106 combined to form a secret session key. The tunnel server assigns the virtual IP address of 1.196.5.2 to the remote clients pseudo-adapter. This will act as the clients end of the tunnel, and all traffic destined for the remote network will be routed to this address. The tunnel server takes 1.196.5.1 as its pseudo-adapter interface to this tunnel session, and any traffic received at this IP address is routed to the WAN router for further routing to one or the other subnets. The remote client now interacts with nodes on the WAN as if it were physically connected to that network. When the second remote PC connects to the tunnel server, the new tunnel is assigned a second pair of IP addresses from the tunnel servers dynamic range. In this case, the second remote client is assigned 1.196.5.4, and the tunnel server takes 1.196.5.3 as its end of this tunnel session. The remote client routes all tunnel traffic to its pseudo-adapter interface to the tunnel, and the tunnel server routes all incoming traffic to its local network range for the tunnel that is directed at the WAN router. In both cases, the secret session key is regenerated by the tunnel server every 30 to 1,440 minutes and redistributed to the remote clients transparently. 107

Chapter 7. Configuring and Testing the AltaVista Tunnel

7.1 Getting Busy

Weve given you theoretical background on the AltaVista Tunnel, and now its time to get down to business: configuring it for your enterprise. In this chapter, we lay out step by step how to install, configure, test, and troubleshoot the AltaVista Tunnel Extranet server and Telecommuter client. Note that though this package is available for Unix, we only cover in depth the Windows NT9598 installation and configuration. AltaVista is kind enough to have provided a comprehensive installation and configuration guide for its Unix flavors. We do, however, cover installation requirements and considerations for all platforms available to the AltaVista client.

7.2 Installing the AltaVista Tunnel

The installation of the AltaVista Tunnel on all platforms is assisted by a GUI installation program, which makes all the necessary updates to the system and installs the networking pseudo-adapters and icons. This process is fairly generic across platforms, but there are specific installation requirements for each platform. Review the next section carefully before running out and purchasing the software. The AltaVista Tunnel Extranet server for Unix is available in one version: Digital Unix. Table 7-1 shows the installation requirements for this operating system. Confirm that your system matches these attributes before installation. Table 7-1. Requirements for AltaVista Tunnel on Unix Systems Requirements Digital Unix Hardware All Alpha System OS Version 3.2c or later Memory 32 MB Hard disk space 25 MB Root privileges Yes The AltaVista Tunnel for the Windows operating system is available as an Extranet server or a Telecommuter client see Table 7-2 . Table 7-2. Requirements for AltaVista Tunnel on Windows Systems Requirements Extranet Server Telecommuter Processor and RAM See below Intel 80486 or higher with 8 MB of RAM OS NT 4.0 SP 3 or higher NT 4.0 or higher or Windows 95 Hard disk space 15 MB 5 MB Administrator access Yes NA The processor and memory requirements for the Extranet server are dependent on the number of tunnels needed for the virtual private network. Table 7-3 breaks down the minimum requirements. 108 Table 7-3. Requirements for AltaVista Tunnel on Windows for Extranets Tunnels Processor RAM 50 Intel Pentium 90 48 MB 100 Intel Pentium 133 64 MB 200 Intel Pentium 200 or Digital Alpha Processor 64 MB

7.2.1 Preparing to Install

During the installation process, the AltaVista Tunnel edits the registry file on Windows NT machines, or the License database on Digital Unix. For all platforms, it installs a networking pseudo-adapter onto the operating system. In order to safe- guard your computer against corruption, you should perform a backup of the entire system. Ensure that you have Administrator privileges on the NT server or root access on the Unix platforms before installing.

7.2.2 Installing the AltaVista Tunnel Extranet Serverfor Windows NT

The Windows NT version of the AltaVista Tunnel Extranet server is distributed either as a ZIP file available for purchase from the AltaVista web site, or on CD-ROM. In NT 4.0, exit all other applications before installing. The installation procedure provides default settings that are compatible with most systems, but you may need to tweak these settings. Unless otherwise specified, all files are installed into the default directory: C:\AltaVista\Tunnel\. The installation program installs the following components to the following locations: • AltaVista Tunnel Service itnd —to the Services Control Panel • AltaVista Tunnel pseudo-adapter—to the Network Control Panel • TunMan AltaVista Management Program tunman.exe—to the AltaVista Folder • Etunnel Help File etunnel.hlp—to the AltaVista Folder • Tunnel Database File tunnel.dat—to the \AltaVista\Tunnel\Data directory • The master encryption key master.key—to the \AltaVista\Tunnel\Data\Keys directory The tunnel.dat and master.key files should not be moved from their installed directories. If they are moved, you must manually edit the Registry or the AltaVista Tunnel Extranet server will not function. The AltaVista Tunnel sets IP routing IP forwarding to be enabled and sets all tunnel ports to 3265. Though the tunnel ports can be configured manually via the Registry, disabling IP routing will likely disable the Tunnel server.

7.2.2.1 Windows NT 4.0

Once again, follow these steps to achieve your VPN: 1. Log in to the Windows server as an Administrator or equivalent. 2. Either insert the AltaVista Tunnel CD-ROM or use WINZIP or PKUNZIP to extract the Tunnel server archive into a temporary directory.