VPNet VSU 5000 manual

VSU-5000 VPNwar e Service Unit User Guide VPNet T echnologies, Inc.[...]

VSU-5000 Use r Guide Licenses, W arranties, Copyrights, and T rademarks THE SPECIFICA TIONS REGARDING T HE PRODUCTS IN THIS MANU AL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL ST A TEMENTS, INFORMA TION, AND RECOMMENDA TIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURA TE B UT ARE PRESENTED WITHOUT W ARRANT Y OF ANY KIND, EXPRESS OR IMPL IED. USERS MUST [...]

VSU-5000 User Guid e Limited W arranty Hardware VPNet T echn ol ogi es, Inc . (“ VPNe t”) w arr ant s that for a period of one (1) year from the da te of shipmen t from VPNet that the Har dware wi ll be free from defects in material an d workma nship und er normal use. T his limited warra nty ext ends onl y to Custom er a s the o rigin al purc [...]

VSU-5000 Use r Guide LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE PRODUCT EVEN IF VPNET OR ITS SUPPLIERS HA VE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAM AGE S. In no eve nt shal l VPN et’s or its supp lie rs’ li ab ilit y to Cu sto mer, whethe r in cont ract , to rt (includ ing neg li ge nce), or ot herw ise , e xc eed the pri [...]

T able of Contents Preface Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Plug-and-Play Installation . . . . . . . . . . . . . . . . . . . . . . . [...]

Chapter 4 T r o ubles hootin g Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 Chassis Co oling Fan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 Ethernet Interface Mo dule . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

i Pr eface This u ser guide pr ovides in stallat ion and confi guration information f or the VSU-5000 VPNware Service Units. The VSU- 5000 adds comp ression, en cryption, au thentication, and key management to public data links to ensure privacy and integrity of corpo rate data, and to en able the eff icient and secure op eration of vi rtual privat[...]

ii VSU-5000 Use r Guide Data authenticity is assured by using MD5 ™ or SHA-1 hashing to reject altered or for ged packets. All security mechanisms employed by the VSU-5000 con form to IPSec s tandards , in orde r to provide i nteroperabi lity and bro aden the us e of VPN techno logy . Perfor mance The VSU- 5000 supp orts IP o ver 10BASE-T or 100B[...]

iii VSU-5000 User Guid e Chapte r 2, Inst all ing t he VS U- 50 00 , provide s VSU rack mou nting instructi ons, an overview of the back panel, and a procedure for p hysical installation, including placemen t and connection to the network. Chapte r 3, Pr eparing t he VSU-5000 for Co nfigurati on , provi des in structio ns for settin g up VSU-50 00 [...]

iv VSU-5000 Use r Guide[...]

Preparing for I nstallation 1-1 Chapter 1 Pr eparing f or Installation This chapter includes safety , environmental, an d equipment requ irements, as well as guidance in planning the VSU-50 00 in stallat ion. Safety Recommendations When using the VSU-5000, follow these safety guid elin es: • Keep the chassis area clear and dust-fr ee during and a[...]

1-2 Preparing for Installati on VSU-5000 Use r Guide Configuring Equipment Racks The VSU-5000 can be placed on a desktop or mou nted in a rack. The location of the chassis and the layout of your equipme nt rack or wiring ro om are extremely important for proper system op eration. Equipment p laced too close tog ether , inadequate ventilation, and i[...]

Preparing for Install ation 1-3 VSU-5000 User Guid e Circuit B reaker (15A ) W arning WA R N I N G : This pr o d uct r elies on the buildin g 's installatio n for short-cir cuit (over curr ent) p r otection. Ensur e that a fuse o r cir cuit br eaker no lar ger than 120 V AC, 15A U.S. (2 40 V AC, 10A internationa l) is used on t he pha se cond [...]

1-4 Preparing for Installati on VSU-5000 Use r Guide Required Equipm ent The VSU- 5000 shippin g carton cont ains: T o use the VSU-5000 in a typical VPN application, the cus tomer must supply: • Routers providin g connectivity to a W A N such as the Internet • An asynchron ous ASCII terminal s upport ing RS-232 or a PC runn ing terminal emulati[...]

Installing the VSU-500 0 2-1 Chapter 2 Installing the VSU-5000 This chapter provides instructions for the physical installation of the VSU-5000, including rack mounting, placement, and connection to the n etwork. Physic al Installati on The VSU-5000 can be placed on a d esktop or mounted in a rack. Deskto p T o install on a desktop, allow sufficien[...]

2-2 Installing the VSU-5000 VSU-5000 Use r Guide T o attach the VSU-5000 to a s tandard 19-inch equipment rack: 1. From one s ide of the VS U-5000, remo ve the two fro nt side s crews (Figure 2-1). Figure 2-1 Removing the Rack Mount Screws 2. Using the flat-head screws provided with the bracket, attach the backet to the VSU-5000 (Figur e 2- 2). Fig[...]

Instal ling the VSU- 500 0 2- 3 VSU-5000 User Guid e Overview of Front Panel Figur e 2- 3 show the fro nt panel view of the V SU-5000. Figure 2-3 Front Panel of the VSU-5000 Console and Auxiliary Ports The auxili ary port on the VSU-50 00 is used for factory testing only and has no function in normal operation. The conso le port accepts an R S-232 [...]

2-4 Installing the VSU-5000 VSU-5000 Use r Guide Public and Pri vate Ports The Public port pr ovides an interface to the public network, while the Priv ate port provides an interface to the private network. The Public and Private p orts are Ethernet 10/10 0BASE-T compliant host po rts. They accept categor y 3 or 5 UTP cabling terminated in an RJ-45[...]

Instal ling the VSU- 500 0 2- 5 VSU-5000 User Guid e Connecting the VS U-5000 to the Networ k Figur e 2- 4 shows a typ ical network using the VSU-500 0. Figure 2-4 Example of T wo VSU-50 00 Hardw are Inst allatio ns Public Network DSU/CSU Router VSU- 5000 Private LAN Cr osso ver Cable DSU/CSU Router VSU-5000 Private LAN Crossov er Cable[...]

2-6 Installing the VSU-5000 VSU-5000 Use r Guide 1. Connect the gateway r outer to the VS U-5000. Using the supp lied UTP cr ossover cable conn ect one end to the p ublic port on the VSU-5000. Con nect the other end of the UTP crossover cab le to the router ’ s Ethernet port ( Figure 2 -5). Figure 2-5 Attaching a Router to the VSU-5000 2. Connect[...]

Preparing the VSU-5000 for Config uration 3-1 Chapter 3 Pr epari ng the VSU-5000 f or Configuration Preparation Before the VSU-5 000 can be incorporated in to a V irtual Private Network (VPN), it must be con figured through th e VPNmanager . However , to enable communication b etween the VPNmanager and the VSU-5000, you mu st first assign an IP add[...]

3-2 Preparing the VSU-50 00 for Configurati on VSU-5000 Use r Guide • The SuperUser nam e . This is the name th at is a uthor i zed to perfo rm any ki nd of configuration request on a VSU. This name is provided by the VPNmanager administrator the first time the VSU is added into the VPNmanager database. The SuperUser name is case sensitive. • T[...]

Preparing the VSU-500 0 for Configu ration 3-3 VSU-5000 User Guid e Figure 3-1 Initial Power On Bootup Sc reen for VSU VPNet Service Unit Model XXXX 3DES ENCRYPTION Runtime System version x.x.xx, x/xx/2000 Copyright (C) 1996-2000 VPNet Technologies, Inc. All Rights Reserved. -- Month Day 2000, 17:06:01 --ethernet0: MAC Address 00:60:a1:00:23:f9 eth[...]

3-4 Preparing the VSU-50 00 for Configurati on VSU-5000 Use r Guide Preconfigure the VSU-5000 to commun icate with the VPNmanager using the Qui c k Set up m enu sele ctio n a s des cr i be d be low : 1. From the Main Menu, select 5) Quick Setup. Y ou will be promp ted for the information required to set up the VSU . T o accept the current value and[...]

Preparing the VSU-500 0 for Configu ration 3-5 VSU-5000 User Guid e 4. T o prevent unauth orized users from acces sing the VSU-5000 through the console port, enter and confirm the new VSU console password. CAUTION: Do not for get this passw or d. As a security measur e, the only way to b ypa ss an un kn own c ons ole pass wo rd is to return t he VS[...]

3-6 Preparing the VSU-50 00 for Configurati on VSU-5000 Use r Guide 6. Select a traff ic mode from the T raff ic Configuration Menu. Permit all non-VPN traffic - When checke d (d efault), all non VPN traf fic is allowed t o pass thr ough th e VSU. Deny a ll IP n on-VPN tra ffic - When checked, all non-IP traffi c is passed thr oug h th e VSU . Deny[...]

Preparing the VSU-500 0 for Configu ration 3-7 VSU-5000 User Guid e 8. Enter the current date and time. This date and time sett ing are primarily used to ensure accurate timestamps when logging events. When changing either th e date or time, all thr ee parts of the date (MM-DD-YYYY) or time ( HH:MM:SS) must be en tered. A 2 4-hour clock is us ed wh[...]

3-8 Preparing the VSU-50 00 for Configurati on VSU-5000 Use r Guide FIPS Mode FIPS (Federal Information Processing Standards) Mod e forces the VSU to operate in a FIPS 1 40-1 Level 2 co mpliant mode. It is recomm ended that this mode onl y be used if your o rgani zation’ s policy req uires FIPS 1 40-1 Lev el 2 certification for cry ptographic dev[...]

T roubleshooting 4-1 Chapter 4 T r oubleshooting This chapter includes troubleshoo ting and replacement p rocedures for the VSU-50 00 power su pply mod ule, cooli ng fan and d ual-port Et hernet modul e. Power Suppl y The st andard VSU-500 0 includes a s ingle power s upply module. NOTE: The VSU-5000 is pro visioned wi th one of two differ ent powe[...]

4-2 T roubleshooting VSU-5000 Use r Guide Power Supply Re moval and Replac ement Referring to Figure 4-1 , perform the following ste ps to replace the power supply module: 1. Unscrew the thumbscrew n ext to the hinged f an assembly on the back of the unit and s wing th e fan assembl y open to ex pose the power suppl y modul es. NOTE: The wa rn ing [...]

T r oublesho oting 4-3 VSU-5000 User Guid e Alternate P ower Supply Remova l and Replaceme nt Referring to Figure 4-2 , perform the following ste ps to replace the power supply module: 1. If the power supply is defective, the green LED indicator on the po wer supply module will be OFF . 2. Set the ON/OFF (I/O) switch of th e defective power su pply[...]

4-4 T roubleshooting VSU-5000 Use r Guide Figure 4-2 Chassis C ooling Fan Removal and Replacement Ethernet Interface Module The VSU-500 0 includes a dual-port 10/100BASE- T Ethernet card, w ith the public and pr ivate interface ports p aired on the card. Removal and Replac ement The dual-port 10/100B ASE-T Ethern et module is enclosed in th e tampe[...]

Speci fications A-1 APPENDIX A Specifications This appen dix provides physical, en vironmental and electrical specification s for the VSU-5000, as well as stand ards compliance inform ation. Physic al Specificati ons T able 1- 1 VSU-500 0 Phy sical Sp ecificat ions Parameter Specifica tion Dimens ions 17"W x 16 "D x 3.5 "H 43.2 cm x [...]

A-2 Specification s VSU-5000 Use r Guide Environment al Speci fications Electri cal Specifi cations CAUTION : Danger of explosion if memory b ackup battery is incorr ectly r eplaced. Replace only with the s ame or equivalent type r ecommended by the manufactur er . Dispose of us ed batteries accor ding to the manufactur er ’ s instructions. No te[...]

Specifi cations A-3 VSU-5000 User Guid e Compliance Specifi cati ons T able 1-4 Compliance Specification s Parameter Specification Saf ety Certification UL, C-UL, CE, AS3260, CB SCHEME EMI/RFI F CC Part 15, Class A EN55022 Class A EN500 82-1 AS 38548 VCCI Standa rds Compliance IEEE 80 2. 3, Et her net SKIP Com pliance: RFC 1825 Security Archi t ect[...]

A-4 Specification s VSU-5000 Use r Guide Additional F eatures T able 1-5 Additional Features Parameter S pecificatio n Encryption DES and T rip le DES hardware en cryp tion. DE S us es a 56-bit key; T riple DES uses three 56-bit in dependent k eys for an effectiv e key le ngt h of 112 bits. All weak and semi -weak key s ar e auto maticall y dis car[...]

10/100BASE-T UTP Cros sover Cable Pinouts B-1 APPENDIX B 10/100BASE-T UTP Cr ossover Cable Pinouts The 10 /100BASE-T U TP Crosso ver Cable d efined bel ow is pr ovided wi th the VSU-1 10 0. Sign al Name Male RJ-45 Male RJ-4 5 TX+ 1 3 TX- 2 6 RX+ 3 1 RX- 6 2[...]

10/100BASE-T UTP Crossover Cable Pino uts B-2 VSU-5000 User Guid e[...]

VSU-5000 Use r Guide G-1 GLO SSAR Y VSU Acr onyms CBC – Cipher Block Ch aining encry ption DES – Data Encrypt ion Standar d encrypti on DNS – Domain Name Server ( a distribut ed database s ystem used t o map hos t names to IP add resses and vice vers a) DCE – Data Communi cation Equi pment DSU/CSU – Data Service Unit/C hann e l Service Un[...]

G-2 VSU-5000 Use r Guide PPP – Point to Point Protocol RADIUS – Remote Authentication Dial-In User Server RFC – Requ est F or Co mm ent SHA – Secure Hash Algorithm SKIP – Simple Key Management for Internet Protoco l SNMP – Sim ple Netw o rk M ana geme nt Pr otoc ol SSL – Secure Socket Layer TCP/ IP – T ransm ission Contr ol Protoco [...]

Index A authen tication specific ation A-4 auxil iary po rt 2-3 B back pa nel 2-3 auxil iary po rt 2-3 con s ol e po rt 2-3 LEDs 2-4 priva te port 2-4 publi c por t 2-4 bootup screen 3-2 C complianc e specificatio ns A-3 compressi on specificat ion A-4 conf igurati on preparation 3-1 conf iguri ng using qu ick set u p menu 3-4 conne ctions Ethern e[...]

safety 1-1 registratio n iii required to ols 1-3 requiremen ts envir onme ntal 1-3 rout er conne c t ion s 2-6 S safety recomme nda tions 1-1 security i SHA 1 i SKIP i software u pgrade sp ecifica tion A-4 specifications A-1 authen tication A-4 complia nce A-3 compression A-4 electrical A-2 encryp tion A-4 envir onme ntal A-2 key m anag ement A-4 p[...]