Manuel d'utilisation / d'entretien du produit NetScreen Routers du fabricant Allied Telesis
Aller à la page of 31
C613-16098-00 REV E www .alliedtelesis.co m AlliedW ar e TM OS How T o | T oda y’ s netw ork managers often need to incorporate other vendors’ eq uipment into their networks, as companies change and gr ow . T o supp or t this challenge, Allied T elesis routers ar e designed to inter -operate with a wide range of equipment.
Page 2 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers What information will y ou find in this document? This How T o Note begins with the following information: z "Related How .
Page 3 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers The netw ork This example illustrates a NA T -T solution, which you need when one or both of the r outers are behind a NA T de vice such as some xDSL and cable modems. In this example , an Allied Te l e s i s A R 4 1 5S r outer is behind a NA T device.
Page 4 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers Ho w to configur e the Allied T elesis r outer Befor e you star t 1. Install and configure the NA T de vice . 2. Access the r outer via its GUI. 3. Customise the r outer and set up vlan 1 as the LAN i nterface.
Page 5 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers Create the VPN tunnel Log in as either the manager or the security officer . If you log in as the manager , the r outer changes to secure mode when y ou finish the VPN wizard and at that stage pr ompts you to log in again as the security officer .
Page 6 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers Click on the Site-t o-Site VPN button. The wizard starts by displa ying a wel c o me me s s ag e . Click the Next button . Enter an appr opriate VPN connection name . Click the Next button .
Page 7 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers Enter the public IP addr ess of the other end of the tunnel. In this example, this is 200.200.200. 1 , which is the IP addr ess of the SonicW ALL W AN interface . Note that y ou can use the T ab k ey to mov e between fields when entering the addr ess, but should not use the .
Page 8 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers Enter the secret k e y , which is an alphanumeric string between 2 and 64 characters long. Both r outers must u se the same secr et ke y . On the SonicW ALL r outer , this is the Site-to- Site P olicy’ s preshar ed k ey .
Page 9 | AlliedW are™ OS Ho w T o Note: VPNs with S onicW ALL r outers P eer IDs enable the routers to identify each other when they exchange secret k ey information.
Page 10 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Check the s ummar y . It now includes the P eer ID settings. If necessary , corr ect any settings y ou want to change. When all the settings ar e correct, click the Apply button.
Page 11 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Manag er If you ar e logged in as manager , the GUI displa ys a message to warn you that you will need to close y our br owser and r e-login as a security officer (see below) once you ha v e finished the wizard.
Page 12 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Ho w to configur e the SonicW ALL r outer T o configure the SonicW ALL r outer , perform the steps in the following sections: 1. "Access the Router" on page 12 2. "Customise the r outer and se t up the network" on page 15 3.
Page 13 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Br owse to 1 92. 1 68. 1 68. 1 68. If y ou are using a pop-up block er , disable it for this addr ess. If y ou access the Internet thr ough a pr oxy server , se t your br owser to b ypass the pro xy for this addr ess.
Page 14 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers The first time y ou configur e your r outer , the GUI opens at the Configuration Wizard page. After initial configuration, when you br owse to the SonicW ALL it ma y open at the System > Status page instead of the Configuration Wizard page .
Page 15 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Customise the r outer and set up the netw ork The follo wing steps use the Setup wizar d to begin configuring y our r outer . The first action in the Setup wizard is to enter a suitable passwor d for access to the GUI.
Page 16 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers In this example, the SonicW ALL r outer has a permanent fix ed IP addr ess, so select the Static IP option. Then click the Next button. Enter the W AN interface’ s IP address and mask.
Page 17 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Enter the IP addr ess and mask of the SonicW ALL ’ s interface to the LAN. Then click the Next button. In this step , you can set up the DHCP ser ver on this r outer to ser vice the office LAN y ou intend to connect to .
Page 18 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Check the summar y . If necessar y , use the Back button to re turn and corr ect any settings y ou want to change . When all the settings ar e corr ect, click the Apply button. The wizar d displa ys a message of congratulations.
Page 19 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers If you changed the r outer’ s LAN IP addr ess, y o u need to change the PC’ s address. If you turned on the r outer’ s DHCP ser ver , set th e PC to obtain its addr ess automatically .
Page 20 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Define the LAN subnet of the peer Befor e you can configure the VPN, y ou need to create an ad dress “object”. The ad dress object defines the LAN subnet of the VPN peer router—in this example, the Allied T elesis r outer .
Page 21 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Select the “Custom Address Objects” vie w style , which displ a ys lists of Addr ess Groups and Addr ess Objects. There will be no custom ad dress objects defi ned yet, so both the Ad dress Gr oups and Addr ess Obje cts lists are empty .
Page 22 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Check that the object is corr ect. If you need to change the object, click on the icon of a note and pencil at the right of the object’ s entr y .
Page 23 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Cr eate the VPN The following steps use the VPN w izard to cr eate the Soni cW ALL end of the VPN. Click on the Wizard s button in the left-hand menu to open the Configuration Wizard page, then select the VPN wizard.
Page 24 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Name the policy . Enter the pre-shared k ey , which must be the same as the Allied T elesis ro ut e r ’ s secr et k ey . Enter the remote peer addr ess, which is the SonicW ALL-facing side of the NA T device in this example (see "The network" on page 3 ).
Page 25 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Y ou do not need to modify the default security settings. Click the Next button. Check the summar y . If necessar y , use the Back button to re turn and corr ect any settings y ou want to change.
Page 26 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers The wizard dis pla ys a message of congratulations. Click the Close button. The GUI displa ys the VPN > Settings page.
Page 27 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Set the VPN IKE IDs and use Main Mode Solutions with a NA T device in the tunnel path need to ha v e IKE IDs specified. For all solutions, we r ecommend using Main mod e instead of the default Aggressiv e mode .
Page 28 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Click on the Proposals tab. Set Exchange to Main Mode . This is the pref err ed mode because it is more secur e. W e also recommend that y ou change the lifetime for the IPsec (Phase2) Pr oposal to 3600 seconds, to match the Allied T elesis ro ut e r .
Page 29 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Ho w to test the tunnel There ar e sev eral options for testing the tunnel. If these checks sho w that y our tunnel is not working, see the Ho w T o Note H o w To Tr o u b l e s h o o t A V i r t ual Private Network (VPN) .
Page 30 | AlliedW are™ OS Ho w T o Note: VPNs with Sonic W ALL r outers Ho w to use the CLI instead of the GUI This section gives an example of the Allied T elesis CLI commands that y ou need to enter for the IP , fir ewall, IPsec and ISAKMP aspects of this configuration.
USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T: +41 91 69769.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Allied Telesis NetScreen Routers c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Allied Telesis NetScreen Routers - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Allied Telesis NetScreen Routers, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Allied Telesis NetScreen Routers va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Allied Telesis NetScreen Routers, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Allied Telesis NetScreen Routers.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Allied Telesis NetScreen Routers. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Allied Telesis NetScreen Routers ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.