SnapGear VPN appliance Family 1.7.8 Скачать руководство пользователя страница 8

Страница: 8 / 105

Installing and configuring your SnapGear appliance

This manual contains instructions for installing and configuring your SnapGear appliance
on your network. The basic steps and related chapters are:

Step Chapter

1. Interconnect the SnapGear appliance
and PCs on a local area network.

Chapter 2, Getting started

2. Connect the telecommunications
hardware/modem for dial-in/dial-out
Internet access.

Chapter 3, Connecting to the Internet

3. Set up the network IP addresses and
firewall.

Chapter 2, Getting started

4. Set up Internet hardware and Internet
account and connect to the Internet.

Chapter 3, Connecting to the Internet

5. Set up users’ security dial-in/dial-out
VPN.

Chapter 4, Dial-in server configuration
Chapter 6, Firewall
Chapter 7, Virtual Private Networking

Introduction

Содержание VPN appliance Family 1.7.8

Страница 1: ...SnapGear VPN Appliance Family User Manual Rev 1 7 8 May 2nd 2003 SnapGear Inc 7984 South Welby Park Drive 101 Salt Lake City Utah 84084 Email support snapgear com Web www snapgear com Introduction...

Страница 2: ...SnapGear Quick Setup 24 Configuring the PCs on your network 28 3 Connecting to the Internet 30 Physically connect modem device 30 Select Internet connection 31 Internet failover 34 Configure PCs to u...

Страница 3: ...0 PPTP server setup 72 IPSec setup 85 IPSec interoperability 90 8 System 91 Time server 91 Password 91 Diagnostics 92 Advanced 92 Flash upgrade 93 RESET button 93 9 Technical support 94 Appendix A LED...

Страница 4: ...fices to securely access your company network to send and receive data at a very low cost With the SnapGear appliance you can remotely access your office network securely using the Internet The SnapGe...

Страница 5: ...customers or other businesses Extranets add external parties to a company s intranet Failover A method for detecting that the main Internet connection usually a broadband connection has failed and the...

Страница 6: ...other network Masquerading is one particular form of NAT Net mask The way that computers know which part of a TCP IP address refers to the network and which part refers to the host range NTP Network T...

Страница 7: ...e Networking When two locations commmunicate securely and effectively across a public network e g the Internet The three key features of VPN technology are privacy nobody can see what you are communic...

Страница 8: ...ter 2 Getting started 2 Connect the telecommunications hardware modem for dial in dial out Internet access Chapter 3 Connecting to the Internet 3 Set up the network IP addresses and firewall Chapter 2...

Страница 9: ...e and detailed in the following table Figure 1 1 SnapGear SOHO PRO front panel LEDs Label Activity Description POWER PWR On Power is supplied to the SnapGear appliance Flashing System flashes once eve...

Страница 10: ...upper on SME530 SME550 and PRO lower on PRO and SOHO where a cable is connected correctly to another device e g a cable modem The other light represents the activity as per the front panel Figure 1 2...

Страница 11: ...Figure 1 3 Network interconnections Introduction 8...

Страница 12: ...P CHAP MSCHAPv2 RADIUS and TACACS tunnel authentication RFC1334 RFC1994 Transparent tunnel support for PPTP IPSec pass through Dial in remote access with PAP CHAP MSCHAPv2 RADIUS and TACACS authentica...

Страница 13: ...ine status LEDs for Internet VPN Rear panel Ethernet LEDs Link Transmit Receive LAN link features 10 100BaseT LAN port to connect to the local network Ethernet on PRO LITE2 LITE2 SME530 and SME550 mod...

Страница 14: ...ower adaptor voltages current depend on individual models Front panel status LEDs Power Test Operating temperature between 0 C and 40 C Storage temperature between 20 C and 70 C Humidity between 0 to...

Страница 15: ...omatically assign IP addresses to other devices on the network If you have an existing network you may already have an active DHCP server and the PCs and devices on the network may already have IP add...

Страница 16: ...ppliance can be configured on the network From the Start menu select Settings Control Panel Network and click the Configuration tab or Protocols if using NT 3 Ensure that the TCP IP networking protoco...

Страница 17: ...Setup Wizard will help assign an IP address to the SnapGear appliance On DHCP enabled i e dynamic networks or if you have performed a static IP reset the Setup Wizard will locate the IP address assign...

Страница 18: ...may need to contact customer support However the SnapGear appliance may be acquiring an initial IP address from another DHCP server on the LAN causing its LEDs to stop flashing soon after booting In...

Страница 19: ...is applied use only the SnapGear Power Adapter packaged with the unit The System TST Heart Beat LED blinks when the SnapGear appliance is running For all modes except the LITE and LITE2 all LEDs exce...

Страница 20: ...t you up and running the setup exe application is simply a miniature DHCP server that will give the SnapGear appliance a known IP address If you use Linux Unix Macintosh or another operating system yo...

Страница 21: ...ur network is DHCP enabled If this is the case SnapGear Setup Wizard will prompt you to select which SnapGear VPN Router you wish to configure based on its LAN port MAC address The SnapGear Setup Wiza...

Страница 22: ...IP address Verify that this address is acceptable and not already in use and click OK SnapGear Setup Wizard will check that the IP address you selected isn t already in use If it is you will be asked...

Страница 23: ...pages Your SnapGear appliance is now configured The Setup Wizard will prompt you to launch a web browser to open the SnapGear Management Console web administration pages The SnapGear Management Conso...

Страница 24: ...initial static IP address of 192 168 0 1 netmask 255 255 255 0 Refer to the start of this chapter for details on how to activate this option Using lin_set_ip The lin_set_ip program is a command line t...

Страница 25: ...nd will contain the MAC address of your SnapGear appliance and the corresponding Internet Address You can find the MAC address printed on the underside of your SnapGear appliance If your network has a...

Страница 26: ...IP address tag ip to match the addressing for your local network and use an address in your local subnet You also need to modify the MAC address tag ha to match your SnapGear appliance hardware The M...

Страница 27: ...ar appliance and connecting to the Internet To start the wizard click the Quick Setup Wizard link on the SnapGear Appliance Configuration page To modify the configuration you need to enter the adminis...

Страница 28: ...method for setting the LAN port network address configuration either DHCP or manual 3 If you select DHCP or Skip the Next button will take you to the ISP Connection configuration page 4 If you select...

Страница 29: ...le modems you need to enter your Cable Modem Service Provider This is usually Generic Cable Modem Provider If you use an external analog modem to connect to your ISP you must also specify The serial p...

Страница 30: ...on demand connections you need to specify the idle disconnect time in minutes Use DHCP to connect DHCP is used if your ISP requires you to get an IP address automatically from a DHCP server over the...

Страница 31: ...atically or they can be dynamically assigned by a DHCP server each time the PC boots To take advantage of the SnapGear appliance s DHCP server or if you are already using a DHCP server on the network...

Страница 32: ...on your network For each non configured Windows 2000 PC on the network open TCP IP Properties using the above instructions and ensure that Use the following IP address is checked and add the following...

Страница 33: ...nal dialup analog modem an ISDN modem a permanent analog modem a cable modem or DSL link as shown in the following figure Figure 3 1 Internet connection Physically connect modem device The first step...

Страница 34: ...tomatically Use PPPoE if your ISP uses username and password authentication to access the Internet Use DHCP if your ISP does not require a username and password or if your ISP instructed you to obtain...

Страница 35: ...modem The following figure shows the Setup modem Internet connection Connecting to the Internet 32 Figure 3 2 Setup modem Internet connection If you are connecting to the Internet using a modem the sy...

Страница 36: ...ord fields must match Click Advanced to configure the following options Field Description Idle timeout By default the SnapGear appliance dials on demand i e when there is traffic trying to reach the I...

Страница 37: ...services to continue operating When the main Internet connection fails and the backup connection or failover is started VPN connections are restarted and dynamic DNS services are advised of the new IP...

Страница 38: ...iately when the password is wrong or if the SnapGear appliance is unable to contact an ADSL modem to make a connection Specify the time to wait between retrying this connection after detecting the ini...

Страница 39: ...pecify a static IP address or use DHCP the SnapGear appliance cannot usually detect if the Internet connection is down To ensure that the Internet connection is up enter a host for the SnapGear applia...

Страница 40: ...he connection 1 From any PC on the network launch a browser application e g Internet Explorer or Netscape Navigator 2 The SnapGear appliance will dial the ISP and log in On the front panel the COM LED...

Страница 41: ...remote site establishes a dial in link using a modem connected to the SnapGear appliance The SnapGear appliance s dial in facility establishes a PPP connection to the remote user or site Dial in requ...

Страница 42: ...and Modem Devices for modem configuration details 2 Enable and configure the selected SnapGear appliance COM port for dial in as detailed in Dial in Setup 3 Set up and configure user dial in accounts...

Страница 43: ...gure 4 1 Dial in setup To enable and configure Dial In server for the SnapGear appliance select Dial In Setup from the Networking menu The following table describes the fields in the Dial In Setup scr...

Страница 44: ...ll use when connecting to the SnapGear appliance Authentication Scheme The authentication scheme is the method the SnapGear appliance uses to challenge users dialing into the network Dial in clients m...

Страница 45: ...field options in Add New Account are shown in the following table Field Description Username Username for dial in authentication only The name is case sensitive e g Jimsmith is different to jimsmith...

Страница 46: ...The following figure shows the user maintenance screen Figure 4 3 User maintenance screen Dial in server configuration 43...

Страница 47: ...change is shown on the Dial in Setup screen If the change is unsuccessful an error is reported as shown in the following figure Figure 4 4 Dial in password error When you have finished adding and modi...

Страница 48: ...d users can access all network resources as if they were a local user For Windows 95 and Windows 98 From the Dial Up Networking folder double click Make New Connection and enter the Connection Name fo...

Страница 49: ...ication you also need to check the Require encrypted password checkbox Leave all other Advanced Options unchecked Select the TCP IP network protocols from the Allowed network protocols list Warning Do...

Страница 50: ...count as shown in the following figure Figure 4 7 Connect to dialogue box Windows 2000 To configure a remote access connection on a Windows 2000 computer click Start Settings Network and Dial up Conne...

Страница 51: ...twork as the connection type and click Next to continue Figure 4 10 Phone number to dial Tick Use dialing rules to enable you to select a country code and area code This feature is useful when using r...

Страница 52: ...urity feature that will not allow any other users who log onto your machine to use this remote access connection Figure 4 12 Connection name Enter a name for the connection and click Finish to complet...

Страница 53: ...appear as in the next figure If you did not create a desktop icon click Start Settings Network and Dial up Connections and select the appropriate connection and enter the username and password set up...

Страница 54: ...erface of the SnapGear appliance select either a dynamically or statically assigned IP address If the LAN interface of your SnapGear appliance gets its IP address from a DHCP server on your local netw...

Страница 55: ...network to this machine Enter the IP address of the DNS Server that the SnapGear appliance will use to resolve domain names in the Domain Name Server field This is only required if the SnapGear applia...

Страница 56: ...configuration The following figure shows the advanced IP configuration Figure 5 2 Advanced IP configuration The Hostname is a descriptive name for the SnapGear appliance on the network Network config...

Страница 57: ...machine has its own private IP address SnapGear recommends setting Masquerade on the Internet interface Internet Interface Aliases allows the SnapGear appliance to respond to multiple IP addresses on...

Страница 58: ...eep your network design as simple as possible your SnapGear appliance can act as a DHCP server for machines on your local network To configure your SnapGear appliance as a DHCP server you must set a s...

Страница 59: ...Lease Time in seconds The lease time is the time that a dynamically assigned IP address is valid Click Configure the IP addresses to be handed out to enter the addresses from where the DHCP server wi...

Страница 60: ...ature of your SnapGear appliance allows you to allocate High Medium or Low priority to the following services domain tcp domain udp ftp ftp data http https imap irc nntp ntp pop3 smtp ssh and telnet T...

Страница 61: ...r Firewall filters packets at the network layer determines whether the session packets are legitimate and evaluates the contents of packets at the application layer to provide maximum protection for y...

Страница 62: ...appliance s configuration web pages Web Admin to machines on your local network SnapGear does not recommend disallowing all services as this will make future configuration changes impossible unless y...

Страница 63: ...similar to http 192 168 22 1 88 External access to services The following figure shows how to configure external access to services Figure 6 2 Configure external access to services The SnapGear applia...

Страница 64: ...configuration Port forwarding allows the SnapGear appliance to control access to services provided by machines on your private network from users on the Internet Requests coming into the SnapGear appl...

Страница 65: ...iance s Outgoing Access Restrictions are configured using security group classes Click the security group classes link on the Outgoing Access Configuration page to set the restrictions for each securi...

Страница 66: ...Rules configuration page allows firewall experts to view the current firewall rules and add custom firewall rules To access this page click Rules in the Firewall menu Only experts on firewalls and ipt...

Страница 67: ...onnection attempts Remote machines attempting to connect to these services generate a system log entry providing details of the access attempt and the access attempt is denied Because network scans of...

Страница 68: ...bled The trigger count value should be between 0 and 2 o represents an immediate blocking of probing hosts Larger settings mean more attempts are permitted before blocking and although allowing the at...

Страница 69: ...ystem limits the types of web based content accessed Web based content featuring profanity sexually explicit or other objectionable material can be limited or blocked from the following screens The fo...

Страница 70: ...Firewall 67 Figure 6 7 Content filtering...

Страница 71: ...from some commonly blocked content and set the filtering levels according to your requirements Reporting contains the following filtering levels Filtering Level Description Green Allowed Access to con...

Страница 72: ...access to your corporate network as if you were connected directly from your office Similarly telecommuters can also set up a VPN tunnel over their cable modem or DSL links to their local ISP With th...

Страница 73: ...he connection The remote PPTP server IP address to connect to A username and password to use when logging in to the remote VPN You may need to obtain this information from the system administrator of...

Страница 74: ...Make VPN the Default Route checkbox and click Apply This option is only available when the SnapGear appliance is configured with a single VPN connection only After adding a new VPN two new tables are...

Страница 75: ...apGear appliance and enable the appropriate authentication security Configure the VPN clients at the remote sites The client does not require special software The SnapGear PPTP Server supports the sta...

Страница 76: ...following figure shows the PPTP server setup Figure 7 3 PPTP server setup To enable and configure your SnapGear appliance s VPN server select PPTP VPN Server from the VPN menu in the SnapGear applianc...

Страница 77: ...160 250 254 Authentication scheme PPTP provides an authenticated communication tunnel between a client and a gateway by using a user ID and password The authentication scheme is the method the SnapGe...

Страница 78: ...tion only The name selected is case sensitive e g Jimsmith is different to jimsmith Username can be the same as or different to the name set for dial in access Windows Domain Most Windows clients expe...

Страница 79: ...check Delete in the Delete or Change Password for the Selected Account field If a requested change to a user account is successful the PPTP VPN Setup screen is shown with the change noted An error is...

Страница 80: ...he names may or may not be the same as your normal network username and password and should be different from the username and password used by your remote users use to access their local ISP The foll...

Страница 81: ...s installed on the remote PC If necessary install the Microsoft DUN update available on the SnapGear Installation CD and VPN Client update To create a VPN connection across the Internet you must set u...

Страница 82: ...ld This may change if your ISP uses dynamic IP assignment Click OK and then click Finish Figure 7 6 VPN client setup Right click the new icon and select Properties Select the Server Types tab and chec...

Страница 83: ...IP Address Server Assigned Name Server Address Use IP Header Compression and Use Default Gateway on Remote Network are all selected and click OK Figure 7 7 VPN client server settings Your VPN client...

Страница 84: ...change if your ISP uses dynamic IP assignment In the Dial Using dialog box select RASSPPTPM VPN1 and click Next Click More and select Edit entry then Modem properties from the menu Select the Server t...

Страница 85: ...gging in from the Start menu select Settings and then Network and Dial up Connections as shown in the following figure Figure 7 8 Network and dial up connections To set up your VPN account double clic...

Страница 86: ...dress and click Next Select the Connection Availability you require on the next window and click Next to display the final window Figure 7 11 Completing the network connection wizard Enter an appropri...

Страница 87: ...ord allocated by your SnapGear appliance s VPN administrator After you are authenticated to the network you can check your e mail use the office printer access shared files and browse the network as i...

Страница 88: ...2 IPSec setup Enable IPSec by clicking the Enable IPSec box underneath the IPSec Setup title and then click Submit Enable the interface where you want to use IPSec This may be the default gateway or a...

Страница 89: ...g screen Virtual Private Networking 86 Figure 7 13 Add new IPSec connection Enter a descriptive name for the connection in the Connection Name field Choosing to connect with Aggressive Mode increases...

Страница 90: ...nter the remote gateway settings To connect to from a remote machine that does not have a fixed IP address e g a Road Warrior enter an External IP of 0 0 0 0 only Dead Peer Detection allows the tunnel...

Страница 91: ...Click Add to complete the IKE setup as shown in the following screen Figure 7 14 Automatic keying setup Virtual Private Networking 88...

Страница 92: ...xt for each Hash functions A complex operation that uses both a hashing algorithm MD5 or SHA and a key Diffie Hellman The Diffie Hellman key agreement protocol allows two parties A and B to agree on a...

Страница 93: ...ture messages without performing additional successful attacks Perfect forward secrecy of keys provides the maximum security and is the recommended setting IPSec interoperability Please see the Suppor...

Страница 94: ...ar appliance s configuration web pages WebAdmin and the SnapGear appliance itself The SnapGear appliance password is the key to the security of your network and must be kept secret SnapGear recommends...

Страница 95: ...ork administrators and advanced users only Warning Altering the advanced configuration settings may render your SnapGear appliance inoperable The System Log contains debugging information that may be...

Страница 96: ...he file During the upgrade the front panel LEDs on the SnapGear appliance will flash in an in and out pattern The SnapGear appliance retains its configuration information with the new firmware Warning...

Страница 97: ...lowing figure Figure 9 1 Technical support The Technical Support Report page is an invaluable resource for the SnapGear Technical Support Staff to analyze problems with your SnapGear appliance The inf...

Страница 98: ...ssist with faster response and recovery action LED Pattern Status Action VPN Memory failure Please contact your dealer COM2 Console device cannot initialize Please contact your dealer All LEDs on In r...

Страница 99: ...he syslog var log messages or external syslog server of the following format Date Time klogd prefix IN incoming interface OUT outgoing interface MAC dst src MAC addresses SRC source IP DST destination...

Страница 100: ...to detect various attacks smurf teardrop etc When outbound traffic from LAN to WAN is blocked by custom rules configured in the GUI the resultant dropped packets are also logged The prefix for all th...

Страница 101: ...181 LEN 60 TOS 0x00 PREC 0x00 TTL 63 ID 62830 DF PROTO TCP SPT 46486 DPT 22 WINDOW 5840 RES 0x00 SYN URGP 0 Creating Custom Log Rules Additional log rules can be configured to provide more detail if...

Страница 102: ...klogd Internet PPTP access IN eth0 OUT MAC 00 d0 cf 00 07 03 00 50 bf 20 66 4d 08 00 SRC DST 1 2 3 4 LEN 48 TOS 0x00 PREC 0x00 TTL 127 ID 43470 DF PROTO TCP SPT 4508 DPT 1723 WINDOW 64240 RES 0x00 SYN...

Страница 103: ...se the i and o arguments to specify the interface that are to be considered for IN and OUT respectively When the argument is used before the interface name the sense is inverted If the name ends in a...

Страница 104: ...t is 3 hour limit burst number number is the maximum initial number of packets to match This number gets recharged by one every time the limit specified above is not reached up to this number The defa...

Страница 105: ...thentication attempt failed for root from 10 0 0 2 Jan 30 03 18 40 2000 login Authentication successful for root from 10 0 0 2 Once again showing the same information as a web login attempt Boot Log M...

Результаты поиска

Содержание VPN appliance Family 1.7.8

Отзывы:

Похожие инструкции для VPN appliance Family 1.7.8

Бренды по названию

Популярные бренды

SnapGear VPN appliance Family 1.7.8, Руководство пользователя

Результаты поиска

Содержание VPN appliance Family 1.7.8

Отзывы:

Похожие инструкции для VPN appliance Family 1.7.8

Бренды по названию

Популярные бренды