Installation guide

ManualsBrandsEncore Networks ManualsComputer equipmentVSR-1200

encor etworks

•

For information on trademarks, safety, limitations

of liability, and similar topics, see Notices.

VSR-1200™ and RDU™ Installation and

Quick Configuration Guide

of 2 QuickStart™ Guides for the VSR-1200™

his guide presents procedures for a standard installation of the VPN Satellite Router™ 1200

(VSR-1200™) in the BANDIT family.

Note: The screens shown in this document are examples; the choices shown on your VSR-1200’s

menus depend on the features in the chassis and on the software version installed in the device.

(For figures, tables, and configurations not addressed in this Installation Guide, see the

Configuration Module or the BANDIT Products General Hardware Reference Module.)

See the following sections:

• Before Installation

• Setting Up the Hardware

• Logging In

• Using the Main Menu

• Configuring the Software

• Saving (Writing) the Device’s Configuration

• Restarting (Resetting) the Device

• Exiting a Session

2.1 Before Installation

Gather all required information. Before you start these procedures, make sure you have all the

information required to set up the VSR-1200 for use in your network—for example:

• The device’s IP address

•The device’s passwords

• The device’s VPN configuration, if any

• Interface requirements for the device’s ports

• Interface types for the ports—for example, DTE or DCE

Revision A, March 2010

Home Module: VSR-1200 Hardware Reference

Document 2

Summary of content (26 pages)

PAGE 1
encor e!n etworks • TM Revision A, March 2010 © 2010 Encore Networks, Inc. All rights reserved. VSR-1200™ and RDU™ Installation and Quick Configuration Guide 2nd of 2 QuickStart™ Guides for the VSR-1200™ T his guide presents procedures for a standard installation of the VPN Satellite Router™ 1200 (VSR-1200™) in the BANDIT family.
PAGE 2
Page 2 VSR-1200 Hardware Reference Module, Document 2 • Interface protocols for the ports • Network and routing functions that the device will perform • Other pertinent network information Use the Site Planning Worksheets as checklists for this information. If you have questions or concerns after you have followed these procedures, contact Encore Networks, Inc., at support@encorenetworks.com, 703-787-4625 (fax), or 703-318-4350 (voice). 2.
PAGE 3
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 3 Figure 2-2. VSR-1200 Chassis, Rear 4 If this VSR-1200 uses one or two Remote Data Units™ (RDUs, Figure 2-3), connect each RDU’s Ethernet port (Figure 2-4) to a separate Ethernet port on the VSR-1200’s DMZ switch (Figure 2-2). Figure 2-3. Remote Data Unit, Front Figure 2-4. Remote Data Unit, Rear 5 Connect the VSR-1200’s ports to their network devices.
PAGE 4
Page 4 2.3 1 VSR-1200 Hardware Reference Module, Document 2 Logging In On the PC, open a terminal-emulation session, such as HyperTerminal. Use the settings in Table 2-1 to establish communication between the terminal console and the VSR. Table 2-1. Supervisory Port Communication Settings Parameter Bits per second Data bits Parity Stop bit Flow control 2 Value 9600 8 None 1 Hardware On the terminal console, press Enter to connect to the attached device.
PAGE 5
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 5 a To set up a basic configuration of the VSR for your network, select QuickStart Config Builders. ❖ The Startup Config Options menu is displayed. (On the next menu—the Startup Configuration Scenarios menu—you can enter basic information; the VSR will use this information to build a standard configuration.) Go to Section 2.5.1, Startup Configuration.
PAGE 6
Page 6 VSR-1200 Hardware Reference Module, Document 2 To configure a basic setup for this device in your network, do the following: 1 On the Main Menu, select QuickStart Config Builders. 2 On the Startup Config Options menu, select the set of configuration templates. ❖ The menu for Startup Configuration Scenarios appears.
PAGE 7
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 7 c If the item requests additional information, enter that information. ❖ When the item has been configured, the scenario’s menu is displayed again. 5 After you have performed Step 4 for each item (parameter) in the menu, do one of the following: a Select Load Above Config. ❖ The following prompt asks for confirmation. Go to Step 6.
PAGE 8
Page 8 VSR-1200 Hardware Reference Module, Document 2 7 When the configuration has finished loading, press Escape until you return to the Main Menu. (Go to Section 2.4, Using the Main Menu.) 8 To save the configured scenario (if it has not already been saved), do the following: a Write the configuration. (See Section 2.6, Saving (Writing) the Device’s Configuration.) b Reset the device. (Section 2.7, Restarting (Resetting) the Device.) 2.5.
PAGE 9
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 9 Table 2-2. Port Identifiers (Sheet 2 of 2) Line ID E B P Physical (Hardware) Port Expansion port RDU ports More ports b Default Software Configuration (See Step 2.) (See Step 2.) a. Do not modify the configuration for the Comm/Supervisor port. b. These are virtual Logical Ports. A protocol configured on a Logical Port can be associated with a global path, which is turn is associated with a physical port. (See Section 2.5.3.
PAGE 10
Page 10 VSR-1200 Hardware Reference Module, Document 2 • If you are configuring a virtual Logical Port, the Virtual Logical Port menu is displayed. Continue to Step 3.
PAGE 11
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 11 b When you have finished configuring the protocol, press Escape to return to the Logical Port Attribute menu. 2.5.3.2 DHCP Settings To review settings that the WAN or LAN port uses for DHCP, or to modify or disable DHCP on a port, do the following on the port’s Logical Port Attribute menu (see Section 2.5.3, Ports). Note: The WAN and LAN ports use different settings.
PAGE 12
Page 12 VSR-1200 Hardware Reference Module, Document 2 4 Select and configure each parameter the device will use as the local (intranet) DHCP server. When you have finished configuring the DHCP server, press Escape until you return to the port’s Logical Port Attribute menu. 5 When you have finished configuring the port, press Escape until you return to the Main Menu. 6 Save the configuration and reset the device. See Section 2.6, Saving (Writing) the Device’s Configuration, and Section 2.
PAGE 13
Page 13 VSR-1200™ and RDU™ Installation and Quick Configuration Guide 2.5.4.1 Configuring VPN Profiles To configure VPN profiles, do the following: 1 On the Virtual Private Network Configuration menu, select VPN Profiles. (See Section 2.5.4, Virtual Private Network Connections.) ❖ The VPN Profile Table appears.
PAGE 14
Page 14 VSR-1200 Hardware Reference Module, Document 2 Note: Although all VPN profile records have all fields, the screen displays only the fields used in the keying specified—autokeying (IKE) or manual. (The BANDIT VPN products do not use manual keying in normal operation. If you want a VPN device to use manual keying, contact your Encore Networks representative.) b Type the line number of the field whose value you wish to change.
PAGE 15
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 15 c Return to Step 2. 5 To delete a profile from the VPN Profile Table, type the line number of the profile to delete. (Line numbers are listed under the heading label No.) ❖ The selected profile is deleted. The VPN Profile Table is redisplayed, minus the deleted profile. Return to Step 2. 2.5.4.1.
PAGE 16
Page 16 VSR-1200 Hardware Reference Module, Document 2 ◆ Sample Phase 2 Proposal Menu: Phase 2 Proposal 1 --------------------1) PFS : DH GROUP G2 2) Security Protocol: ESP 3) Encryption: DES 4) Authentication: HMAC-MD5 5) Life: 100 sec 6) Life Units: sec Enter your choice: 4 Select the field whose value you wish to change, and press Enter. ❖ Possible values for the field are listed. a Enter a new value for the field, and press Enter.
PAGE 17
Page 17 VSR-1200™ and RDU™ Installation and Quick Configuration Guide Source Src Destination Dest Protocol # Address Port Address Port /Flag Path Name I/O Action --- --------------- ------ --------------- ------ -------- ---------- --- -----1 10.5.6.0 * 172.23.9.0 * * 10.5.6.255 * 172.23.9.
PAGE 18
Page 18 5 VSR-1200 Hardware Reference Module, Document 2 Do one of the following: a To copy an entry, type the line number of the entry you wish to copy. ❖ The new entry is added to the bottom of the IP/VPN Policy Table. Return to Step 3. b If you do not wish to copy an entry, press the Escape key. ❖ The IP/VPN Policy Table appears. Return to Step 3. 6 To add an entry, do the following: a If you do not wish to add another entry, press Escape.
PAGE 19
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 19 groundstation’s performance-enhancing proxy (PEP) and maintains VPN security over satellite networks. The use of SLE with PEP significantly increases IPsec performance over satellite networks. (For a discussion of SLE and satellite networks, see Section 1.4.3, Selective Layer Encryption, in The BANDIT™ Products in Virtual Private Networks.) Figure 2-5 shows a sample satellite network combining PEP and SLE. Figure 2-5.
PAGE 20
Page 20 VSR-1200 Hardware Reference Module, Document 2 Note: The VSRR-1200 is designed to support satellite networks as well as ground-based networks. Any BANDIT VPN device can support both VPN with SLE (for use over satellite networks) and VPN without SLE (for ground-based networks), depending on the software installed in the device. Most VPN devices can also support legacy applications.
PAGE 21
Page 21 VSR-1200™ and RDU™ Installation and Quick Configuration Guide Source Src Destination Dest Protocol # Address Port Address Port /Flag Path Name I/O Action --- --------------- ------ --------------- ------ -------- ----------- --- -----1 172.16.10.131 172.16.10.131 H-3 Action: Allow 2 3 4 * * 172.16.10.128 * 10.10.11.1 * * 172.16.10.255 * 10.10.11.1 * Tunnel To Remote 1 Action: Initiate VPN Profile: REMOTE * * * * H-1 Action: Allow * * * * 10.10.11.1 10.10.11.
PAGE 22
Page 22 VSR-1200 Hardware Reference Module, Document 2 3) Source Address Low : * Source Address High : * Source TCP/UDP Port Low : * Source TCP/UDP Port High : * Destination Address Low : * Destination Address High : * Destination TCP/UDP Port Low : Destination TCP/UDP Port High : Protocol/Flags : * Path Name : * Incoming/Outgoing : * Filtering Action : Allow VPN Profile name : N/A Description : H-1 * * Figure 2-9.
PAGE 23
Page 23 VSR-1200™ and RDU™ Installation and Quick Configuration Guide 3 See the following: • Section 2.5.5.1, IP Routing • Section 2.5.5.2, IP Quality of Service • Section 2.5.5.3, Network Address Translation • Section 2.5.5.4, Firewall 2.5.5.1 IP Routing To use the VPN feature to its capacity, you must configure the device’s IP routing. Do the following: 1 On the IP Routing Configuration menu, select the IP Routing Method you wish to use (RIP or Static).
PAGE 24
Page 24 VSR-1200 Hardware Reference Module, Document 2 Source Src Destination Dest # Address Port Address Port Protocol Path Name Priority --- --------------- ------ --------------- ------ -------- ---------- ---------1 * * * * * * * * * * * * * * Immediate Add, Modify, Insert or Delete an Entry? - (A/M/I/D) : c Set a Default Priority for IP packets that do not match any entry in the table. For more information, see IP Quality of Service in the Routing Module. 2.5.5.
PAGE 25
VSR-1200™ and RDU™ Installation and Quick Configuration Guide Page 25 When the system asks for your password, enter the default password and press Enter. 2 Note: If your product order requested a different, specific password, contact your system administrator for the password. 3 On the System Administration menu, select SNMP Configuration. 4 On the SNMP Configuration menu, do the following: a Configure the SNMP Get Community String. b Configure the SNMP Set Community String.
PAGE 26
Page 26 3 VSR-1200 Hardware Reference Module, Document 2 Regardless of screen instructions, do not type anything until you see the banner: BANDIT, ENCORE NETWORKS INC. Then press Enter. ❖ The Main Menu is displayed. 2.8 Exiting a Session After the software has been configured, save (write) the configuration. Then exit the session before disconnecting the PC, so that communication is not disrupted. ! Caution: Before you exit, make sure you save (write) the configuration.