtocolsTunnel Protocols window appears as shown in Figure Tunnel Protocol General SettingsTunnel Protocol Authentication Settings Click the Authentication tabParameter Explanation Click the Encryption tab Do one of the followingTunnel Protocol Encryption Settings Tunnel Parameter Explanation Protocol Click the Compression tabTunnel Protocol Compression Settings Enable or disable Mppc as requiredIP Subnetting Virtual SubnettingSample IP subnet window is shown in Figure Virtual SubnettingAdd An IP Virtual Subnet window appears as seen in Figure Click Remove to delete any configured virtual subnetsClick Add Sample IPX virtual networks window is shown in Figure IPX Virtual NetworksIPX Subnet Configuration for Remote Clients Routing RoutingRIP Configuration window should appear as shown in Figure Setting Routing Protocol ParametersRIP Routing Protocol Configuration Parameter Meaning Fixed Value Repeat and for each gateway required Do one of the followingOspf Routing Protocol Configuration Ospf Configuration window appears as shown in FigureRouting Interfaces Adding or Removing a Routing Protocol for an Interface Adding a Routing Protocol Choose the version of RIP to use on this interface RIP Interface Configuration window appears as shownDo one of the following Ospf Interface Configuration window appears as shown To enable Ospf on an interface, perform the following stepsStatic parameter tab page is displayed as shown in Figure Do one of the followingRouting Click Add Remote Server Display Adding a Remote ServerAdd Remote Server window appears as shown in Figure Click Add Remote ServerAdding a Remote Server Choose the tunneling protocol IPSec or Pptp Click AddAdd Remote Tunnel window appears as shown in Figure Changing Server and Tunnel Properties Select Enabled or Disabled in the Enabled State fieldRemote Tunnel Properties window appears as shown in Figure Adding a Remote Server Page Setting Up Aurorean Services Radius Authentication Servers Authorization Plug-in OptionsPlug-in Planning Problem Notification Private/Public Keys for IPSec AuthenticationTrace Levels Trace Messages Display Adding an Authorization Plug-InShows the Configuration pullout Enterasys AuthenticationClick here to update the plug-in Optionally, specify a value in the Num Threads field Radius AuthorizationAdding an Authorization Plug-In Chapter Optionally, specify a value in the Num Threads field Server Type Recommended Value Create New Plug-in window will appear as shown in Figure SecurID AuthorizationAdding an Authorization Plug-In Chapter Click Create Specify SecurID Configuration File WindowChapter Generating Private/Public Keys Chapter Creating a Mailing List Using the Notification Service to Send E-MailChapter Adding an Address to a Mailing List Using the Notification Service to Send E-Mail Chapter ANG Tunnel Management Service Window Setting Trace LevelsBacking Up the Database Click Set to enable the Trace LevelStarting a Database Backup Click Start on Backup Database Click on Indus River Access100 Window similar to will appearBacking Up the Database 101 Controlling Remote User Dialing & Access102 TollSaver Database103 Corporate Dial-Up Access104 Corporate105 Creating POP Packages106 Creating POP Packages107 Build Completed Window108 Adding Corporate ISPs109 110 Click the ISP Properties tabISP Properties display will appear as show in Figure 111 Select the Access Method as followsScript files are not uploaded without the .SCP extension 112 Adding Corporate ISPs113 114 Adding POPs for Corporate ISPsAdding POPs for Corporate ISPs 115 Pull-down options appear as shown in below116 This field is currently not implemented117 Script window appears as shown in FigurePage 119 Managing Users & Groups120 Manage Users & Groups Pullout121 Group Policies122 Aurorean Client Installation Kits123 Contents of a Aurorean Client Installation Kit124 Client Synchronization125 126 Group Notices Creating a New GroupOpen the Manage Users and Groups pullout Creating a New Group128 Manage Users and Groups Pullout Group View129 130 Policy Explanation131 Password Policies132 Credit Card Policies133 Tunnel Policies134 Adding Users to a GroupSample User view is shown in Figure 135 Corporate User Name field, type a name for the user136 Password field, type a unique passwordDepartment field automatically defaults to the group name 137 Modifying User & Group Information138 Removing Users & GroupsCreating an Aurorean Client Installation Kit Creating an Aurorean Client Installation KitSample Group view is shown in Figure 139140 Build Client Install Kit Window141 Default Aurorean installation kit file name isSet the Install Kit Options as follows 142 Advanced Kit Options Window143 144 Kit Complete Message145 Controlling Client SynchronizationControlling Client Synchronization 146 Viewing Group Policies147 Open the Configuration pullout Click the Update tabBuilding Core Data Files 148 Build Core Data Files Display149 Uploading Software Synchronization Files150 Upload Software Synchronization Files Display151 Click Upload to copy the file you chose onto the APSSetting Up Group Notices Setting Up Group NoticesGroup Notice display appears as shown in Figure 152153 Chapter Managing Users & Groups154 Click the arrow in the Group field and select a groupGroup pull-down screen appears as shown in Figure 155 Write your notice in the text boxMessage you write is limited to 256 characters. See Figure Page 157 Monitoring System ActivityCurrent Message Activity Open the View System Activity pullout To view message activity, perform the following stepsSample message activity view is shown in Figure Monitoring System Activity159 System Activity Display160 161 Message ID Message Type Detailed Description162 Text163 Tunnelid164 Advanced Message Viewer165 Advanced Message View Setup Example166 Message Type Explanation167 168 Advanced Message Viewer Results Example169 Printing Messages170 RiverMaster OptionsRiverMaster Options window displays as shown in Figure 171 RiverMaster Options Window172 Tunnel Statistics window appears similar to Figure Viewing Tunnel ActivityViewing Tunnel Activity 173174 Describes the types of statistics you can chooseValue Meaning Trends to Look For 175 176 Using Snmp to Gather StatisticsGenerating Reports Report Contents178 Report ContentsHeading Explanation 179 Network Gateway Report180 Network Gateway Report ValuesNetwork Gateway Report Max Tunnels GRE/IPSEC Display182 Client Anomaly Report183 Client Report184 Client Session Report Values185 Conn SpeedClient Session Summary Report Displays a typical Client Session Summary Report187 Accounting Report188 Displays a typical Accounting Summary ReportDrill-down Accounting Detail Report Accounting Summary ReportChoose from daily, weekly, monthly or custom options Downloading, Viewing and Exporting ReportsDownloading, Viewing and Exporting Reports 190191 192 Report Viewing Window193 Printing ReportsExport window appears as shown in Figure Exporting ReportsSelect Disk file in the Destination field 194195 If you want this export format Go to196 Choose Export File Window197 Exporting Records Window198 Export To Directory window appears as shown in Figure199 Number and Date Format Dialog box appears as shown200 Enter Odbc Table Name dialog box appears as shown201 Select Workbook WindowFormat Options Dialog Box Lines Per Page Dialog Box203 Exporting Reports to a Microsoft Exchange FolderChoose Profile Window Select Exchange Folder in the Destination field and click OK205 Select a folder window appears as shown in Figure206 Click on a folder to store the report and click OK207 Exporting Reports Using Mapi208 Send Mail window appears as shown in FigureExport is now complete 209 Glossary210 AutoLink Recovery211 Generic Routing Encapsulation GRE212 Network Administrator213 Point-to-Point Tunneling Protocol Pptp214 Remote Client/User215 TollSaver DatabasePage 217 ANG-3000/7000 Preconfiguration Stored on a Floppy DiskAdd Remote ANG window appears as shown in Figure Adding Remote GatewaysAdding Remote Gateways 218219 Add Remote ANG WindowUnder Remote Gateways, click Configure Remote Gateway Configuring ANG IP AddressesRemote ANG Configuration screen appears as shown in Figure 220Enter values in the open fields as follows Configuring Tunnel ProtocolsClick Next 221222 Configuring Tunnel Protocols223 Click on the Authentication tab224 Click the Encryption tab Do one of the following225 226 Click the Compression tabCompression properties screen appears as shown in Figure 227 Enable or disable Mppc as required228 Configuring Virtual Subnets229 230 Configuring Routing ProtocolsConfiguring Routing Protocols 231 232 Ospf Properties233 234 Configuring Routing InterfacesConfiguring Routing Interfaces 235 236 Configuring RIP for the Interface237 238 Configuring Ospf on an InterfaceSet the RIP Route Importing/Exporting options as follows 239 Creating Static Routes240 Appendix B241 242 Creating Remote ConnectionsCreating Remote Connections 243 Remote Connection Configuration Window244 Tunnel Values section, enter a User Name245 246 247 Loading the Floppy DiskLoading the Floppy Disk 248 Remove the floppy disk249 Enterasys Networks License AgreementLicense Grant 250 WarrantyAppendixC Limitation of Liability Infringement IndemnificationAppendix C 251International Provisions TerminationApplicable Law 252253 Government Commercial Computer SoftwareSupport from Authorized Resellers Technical SupportSupport from Enterasys Networks 254255 SymbolsNumerics 256 Index257 190-208New 111 109110 113259 48, 224260 Radius261 203-206262 UDP263