Compatible Systems IntraPort Enterprise-2, User Manual

Page 1: ...IntraPort Enterprise 2 VPN Access Server Administrator s Guide Compatible Systems Corporation 4730 Walnut Street Suite 102 Boulder Colorado 80301 303 444 9532 800 356 0283 http www compatible com ...

Page 2: ...arks are the property of their respective holders Part number A00 1855 FCC Notice This product has been certified to comply with the limits for a Class A computing device pursuant to Subpart J of Part 15 of FCC Rules It is designed to provide reasonable pro tection against radio or television communication interference in a commercial environment Operation of this equipment in a residential area c...

Page 3: ...tandard 19 inch Rack Mount 6 Earthquake Mount in a 19 inch Rack 8 Telco Rack Mount 11 Wall Mount 13 POWER CORD RETAINER INSTALLATION 15 Chapter 3 Network Installation 16 CONNECTING THE SERVER TO THE ETHERNET 16 CONNECTING A MANAGEMENT CONSOLE 17 POWERING UP THE SERVER 17 Chapter 4 CompatiView Software Installation 18 COMPATIVIEW FOR WINDOWS 18 System Requirements 18 Installation and Operation 18 T...

Page 4: ... the IntraPort Enterprise 2 for a RADIUS Server 25 RADIUS Server User Authentication Settings 25 Setting up SecurID Authentication 26 Setting the IntraPort Enterprise 2 for an ACE Server 27 ACE Server Settings 27 SAVING A CONFIGURATION FILE TO FLASH ROM 27 Chapter 7 Shipping Defaults 28 DEFAULT PASSWORD 28 ETHERNET INTERFACES 28 IP Defaults 28 IPX Defaults 28 AppleTalk Defaults 28 Chapter 8 LED Pa...

Page 5: ...ding Software From Compatible Systems 32 Appendix C Security Dynamics ACE Server Information 33 Appendix D When the Over Temp Light Comes On 34 REPLACING OR CLEANING THE INTRAPORT ENTERPRISE 2 AIR FILTER 35 Appendix E Terms and Conditions 36 ...

Page 6: ... 4 2 Mounting the IntraPort Enterprise 2 Chassis in the Earthquake Rack 10 Figure 5 Installing Telco Rack Mount Brackets 11 Figure 5 1 Mounting the IntraPort Enterprise 2 Chassis in the Telco Rack 12 Figure 6 Installing Wall Mount Brackets 13 Figure 6 1 Securing the IntraPort Enterprise 2 Chassis to the Board 14 Figure 7 Attaching the IntraPort Enterprise 2 Power Cord Retainer 15 Figure 8 IntraPor...

Page 7: ...ieces provide cost effective on demand connections to your corporate network IntraPort Enterprise 2 Installation Overview This manual will help you mount the IntraPort Enterprise 2 VPN Access Server in a rack and install it on your Local Area Network It also includes general maintenance information and some technical specifications For the most up to date information available on the IntraPort Ent...

Page 8: ... physically install the server and connect it to your local Ethernet Instructions are included for twisted pair Ethernet environments Chapter 4 CompatiView Software Installation This part of the manual describes how to install CompatiView Compatible Systems GUI Graphical User Interface management software which is included with your server Chapter 5 Command Line Preparation This part of the manual...

Page 9: ...a lifetime comprehensive warranty a twenty four hour advance replacement program unlimited phone support and software upgrades for the life of the product A 24 x 7 support plan is also available Compatible Systems maintains copies of current software updates on the Internet You may download product software from the Internet at any time For more information on down loading current product software...

Page 10: ...rack mount extenders Two Telco wall mount brackets Two handle spacers Two handles 32 assorted mounting screws see Figure 1 One DB 25 male to DB 25 female console cable One reusable replacement air filter One power cord retainer One cable tie CD ROM including 4 CompatiView software for Windows 4 Operating software 4 VPN Client software Windows and Mac OS versions 4 HTML version of product documenta...

Page 11: ...y distributed weight on top of the server Additional weight may bend the case Changing the Power Supply Voltage Settings The default setting for the voltage switch on the power supply for the Enterprise 2 is for a low input voltage marked 115V on the switch If your electrical system requires a high input voltage on the power supply you must change it manually on the device before plugging the devi...

Page 12: ...esired location The IntraPort Enterprise 2 requires 6 5 vertical inches 4 shelf positions of rack space 2 Remove the front three vertically aligned pan head machine screws from each side of the server chassis as illustrated in Figure 3 3 Using the black 10 32 flat head screws provided install the mounting brackets on the sides of the server as shown 4 Using the undercut 10 32 flat head screws prov...

Page 13: ...hapter 2 Mounting Instructions 7 Figure 3 1 Mounting the IntraPort Enterprise 2 in the Standard Rack 5 Using your screws or clips fasten the mounting brackets to the equipment rack as shown in Figure 3 1 ...

Page 14: ...ke brackets for mounting the device To earth quake mount the server in a standard equipment rack 1 Determine the desired location For proper placement of the brackets and extenders it is recommended that you first assemble the unattached brackets and extenders in the equipment rack using your own bracket mounting screws or clips Then remove the front two brackets as illustrated in Figure 4 be sure...

Page 15: ...ure 4 1 Be sure to set the screws in a safe place so that you may use them later if you change the mounting 3 Using the black 10 32 flat head screws provided install the mounting brackets on the sides of the server as shown in Figure 4 1 Using the provided 6 32 pan head screws fasten the rear of the chassis to the rear tab of the mounting bracket 4 Using the undercut 10 32 flat head screws provide...

Page 16: ...rack mount brackets into the installed rear extenders as shown in Figure 4 2 2 Using your screws or clips fasten the front bracket to the equipment rack as shown in Figure 4 2 3 Using the provided 4 40 pan head screws fasten the brackets and bracket extenders together The standard rack mount bracket extender and screws fit together as shown in Figure 4 2 ...

Page 17: ...k mount the server into a Telco rack 1 Determine the desired location The IntraPort Enterprise 2 chassis requires 6 5 verti cal inches 4 shelf positions of rack space 2 Remove the bottom center pan head machine screw from each side of the server chas sis 3 Using the black 10 32 flat head screws provided install the Telco wall mount brack ets on the sides of the server as shown in Figure 5 ...

Page 18: ...the IntraPort Enterprise 2 Chassis in the Telco Rack 4 While supporting the chassis move the device and the mounting brackets into the desired rack position and use your own screws or clips to fasten the server and bracket to the rack as shown in Figure 5 1 ...

Page 19: ...the desired location The IntraPort Enterprise 2 chassis requires 6 5 verti cal inches and a mounting backboard measuring at least 24 x 24 x 1 2 not sup plied 2 Remove the three bottom 10 32 pan head machine screws from each side of the chas sis as illustrated in Figure 6 3 Using the 10 32 black flat head screws provided install the Telco wall mount brack ets on the sides of the server as shown ...

Page 20: ... using your own screws attach the mounting backboard securely to the wall by screwing the board to the studs v Note The IntraPort Enterprise 2 should be wall mounted with the front and rear of the chassis perpendicular to the floor and at eye level so you can read the front LEDs All four mounting screws must be anchored to solid wood 6 Using the supplied wood screws fasten the unit to the board as...

Page 21: ...traPort Enterprise 2 Power Cord Retainer v Note It is recommended that you determine the setting of your voltage switch before installing the power cord retainer For more information on power supply voltage settings see Changing the Power Supply Voltage Settings at the beginning of this chapter ...

Page 22: ...ther option is to set up the server behind your firewall using the Ethernet interface on slot 0 only In this scenario slot 1 is not used and should not be plugged in to anything You will also have to set up your firewall to allow IPSec traffic through The 10 100 Ethernet interfaces directly support 100BaseTx or 10BaseT twisted pair Ethernet The actual hardware is not numbered by slot To connect on...

Page 23: ... has two AUX interfaces These are modem connec tions which should only be used in consultation with Compatible Systems Technical Support staff who will provide instruction on their use Powering Up the Server v Note The default setting for the voltage switch on the power supplies for the IntraPort Enterprise 2 is for a low input voltage marked 115V on the switch If your electrical system requires a...

Page 24: ...r Windows you need IBM PC or compatible w 486 or later processor Microsoft Windows 95 98 or Windows NT installed VGA or better monitor IP A WinSock compatible transport stack and or IPX A Netware or Microsoft Client installation v Note To choose the active transport protocol on a Windows machine which has both IPX and IP installed select Options from the Database menu and click the General tab The...

Page 25: ...e server or by setting a workstation s IP address to 198 41 12 2 with a Class C subnet mask 255 255 255 0 so that it can communicate over Ethernet with 198 41 12 1 the shipping default of Ethernet 0 0 After setting the server s IP address be sure to change the workstation s configuration back to its original settings The IPX protocol does allow CompatiView to automatically discover the server Comp...

Page 26: ...appear on the screen If you plan to use out of band access for ongoing management of your server you can find further information on configuring your server in Chapter 6 Basic Configuration Guide Otherwise see the section later in this chapter on Setting Up Telnet Operation for information on setting the server to allow Telnet access from hosts on its network Temporarily Reconfiguring a Host for C...

Page 27: ... reconfigured IP host Instructions for setting up these two methods were given earlier in this chapter Once you have set up the command line interface do the fol lowing A Use the configure command and set the IPAddress SubnetMask and IPBroadcast keywords in the IP Ethernet 0 0 section B Use the save command to save the changes to the device s Flash ROM You may also use CompatiView from a reconfigu...

Page 28: ...et 1 0 receives and sends only IPSec packets The other option is to set up the server behind your firewall using Ethernet 0 0 only Ethernet Interface Configuration IP Settings for Dual Ethernet Setups If setting up the IntraPort 2 2 in parallel with a firewall you need to set some basic IP param eters for the two Ethernet interfaces IP address default 198 41 12 1 IP subnet mask default 255 255 255...

Page 29: ... the configure command and set the IPAddress SubnetMask and IPBroadcast keywords and either the RIPVersion keyword or the OSPFEnabled keyword in the IP Ethernet 0 0 section To set additional parameters for OSPF or to configure BGP refer to the Text Based Configuration and Command Line Management Reference Guide Use the edit config command and set an IP gateway in the IP Static section v Note The g...

Page 30: ...ommended that you also set authentication and encryption parameters for each tunnel CV Use the Tunnel Partner VPN port number Dialog Box for the port you created to set these parameters TB Use configure and set keywords in the Tunnel Partner VPN port number section Configuring the Server for IP and IPX Client Tunnels To configure the IntraPort Enterprise 2 for IP and IPX client tunnels each user m...

Page 31: ...red for the IntraPort Enterprise 2 to communicate with a RADIUS server Primary server IP address Secret VPN password attribute number VPN group attribute number CV Use the RADIUS Configuration Dialog Box TB Use the configure command and set the PrimAddress Secret VPNPassword and VPNGroupInfo keywords in the RADIUS section RADIUS Server User Authentication Settings In order for client authenticatio...

Page 32: ... VPN group configurations in the IntraPort Enter prise 2 s configuration Setting up SecurID Authentication If you are using Security Dynamic s ACE Server software for user authentication you must set up the IntraPort Enterprise 2 to communicate with the ACE Server The Security Dynamics ACE Server software performs dynamic two factor SecurID authenti cation Dynamic two factor authentication combine...

Page 33: ... the Client Type pull down menu in the ACE Server s Add Client dialog box under Client Add Client v Note The first time the IntraPort Enterprise 2 contacts the ACE Server they exchange a secret based in part on the IntraPort s IP address After the first exchange the Sent Node Secret checkbox in the ACE Server s Add Client dialog box which can be accessed using the Add Client option under the Clien...

Page 34: ...Address 198 41 12 1 Subnet mask 255 255 255 0 Broadcast address 198 41 12 255 Mode Routed Ethernet 1 0 is off IPX Defaults Ethernet 0 0 is on Mode Routed 802 3 on autoseeding 802 2 on autoseeding Type II off 802 2 SNAP off Ethernet 1 0 is off AppleTalk Defaults Ethernet 0 0 is on Mode Routed Phase II on autoseeding Ethernet 1 0 is off ...

Page 35: ...ating temperature The filter needs changing See Appendix D for instructions Sys Ready The server booted properly without detecting any failures General Indicators Ethernet Traffic Indicators TX Ethernet transmit packet RX Ethernet receive packet Load Indicators These lights indicate the load on the DES card Ethernet Lights Load Lights Indication 5 flashing 20 flashing Server stacks starting up 3 4...

Page 36: ...y erase your Flash ROM Please do not use these settings without first contacting Compatible Systems Technical Support 0 Normal Operation 1 Unused 2 Unused 3 Run Boot ROM Downloader 4 Unused 5 Erase Flash ROM OS and Configuration 6 Erase Flash ROM Configuration Only 7 Unused 8 Unused 9 Allow letmein password for 5 minutes after powerup ...

Page 37: ... A Connector and Cable Pin Outs Pin Outs for DB 25 Male to DB 25 Female Console Cable The cable supplied with the IntraPort Enterprise 2 is twenty five conductors straight through Connections on the console interface follow the standard RS 232C pin outs ...

Page 38: ...he latest version of CompatiView management software is also available To download software follow the instructions below 1 Use your browser to access http www compatible com and find the link on our home page to Software Downloads 2 Select the product and software version you want and click on the appropriate file to download it v Note These files are also accessible directly via Anonymous FTP at...

Page 39: ... directly from Security Dynamics Technologies Inc Use the following information to contact Security Dynamics for more information Security Dynamics Technologies Inc 20 Crosby Drive Bedford MA 01730 U S A 800 SECURID 800 732 8743 or 888 732 8743 To telephone from outside the U S 781 687 7000 E mail info securitydynamics com Web site http www securitydynamics com ...

Page 40: ...mp light illuminates it indicates that the internal circuitry is operating above its specified temperature range If this happens perform the following check sequence 1 Verify that the server is installed properly in an environment in which the air tempera ture around the server is within the specified limits 2 Verify that air flow to the front and left side of the server as viewed from the front o...

Page 41: ... and Filter 1 Remove the front three vertically aligned screws and the middle three horizontally aligned screws from each side of the chassis as illustrated in Figure 10 2 Remove the top panel from the chassis 3 Remove the filter from its slot 4 Put the supplied replacement filter in the slot The used filter may be washed in warm soapy water and used again once it is completely dry 5 Replace the t...

Page 42: ...e Products that do not conform to this Warranty This Warranty shall be invalidated if the Products a have not been installed handled or used in accordance with Compatible Systems recommended procedures b have been damaged through the negligence or abuse of the Customer or of any subsequent purchasers c are damaged by causes external to the Products including without limitation shipping damage powe...

Page 43: ...ssure correct identification of the Customer and to insure prompt and accurate processing 6 Limitation of Remedies Compatible Systems liability for all claims brought pursuant to or in connection with this agreement including the purported breach hereof shall be limited a in the case of claims for breach of warranty to compliance with the repair or replacement provisions of the warranty and b in a...