Proteon Software Release Notes
GTSecure-70 Router With OpenROUTE 2.1 [R1]
Part No. 42-048056-00
Revision A, November 1996
This document is for the GTSecure-70 router. Please save this document with your copy of the GlobeTrotter 70 and 72 Getting Started Guide. The software for the GTSecure-70 is based on OpenROUTE 2.1 router software, and is compatible with released versions of Proteon router software.
NOTE: The information in this document is subject to change without notice and should not be construed as a commitment by Proteon, Inc. Proteon, Inc. assumes no liability for any errors that may appear in this document.
The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of such license.
Copyright 1996 by Proteon, Inc.
OpenROUTE is a trademark of Proteon, Inc. Proteon is a registered trademark of Proteon, Inc.
With the addition of GTSecure-70 with IP Firewall Using Dynamic Filters and RADIUS capabilities and ISDN connectivity, Proteon expands its offerings targeted at the Internet access market. While many businesses today attach to the Internet via Frame Relay or leased lines, there are many businesses that consider Internet access via ISDN a necessity, particularly ones that need to be provisioned intermittently and not on a dedicated basis.
The major difference between those using dialup connections versus those using dedicated lines is the difference in how these businesses utilize the Internet. Those connecting via dedicated lines generally do so to maintain an Internet presence; that is, they either have a Web Server containing product and company information to which they wish to provide others access, or they use the Internet as the basis for their own networking infrastructure. Those connecting via dialup lines do so because they use the Internet on an intermittent basis, meaning that they dial up every so often to obtain whatever information they require.
The new GTSecure-70 remote access routers provide shared dialup LAN access at very high speeds using a very cost-effective WAN service, ISDN. Like the original GlobeTrotter 60 Series, and the GlobeTrotter 70 Series the GTSecure-70 is designed to ISP specifications, providing high performance, security, and WAN optimization features, at the best price.
The GTSecure-70 includes 2 MB of flash memory for system load storage, and 4 MB of DRAM to run the system software and maintain routing tables. The unit has a compact form-factor, a single Ethernet connection, a single ISDN connection, and a console port for out-of-band management. The GTSecure-70 routers feature the following:
68360 Processor
One ISDN BRI WAN port with the ability to support data
speeds up to 128 Kbps or one
64 K data channel with an additional channel for voice
A choice of ISDN U or S/T interfaces
One 10BaseT Ethernet LAN port for either shielded or
unshielded twisted pair
(software selectable).
Four front panel lights indicating diagnostic conditions
and traffic flow
Console port for out-of-band management
Media and installation manual
AC 110/220 volt universal power supply
Factory-installed software specific to GTSecure-70
system's application
Boot code is V1.2
I IP with access control and antispoofing for additional
security
R RIP, ARP, PPP, and ISDN
Compression using Stac
SNMP
UDP Broadcast
IP Dynamic Filters
RADIUS Authentication
RSA Data Security, Inc. MD5 Message-Digest Algorithm
Static and dynamic IP routing
PAP and CHAP security features
Plug-and-play hardware installation with preloaded
routing software
A Command Line Interface for configuration by service
providers
Quick Config menu/prompting configurator program
Standards-based interoperability with ISP existing
backbone equipment
Graphical User Interface Version 3.2
Factory preloaded software
A profile implements an access policy that controls the network access into and out of a secure network. You can set up profiles to provide access to specific resources in a private network for a user or group of users. You can also set up profiles that let users inside your private network have access to public networks, while keeping your private network secure.
There are two types of profiles:
You can associate a single profile with multiple interfaces. This means that you can easily use a profile on a router with many interfaces.
A profile contains a collection of filters. A filter has attributes that describe the types of packets it recognizes, and it has actions to take when it recognizes a packet.
Filters can contain still more filters. When a filter contains other filters, it is called a parent filter and the filters it contains are called child filters.
When a parent filter recognizes a packet, it installs copies of its child filters into the running system. This is in addition to the other actions defined for the parent filter. At such time, the parent filter may replace certain components of the child filters with values taken from the recognized packet.
Such parent/child groups are what makes the system dynamic. The filtering system, by monitoring data flows, can modify itself and automatically learn what it should be doing from moment to moment.
The following are the GTSecure IP Filtering commands available at the IP Filters Config>: prompt:
RADIUS (Remote Authentication Dial In User Service) is used to authenticate remote users so that a specific IP filter profile is installed for that user. The installed profile allows the remote user access to specific services inside the firewall. RADIUS is being developed in the IETF and currently is at the Internet draft stage.
The following are the RADIUS configuration commands available at the RADIUS Config> prompt:
GTSecure-70 Applicabl Cisco Bay Ascend Ascend Motorola
Supported e 2503 AN Pipeline BitSURFR
Features Proteon Rel Rel 400 MAX Pro
Routers 11.00 8.3 Rel 4.6C 1800
Rel 16.1 i2 Rel
4.6c
i2
General Note
Information #2
PHYSICAL
Ethernet S/T S/T S/T S/T N/A
ISDN BRI S/T S/T S/T
DATA LINK
PPP S/T S/T Note #4
MP S/T S/T Note #4
CCP S/T Note Note #3 Note N/A
#2 #3
BOD S/T N/T S/T S/T N/A
ISDN
Split-B N/T S/T S/T
Channel
S/T S/T S/T
Dial-On-Demand
Call
Direction
In S/T S/T N/A
Out S/T S/T S/T
SECURITY
PAP S/T S/T S/T
CHAP N/T S/T N/A
PAP & Note N/T Note #3 Note N/A
CHAP #1 #3
Secure Static N/A N/A N/A N/A N/A
Filters
Secure N/A N/A N/A N/A N/A
Dynamic
Filters
RADIUS N/A N/A N/A N/A N/A
Authentication
User Defined N/A N/A N/A N/A N/A
ELS
SNMP Traps N/A N/A N/A N/A N/A
Interoperability With GTSecure-70 Routers Using OpoenROUTE 2.1 Test Matrix (Continued)
GTSecure-70 Applicabl Cisco Bay Ascend Ascend Motorola
Supported e 2503 AN Pipeline BitSURFR
Features Proteon Rel Rel 400 MAX Pro
Routers 11.00 8.3 Rel 4.6C 1800
Rel 16.1 i2 Rel
4.6c
i2
PROTOCOLS
IP S/T S/T S/T
RIP S/T S/T N/A
ARP S/T S/T N/A
TCP S/T S/T S/T
UDP S/T S/T S/T
ICMP S/T S/T S/T
STATIC S/T S/T S/T
ROUTES
Passed the test.
Did not pass the test.
N/A Not Applicable.
N/T Should work but was not covered during the qualification effort.
S/T Tested as part of the standard GlobeTrotter 70 and 72 release, but not
retested with the GTSecure-70 product.
When running software load 11.1 or below on the 2503 CCP, the router would not interoperate with the GTSecure-70. Beta load 11.2 that was generated as a result of the California ISDN Users Group (CIUG) ISDN PPP Interoperability Workshop on 5/20 to 5/24/96 corrected this problem. Contact Cisco for additional information.
The BAY AN does not support STAC compression.
When placing an order for a GTSecure-70, order the appropriate model number.
Model Description
p5730-sec GTSecure-70U
p5730-sec GTSecure-70S
gtsadmin-pro GTSecure Login (PC and UNIX disk)
gtsrad-pro GTSecure RADIUS Tool
NOTE: The GTSecure Radius Tool is also available on the Proteon Web Page. Go to the Proteon home page at http://proteon.com the follow the links to Customer Support, then to GlobeTrotter (GT) Updates, GUI's, Release Notes and FAQ's, where you will see RADIUS authentication Server software. Down load this software to your system.
Cables
The GlobeTrotter 70 supports standard RJ-45 ISDN cables provided by Proteon. (P/N 12-003120-03)
The GlobeTrotter 70 ships with a 9 pin to 9 pin null modem console cable as well as an optional 9 pin to 25 pin modem console cable.
Each GTSecure-70 ships with the GlobeTrotter 70 and 72 Getting Started Guide that instructs the user on how to install the product. Other documents shipped include the GTSecure IP Filters Guide, GTSecure Login, and the GTSecure Read Me First Guide. The printed OpenROUTE documentation set and the CD-ROM are available for those customers who are interested in more advanced configurations of OpenROUTE 2.1 software, as well as providing the complete command line instruction set. Proteon recommends that each ISP who is providing GTSecure-70 systems purchase at least one OpenROUTE printed documentation set for reference.
Model Description
p4955-g OpenROUTE Documentation Set Printed Copy
p4956-g OpenROUTE Documentation Set CD-ROM
The GlobeTrotter 60 is based on IP with access control and antispoofing for added security. The GlobeTrotter 60 supports Stac Compression and Dialup Serial Interface (DSI) for asynchronous and synchronous RS-232 communication, including synchronous V.25 bis. Additional software features include PAP and CHAP security features, RIP, ARP, PPP, and Frame Relay. The current version of the GlobeTrotter 60 software is OpenROUTE 2.1a. For proper interaction with the GlobeTrotter Setup Utility software, use version 2.1. The current revision of the boot code for the GlobeTrotter 60 is V1.25.
The GlobeTrotter 62 builds on basic IP routing of the GlobeTrotter 60 with multiprotocol, standards-based bridging and routing capabilities. The GlobeTrotter 62 supports Stac Compression and Dialup Serial Interface (DSI) for asynchronous and synchronous RS-232 communications. The GlobeTrotter 62 runs many of the industry's most popular protocols TCP/IP, IPX, and AppleTalk 2 and forwards nonroutable protocols using transparent bridging services. The GlobeTrotter 62 is a perfect fit for multiprotocol branch office communications, distributed LAN-to-WAN connectivity, and remote LAN to corporate internetworking. The current revision of the GlobeTrotter 62 software is OpenROUTE 2.1a. For proper interaction with the GlobeTrotter Setup Utility software, use version 2.1. The current revision of the boot code for the GlobeTrotter 62 is V1.30.
The GTSecure-60 supports IP Firewall using dynamic filters and RADIUS on a WAN based platform. The GTSecure-60 is based on IP with access control and antispoofing for added security. The GTSecure-60 supports STAC® Compression and Dialup Serial Interface (DSI) for asynchronous and synchronous RS-232 communications, including synchronous V.25 bis. Additional software features include PAP and CHAP security features, RIP, ARP, PPP, and Frame Relay. The current version of the GTSecure-60 software is OpenROUTE 2.1a. The GlobeTrotter Setup Utility software is not available for this product. The current revision of the boot code for the GTSecure-60 is V1.25.
The GlobeTrotter 70 includes 1 MB flash memory for system load storage and 2 MB of DRAM to run the system software and maintain routing tables. The unit has a compact form-factor, a single Ethernet connection and ISDN WAN connection, and a console port for out-of-band management. The GlobeTrotter 70 supports one ISDN BRI WAN port, PPP, IP, PAP and CHAP, UDP Broadcast and Stac compression. The current revision of the GlobeTrotter 70 software is OpenROUTE 2.1 [R3]. For proper interaction with the GlobeTrotter Setup Utility software, use version 3.1. The current revision of the boot code for the GlobeTrotter 70 is V1.10.
The GlobeTrotter 100 supports the protocols of the GlobeTrotter 60 and 62 and more. In addition to IP, IPX, and AppleTalk, it supports antispoofing, filtering, OSPF, MOSPF, ARP, MAC Filtering, Bandwidth Reservation, ASRT Bridging, and NetBIOS Name Caching/Filtering. The GlobeTrotter 100 provides a 4 port Ethernet repeater and 2 WAN ports. The WAN ports support RS-232, V.35, and X.21 with up to T1/E1 speeds. The current revision of the GlobeTrotter 100 software is OpenROUTE 2.1a and does not support the new DSI function. The current revision of the boot code for the GlobeTrotter 100 is V1.30.
The GlobeTrotter Access Manager provides support for either 8 or 32 MB of memory and is a full-featured, interoperable IP software suite that supports remote GlobeTrotters and other popular, industry-standard Internet access devices as well. Internet Service Providers find the GlobeTrotter Access Manager the lowest cost, highest performing Internet point-of-presence platform on the market. The current revision of the GlobeTrotter Access Manager software is OpenROUTE 2.0a [R1] and does not support the new DSI function. The current revision of the boot code for the GlobeTrotter Access Manager is V1.10. Version 1.10 of the boot code is to support the new 32 MB of memory for the GlobeTrotter Access Manager.
NOTE: If one of the two power supplies of the GlobeTrotter Access Manager is powered off during system initialization, a diagnostic failure Bad ISR message appears during the operation of power up diagnostics. You can ignore this message. It does not indicate a true failure.
list of users, including a user with Tech Support permission and a
username of Proteon.
3. Enter delete user proteon and enter yes to the confirmation uery.
This removes Proteon Technical Support access, and you cannot
add this access again later.