Mitel Networks 6042 Managed VPN 6042 Managed VPN Administrator's Guide Release 6.0

Mitel Networks Corporation

Mitel Networks 6042 Managed VPN: 6042 Managed VPN Administrator's Guide - Release 6.0 Mitel Networks Corporation Published June 2003 Copyright © 2003 Mitel Networks Corporation. All rights reserved. The Mitel Networks logo is a trademark of Mitel Networks Corporation in the United States and other countries. Linux is a registered trademark of Linus Torvalds. The terms "ssh" and "Secure Shell" are trademarks of SSH Communications Security Corp. Trend Micro is a registered trademark of Trend Micro Incorporated. All other trademarks are the property of their respective holders.

Table of Contents 1. Introduction ............................................................................................................................ 1 1.1. About This Guide .......................................................................................................... 1 1.1.1. Who This Guide is Written For .............................................................................. 1 1.1.2. Glossary ........................................................................................................... 1 1.2. About the 6000 MAS Family of Products ........................................................................... 1 1.2.1. About the 6040 Office Server Suite ........................................................................ 1 1.2.2. About the 6042 Managed VPN .............................................................................. 2 1.2.3. About the 6010 Teleworker Solution ...................................................................... 2 1.3. About the AMC ............................................................................................................ 2 1.4. Software Licensing Terms and Conditions ......................................................................... 3 2. IPSEC VPNs .......................................................................................................................... 4 2.1. Creating an IPSEC VPN ................................................................................................. 4 2.2. IPSEC VPN Status ........................................................................................................ 5 2.3. Editing an IPSEC VPN ................................................................................................... 5 2.4. Deleting an IPSEC VPN ................................................................................................. 5 3. Technical Support .................................................................................................................... 6

iv

Chapter 1. Introduction 1.1. About This Guide The 6042 Managed VPN Administrator's Guide walks you step-by-step through the straightforward process of configuring and using your Mitel Networks 6042 Managed VPN.

1.1.1. Who This Guide is Written For This guide is for administrators of the 6042 Managed VPN. For more information, contact your Mitel Networks authorized reseller.

1.1.2. Glossary •

AMC - Applications Management Center

•

Blade - A software module that can be downloaded from the AMC

•

DVR - Digital Video Recorder

•

i-bay - Information Bay. A mechanism for creating intranets, extranets, shared directories and other resources

•

ICP - Integrated Communications Platform

•

ISP - Internet Service Provider

•

LDAP - Lightweight Directory Access Protocol

•

MAS - Managed Application Server, the product name of the 6000

•

PPTP - Point-to-Point Tunneling Protocol

•

RAID1 - Disk mirroring

•

SCSI - Small Computer Systems Interface

•

ServiceLink - A service that allows applications and services to be delivered to the 6000 MAS

•

SME - Small and Medium Enterprise

•

SSH - Secure shell. A secure, encrypted way to log in to a remote machine across a network, or to copy files from a local machine to a server

•

VPN - Virtual Private Network

1.2. About the 6000 MAS Family of Products 1.2.1. About the 6040 Office Server Suite The 6040 Office Server Suite is a subscription-based network server solution that improves business communication and enhances productivity. it is suitable for single-site and branch-based organizations with between two and 500 users. Features include a secure firewall, file and print sharing for Windows and Macintosh computers, 24 x 7 mon-

1

Introduction

itoring, web and intranet hosting, two free registered Internet domains and DNS services for one year. The built-in company e-mail system supports standard POP3 or IMAP4 e-mail clients - such as Microsoft Outlook, Outlook Express or Netscape - and includes a sophisticated virus-protection service as well as remote e-mail caching to ensure that users never lose incoming e-mail.

1.2.2. About the 6042 Managed VPN The 6042 Managed VPN is a subscription service that makes it easy for businesses of all sizes to reap the benefits of a managed IPSEC Virtual Private Network. The service allows resellers to create, edit or take down site-to-site VPNs between any two or more sites equipped with a server running the 6042 Managed VPN software. All VPN configuration is performed via the AMC through a simple point-and-click web interface. Depending on customer requirements, VPNs can be set to operate in standard mode (fully meshed> or in hub-and-spoke configuration. The service supports both static and dynamic IP addresses.

1.2.3. About the 6010 Teleworker Solution The 6010 Teleworker Solution is a simple, scalable and secure teleworking solution for remote and home-based employees. It supports any MiNET IP PBX (3100/3300 ICP and SX-200 IP Node) and standard Mitel Networks 5020/5220 IP Phones.

1.3. About the AMC The Mitel Networks Applications Management Center (AMC) is an online service accessed through the web that provides monitoring, management, and a variety of other back-end services for your installations of the 6042 Managed VPN. The AMC is also the procurement and provisioning interface for AMC-delivered products and services. As a reseller of the 6042 Managed VPN, you receive a unique account on the AMC. By logging in with a username and password, you can view a list of your 6042 Managed VPN installations, check their status, and add or drop services from any of them. After installing a 6042 Managed VPN, you must register it with the AMC online. Thereafter the 6042 Managed VPN will connect to the AMC every hour via a secure, encrypted connection across the Internet. This hourly operation is called synchronizing, or sync. When you add or drop services from a particular 6042 Managed VPN using the AMC web site, the 6042 Managed VPN will receive its new configuration instructions from the AMC the next time it performs a sync. The most important services provided by the AMC for the 6000 MAS family of products are: •

Automated virus pattern file updates

•

Domain Name Service (DNS) management services

•

Guaranteed e-mail

•

Web access control updates

•

24 x 7 monitoring, and alert notification

•

Software blade downloads

•

Custom reporting

Note

2

Introduction

If your server is behind an additional firewall, that firewall will need to be configured to allow outbound SSH packets on TCP port 22 in order for the server to communicate with the AMC.

1.4. Software Licensing Terms and Conditions The 6042 Managed VPN is licensed for an individual server under the terms of the End User License Agreement accepted when the blade was downloaded. Acceptance of this agreement and identification of the end-user accepting is required during the software installation.

3

Chapter 2. IPSEC VPNs 2.1. Creating an IPSEC VPN The 6042 Managed VPN allows you to create an IPSEC VPN between any two or more 6000 MAS servers. However, each server can only be a member of one VPN.

Warning It is possible to create a VPN between two servers from different companies, inadvertently exposing internal information from one company to another. Ensure that you select the intended servers. Before you attempt to create a VPN between servers, ensure that the servers are properly configured, as follows: 1.

A distinct server name.

2.

A distinct IP address range. (If you accepted the default IP address range when you initially configured the server, they should already be different. By default, the server randomly generates a range of addresses by varying the third block of digits in the IP address. For example, on server might use the range 192.168.12.XXX, while another might use the range 192.168.131.XXX. Each block of digits can be anywhere from 1 to 254.)

3.

The same Windows workgroup name on all servers.

To set up a Virtual Private Network (VPN) between two or more servers, follow these steps: 1.

Log into the AMC using your reseller account name and password.

2.

Click IPSEC VPN Service.

3.

Click Create.

4.

You will see a list of servers that are subscribed to the 6042 Managed VPN service. If there are no servers in this list, you need to purchase and enable the service (for more information on purchasing and enabling services, refer to the 6000 MAS Technician's Handbook). Choose a primary server for the VPN from the dropdown list.

5.

An ID number is generated for this VPN.

6.

Select a VPN mode. You can choose either Standard or Hub-and-Spoke.

7.

Enter a description of the network (e.g., "Sales offices") in the field below the ID number.

8.

Check the box next to each server you wish to participate in the network.

9.

Click Update.

10. The AMC now has the information it requires to set up the VPN. The designated servers will establish secure connections the next time they sync with the AMC. After all servers have synchronized with the AMC and the VPN has been established, you can access services on re-

4

IPSEC VPNs

mote servers as though you were on their local networks. Windows users can access files on those servers by opening Network Neighborhood (or My Network Places) and selecting the server they want to access. (Due to limitations in Windows networking, there may be a delay before remote servers appear in the list of available servers.)

2.2. IPSEC VPN Status To see a list of all of the VPNs created, click IPSEC VPN service in the AMC navigation menu. Click the VPN ID to see a list of all of the servers that are part of that VPN, and their current status, as seen in the image below:

2.3. Editing an IPSEC VPN To add or remove any 6000 MAS server(s) from a VPN, perform these steps: 1.

Click the Edit button next to the VPN in the status list. A screen appears, similar to the one below, listing all servers in the VPN and all other servers registered that are not part of some other VPN.

2.

To add a server to the VPN, check the box next to the server. To remove a server, uncheck the box.

As each server syncs with the AMC (either automatically or as a result of a manual sync), it will be added or removed from the VPN, as appropriate.

Note The "primary" server associated with the VPN cannot be removed. To remove the primary server, delete the VPN and then re-create it with a new server as the primary server.

2.4. Deleting an IPSEC VPN To delete an IPSEC VPN, click Delete next to the VPN.

5

Chapter 3. Technical Support If you are a 6042 Managed VPN subscriber and are having technical difficulty, please contact your Mitel Networks authorized reseller for support. If you are having difficulty configuring another vendor's hardware or software, we recommend you refer to the manual or contact the vendor for that product.

6