Inhaltszusammenfassung zur Seite Nr. 1
IntraPort 2 and IntraPort 2+
VPN Access Server
Administrator’s Guide
Compatible Systems Corporation
4730 Walnut Street
Suite 102
Boulder, Colorado 80301
303-444-9532
800-356-0283
http://www.compatible.com
Inhaltszusammenfassung zur Seite Nr. 2
IntraPort 2 and IntraPort 2+ VPN Access Server Administrator’s Guide, Version 1.5 Copyright © 1999, Compatible Systems Corporation All rights reserved. IntraPort, RISC Router, MicroRouter and Compati- View are trademarks of Compatible Systems Corporation. Other trade- marks are the property of their respective holders. Copyright© 1997-1999 by Hi/fn, Inc. Includes one or more U.S. Patent Nos.: 4,701,745; 5,003,307; 5,016,009; 5,126,739; 5,146,221; 5,414,425; 5,414,850; 5,463,390; 5,506,580;
Inhaltszusammenfassung zur Seite Nr. 3
Chapter 1 - Introduction 1 ABOUT THE INTRAPORT 2/2+ VPN ACCESS SERVER 1 A NOTE ABOUT REMOTE CLIENT CONNECTIONS 1 INTRAPORT 2/2+ VPN ACCESS SERVER INSTALLATION OVERVIEW 1 Chapter 2 - Getting Started 5 A FEW NOTES 5 Please Read the Manuals 5 Warranty and Service 5 Getting Help with the IntraPort 2/2+ VPN Access Server 5 WHAT YOU WILL NEED TO GET STARTED 6 Supplied with the IntraPort 2/2+ VPN Access Server 6 Needed for Installation 6 Ethernet Connection Requirements 7 VPN Client Software Requiremen
Inhaltszusammenfassung zur Seite Nr. 4
Chapter 6 - Basic Configuration Guide 19 SETUP OPTIONS 19 Diagram of Dual-Ethernet Setup 20 Diagram of Single-Ethernet Setup 21 CONFIGURATION USING COMPATIVIEW 22 VPN Client Tunnel Settings 22 CONFIGURING THE SERVER FOR LAN-TO-LAN TUNNELS 37 BASIC CONFIGURATION USING COMMAND LINE 41 VPN Client Tunnel Settings 41 CONFIGURING THE SERVER FOR LAN-TO-LAN TUNNELS 48 Chapter 7 - Alternate Protocols and Security Parameters 50 IPX Protocol 50 Required for IPX 50 Suggested for IPX 50 AppleTalk Proto
Inhaltszusammenfassung zur Seite Nr. 5
Appendix B - Connector and Cable Pin Outs 58 Pin Outs for DB-25 Male to DB-25 Female RS-232 Data & Console Cable 58 Appendix C - Security Dynamics ACE/Server Information 59 Appendix D - LED Patterns and Test Switch Settings 61 IntraPort 2/2+ VPN Access Servers LED Patterns 61 Ethernet Back Panel Indicators LEDs 61 Front Panel LEDs 61 Sys Ready 61 Power On, No Traffic 61 Ethernet Traffic Indicators 61 IntraPort 2 Connections/Users LEDs 62 IntraPort 2+ Connections/Users LEDs 62 IntraPort 2 Speci
Inhaltszusammenfassung zur Seite Nr. 6
iv
Inhaltszusammenfassung zur Seite Nr. 7
Chapter 1 - Introduction 1 Chapter 1 - Introduction About the IntraPort 2/2+ VPN Access Server Congratulations on your purchase of the IntraPort 2 or IntraPort 2+ VPN Access Server. These VPN Access Servers provide secure Internet-based remote access and site-to-site connections. The IntraPort 2 will support up to 16 simultaneous LAN-to-LAN connections and up to 64 simultaneous remote client connections. The IntraPort 2+ will support up to 32 simultaneous LAN-to-LAN connec- tions and up t
Inhaltszusammenfassung zur Seite Nr. 8
2 Chapter 1 - Introduction In short, the installation steps are: 1. Install the IntraPort 2 or IntraPort 2+ hardware on your Ethernet LAN and connect one or both of the 10/100 twisted-pair Ethernet interfaces to a Fast Ethernet or Ethernet hub. 2. Select the management tool you wish to use with the server. If you want to use the CompatiView management software, you must install the software on a Windows PC computer which is connected to your network. 3. Configure the IntraPort 2/2+ LAN and
Inhaltszusammenfassung zur Seite Nr. 9
Chapter 1 - Introduction 3 Alternate Protocols and Security Parameters This part of the manual lists configuration parameters that must be set in order to use the IntraPort 2/2+ VPN Access Server with protocols other than TCP/IP, and when using additional security parameters such as SecurID and RADIUS. Appendices Additional information that might be of interest to you, such as tech- nical specifications, default settings, and how to download current soft- ware from Compatible Systems’ websit
Inhaltszusammenfassung zur Seite Nr. 10
.
Inhaltszusammenfassung zur Seite Nr. 11
Chapter 2 - Getting Started 5 Chapter 2 - Getting Started A Few Notes Please Read the Manuals The manuals included with your IntraPort 2/2+ VPN Access Server contain very important information about the product and Virtual Private Networking in general. Please read this manual thoroughly, and refer to the management reference guides as required. It’s worth the few minutes it will take. Also, please fill out the warranty registration card and return it to us today. This will help us keep yo
Inhaltszusammenfassung zur Seite Nr. 12
6 Chapter 2 - Getting Started questions via e-mail to support@compatible.com. Compatible Systems’ phone number is listed on the front of this guide. We will be happy to help you. What You Will Need To Get Started Before installing the IntraPort 2/2+ VPN Access Server, please check the list below to make sure that you have received all of the items that are supplied with the server package. You should also make sure you have any additional items that are necessary to connect the server to yo
Inhaltszusammenfassung zur Seite Nr. 13
Chapter 2 - Getting Started 7 Ethernet Connection Requirements The server’s Ethernet interfaces directly support full or half duplex 100BaseTx or 10BaseT twisted-pair Ethernet. To connect the server’s Ethernet interfaces to twisted-pair Ethernet cabling, you will need an unshielded twisted-pair station cable that is connected to a 10BaseT-compatible twisted-pair hub (for a transmit speed of 10 Mbps) or a 100Mbps Fast Ethernet hub (at either transmit speed) for each interface you plan to c
Inhaltszusammenfassung zur Seite Nr. 14
.
Inhaltszusammenfassung zur Seite Nr. 15
Chapter 3 - Network Installation 9 Chapter 3 - Network Installation Figure 1. IntraPort 2/2+ VPN Access Server Back Panel This section of the manual describes how to connect the IntraPort 2/2+ VPN Access Server to your Ethernet network. In summary, the steps for installation are: 1. Make sure the server is powered down and not connected to any power source. 2. Connect the server to the Ethernet network(s). 3. Connect a management console to the server (optional). 4. Plug in the power cable a
Inhaltszusammenfassung zur Seite Nr. 16
10 Chapter 3 - Network Installation The other option is to set up the server behind your Internet access router/firewall using Ethernet 0 only. In this scenario, Ethernet 1 is not used and should not be plugged in to anything. You will also have to set up your firewall to allow IPSec traffic through (see the section on setting up an IP Gateway for Ethernet 0 in Chapter 6 for more information). The 10/100 Ethernet interfaces directly support full or half duplex 100BaseTx or 10BaseT twisted-p
Inhaltszusammenfassung zur Seite Nr. 17
Chapter 4 - CompatiView Software Installation 11 Chapter 4 - CompatiView Software Installation All of the products in the Compatible Systems networking family, including all IntraPort servers, RISC Router and MicroRouter models, can be managed from a single management platform called CompatiView. CompatiView is included on the CD-ROM which was shipped with your IntraPort 2/2+ VPN Access Server. If your IntraPort 2/2+ is running software version 5.0 or later, then you must use CompatiView
Inhaltszusammenfassung zur Seite Nr. 18
Note: To choose the active transport protocol on a Windows machine which has both IPX and IP installed, select “Options” from the Database menu and click the General tab. Then select the appro- priate radio button under “Transport.” Installation and Operation The Windows version of the CompatiView program can be found in the Network Management/CompatiView/Windows directory on the CD-ROM that was included with your IntraPort 2/2+ VPN Access Server. Run the auto-installation program (CV5x f
Inhaltszusammenfassung zur Seite Nr. 19
Chapter 4 - CompatiView Software Installation 13 two most common IPX frame types upon startup (802.2 and 802.3 (raw)). If CompatiView has the IPX/SPX protocol selected as its trans- port, it will be necessary to either powerup the server before powering up the workstation, or reboot the workstation after the server has completed its boot sequence. This process will ensure that the worksta- tion and the server have the proper IPX network bindings for communi- cation. For more information on u
Inhaltszusammenfassung zur Seite Nr. 20
.