OnSite 2800 Series Managed VPN Router
1y ago
38 Views
1 Downloads
1.85 MB
135 Pages
Report/dmca
Download PDF

Transcription

OnSite 2800 SeriesManaged VPN RouterUser ManualImportantThis is a Class A device and is intended for use in a light industrial environment. It is not intended nor approved for use in an industrialor residential environment.Sales Office: 1 (301) 975-1000Technical Support: 1 (301) 975-1007E-mail: support@patton.comWWW: www.patton.comPart Number: 07M2800-GS, Rev. FRevised: February 22, 2012

Patton Electronics Company, Inc.7622 Rickenbacker DriveGaithersburg, MD 20879 USATel: 1 (301) 975-1000Fax: 1 (301) 869-9293Support: 1 (301) 975-1007URL: www.patton.comE-Mail: support@patton.comTrademark StatementThe term OnSite is a trademark of Patton Electronics Company. All other trademarkspresented in this document are the property of their respective owners.Copyright 2012, Patton Electronics Company. All rights reserved.The information in this document is subject to change without notice. Patton Electronics assumes no liability for errors that may appear in this document.Warranty InformationThe software described in this document is furnished under a license and may be usedor copied only in accordance with the terms of such license.Patton Electronics warrants all OnSite router components to be free from defects,and will—at our option—repair or replace the product should it fail within one yearfrom the first date of the shipment.This warranty is limited to defects in workmanship or materials, and does not covercustomer damage, abuse or unauthorized modification. If the product fails to performas warranted, your sole recourse shall be repair or replacement as described above.Under no condition shall Patton Electronics be liable for any damages incurred bythe use of this product. These damages include, but are not limited to, the following:lost profits, lost savings and incidental or consequential damages arising from the useof or inability to use this product. Patton Electronics specifically disclaims all otherwarranties, expressed or implied, and the installation or use of this product shall bedeemed an acceptance of these terms by the user.

Summary Table of Contents1 General information . 172 Hardware installation. 263 Getting started with the OnSite Managed VPN Router . 384 Serial port configuration . 445 T1/E1 port configuration . 586 VPN configuration . 677 Access control list configuration. 798 Link scheduler configuration . 939 LEDs status and monitoring . 11210 Contacting Patton for assistance . 114A Compliance information . 117B Specifications . 120C Cabling . 124D Port pin-outs . 128E OnSite 2800 Series factory configuration . 132F Installation checklist . 1343

Table of ContentsSummary Table of Contents . 3Table of Contents . 4List of Figures . 10List of Tables . 11About this guide . 12Audience. 12Structure. 12Precautions . 13Safety when working with electricity .14General observations .15Typographical conventions used in this document. 16General conventions .161 General information . 17OnSite Model 2800 Series overview .18OnSite 2800 Series detailed description .19OnSite 2800 Series model codes .19Serial WAN models .19Ethernet WAN models .20Model code extensions .21Ports descriptions .22Applications overview .23Branch-Office virtual private network over Frame Relay service .23Corporate multi-function virtual private network .242 Hardware installation. 26Planning the installation.27Installation checklist .28Site log .29Network information .29Network Diagram .29IP related information .29Software tools .29Power source .29Location and mounting requirements .30Installing the VPN router .30Mounting the VPN router .30Connecting cables .30Installing the Ethernet cable .30Installing the serial WAN cable .31Installing the V.35 interface cable .32Installing the X.21 interface cable .334

OnSite 2800 Series User ManualTable of ContentsInstalling the T1/E1 twisted pair cables .34Installing the E1 dual coaxial cables .35Connecting to external power source .363 Getting started with the OnSite Managed VPN Router . 38Introduction .391. Configure IP address .40Power connection and default configuration .40Connect with the serial interface .40Login .41Changing the IP address .412. Connect the OnSite VPN Router to the network .423. Load configuration .424 Serial port configuration . 44Introduction .45Serial port configuration task list .45Disabling an interface .45Enabling an interface .46Configuring the encapsulation for Frame Relay .47Enter Frame Relay mode .48Configuring the LMI type .48Configuring the keep-alive interval .49Entering Frame Relay PVC configuration mode .49Configuring the PVC encapsulation type .50Binding the Frame Relay PVC to IP interface .50Enabling a Frame Relay PVC .52Disabling a Frame Relay PVC .52Displaying serial port information .53Displaying Frame Relay information .54Integrated service access .555 T1/E1 port configuration . 58Introduction .59T1/E1 port configuration task list.59Enable/Disable T1/E1 port .59Configuring T1/E1 port-type .60Configuring T1/E1 clock-mode .60Configuring T1/E1 line-code .60Configuring T1/E1 framing .61Configuring T1/E1 line-build-out (T1 only) .61Configuring T1/E1 used-connector (E1 only) .61Configuring T1/E1 application mode .62Configuring T1/E1 LOS threshold .62Configuring T1/E1 encapsulation .62Create a Channel-Group .625

OnSite 2800 Series User ManualTable of ContentsConfiguring Channel-Group Timeslots .63Configuring Channel-Group Encapsulation .63Entering HDLC Configuration Mode .63Configuring HDLC CRC-Type .64Configuring HDLC Encapsulation .64T1/E1 Configuration Examples .64Example 1: Frame Relay without a channel-group .65Example 2: Framerelay with a channel-group .66Example 3: PPP without a channel-group .66Example 4: PPP with a channel-group .666 VPN configuration . 67Introduction .68Authentication .68Encryption .68Transport and tunnel modes .69VPN configuration task list .69Creating an IPsec transformation profile .69Creating an IPsec policy profile .70Creating/modifying an outgoing ACL profile for IPsec .72Configuration of an IP interface and the IP router for IPsec .73Displaying IPsec configuration information .73Debugging IPsec .74Sample configurations .75IPsec tunnel, DES encryption .75OnSite configuration .75Cisco router configuration .76IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC-SHA1-96 .76OnSite configuration .76Cisco router configuration .77IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96 .77OnSite configuration .77Cisco router configuration .777 Access control list configuration. 79Introduction .80About access control lists .80What access lists do .80Why you should configure access lists .80When to configure access lists .81Features of access control lists .81Access control list configuration task list.82Mapping out the goals of the access control list .82Creating an access control list profile and enter configuration mode .83Adding a filter rule to the current access control list profile .836

OnSite 2800 Series User ManualTable of ContentsAdding an ICMP filter rule to the current access control list profile .85Adding a TCP, UDP or SCTP filter rule to the current access control list profile .87Binding and unbinding an access control list profile to an IP interface .89Displaying an access control list profile .90Debugging an access control list profile .90Examples .92Denying a specific subnet .928 Link scheduler configuration . 93Introduction .94Configuring access control lists.94Configuring quality of service (QoS) .95Applying scheduling at the bottleneck .95Using traffic classes .95Introduction to Scheduling .96Priority .96Weighted fair queuing (WFQ) .96Shaping .97Burst tolerant shaping or wfq .97Hierarchy .97Quick references .98Setting the modem rate .98Command cross reference .99Link scheduler configuration task list.99Defining the access control list profile .100Packet classification .100Creating an access control list .101Creating a service policy profile .102Specifying the handling of traffic-classes .104Defining fair queuing weight .104Defining the bit-rate .105Defining absolute priority .105Defining the maximum queue length .105Specifying the type-of-service (TOS) field .105Specifying the precedence field .106Specifying differentiated services codepoint (DSCP) marking .106Specifying layer 2 marking .107Defining random early detection .108Discarding Excess Load .108Devoting the service policy profile to an interface .109Displaying link arbitration status .110Displaying link scheduling profile information .

OnSite 2800 Series Managed VPN Router User Manual Sales Office: 1 (301) 975-1000 Technical Support: 1 (301) 975-1007 E-mail: support@patton.com WWW: www.patton.com Part Number: 07M2800-GS, Rev. F Revised: February 22, 2012 Important This is a Class A device a

Related Books

Name Connector RADIUS 22 TCP SSH access 1812 UDP

Name Connector RADIUS 22 TCP SSH access 1812 UDP

OnSite 3210 Series G.SHDSL VPN Router

OnSite 3210 Series G.SHDSL VPN Router

Configuring Cisco VPN Client and Easy VPN Server with Xauth

Configuring Cisco VPN Client and Easy VPN Server with Xauth

SuperMassive E10000 Series - SonicWall Products & Solutions

SuperMassive E10000 Series - SonicWall Products & Solutions

SECURITY FEATURES ON THE CISCO 1800, 2800 AND 3800 .

SECURITY FEATURES ON THE CISCO 1800, 2800 AND 3800 .

SonicWALL ECLASSNetwork Security Appliance

SonicWALL ECLASSNetwork Security Appliance

CCNP Security: Securing Networks with ASA VPNs

CCNP Security: Securing Networks with ASA VPNs

IPSec, VPN, and Firewall Concepts

IPSec, VPN, and Firewall Concepts

CCNP Security VPN 642-647

CCNP Security VPN 642-647

1. Barracuda SSL VPN - Overview

1. Barracuda SSL VPN - Overview

Cisco WRVS4400N Wireless-N Gigabit Security Router with .

Cisco WRVS4400N Wireless-N Gigabit Security Router with .

PopularTags

Recent Views