Nlynx interlynx/ts, User Manual

Page 1: ...InterLynx TS Virtual Private Network and Firewall User s Guide and Reference Manual Rev 1 02 July 2002...

Page 2: ...TS via Browser 8 Chapter 3 Configuring the IL TS 11 Chapter 4 IL TS Network Settings 26 Chapter 5 Configuring the Firewall 28 Chapter 6 More on Firewall Services 42 Chapter 7 Setting up Static Routes...

Page 3: ...on the outside from seeing the IP addresses on the inside It is a VPN For data security you need more than just a firewall If you need a cost saving alternative to leased lines the Internet offers a...

Page 4: ...ions 12 5 W x 3 75 H x 14 5 D Weight 11 0 Lbs 5 1 Kg Power 110 220 VAC Switchable Operating Temperature 0 to 40 C Operating Humidity 10 90 non condensing Built in 4 Port 10 100Mbps Ethernet Switch Sta...

Page 5: ...carton Verify that the InterLynx TS shipping carton contains the following parts InterLynx TS Unit Power Cord User s Manual CD ROM Ethernet Cable Quick Install Guide 2 Hardware Setup for the InterLyn...

Page 6: ...hooting Diagnostic LED indicators LED State Indication Power On green Unit is powered on Flash On Flashing amber Activity on Flash card LAN On amber Internal Network is functioning properly FDX Col On...

Page 7: ...InterLynx TS User s Manual_________________________________________________________________ 1 3 Example Topologies...

Page 8: ...roperties on the PC Use the steps below to bring up the TCP IP properties for the PC 1 On the PC that will communicate with InterLynx TS press Start and then highlight Settings and then highlight Cont...

Page 9: ...ghlight the TCP IP for that Ethernet card and press the Properties button 4 The TCP IP properties window should now be displayed If the InterLynx TS will be acting as the DHCP Server A server that dis...

Page 10: ...n an IP address to the PC make sure the Specify an IP address radio button is selected The default IP address for the InterLynx TS is 192 168 1 254 with a 24 subnet 255 255 255 0 The IP address given...

Page 11: ...Accessing the InterLynx TS Via Web Browser The first step in connecting to the InterLynx TS is to open a browser window and type in the URL of the unit as shown below Once the URL has been entered pr...

Page 12: ...________________________________________________ 3 2 For Netscape the following are displayed appearance differs slightly based on version Press the Continue button when the box below is displayed Whe...

Page 13: ...the InterLynx TS an introduction page is displayed with a menu of items on the left side of the screen Troubleshooting a failed browser connection to the InterLynx TS 1 There is already a device on t...

Page 14: ...assword a Click on System Settings in the left menu area b Click the Change Password button this will bring up the Change Password page c Under Current Password type in changemenow d Under Enter New P...

Page 15: ...on the yellow Save Settings to Flash button on the left side of the screen Any configuration changes made to the unit are temporary until the Save Settings to Flash button is clicked The System Settin...

Page 16: ...ion Allows a secure Web connection for Remote Administration 2 Check the appropriate boxes to activate the selected services then press the Apply Changes button 3 For Security purposes The Enable SSH...

Page 17: ...is enabling recommended the Network Time Protocol Time Sync by checking the enable box In the Time Server fields the URLs for of the NTP Servers need to be added Here are 3 Time Server URLs that can b...

Page 18: ...ving the current configuration on the InterLynx TS 1 To save the current InterLynx TS configuration file press the Back Up Current Configuration To PC button from the System Settings page 2 The Backup...

Page 19: ...nload box will appear choose Save 4 After choosing Save the Save As window will appear allowing the file to be saved to any Directory on the PC or to a floppy disk Select the location to save the back...

Page 20: ...he saving of a configuration file to a PC is now complete The Backup Current Configuration To PC window will now appear click on Return To System Settings 7 The Backup Current Configuration To PC wind...

Page 21: ...ion to the InterLynx TS 1 To Restore a saved configuration from a PC to the InterLynx TS press the Load Saved Configuration From PC button on the System Settings page 2 The Load Saved Configuration Fr...

Page 22: ...nd make sure it appears in the File name text field Press the Open button 4 The Load Saved Configuration From PC page will appear with the files location being displayed in the Select A Previously Sav...

Page 23: ...the previously saved settings have been restored and for them to take effect the system needs to be rebooted Click OK 9 One more Microsoft Internet Explorer dialogue box will appear explaining that a...

Page 24: ...Update window 2 In the Retrieve Software Update window type the URL that Technical Support will provide for upgrading the firmware on the InterLynx TS After typing in the URL click the Get Software U...

Page 25: ...will appear explaining that the firmware update has been applied and that the system needs to be rebooted for changes to take affect Press OK to continue 6 After pressing the OK button another dialogu...

Page 26: ...the left hand side of the screen Note The Internal TrustedLAN and External Internet interfaces can be disabled and re enabled if necessary by unchecking or checking the Enable box under the Status co...

Page 27: ...be added to the InterLynx TS The WINS Server s IP Address will be passed out to PCs that get their IP Address from the DHCP Server Internet External o The IP address Netmask and Default Gateway inform...

Page 28: ...Lynx TS click on the Firewall Permissions button on the left hand side of the screen That will open the Firewall Permissions page 2 At this point the Firewall Permissions page will show what traffic i...

Page 29: ...___________ 5 2 3 To change the Current Level of the InterLynx TS follow these steps a Click on the arrow in the drop down box and select the level of firewall to be used b Click on the Apply Changes...

Page 30: ...Save Settings to Flash Note When a Firewall Level is chosen the InterLynx TS will allow requests by the Services that are on that level and all Services that are on the lower Firewall Levels For exam...

Page 31: ...This can either be outbound to the Internet or inbound from the Internet b Service This refers to Services that are defined on the InterLynx TS whether they are predefined p or user defined u Service...

Page 32: ...play All Permissions button A table of all the Permissions that have been created on the InterLynx TS will appear in the table All the defined services can be viewed by scrolling thru the list Once th...

Page 33: ...Permissions button on the left hand side of the screen That will open the Firewall Permissions page 2 To remove a permit from the Firewall Permissions table click on the Delete button in the Action co...

Page 34: ...__________________________________ 5 7 3 After deleting the permit the table will be updated showing only the permits that are configured for the current level of the firewall or below 4 Click the Sav...

Page 35: ...o the right of each one and then pressing the Apply Changes button Allow Ping Out Allow clients behind the InterLynx TS to ping machines on the Internet This is a relatively safe setting and may be le...

Page 36: ...______ 5 9 IP Blocking You can provide a list of IP addresses or URLs that are to be blocked by the InterLynx TS o Enter the URL to be blocked in the text box and press the Add button o After pressing...

Page 37: ...ve any of the URLs highlight the URL and then press the Delete button o A Microsoft dialogue box will appear verifying the deletion of the URL Click OK o The screen will refresh and the URL will no lo...

Page 38: ...al devices by redirecting the Services created on the InterLynx TS 1 After logging into the InterLynx TS click on the Firewall Permissions button in the left side menu 2 When the Firewall Permissions...

Page 39: ...ort Forwarding the protocols will use the port numbers that are defined in RFC 1700 1 For example if the Service to Forward is telnet the predefined service named telnet on the InterLynx TS uses the p...

Page 40: ...Redirect Service will define the service as well as the port number for the forwarded service Note If this field is left blank the InterLynx TS will use the same service that is selected in the Servi...

Page 41: ...e service will be redirected to 6 The Redirect Service optional should be telnet The reason for this is the device on the internal network is expecting to receive the telnet packet coming in on port 2...

Page 42: ...utton on the left hand side of the screen That will open the Define Services page b When the Define Services page appears there will be a table listing all the currently defined Services on the InterL...

Page 43: ...Service IMAP a In the Name field type IMAP b In the Description field enter Internet Message Access Protocol It is a method of accessing electronic mail or bulletin board messages that are kept on a...

Page 44: ..._________________________ 6 3 f After pressing the Add This Service button the updated Define Services page will appear with the latest Services appearing in the bottom of the table g Now click on the...

Page 45: ...w Service GRE a Click on the Add A Service button to add a new Service b In the Name field type GRE c In the Description field enter IP Protocol 47 d Check the other radio button in the Protocol field...

Page 46: ...the Add This Service button to add the new Service to the InterLynx TS h After pressing the Add This Service button the updated Define Services page will appear with the latest Services appearing in t...

Page 47: ...ervice p cannot be deleted from the Define Services table 1 Click on the Define Services button on the left side of the screen this will open the Define Services page Now click on the Delete A Service...

Page 48: ...____ 6 7 d Once the Service to be deleted is selected press the Delete Service button e The updated Define Services table will appear with the remaining Services for the InterLynx TS listed in the tab...

Page 49: ...eeds to have a static route to the 192 168 2 0 24 network through router B A static route consists of two things 1 A destination set of IP addresses to which it applies expressed as an IP address and...

Page 50: ...on on the tool bar on the left side of the screen This will bring up the Static routes page 2 Next step is to click on the Add A Route button 3 In this window the Destination networks IP address is ad...

Page 51: ...ple below 5 After the Add this Route button is pushed the route will be added to the Static Routes table as shown below 6 To delete a route click on the Delete under the Delete Column Click yes on the...

Page 52: ...ing up the Virtual Private Network page 2 On the Virtual Private Network page there are three settings that pertain to all VPN connections configured on this InterLynx TS a IPSEC Interfaces Default Th...

Page 53: ...ed only the data associated with that set of keys is vulnerable until the next re keying sequence Default is yes recommended e Authentication Method There are two choices for authentication RSA Key an...

Page 54: ...e connection The screen will refresh and display the parameters that were entered for that connection NOTE These parameters must be entered the same way on the other InterLynx TS except for the Locati...

Page 55: ...__ 8 4 6 The Host side VPN configuration is shown below 7 Click on Return to VPN to see all the VPN connections that have been configured for this InterLynx TS This page will also show the status of t...

Page 56: ...Authentication 1 From the Virtual Private Network page press the Generate RSA Key Pair button to start the process of generating the new key pair 2 After pressing the Generate RSA Key Pair button a di...

Page 57: ...ox will appear on the screen asking you to keep the current page displayed so that an acknowledgement can be displayed when the key generation process has successfully finished Press OK 4 Once the key...

Page 58: ...e process is saving the file to a PC by pressing the Save button 6 After pressing the Save button the Save As window will pop up so that the file can be stored in any folder on the PC Locate the folde...

Page 59: ...complete window 8 When the download process is complete the RSA Key Generation page will be active so press the Return To VPN button 9 At this point the RSA Key Pair has been generated and needs to b...

Page 60: ...erLynx TS 1 Log into the remote not the unit that the RSA Key was exported from InterLynx TS 2 Click on the Virtual Private Network button on the left side of the screen This will bring up the Virtual...

Page 61: ...________________________________________________________________ 8 10 4 Press the Import Public RSA Key button to bring up the Import Public Key page and begin the process of importing the public key...

Page 62: ...Click the Browse button to find the exported RSA Key that was saved as a txt file on the PC 6 Locate and highlight the file and make sure it shows up in the file name text field Press the Open button...

Page 63: ...e Return to Virtual Private Network button At this point the configuration of the VPN between the Host and the Client remote sites are complete NOTE The preceding process must be duplicated on the oth...

Page 64: ...gured as the Host first and then the Client remote InterLynx TS If this order is not followed the units may not negotiate the VPN connection correctly and may require a manual start of the VPN 1 Log i...

Page 65: ...restart process Click ok to continue This will put the InterLynx TS that is configured as a Host in a ready state 6 Steps 1 3 must repeated on the Client remote InterLynx TS so the new VPN settings c...

Page 66: ...bring up the Virtual Private Network page 2 On the Virtual Private Network page there are three settings that pertain to all VPN connections configured on this InterLynx TS a IPSEC Interfaces Default...

Page 67: ...keying sequence Default is yes recommended e Authentication Method There are two choices for authentication rsasigkey and secret Choose Secret Secret uses a Shared Secret pass phrase f Shared Secret...

Page 68: ...nnection The screen will refresh and display the parameters that were entered for that connection NOTE These parameters must be entered the same way on the other InterLynx TS except for the Location s...

Page 69: ...4 6 The Host side VPN configuration is shown below 7 Click on the Return to VPN button to see all the VPN connections that have been configured for this InterLynx TS This page will also show the statu...

Page 70: ...ured as the Host first and then the Client remote InterLynx TS If this order is not followed the units may not negotiate the VPN connection correctly and may require a manual start of the VPN 1 Log in...

Page 71: ...restart process Click ok to continue This will put the InterLynx TS that is configured as a Host in a ready state 6 Steps 1 3 must repeated on the Client remote InterLynx TS so the new VPN settings ca...

Page 72: ...nabled on the Internet interface Check the box to the right of the interface and then press the Apply Changes button Be certain to Save Settings to Flash if you want them to be permanent Viewing Logs...

Page 73: ...the IP Address in the Search String field and press the View Logs button It will show all the Log files that contain that IP Address Syslog Host This option allows the Log files to be sent to an exter...

Page 74: ...r name For example if the hostname of the InterLynx TS is gateway1 and the printer name is laser1 by browsing to gateway1 in Network Neighborhood and double clicking laser1 would be displayed as the a...

Page 75: ...er will be available as hostname printer name For example if the hostname of the InterLynx TS is gateway1 and the printer name is laser1 by browsing to gateway1 in Network Neighborhood and double clic...