IPv4-IPv6 Transformer User Guide
Contents
1. 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Q10 Figure 22 Manual IPsec Security Associations Screen Enable IPsec This check box is selected to apply any SP or SA configurations that may be in the configuration database to the SP and SA databasesin memory Uncheck this box for a quick way to disable all IPsec on the Transformer without having to delete any SP or SA configurations from the flash 14 If you intend to use IPsec Enable IPsec must be selected Note Apply Changes This control button appears when an SP or SA has been changed through the e amp or buttons Click Apply Changes to update the SP and SA databases in memory so that the changes will take effect The new IPsec changes will not be applied until you select Apply Changes Manual IPsec Security Policy ManualIPsec gt Security Policies gt ManualIPsec gt Security Policies gt Figure 23 Manual IPsec Security Policy Edit Screen and Figure 24 Manual IPsec Security Policy Edit Screen continued are used to add a new Security Policy SP or editan existing SP Selection parameters specified on this form are matched against fields inthe IP header and upper layer protocol header of IP packets Examples of some of these selection parameters are Direction Source IP address and port Destination IP2. 60 So rce EE 60 Destination IP oso oie Rob tM M MEM M 61 IPsec PIDIDODI 61 D 61 Un ig MN 61 Encryption 61 Enciyption Password a MP o HH d 61 Hash tino m 62 Hash ASSO 62 Security Parameter Index sse 62 DOS CIID is 62 SIVE cc mE MEE 63 WEB GRAPHICAL USER INTERFACE WEBGUI STATUS 64 8 WEB GRAPHICAL USER INTERFACE WEBGUI DIAGNOSTICS 69 Password and SSH Files sse eene 80 9 END USER LICENSE AGREEMENT FOR DATATEK IPV4 IPV6 83 APPENDIX 86 APPENDIX 87 TABLE FIGURES FIGURE 1 OVERVIEW IP 5 14 FIGURE 2 tetro reto 15 FIGURE 3 IPV6 PERSPECTIVE ett rettet tte t tet te RU egre as 15 FIGURE 4 TRANSFORMER FRONT VIEW 19 FIGURE 5 TRANSFORMER essent tte tenter tt
3. Internet Protected Mode Off Figure 27 Manual IPsec Security Associations Screen after editing 7 Web Graphical User Interface webGUI Status The following forms are used for displaying the status ofthe Transformer such as general system information interfaces and traffic System information The System information form displays general system information about the Transformer as shown in Error Reference source not found Name This is the name of the Transformer that is formed with the Hostname and Domain fields from the General setup screen Version This is the image the Transformeris running The version filename and its date and time are displayed Platform This field displays the Transformer hardware version Uptime This is number of hours and minutes since the Transformer was last booted Last config change This dates the last time the database was saved CPU usage Figure 29 CPU Usage Screen is a graph that tracks CPU usage by clicking VIEW GRAPH link Memory usage This is a bar graph that dynamically tracks memory usage 33 search More SignIn 2 mh v Pager Safety v Toos v transformer General setup Set Date Time Interface setup vansformer Jocal Registration Datatek IPv4 IPv6 Transformer Version 4 0 0 Address pool Disk 090111 3 made by tsun Static address map Build 080511 2 made tsun
4. ea enc ee ea 32 eR ee nC ener MEDIE 32 DNS M E wee 32 Us ema me tide ch ica stria acces 32 5 OCT 22 33 WebGUI 33 Time ZONE 33 Time update Rm 33 NTP time 33 35 TranstomierIPvd aduiess 2 ete 33 Device IPv6 5 EU RU UA eu 23 TranstomerlIPvb5 5 disi eee eee 35 DevireJPyd 33 Transfommer IPv4 5 36 Accept router advertisements sse 37 Use temporary addresses sse nnne 37 Prefer temporary addresses sse 37 Temporary address valid lifetime sss 37 Temporary address preferred lifetime sss 37 Enable client on network side 43 Only exchange informational parameters 43 Send paid commit op
5. Search More gt gt v Page Safety v Tools v e APPLICATIONS INC System General setup Set Date Time Interface setup Registration Address pool Guests Static address map 2002 2 DHCPv6 client niche aud 20244 2002 2 Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph v Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping gt incoming as seen by translator outgoing as seen by translator http 172 31 12 49 diag_ipsec_sad php Internet Protected Mode Off Figure 35 Security Policy Database Screen SAD The Security Association Database SAD tab displays how data that is to be protected as determined by the SPD is protected Eachentry shows the source and destination addresses type of encryption and authentication algorithms type of IPSec header and uniquely identifying as shown in Figure 36 Security Association Database Scteen Sl Search More Signin A gt dA Pager Safety Diagnostics IPsec General setup Set Date Time Interface setup Registration Address pool Static address map DHCPV6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnost
6. 80 FIGURE 44 FACTORY DEFAULTS 81 FIGURE 45 REBOOT SYSTEM SCREEN 12 eerte tte nete treten tentent nette tte tente 82 Important Safety Instructions IMPORTANT SAFETY INSTRUCTIONS The exclamation point within an equilateral triangle is intended to alert the user to the presence of important operating and maintenance servicing instructions in the literature accompanying the product When installing operating or maintaining this equipment basic safety precautions should always be followed to reduce the risk of fire electric shock and injury to persons including the following Read and understand all instructions Handle this product in conformity with the applicable building code Follow all warnings and instructions marked on this product For information on proper mounting instructions consult the User s Manual provided with this product Do not place this product on an unstable cart stand or table The product may fall causing serious damage to the product The Telecommunications interfaces should not leave the building premises unless connected to telecommunication devices providing primary and secondary protection as applicable This product should be operated only from the type of power source indicated on the marking label If you are not sure of the type of power supply consult your dealer or local Power Company Unplug this product from the wall outlet b
7. Count 11Datatek Applications Inc All rights reserved view license Figure 41 Ping Screen Backup Restore Configuration The Configurationtab is selected to backup the system configurationto a file on the host that is running the web browser or restore the system configuration from a file on the web browser host to the Transformer This selection will also enable you to restore a previously saved configuration file to the Transformer iS x 28 Googie 2 sir Favorites transformer Diagnostics Backup restore m 8 v 7 v Pagev Safetyv 6 transformer local Diagnostic G hl http 192168 11 26 disg backup php RPP LIGATION Siw 1 Seien Diagnostics Backup restore General setup sceleri Configuration P rd Fil Interface setup Registration z E Static address map Click this button to download the system configuration in XML format DHCPv6 client DHCPv4 server Download configuration Static routes SNMP Server IPsec Open a configuration XML file and click the button below to restore the configuration irmware Status Note System The transformer will reboot after restoring the configuration Interfaces Traffic graph Diagnostics Logs Restore configuration DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Back
8. DHCPv4 server The Transformer can act as a DHCPv4 Serverto the IPv4 legacy host to provide host configuration parameters to the IPv4 legacy host J Search Signin gt General setup Set Date Time Interface setup Registration Address pool o ov E v de v Pager Safetyy webGUI Configuration System DHCP IPv4 server Enable DHCP server on host side interface Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status Deny unknown clients If this is checked only the dients defined below will get DHCP leases from this server 172 31 0 0 255 255 0 0 172 31 0 2 System Interfaces Traffic graph gt Diagnostics seconds This is used for dients that do not ask for a specific expiration time seconds The default is 7200 seconds This is the maximum lease time for clients that ask for a specific expiration time The default is 86400 seconds Note The DNS servers entered in System General setup or the DNS forwarder if enabled will be assigned to clients by the DHCP server The DHCP lease table can be viewed on the Diagnostics DHCP leases page Figure 17 DHCPv4 server Screen Enable DHCP server host side interface This checkbox is selected to enable the Transformer to act as a DHCPv4 server to the legacy IPv4 device Deny unknown clients
9. address on the host side Figure 11 Example Network Setup is a diagram ofall the interfaces and their IPv4 and IPv6 addresses that are of interestto the Transformer The diagram uses the sample addresses that were configured inthe Interface screen capture Figure 12 Interface Setup Screen Legacy IPv4 Device Device IPv4 address Transformer IPv4 address Example Network Setup IPv4 IPv6 Transformer DTX 4260 Host Side 172 31 0 2 172 31 0 1 Network Device IPv6 address Transformer IPv6 address Device IPv4 address Transformer IPv4 address Figure 11 Example Network Setup 2005 2 2005 26 192 168 11 222 192 168 11 26 Accept router advertisements This is checked to enable stateless address autoconfiguration as specified in RFC4862 If this is not checked the Transformer must get its IPv6 address through alternative means such as manual configuration through the Transformer IPv6 Address field or through stateful address configuration like DHCPv6 Use temporary addresses This is checked to make the IEEE interface identifiers and the random number which are both used in generating the global IPv6 addresses from stateless address autoconfiguration to change over time as specified in RFC3041 The interface identifiers are made to change over time by generating random values that will cause the IPv6 global address to also change over time maki
10. This is a number from 1 through 16 383 that is configured in the SP and the corresponding SA that is to be used for this SP Description Enter up to 80 characters to describe this SP This field is not processed but simply recorded as a commentfor this SP Save Click this button to write the parameters to the configuration database on the flash Afterwards the System Manual IPsec screen will appear with an Apply Changes button atthe top as shown in Figure 25 Manual IPsec Security Policies Display after editing Click the Apply Changes buttonto update the SP and SA databases in memory 58 mn skc datatekcorp com System Windo Explorer res x 172 311249 vpn manual ipsec sp php 3 Search gt 2 Signin APPLICATIONS INC webGUI Configuration mn skc datatekcorp com m System Manual IPsec General setup Set Date Time Rear The security policy configuration has been changed Registration 2 You must apply the changes in order for them to take Address pool Static address map DHCPv6 client DHCPv4 server Security Policies Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics 1 Tunnel unne Gateway N A N A N A Figure 25 Manual IPsec Security Policies Display
11. 1234567890BCDEFG 12345678 Use double quoted string e g secret codeword or hexidecimal digits preceded by Ox e g 0x1234567890abcdef 5 1 160 bitkey v 4 Internet Protected Mode Off Figure 26 Manual IPsec Security Association Edit Screen Disable This box is checked to disable the SA without deleting all its parameters from the configuration database Source IP This is the source IP address ofthe SA The IP address is matched against the source address inthe IP header Destination IP This is the destination IP address ofthe SA The IP address is matched against the destination address inthe IP header The destination IP address in conjunction with the Security Parameter Index and the IPsec protocol uniquely identify the SA IPsec Protocol See IPsec Protocol description in the section Manual IPsec Security Policy The IPsec Protocol in conjunction with the destination IP address and the Security Parameter Index uniquely identifythe SA Mode See the Mode description in the section Manual IPsec Security Policy The Mode must match the setting chosen on the remote side Unique Number This is the same number from 1 through 16 383 that was configured inthe SP Configuring the same Unique Number for the SA and SP ensures this SA is used for the SP Encryption Algorithm This is the encryption algorithm u
12. APPLICATIONS INC webGUI Configuration transformer local mom System Static routes General setup Set Date Time Interface setup The changes have been applied successfully Registration Address pool aes aS Static address map Protocol Network Gateway DHCPv6 client default 2005 1 DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics default 192 168 11 1 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Figure 18 Static routes Screen SNMP Server An enterprise MIB has been implemented on the Transformer that allows viewing translation specific configuration and statistics A MIB file used as input to a user s SNMP based Network Management System NMS is available to work with the Transformer The file has a bitof descriptive text in it which can be viewed by a user of an SNMP NMS that supports loading custom MIBs Included with the Transformer s SNMP implementation is a standard MIB file named DATATEK TXT that allows reading out many different system parameters IP addresses performance measures etc and their descriptions An NMS that supports custom MIBs should be able to displaythe list of available parameters That MIB does not support changing or clearing any parameters This DATATEK TXT file does not get put on the Trans
13. Status If you want to change the username for accessing the webGUI enter it here System 5 Interfaces Traffic graph confirmation gt Diagnostics 1f you want to change the password for accessing the webGUI enter it here twice System General setup local HrTP 5 Enter a custom port number for the webGUI above if you want to override the default 80 for HTTP 443 for HTTPS Etc UTC Select the location closest to you 300 Minutes between network time sync 300 recommended or 0 to disable pool ntp org Use a space to separate multiple hosts only one required Remember to set up at least one DNS server if you enter a host name here Figure 9 General setup Screen Hostname This is the name of the Transformer Domain This is the domain of the Transformer DNS servers This is the IP address ofthe DNS Server both a primary and secondary are allowed When the Transformer receives a DNS lookup request for a hostname from the IPv4 legacy device the request is turned into a request for an IPv6 address and is sent to the DNS Server The IPv6 address received from the DNS Server is then mapped to a dynamic IPv4 address The dynamically bound IPv4 address is returned to the IPv4 legacy device as the response to its original lookup request Username This is the login name of the administrator It is the same as the Username in the popup aut
14. This checkboxis selected only if clients with specific MAC and IPv4 addresses are to be served by the Transformer Subnet The subnet on which the legacy IPv4 host resides is displayed This field is taken from the Interface Setup s screen s host side configuration Subnet mask This is the subnet mask of the above subnet This field is taken from the Interface Setup s screen s host side configuration Available addresses This is the IPv4 address thatthe Transformer serves to the legacy host This field is taken from the Interface Setup s screen s host side configuration WINS server These are the IPv4 addresses of the WINS server s that the Transformer serves to the legacy host Default lease time This is the number of seconds for which the parameters served to the legacy host remain valid The default is 7200 seconds III The primary and secondary DNS addresses that are served to the legacy host are the addresses that were configured on the General Setup form Selectthe to add a specific client by MAC and IP address thatthe Transformer is to server All other clients are ignored This is used in conjunction with the Deny unknown clients option Static routes The Static routes Screen shows how static routes can be added edited or deleted Both IPv4 and IPv6 networks can be configured aree a stem gt s Windows Inter http 192 168 11 26 system_routes php
15. client form Client The Transformer be configured on the DHCPv6 client screento act as a 6 client to receive an IPv6 address for itself along with other host configuration parameters from a DHCPV6 server DHCPv4 Server The Transformer be configured on the DHCPv4 server screento actas a 4 server to the IPv4 legacy device to provide the IPv4 legacy device with an IP address and other host configurations The IPv4 address that is served to the IPv4 legacy device is the IPv4 address that was configured onthe Interface Setup screen This DHCPV 6 feature satisfies those IPv4 devices that do not store their own IPv4 addresses but require a DHCPv6 Server to give one to them 17 Pass through The legacy IPv4 device cantalk to other IPv4 devices across the network In pass through the Transformer does not translate IPv4 packets In the direction from the IPv4 legacy device towards the network the legacy device only needs to ensure its routing table contains an entry for the subnet or host address ofthe IPv4 destination host and that the gateway or next hop for that subnet or host address is the host side interface address as configured onthe Interface Setup screen s host side Transformer IPv4 address IPv4 hosts on the network can talk to the legacy host by addressing the legacy host with the Device IPv4 Address that was configured in the network side section of the Int
16. the parameters of an SP whose direction is outare matched against the packet being forwarded Higher Layer Protocol IPsec allows an SP to match againstthe next higher layer protocol inthe protocol stack The commonly used higher layer protocols TCP UDP ICMP are selected from the pull down menu To specify any other protocol select other and enter the protocol number as it will appear inthe IP packet s next header field If the SP is to apply to all higher layer protocols select any Policy This is the actionto take if the packet matches the selectioncriteria The following actions are supported ipsec Authentication and or encryption is to be performed e discard The packet is to be discarded e none Accept the packet without any processing IPsec Protocol IPsec supports the Authentication Header AH protocol and the Encapsulating Security Payload ESP protocol Select AH to provide authentication and integrity across the IP header AH header and the IP payload Select ESP to provide confidentiality across the IP payload When ESP is selected an Integrity Check Value ICV is always performed for heightened security The ICV is computed over the ESP header Security Parameter Index and Sequence Number the payload and the ESP trailer padding padding length field and next header Note that the IP header is excluded from the ICV computation Mode IPsec supports two modes tunnel mode and tra
17. 0 Backup Restore dropped for lack of memory 0 Factory defaults Reboot system dropped due to prepend failure 0 too short 0 Q Internet Protected Mode 10 Network statistics Figure 40 Network statistics Screen displays Network statistics of the Transformer QU http 192 168 11 26 diag netstat php x 9 Googie APPLICATIONS System General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system INC J Favorites transformer local Diagnostics Network statistics webGUI Configuration Diagnostics Network statistics total packets received bad header checksums with size smaller than minimum with data size data length with iplength gt max ip packet size with header length data size with data length header length with bad options with incorrect version number fragments received fragments dropped dup or out of space fragments dropped after timeout packets reassembled ok packets for this host packets for unknown unsupported protocol packets forwarded 0 packets fast forwarded packets not
18. 24 snmpd 80 Cannot find module TCP MIB At line 0 in none System T Oct 6 14 20 24 snmpd 80 Cannot find module UDP MIB At line 0 in none Traffic graph Oct 6 14 20 24 snmpd 80 Cannot find module HOST RESOURCES MIB At line 0 in none Oct 14 20 25 snmpd 80 Cannot find module SNMPv2 MIB At line 0 in none leases Oct 6 14 20 25 snmpd 80 Cannot find module SNMPv2 SMI At line 0 in none IPsec Oct 6 14 20 25 snmpd 80 Cannot find module NOTIFICATION LOG MIB At line 0 in none id Oct 6 14 20 25 snmpd 80 Cannot find module DISMAN EVENT MIB At line 0 in none Translation stats Oct 6 14 20 25 snmpd 80 Cannot find module DISMAN SCHEDULE MIB At line 0 in none Internet Protected Mode Off Figure 34 SNMP Screen IPSec The IPSec form displays the Security Policies SPs and Security Associations SAs as they appear in the system SPD The Security Policy Database SPD tab displays what type of data must be protected by IPSec as shown in Figure 35 Security Policy Database Screen Each entry has a source and destination address direction and tunnel endpoints if the policy is for tunnel mode The tunnel endpoints are the addresses used for the outer IPv6 packet header can n by m at err r http 172 3112 49 diag ipsec spd php Y Google
19. 8 12 42 30 kernel uarti 16550 or compatible gt at port 0x2f8 0x2ff 3 on 0 Aug 8 12 42 30 kernel uart1 FILTER ces Aug 8 12 42 30 kernel Timecounter TSC frequency 499905596 Hz quality 800 Traffic graph Aug 8 12 42 30 kernel Timecounters tick every 1 000 msec 24 CE Aug 8 12 42 30 kernel naptmodevent type 0 DHCP leases Aug 8 12 42 30 kernel IPsec Initialized Security Association Processing IPsec Aug 8 12 42 30 kernel usbus0 12Mbps Full Speed USB v1 0 Address pool Aug 8 12 42 30 kernel md0 augen0 1 AMD at usbus0 Address map Translation stats Aug 8 12 42 30 kernel uhub0 AMD OHCI root HUB dass 9 0 rev 1 00 1 00 addr 1 on usbusO mie stats Aug 8 12 42 30 kernel 40 FAILURE SET MULTI status 51 lt READY DSC ERROR gt error 4 lt ABORTED gt ing Backup Restore Aug 8 12 42 30 kernel ad0 1918MB SanDisk SDCFH 002G HDX 5 047 at ata0 master WDMA2 Factory defaults Aug 8 12 42 30 kernel Preloaded image lt mfsroot gt 50331648 bytes at 0xc0975af0 Reboot system Aug 8 12 42 30 kernel GEOM ad0 media size does not match label Aug 8 12 42 30 kernel Root mount waiting for usbusO 8 17 47 31 kernel iih 4 norte with 4 rameshla calf nawarad Internet Protected Mode Off 100 Diagnostics Logs System Figure 32 Logs Screen D
20. A typical single host may be the IPv6 address of a legacy IPv4 host For a network address the number of subnet mask bits are selected from a pull down menu A network address may be the subnet on which the Transformer resides Destination IP This is the destination IP address ofthe SP This field is comprised of an IP address and a port number The IP address is matched againstthe destination address inthe IP header and the port number is matched againstthe port number in the higher layer protocol header Leave the port field blank to allow any port number if the higher layer protocol does not support port numbers The number of subnet mask bits is selected from a pull down menu Direction in specifies that the SP is matched against inbound packets while out specifies the SP is matched against outbound packets Inbound packets may be received from the network side or host side Outbound packets are either originated by the Transformer or forwarded by the Transformer For example a ping command initiated from the Transformer s console creates an outbound packet packetis matched againstthe parameters of an SP whose direction is out An example of an outbound packet that comes from forwarding is where packets are received from the legacy host translated and then forwarded towards the network Whenever a packetis forwarded itis considered to be inthe outbound direction Therefore during the forwarding process
21. DHCPv6 client DTX4260 VERSION 3 DHCPv4 server 00 21 Static routes SNMP Server Thu Sep 1 16 22 39 UTC 2011 FTP Gateway view graph Manual IPsec Sa 14 Status System Interfaces Traffic graph gt Diagnostics Internet Protected Mode Off Figure 28 System information Screen m Sox Google p Sl Search More Signin E 00 d 5 Pager Satety gt Configuration Status CPU load General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics Note the Adobe SVG viewer is required to view the graph Figure 29 CPU usage Screen Interfaces The Interfaces form displays the up down status of the link and the addresses configured on the IPv4 and IPv6 interfaces as shown in Error Reference source not found On the IPv6 interface there are multiple addresses configured Addresses associated with the IPv4 device are indicated with IPv4 device The IPv6 interface addresses include the link local address of the IPv4 device the IPv6 address that is mapped to an IPv4 device and the foreign IPv6 care of addresses Other IPv6 addresses include the address of the IPv
22. address and port Higher layer protocol If a packet matches the specified parameters above the specified policy is carried out Use the following buttons to Add a new configuration Edit an existing configuration 6 Delete an existing configuration ystem Manual IPsec Security Policy Windows Internet Explorer http 172 31 1249 vpn manual ipsec sp editphp id 2 J Search More gt gt Signin E L1 d v Pager Safety v Took v APPLICATIONS webGUI Configuration L corp com System Manual IPsec Security Policy General setup Set Date Time Interface setu Disable this Security Policy Registration j Set this option to disable this Security Policy without removing it from the configuration Address pool database Static address map Type Single host v DHCPv6 client DHCPv4 server Address 2004 98 Static routes Port SNMP Server Leave blank for any port FTP Gateway Manual IPsec 2001 91 128 Firmware Status Leave blank for any port System Interfaces Traffic graph gt Diagnostics Figure 23 Manual IPsec Security Policy Edit Screen J Search gt Favorites mn ske datatekcorp com System Manual v Safetyv Tool v FTP Gateway Manual IPsec Destination IP Address 2001 91 128 Firmware Status Leave blank for
23. address to a DNS server Q13 Does the Transformer provide any security A13 Yes IPsecv2and IPsecv3 are both supported along with a choice of several cryptographic algorithms The Transformer acts as an IPsec proxy for your legacy device The secured path will be between the Transformer and a remote host that also supports IPsec The path between your legacy device and Transformer is not secured but since they are supposed to be co located and tightly coupled this should not be a problem Q14 Has the Transformer been certified by an independent 3rd party 14 The Transformer has been certified for IPv6 and IPsec by the Joint Interoperability Test Command JITC which is the official DoD test agency The Transformer has passed the IPv6 Ready Phase 2 Core USGv6 Basic SLAAC and Address Arch Conformance tests as performed by the University of New Hampshire UNH test lab 11 Q15 rhe status bar at the bottom of my web browser shows Waiting for address 15 Some web browsers such as Mozilla Firefox may show Waiting for address in the status bar at the bottom instead of Done after the page is loaded This can be ignored Q16 I logged into the GUI and when opened another connection was not re prompted to log in A16 The login and password dialog box for the Transformer s web browser GUI may not appear for subsequent connections from a terminal that already has web browser connections to the Transfor
24. set up the IPv4 to IPv6 session If the DNS returns only A record an IPv4 IPv4 sessionis set up 13 Example Network IPv4 IPv6 Transformer DTX 4260 Host Network Side Side 172 31 0 1 no 172 31 0 2 2005 99 EM x Figure 1 Overview IP Addresses In our example network Figure 1 Overview IP Addresses shows the actual IPv4 and IPv6 addresses of each network device After the Transformer has been configured both the 4 and IPv6 devices will have a different perspective as shown in Figure 2 IPv4 Perspective and Figure 3 IPv6 Perspective From IPv4 perspective all IPv6 addresses appear to have IPv4 addresses From an IPv6 perspective all IPv4 address will now appear to be on the network using IPv6 address 14 IPv4 Perspective IPv4 IPv6 Transformer DTX 4260 Host Network Side Side 172 31 0 1 EN 172 31 0 2 2005 99 172 31 0 3 Figure 2 IPv4 Perspective IPv6 Perspective IPv4 IPv6 Transformer DTX 4260 Host Network Side Side 312 31 9 1 T 2005 26 172 31 0 2 2005 99 Figure 3 IPv6 Perspective 15 Key Features Autoconfiguration The Transformer supports the Stateless Address Autoconfiguration SLAAC protocol described in RFC2462 and an extension to SLAAC for supporting temporary addresses as described in RFC3041 in configuring th
25. 6 Network interface http 192 168 11 26 status interfaces php APPLICATIONS Configuration System GNE Status Interfaces IPv6 interf Interface setup 5 Registration Status Address MAC address 00 00 24 cb 52 84 Static address map DHCPV6 client IPv4 address 192 168 11 26 24 DHCPv4 server IPv4 address 192 168 11 222 32 Static routes IPv4 Gateway 192 168 11 1 SNMP Server FTP Gateway IPv6 address 2005 26 64 Manual IPsec 2005 2 64 IPv4 device Firmware Status 2005 1 System 100baseTX Interfaces 4385 568 764 KB 434 KB Traffic graph gt Diagnostics 7 1 IPv4 interface Status up 00 00 24 cb 52 85 172 31 0 1 16 100baseTX lt full duplex gt 469 246 80 KB 25 KB Figure 30 Interfaces Screen Traffic graph Figure 31 Traffic graph Screen displays incoming and outgoing traffic for both the IPv4 LAN and IPv6 WAN interfaces SB search More gt gt Signin gt v Safety v Tools v e RPP LIGATION webGUI Configuration System Status Traffic graph General setup Set Date Time Interface WAN v Interface setup i Registration Address pool In 15 Kbps 10 3 2011 14 29 31 Switch to bytes s Static address map AutoScale up DHCPv6 client Out 7 Kbps Graph shows last 120 seconds DHCPv4 server Static routes 25
26. CPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vr1 Translation stats Aug 9 02 42 38 dhepd 172 31 0 2 to 00 50 0 59 22 43 croc via vr1 Network stats Aug 9 03 42 38 dhcpd Wrote 1 leases to leases file a Aug 9 03 42 38 DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vri Factory defaults Aug 9 03 42 38 dhcpd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc via vri Reboot system Aug904 42 38 dhcpd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via Internet Protected Mode Off Figure 33 DHCP leases Screen SNMP Figure 34 SNMP Screen displays the status of SNMP information J Search gt More gt gt 2 E 7 Gl mb v Pagev Safetyy webGUI Configuration BRE Diagnostics Logs us EX Syst SNMP lt Interface setup cites Ee Registration Address pool Last 50 SNMP log entries Static address map Oct6 14 20 21 snmpd 80 datxf DHCPV6 client Oct 6 14 20 21 snmpd 80 Initiali DHCPv4 server 80 Static routes Oct 6 14 20 21 snmpd 80 datxf SNMP Server Oct 6 14 20 21 snmpd 80 Did initialize FTP Gateway Oct 6 14 20 24 snmpd 80 Cannot find module IP MIB At line 0 in none Firmware Oct 6 14 20 24 snmpd 80 Cannot find module IF MIB At line 0 in none Status Oct6 14 20
27. D APPLICATIONS Ic LNKACT LNK ACT LNKACT LNKACT LNKACT LNKACT ur FaF 4 6 Transformer i AUX2 AUXI 4 Laid AUX6 5 AUX4 AUX3 IPv4 IPv6 Transformer User Manual 9 2011 V4 0 0 License Copyright 2005 201 1 Datatek Applications Inc All rights reserved The End User License Agreement EULA for the Datatek IPv4 IPv6 Transformer is detailed in Section 10 ofthe Datatek IPv4 IPv6 Transformer User Manual mOnOwall8 is Copyright 2002 201 1 by Manuel Kasper mk 2 neon net All rights reserved Copyright 1992 2011 The FreeBSD Project All rights reserved Printed in the USA Manufactured by Datatek Applications Inc 379 Campus Drive Suite 100 Somerset NJ 08873 Phone 732 667 1080 Fax 732 667 1091 www datatekcorp com TABLE CONTENTS IMPORTANT SAFETY INSTRUCTIONS 1 eerie eee esee sees enses senta aenea ens estne tasas tns ta sos 7 1 oom M m 9 2 SOW BR VIE Wy guider abba hd Gicn For RE p ARRA E hella UE VA FRA 13 3 PHYSICAL SETUP ione PRI 19 4 SOFTWARE REGISIRATION RR COH ERAN EE 23 5 26 6 WEB GRAPHICAL USER INTERFACE WEBGUI SYSTEM 29
28. GuI port Enter a custom HTTP port number to use or leave blank to use the default port of 80 for HTTP and 443 for HTTPS Time zone Selectthe time zone the Transformer is in Time update interval Enter how often the Transformer should use NTP Network Time Protocol to synchronize its clock with the rest of the network NTP time server Enter the domain name ofthe NTP Network Time Protocol time server 33 Set Date Time The Set Date Time form allows the user to configure the date and time on the Transformer Enter the current year month day hour and minute in the format displayed in Figure 10 Set Date Time Screen and select Update to apply the changes APPLICATIONS INC l transformer erc System Set Date Tue Aug 9 13 48 06 UTC 2011 General setup Set Date Time Interface setup 2011 Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics year month 011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Figure 10 Set Date Time Screen Interface Setup The Interface setup form is used to configure the host side and network side interfaces ofthe Transformer and the IPv4 address of the legacy device and the proxy IPv6 address ofthe legacy device There are two interfaces on
29. HCP leases Figure 33 DHCP leases Screen displays the status of current or past DHCP leases that are owned by the Transformer APPLICATIONS SEU M System Diagnostics Logs Set Date Time system Syst DHCP Interface setup Registration ue Address pool Last 50 DHCP service log entries Static address map Aug 8 23 42 37 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc vri DHCPV6 client Aug 8 23 42 37 dhcpd 172 31 0 2 to 00 50 da 59 22 43 croc via vr1 DHCPv4 server Static routes Aug 9 00 42 37 dhcpd Wrote 1 leases to leases file SNMP Server Aug 9 00 42 37 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via vr1 Aug 9 00 42 37 dhepd DHCPACK 172 31 0 2 to 00 50 0 59 22 43 croc 1 Firmware Aug 9 00 48 22 dhcpd DHCPINFORM from 172 31 0 2 via vri Status Aug 9 00 48 22 dhcpd DHCPACK to 172 31 0 2 00 50 da 59 22 43 vr1 2 Aug 9 00 48 25 dhcpd DHCPINFORM from 172 31 0 2 via Traffic graph Aug 9 00 48 26 dhcpd DHCPACK to 172 31 0 2 00 50 da 59 22 43 via vr1 h preme Aug 9 01 42 37 dhepd DHCPREQUEST for 172 31 0 2 from 00 50 da 59 22 43 croc via DHCP leases Aug 901 42 37 dhcpd DHCPACK on 172 31 0 2 to 00 50 da 59 22 43 croc via vr1 IPsec Aug 9 02 42 37 dhcpd Wrote 1 leases to leases file ane Aug 9 02 42 38 dhcpd DH
30. IPv4 IPv6 host Q2 What s a legacy IPv4 only device 2 could be a server a printer a network appliance it s anything with a LAN port that doesn t understand the new Internet Protocol Version 6 or IPv6 Virtually every device with a LAN port understands Internet Protocol Version 4 or IPv4 Since the inception ofthe Internet 4 has become so ubiquitous that no one bothered to mention the version number and simply referred to itas IP or TCP IP One day IPv6 will completely replace IPv4 Some people think that the sun will burn out before this happens In the mean time and 4 will coexist and new devices will support both protocols Legacy devices that only support IPv4 will be at disadvantage How do I connect to your Transformer A3 its simple The Transformer has two LAN ports a host side port and a network side port First disconnect your legacy device from the network and plug it into the Transformer s host side port Next hook the Transformer s network side port up to your network Finally configure the Transformer using a web browser and youre done Do I have to install your software on my legacy device 4 No there s no software to install the legacy device will I need to make an y changes to my legacy device 5 Typically you will need to change the legacy device s IPv4 address subnet mask default router and DNS server This is because the T
31. IPv6 Network interfaces 1 Starta web browser 2 In the http box enter the IPv4 or IPv6 address that was configured on the Transformet s Host or Network interface as the address to which the web browser must connect IPv6 addresses must be enclosed in brackets e g http 2002 2 skf datatekcorp com webGUI Microsoft Internet Explorer provided by Datatek Applications Inc DAR File Edit View Favorites Tools Help sxx ix Search She Favorites 5 33 Be Links gt 3 The default user name is admin and the default password is mono The default login and password should be changed after logging in the first time See General Setup page to configure new login and passwotd Authorization Dialog You need to supply a username and a password to access this site Site at 2002 2 Username admin Password Keep password Cancel Passwords must conform to the following rules Passwords must have at least 10 case sensitive characters b Passwords must have a mix of uppercase letters lowercase letters numbers and special characters such that at least two characters from each of the afore mentioned four types of characters are present Y Warning For example x TIITBn2 is a valid password Mv4 mabc3Z is invalid because it only has one special cha
32. IT SCREEN 60 FIGURE 27 MANUAL IPSEC SECURITY ASSOCIATIONS SCREEN AFTER EDITING 63 FIGURE 28 SYSTEM INFORMATION cece eene nter ttn entente tentent tentent tenis 65 FIGURE 29 CPU USAGE eet eR OR Wer ER Het PEDE 66 FIGURE 30 INTERFACES SCREEN 7 eese tenentes tenerent 67 FIGURE 31 TRAFFIC GRAPH 5 68 FIGURE 32 LOGS SCREEN th eee eta Rear tn HR N tectus 69 FIGURE 33 DHCP LEASES 70 FIGURE 34 SNMP SCREEN firi DERE RUIN 71 FIGURE 35 SECURITY POLICY DATABASE 72 FIGURE 36 SECURITY ASSOCIATION DATABASE 73 FIGURE 37 IPV4 ADDRESS POOL SCREEN eerte tentent ertet tente tenente tentes 74 FIGURE 38 ADDRESS MAP 1 esee tenerte tente tenente tte tente 75 FIGURE 39 TRANSLATION STATISTICS esee tentent tette tentent teniente 76 FIGURE 40 NETWORK STATISTICS entente tente tente tentent tenente trennen TI FIGURE 41 PING SCREEN teer REST 78 FIGURE 42 BACKUP RESTORE CONFIGURATION 79 FIGURE 43 BACKUP RESTORE PASSWORD AND SSH FILES
33. SNMP Server FTP Gateway Manual IPsec Firmware 50 Kbps Status System Interfaces Traffic graph 25 Kbps Diagnostics Internet Protected Mode Off Figure 31 Traffic graph Screen 8 Web Graphical User Interface Diagnostics The following forms are used for the maintenance and debugging of the Transformer The system log and DHCP leases are displayed in Error Reference source not found and Error Reference source not found The ping command backup of the configuration file and clearing of the configuration file to factory defaults and rebooting are supported commands Logs The Logs Screen displays the system log http 192 168 11 26 diag_logs php 7 d v Pager Safety APPLICATIONS nain cd System General setup Set Date Time Interface setup Registration Address pool Last 50 system log entries Static address map Aug 8 12 42 30 kernel orm0 lt ISA Option ROM at iomem 0xc8000 0xd27ff pnpid ORMO000 isa DHCPv6 client 8 12 42 AT Real DHCPv4 server Aug 8 12 42 30 kernel atrtc0 Real Time Clock at port 0x70 8 on 0 Static routes Aug 12 42 30 kernel uart0 16550 or compatible gt at port Ox3f8 0x3ff 4 flags 0x10 on isa SNMP Server Aug 8 12 42 30 kernel uart0 FILTER FTP Gateway um entem sac Aug 12 42 30 kernel uart0 console 9600 n 8 1 Firmware Aug
34. ady To Send RTS Pin 8 Clear To Send CTS Pin 9 Ring Indicator RI amp WNB 1 PNW Ru 1 86 oon 0 Appendix B Specifications Physical Flash Memory 512MB Power Supply 30W 12V Internal AC Power LAN Ports Eight 10 100Mbps Ethernet RJ 45 Console One DB9 Serial Buttons System Reset Factory Network Reset LEDs Unit Power Alarm LAN Link Activity OS FreeBSD 8 0 Mean Time Between Failures MTBF Calculated 100 000 hours Power Consumption 10W typical Form Factor 1U 19 inch rack mount design Environmental Dimensions W x Hx D 19x 1 75 x 8 in Unit Weight 3 6 16 5 73 kg Power 100 120 200 240VAC Cooling None Fanless Operating temperature 32 140 degrees F 0 60 degrees C Certification FCC Part A Safety CSA Safety and Environmental Compliance
35. after editing Manual IPsec Security Associations System gt Manual IPsec gt Security Associations gt System gt Manual IPsec gt Security Associations gt This form is used to add a new Security Association SA or edit an existing SA Parameters on this form specify how the packetis to be encrypted and or authenticated The following parameters on this form are used to uniquely identify an SA and match itto a packet These are some examples e Security Policy Index SPI e Destination IP address and port IPsec protocol ESP or AH Search More gt gt Signin mh v Pager Safety v Took v mn skc datatekcorp com System General setup Set Date Time Interface setup F Disable this Security Association SA Registration Set this option to disable this SA without removing it from the configuration database Address pool Static address map DHCPv6 client EN DHCPv4 server 2001 91 Static routes SNMP Server ESP v FTP Gateway Manual IPsec transport w Firmware Must match the setting chosen on the remote side Status System Interfaces The same unique number 1 16383 entered for a Security Policy SP and a Security Traffic graph Association SA will ensure a specific SA is used for the SP gt Diagnostics System Manual IPsec Security Association 2004 98 128 192 256 bit key v
36. al address Once you make changes to the host or network side IP addresses you must reboot the Transformer before the changes will take effect To do this from the Console Main Menu select item 4 Reboot system Reset webGUl password This selection resets the webGUI password to the default To do this from the Console Main Menu select item 2 Reset webGUI The defaults are as follows Username admin Password mono Reset to factory defaults This selection resets all configured values to the factory defaults including those that you have setup using the webGUI Use it when you want to make a fresh start like when you re moving a Transformer from one legacy device to another To do this from the Console Main Menu select item 3 Reset to factory defaults Setting the unit back to the factory defaults wil remove the registration key Warning nda newone will need to be obtained from Datatek Heboot system This selection reboots the Transformer To do this go to the Console Main Menu select item 4 Reboot system Ping host Enter either a hostname or IP address of target machine The IP address can be either an IPv4 or IPv6 address 28 6 Web Graphical User Interface webGUI System The Transformer provides a web server to support configuration and management through any standard web browser such as MS Internet Explorer Mozilla Firefox etc The webGUI can be accessed from either the IPv4 Host or the
37. any port System Interfaces i out v Traffic graph gt Diagnostics Type any v Protocol number IPsc ESP ESP is encryption is authentication only transport w Enter the public IP address of the local tunnel Enter the public IP address of the remote gateway requie v The same unique number 1 16383 entered for a Security Policy SP and a Security Association SA will ensure a specific SA is used for the SP You may enter a description here for your reference not parsed 11 Datatek Applications Inc All rights reserved view license m gt Internet Protected Mode Off 910 Figure 24 Manual IPsec Security Policy Edit Screen continued Disable This box is checked to disable the SP without deleting all its parameters from the configuration database Source IP This is the source IP address ofthe SP This field is comprised of an IP address and a port number The IP address is matched againstthe source address in the IP header and the port number is matched against the port number in the higher layer protocol header Leave the port field blank to allow any port number if the higher layer protocol does not support port numbers The type of address may be a single host or a network address Fora single host IPv6 address all 128 bits ofthe address are matched and for an IPv4 address all 32 bits ofthe address are matched
38. ar onthe console within about 3 minutes of booting contact support More information on the Console Main Menu configuration selections is discussed inthe next section login test Datatek Transformer Console 1 Set up IPv4 and IPv6 interfaces 2 Reset webGUI password 3 Reset to factory defaults 4 Reboot system 5 Ping host Enter a number When the Transformer is shipped from the factory the host side IPv4 address is set to 172 31 0 1 The network side port is not assigned an IPv4 address However network side port has an IPv6 link local address it will participate in IPv6 Stateless Address Autoconfiguration 4 Software Registration The Transformer must be registered before IPv4 IP v6 transforming will work Without registration configuration can still be set up except for pool and bindings IPv6 and IPv4 access to the web server will still work The Transformer will ship from Datatek with a valid registration key When upgrading the Transformer to a major new release a new registration key will need to be obtained from Datatek Minor release updates will not require a new key If registration has not been done most of the web pages will show an added information block near the top The info block contains a link to the registration page The registration page is where the user carries outthe registration process The not registered information block and the side frame of every page of the web inte
39. atatek Applications Inc Internet Protected Mode Figure 7 Unregistered Transformer Screen 5 Consol Interface The console portlets you access the console interface to the Transformer You only need to use the console interface when you can t reach the webGUI through either the host or network side LAN ports Typically you will use the console interface when you first install a Transformer to assign IP addresses to the host and or network side ports You may also need to use the console interface if yu make a serious mistake when configuring the Transformer with the webGUI like changing the password to something you immediately forget To use the console interface connect the console port to an ASCII terminal a PC com port with terminal emulator or via a console access device Terminal settings are 9600 baud no parity one 1 stop bit The console cable used should be a cross over 9 pin null modem cable See Appendix B for the crossover connector pinout diagram While booting the Transformer prints a large amounts of information on the console that is mainly of interestto the software developers However the console interface is active during this period and itis possible to pause or modify the boot process by entering commands These commands are for development and testing use only and are not documented in this manual After booting you will be greeted with a login prompt In the example below we us
40. boot is not necessary but the SSH Daemon will be restarted with the restored host Traffic graph keys Diagnostics Logs Browse DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights reserved view license Done Internet Protected Mode Off v 100 Figure 43 Backup restore Password and SSH Files Screen Factory defaults The Factory defaults form provides the means to clear out the current configuration and restore itto the defaults that were shipped from the factory Use the Diagnostics Backup Restore form first to save a copy of your configuration After clearing the by responding Yes to the question Are you sure you want to proceed the Transformer will automatically reboot After rebooting the Transformer Console Menu must be used to enter the IPv6 Host and IPv6 Network addresses necessary to access the webGUI again Y Warning Setting the unit back to the factory defaults will remove the authorization code and a newone will need to be obtained from Datatek mr wenn t rmer local bttp 1723112 113 diag_defaults php x Googie pr X Google Search More gt gt J Signin sir Favorites transformer local Diagnostics Factory defau m d v Pagev Safetyv Tool v D ek APPLICATIONS i
41. ce go to the Console main menu and select item 1 Set up IPv4 and IPv6 interfaces In the example below we set the host side interface address to 192 168 1 1 and accept the default subnet mask length of 24 Note that each prompt shows the current or default value in parentheses To accept the default value simply press ENTER Similarly we set the network side IPv6 and IPv4 addresses to 2007 50 and 135 47 8 16 respectively IPv4 address for host side interface 172 31 0 1 192 168 1 1 4 subnet mask length for host side interface 24 IPv6 address for network side interface or none none 2007 50 IPv6 prefix length for 2007 50 64 IPv4 address for network side interface or none none 135 47 8 16 4 subnet mask length for IPv6 LAN interface 16 24 Please wait You can now access the webGUI by opening any of the following URLs in your browser http 192 168 1 1 http 2007 50 http 135 47 8 16 You must reboot before these changes ffect Press ENTER to continue You aren t required to supply an IPv4 or IPv6 address for the network side interface If you don t supply an IPv4 address you won tbe able to access the webGUI from the network side interface using IPv4 If you don tsupply an IPv6 address you may still be able to access the webGUI using IPv6 This is because the network side interface is automatically assigned an IPv6 link loc
42. d States of America local law may apply This LICENSE constitutes the entire understanding and agreement between you and the Manufacturer in relation to the SOFTWARE and supersedes any and all prior or other communications statements documents agreements or other information between the parties with respect to the subject matter hereof Limitation of Liability To the maximum extent permitted by applicable law in no event shall Manufacturer or its suppliers be liable for any damages whatsoever including without limitation special incidental consequential or indirect damages for personal injury loss of business profits business interruption loss of business information or any other pecuniary loss arising out of the use of or inability to use this product even if Manufacturer has been advised of the possibility of such damages In any case Manufacturer s and its suppliers entire liability under any provision of this License shall be limited to the amount actually paid by you for the SOFTWARE Because some states jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages the above limitation may not apply to you 9 Pin Null Modem Pinouts Connector Pinouts DB9 Pin Layout Pin 1 Carrier Detect CD Pin 2 Receive Data RD Pin 3 Transmit Data TD Pin 4 Data Terminal Ready DTR Pin 5 Ground GND Pin 6 Data Set Ready DSR Pin 7 Re
43. de the transformation that allows the two hosts to communicate Figure 20 FTP Gateway Screen shows there are 2 choices that a user can select enable the FTP ALG calling a host side and or network side server on the standard FTP port By checking one or both entries the ALG is activated which will perform the proper IPv4 IPv6 translation between the client and server The variations covered by the FTP ALG are Client on IPv4 host IPv6 server on network Client on IPv4 host IPv4 server on network IPv6 client on network server on IPv4 host IPv4 client on network server on IPv4 host webGUI Configuration System General setup Set Date Time Interface setup V Enable FTP ALG for server on network side interface System FTP Gateway Registration Address pool Enable FTP ALG for server on host side interface Static address map client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics Figure 20 FTP Gateway Screen Manual IPsec Figure 21 Manual IPsec Security Policies Screen and Figure 22 Manual IPsec Security Associations Screen display currently configured Security Policies SPs and Security Associations SAs Select the Security Policies tab to see the SPs displayed onthe screen Select the Security Associations tab to see the SAs displayed onthe screen The fo
44. dress pool Registration Code US8AB MQEH7 TQZ3P YTBLG Static address map DHCPv6 client Enter registration code received from Datatek Applications DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics All rights reserved view license Figure 6 Registration Screen Figure 7 Unregistered Transformer Screen appears if the user has entered an invalid Registration Code M http 192 168 11 26 register php J search gt More Signin Page Safety v Tools v e APPLICATIONS INC webGUI Configuration transformer local System Transformer Registration General setup Set Date Time This transformer needs to be registered Please contact Datatek Applications IPv6 technical support Interface setup www datatekcorp com ipv6 contact Supply the product ID and software version below to receive Registration registration code Then enter the registration code in the space provided and dick the Save button Address pool Static address map S8LPK IBND4 W3AZV QG23I 4 0 2 DHCPv6 client Send this product ID and software version to Datatek Applications DHCPv4 server Static routes SNMP Server Enter registration code received from Datatek Applications FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph 2005 2011 D
45. e the login id admin but you can use anything you want in this version of the Transformer software Once you enter a login id the Transformer prints the Console Main Menu and prompts you to enter a number corresponding to a menu item The following sections describe each of the menu items login admin Datatek Transformer Console 1 Set up IPv4 and IPv6 interfaces 2 Reset webGUI password Reset to factory defaults Reboot system Ping host Enter a number 1 Set up IPv4 and IPv6 interfaces This selection lets you setthe IP addresses and subnet masks prefix lengths for the host and network side interfaces This will allow you access the webGUI You must supply an IPv4 address and subnet mask for the host side interface You may also supply an IPv4 address subnet mask and an IPv6 address prefix length for the network side interface Note that these network side addresses are for the management interface on the Transformer not the proxy addresses for the legacy IPv4 device You will need to use the webGUI to enter the proxy addresses We recommend using an IP address from the RFC 1918 private address space for the host side interface since it s not visible to the network side of the Transformer There are three private ranges Start End 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 192 168 0 0 192 168 255 255 To configure the Transformer s interfa
46. e network side IPv6 address interface The Stateless Address Autoconfiguration SLAAC process employs the Neighbor Discovery Protocol NDP which includes Router Solicitations Advertisements and Neighbor Solicitation Advertisements The NDP messages are used to verify that the link local address is unique on the link The Router messages are used to discover the network prefixof the Transformer s IPv6 link The prefixis combined with the interface identifier of the link local address to create a global IPv6 interface address This address is then configured as the Transformer s IPv6 Network interface s IP v6 address A proxy IPv6 address is also autoconfigured for the IPv4 legacy device by using the host side interface s MAC address as the interface identifier forthe proxy IPv6 address The proxy IPv6 address is then bound to the IPv4 address of the legacy device When temporary addresses are enabled onthe Transformer the interface identifier is a randomized value that is regenerated periodically and combined with the network prefixthat was advertised in the router advertisements to create a temporary address that is difficultto eavesdrop due to its changing nature DNS Server The Transformer uses a DNS Application Layer Gateway ALG when itis configured to actas a proxy DNS Server for the IPv4 legacy device As a proxy the Transformer processes DNS lookups and reverse lookups sent from the legacy device A DNS lookup requests the IP address fo
47. ed sshd Setting proxy link local address done Configuring address pool done Configuring IPsec done Datatek IPv4 IPv6 Transformer Version 4 0 0 Disk 093010 2 made v6adm Build 093010 1 made by v6adm Copyright C 2010 Datatek Applications Inc rights reserved Code imported from m0n0wall Copyright C 2002 2005 by Manuel Kasper Allrights reserved Initial GUI IP address 172 351 0 1 Port configuration LAN gt 5151 WAN gt 5150 FreeBSD i386 skf local console If the console messages do not look like the messages above but instead look like the following then make sure the Compact Flashis plugged the way 0 19 0 0 11 0 8 0C031008 0117 0280 08 38 00 A0003000 00000000 11 1 Seconds to automatic boot Press Ctrl P for entering Monitor NSC DP83815 DP83816 Fast Ethernet UNDI v1 03 Copyright C 2002 2003 National Semiconductor Corporation All rights reserved Pre boot eXecution Environment PXE 2 0 build 082 Copyright C 1997 2000 Intel Corporation CLIENT ADDR 00 00 24 F9 4C PXE E53 No boot filename received Exiting MacPhyter PXE ROM No Boot device available enter monitor comBIOS Monitor Press for help gt After booting you will be greeted withthe login prompt shown below You can enter any character atthis time which will bring you to the Console Main Menu as shown below However if the Console Main Menu does not appe
48. efore cleaning Do not use liquid cleaners or aerosol cleaners Use a damp cloth for cleaning Do not use this product near water for example in a wet basement To reduce the risk of electrical shock do not disassemble this product Service should be performed by trained personnel only Opening or removing covers and or circuit boards may expose you to dangerous voltages or other risks Incorrect re assembly can cause electric shock when the unit is subsequently used This product is equipped with a three wire grounding type plug a plug having a third grounding pin This plug is intended to fit only into a grounding type power outlet This is a safety feature If you are unable to insert the plug into the outlet contact your electrician to replace your obsolete outlet Do not defeat the safety purpose of the grounding type plug Do not use a 3 to 2 prong adapter at the receptacle Use of this type adapter may result in risk of electrical shock and or damage to this product Do not allow anything to rest on the power cord Do not locate this product where the cord will be abused by persons walking on it Do not overload wall outlets and extension cords as this can result in the risk of fire or electric shock amp Unplug this product from the wall outlet and refer servicing to qualified service personnel under the following conditions a When the powers supply cord or plug is damaged or frayed b If liquid has been spilled
49. er Index This is a 32 bit integer that is assigned to the SA Valid values are 0x100 through OxFFFFFFFF SPI in conjunction with the destination IP address and the IPsec protocol uniquely identify the SA Description Enter up to 80 characters to describe this SA This field is not processed but simply recorded as a comment for this SA 62 Save Click this button to write the parameters to the configuration database onthe flash Afterwards the System Manual IPsec screen will appear with an Apply Changes button atthe top as shown in Figure 27 Manual IPsec Security Associations Screen after editing Clickthe Apply Changes buttonto update the SP and SA databases memory search gt More Signin C dh gt Took iad EE IEO webGUI Configuration mn skc datatekcorp com System General setup System Manual IPsec Set Date Time T Interface setup The security association configuration has been changed istrati You must apply the changes in order for them to take effect Registration Address pool Static address map DHCPV6 client DHCPv4 server Security Associations Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph 4 Diagnostics 1 1 transport 0 Enable IPsec transport transport HMAC SHA1 transport HMAC N A SHA1
50. erface Setup screen This feature may be useful for situations where not all the IPv4 devices ona link can be moved behind Transformers at one time The devices then must be separated by placing some ofthe IPv4 devices on the network side of the Transformer and a single IPv4 device behind the Transformer on the host side Passthroughis then used to enable communication between the IPv4 device on the host side and all the other IPv4 devices onthe network side Internet Protocol Security IPsec The Transformer can be configured to provide IPsec protection on behalf of an IPv4 legacy device The secured path lies between the Transformer and the remote host Specifically IPsec is terminated atthe IPv6 endpoints the IPv6 address that represents the IPv4 legacy device and the IPv6 address of the remote host Since the path between the legacy host and the Transformer is not secured they should be co located in a secured area To enable IPsec the administrator must configure the Security Policy SP and may manually configure a Security Association SA The SP specifies the packets that should be protected by describing the characteristics on which to match a user packet e g the IP address and port number and the upper layer protocol The SA specifies how they should be protected e g the algorithms and keys to use 18 3 Physical Setup Transformer Physical Description The Transformer s front and rear views are shown below in Fig
51. f your receipt This Limited Warranty is void if failure of the SOFTWARE has resulted from accident abuse or misapplication Any replacement SOFTWARE will be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer No Other Warranties To the maximum extent permitted by applicable law manufacturer and its suppliers disclaim all other warranties either express or implied including but not limited to implied watranties of merchantability fitness for a particular purpose and non infringement with regard to the software and the accompanying written materials This limited warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jutisdiction Special Provisions The SOFTWARE and documentation ate provided with RESTRICTED RIGHTS Use duplication or disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Software clause at DFARS 252 227 7013 subparagraphs c 1 and 2 of the Commercial Software Restricted Rights at 48 CFR 52 227 19 as applicable Manufacturer is Datatek Applications Inc 379 Campus Dtive Somerset NJ 08873 If you acquired the SOFTWARE in the United States of Ametica this Software License is governed by the laws of the State of New Jersey excluding its choice of laws provisions If you acquited the SOFTWARE outside the Unite
52. former Instead itis loaded on a customer s NMS to merge with all the other MIB descriptors itis expected to find on systems with SNMP agents The NMS informationin this file to direct formatted display of data and some descriptive text Without this an NMS can only display raw data and does not display tables well Besides this MIB there are other MIBs supported on the Transformer Hundreds of data items are supported See e g mibll To generate a list setup an NMS that supports loading additional MIBS Tell it where to find the DATATEK txt file Then have the NMS walk the system using a command line snmp utility to display everything It has a list of standard MIBs in etc somewhere and supports adding extension MIBs in the user s HOME snmp mibs directory Some ofthe SNMP objects included in the Transformer s MIB are 4 and addresses number of IPv4 packets mapped from hostto network and vice versa number of IPv4 packets passed from hostto network and vice versa number of packets dropped from host number of IPv4 packets translated to IPv6 and vice versa number of IPv6 packets translated to IPv4 number of IPv6 packets not translated number of IPv4 and IPv6 packets dropped number of packets with untranslatable protocol number of packets with bad ICMP format etc Figure 19 SNMP Server Screen shows a checkbox which the user can select to enable the SNMP agent also has descriptor fields to identi
53. forwardable packets received for unknown multicast group redirects sent A D mh v Pager Safety v Toos Internet Protected Mode Off 48 v Figure 40 Network statistics Screen 9 100 Ping The Ping form is used to test connectivity betweenthe Transformer and a device on either the IPv6 or the IPv4 side The ping will be sent over the proper interface based on the address format entered Figure 41 Ping Screen shows the results of the Ping command webGUI Configuration APPLICATIONS INC System General setup Set Date Time Interface setup Registration Address pool Static address map DHCPV6 client DHCPv4 server Static routes Ping output SNMP Server FTP Gateway PING 192 168 11 1 192 168 11 1 56 data bytes Manual IPsec 64 bytes from 192 168 11 1 icmp seq 0 551 255 time 1 421 ms Firmware 64 bytes from 192 168 11 1 icmp seq 1 551 255 time 1 388 ms SHE 64 bytes from 192 168 11 1 icmp seq 2 ttl 255 time 1 439 ms System 182 168 11 1 ping statistics Interfaces 3 packets transmitted 3 packets received 0 0 packet loss Traffic graph round trip min avg max stddev 1 388 1 416 1 439 0 021 ms Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system Diagnostics Ping Host 192 168 11 1
54. fy the location of the Transformer system contact information and the community the Transformer is part of transformer local Se Services SNMP General setup Set Date Time Interface setup Registration Address pool lab Static address map DHCPV6 client admin public 7 Enable SNMP agent DHCPv4 server Static routes SNMP Server In most cases public is used here FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics atek Applic Internet Protected Mode Off Figure 19 SNMP Server Screen FTP Gateway FTP uses a command and response protocol over a connection from a client to a server established to a predefined TCP port The FTP protocolis used to initiate file transfers and other data transfers over dynamically established connections When using the Transformer an IPv4 host that uses FTP either as a client ora server is positionedon the v4 side ofthe Transformer with the rest ofthe network on the other side That host needs to continue using FTP but now a layer of addressing and protocol transformation stands between that host and any remote host The major problem is that the protocol requires exchanging address and protocol information but the two sides have differing views of both the addressing and the protocol To resolve that problem the Transformer provides an application layer gateway ALG to provi
55. horization dialog that appears when one first connects to the webGUI Password Type in a new password to change the current password It isthe same one that is used in the authorization dialog that appears whenone first connects to the webGUI Passwords must conform to the following rules Passwords must have at least 10 case sensitive characters Passwords must have a mix of uppercase letters lowercase letters numbers and special characters such that at leasttwo characters from each of the afore mentioned four types of characters are present For example x T1ITBn2 is a valid password Mv4 mabc3Z is invalidbecause it only has one special character Mv4 abc3Z is valid New passwords must not be reused from any ofthe previous ten passwords T Automatic expiration of passwords is not supported at this time Warning SAVE A domain must be entered before the information on this screen can be saved Selectthe SAVE button before proceeding to the remaining configuration screens otherwise the information will be lost Furthermore configuration on the General setup screen determines the availability of some options onthe other screens A rebootis requiredfor any configuration changes made on the other screens note to lake effect The GUI will display instances when a reboot is required webGuI protocol Select HTTP or HTTPS as the GUI protocol HTTPS uses HTTP over SSL Secure Socket Layer for security web
56. ic m http diag stats php CD 192 168 11 26 APPLICATIONS INC System General setup Set Date Time Interface setup iy Favorites transformer local Diagnostics Translation statis WebGUI Configuration x Google 5 v Diagnostics Translation statistics 1 9 v Page v Safety v Tools v e Figure 39 Translation statistics Screen Registration IPv4 mapped thru in host to network direction 0 Address pool IPv4 pass thru in host to network direction 0 Static address map DHCPV6 client IPv4 packets from host dropped 0 DHCPv4 server IPv4 mapped thru in network to host direction 0 Static routes IPv4 pass thru in network to host direction 0 SNMP Server 1 FTP Gateway IPv4 packets from network dropped 0 Manual IPsec IPv4 packets translated to IPv6 0 Firmware es Status IPv4 packets with destination address in free pool 0 System IPv6 packets translated to IPv4 0 Interfaces IPv6 packets from network dropped 0 Traffic graph Diagnostics IPv6 packets not translated 0 Logs dropped due to source address selection failures 0 leases with unsupported IPv4 protocol 0 Address pool dropped due to pullup failures 0 Address map errors processing ICMP packets 0 Translation stats IPv4 packets with source addr already in 0 Ping packets with unexpected IP address
57. ics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping m Internet Protected Mode Off Figure 36 Security Association Database Screen 14 This symbol at the end of each SPD SAD entryis clicked to delete note the entry This is not recommended except as a means of troubleshooting Do not warning delete any entries unless you knowwhat youre doing Address pool Figure 37 IPv4 Address pool Screen displays the range and size of the addresses in the Transformer IPv4 address pool It shows the starting and ending address as well as the number of available addresses size x transformer local Diagnostic e http 192 168 11 26 diag pool php 2 x 9 Googie sr Favorites 8 transformer iocal Diagnostics IPv4 Address pool 2 d v Safety Took appricarions in o Diagnostics IPv4 Address pool General setup Set Date Time Interface setup Registration 172 31 0 4 172 31 255 254 65531 Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot syste
58. ics Reboot System General setup Set Date Time Tm Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system 011 Datatek Applications Inc All rights reserved view license Done Internet Protected Mode Off fg v 1005 Figure 45 Reboot System Screen 9 End User License Agreement for Datatek gt 4 Transformer This License Agreement is a legal contract between you and the manufacturer Manufacturer of the software product s you acquired identified as SOFTWARE The SOFTWARE may include printed materials that accompany the SOFTWARE Any software provided along with the SOFTWARE that is associated with a separate end user license agreement is licensed to you under the terms of that license agreement By installing copying downloading accessing or otherwise using the SOFTWARE you agree to be bound by the terms of this LICENSE If you do not agree to the terms of this LICENSE Manufacturer is unwilling to license the SOFTWARE to you In such event you may not use or copy the SOFTWARE and you should promptly contact Manufacturer for instructions on return of the unused produc
59. ies inthe address pool Add a new range of IPv4 addresses to the pool Edit an existing range Delete an existing range Figure 14 Adding or Editing the Address Pool Screen is displayed when a new address range is added or an existing address range is edited transformer local S http 192 168 11 26 transformer local System IPv4 Address Pool Edit General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics 172 31 0 1 IPv4 address for the start of pool segment 172 31 255 254 IPv4 address for the end of pool segment Must be greater than or equal to start address 2005 2011 Datatek Applications Inc All rights reserved view license Figure 14 Adding or Editing the Address Pool Screen Static address map Figure 15 Static IPv4 IPv6 Address Map Screen displays the bindings between the IPv4 and IPv6 addresses by which the legacy IPv4 host knows IPv6 hosts and their IPv6 addresses ste 0 Address http 192 168 11 26 system bindings php APPLICATIONS INC transformer local System System Static IPv4 IPv6 Address Map General setup Set Date Time R Interface setup Address Registration 172 31 0 3 Address pool Static addre
60. imited to Cuba Iran Iraq Libya North Korea Sudan and Syria or to any national of any such country wherever located who intends to transmit or transport the products back to such country 1 to any person entity who you know or have reason to know will utilize the SOFTWARE or portion thereof in the design development or production of nuclear chemical or biological weapons or iii to any person or entity who has been prohibited from participating in U S export transactions by any federal agency of the U S government Limited Warranty Manufacturer warrants that the SOFTWARE will perform substantially in accordance with the accompanying written materials for a period of ninety 90 days from the date of shipment from Datatek Applications Inc Software support is limited to the hours of 9 AM to 5 PM ET Monday through Friday excluding Datatek Applications observed holidays Other coverage and extended watranty may be purchased at additional cost Any implied warranties on the SOFTWARE limited to ninety 90 days Some states jutisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you Manufacturer s and its suppliers entire liability and your exclusive remedy shall be at Manufacturer s option either a return of the price paid or b repair or replacement of the SOFTWARE that does not meet this Limited Warranty and which is returned to Manufacturer with a copy o
61. into the product C If the product has been exposed to rain or water d If the product does not operate normally by following the operating instructions Adjust only those controls that are covered by the operating instructions because improper adjustment of other controls may result in damage and will often require extensive work by qualified technician to restore the product to normal operation e If the product has been dropped or the cabinet has been damaged f If the product exhibits a distinct change in performance SAVE THESE INSTRUCTIONS Class A Statement Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense 1 Here are answers to some of your most frequently asked questions Q1 What s an IPv4 IPv6 Transformer A1 The Datatek Applications IPv4 IPv6 Transformer changes a legacy IPv4 only device into a dual stack
62. license Internet Protected Mode Off Figure 16 DHCPv6 client Screen Enable DHCPv6 client on network side interface This checkbox is selected to enable the Transformer to act as a DHCPv6 client Only exchange informational parameters This checkbox is selected to receive only the informational parameters that appear below That is 6 server is to serve IPv6 addresses as well as the informational parameters described below to the Transformer Send paid commit option This checkboxis selected for the Transformer to send DHCPv6 messages with the Rapid Commit option Request a list of Domain Name Servers This checkbox is selected for the Transformer to requesta list of DNS addresses from the DHCPv6 server Request a DNS search path This checkbox 15 selected to request a DNS search path by domain name from the DHCPV6 server Request a list of NTP server addresses This checkbox is selected to request a list of NTP server addresses from the DHCPV6 server Transformer DUID Change the DHCP Unique Identifier DUID ofthe Transformer to a DUID by which the DHCPV6 server knows the Transformer A default DUID is automatically created at boottime and displayed inthis field Device DUID Change the DHCP Unique Identifier DUID of the legacy IPv4 device to a DUID by which the DHCPv6 server knows the legacy device A default is automatically created at boottime and displayed inthis field
63. llowing control buttons are at the end of each row Add a new configuration Edit an existing configuration G9 Delete an existing configuration So x 24 co E NN 2 gt J Search More gt gt A yip Favorites mn skcdatatekcorp com System Manual d v Safetyv Toos webGUI Configuration mn skc datatekcorp com APPLICATIONS INC System General setup Set Date Time Interface setup Registration Address pool V Enable IPsec Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics System Manual IPsec Security Policies 11 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Figure 21 Manual IPsec Security Policies Screen Search SignIn fa E 7 Gl od v Page Safetyy Toos webGUI Config uration mn skc datatekcorp com emer ete System Manual IPsec Set Date Time Interface setup Registration Address pool Enable IPsec Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics LT Security Associations
64. m 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off 910 Figure 37 IPv4 Address pool Screen Address map Figure 38 Address map Screen displays the actual Transformer mapping table It shows how the IPv6 and IPv4 address are mapped as wellas the Type which can be acquired statically or dynamically ciis 6 transformerlocal Diagnostic e B http 192 168 11 26 diag_map php gt 4 x 9 Google ie Favorites 46 transformerocal Diagnostics Addressmap I d amp Pager Safety Tools e PM APPLICATIONS iw cista aer d System General setup Set Date Time Interface setup Registration 172 31 0 3 Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats p Diagnostics Address map Ping Backup Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights ed view e Done Internet Protected Mode Off 4g 100 Figure 38 Address map Screen Translation statistics Figure 39 Translation statistics Screen displays various Transformer statistics useful to the user Fm transformer local Diagnost
65. mer s GUI Q1 1 Why doesn t the Transformer s webGUI have a logout button A17 The Transformer uses HTTP authentication For every page you request from the Transformer your browser sends the username and password from its cache There is no reliable way to force the browser to forget the username and password and session managementto work around that would introduce potential security vulnerabilities so the Transformer does not provide a log out functionality To safely log out close your browser Your web browser may have a way to clear cached HTTP credentials Check your browser s documentation for further information 12 2 Overview Throughout this document the following definitions and conventions will be used Host side refers to the attachment point for the IPv4 legacy device This is the physical connection labeled IPv4 on the Transformer s front panel Network side refers to the IPv6 or IPv4 IPv6 dual network which is connected to a hub or router This is the physical connection labeled IPv6 on the Transformer s front panel How the Transformer Works The Transformer has two interfaces the host side and network side interfaces The legacy IPv4 device is connected to the Transformer on the host side IPv4 interface while the IPv6 network is connected on the network side IPv6 interface The Transformer receives IPv4 packets from the legacy IPv4 device through the IPv4 interface and translates them into IPv6 packets
66. n o ALALE System Diagnostics Factory defaults General setup Set Date Time If you click Yes the Transformer will be reset to factory defaults and will reboot immediately The Interface setup entire system configuration will be overwritten The LAN IP address will be reset to 172 31 0 1 the Registration system will NOT be configured as a DHCP server and the password will be set to mono Address pool Are you sure you want to proceed Static address map DHCPv6 client Yes DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph v Diagnostics Logs DHCP leases IPsec Address pool Address map Translation stats Network stats Ping Backup Restore Factory defaults Reboot system n 11 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off 43 v 910 Figure 44 Factory defaults Screen Reboot System The Reboot System form is used to rebootthe Transformer and apply any configuration changes made to the system transformer local Diagnostic lt e 4 http 192 168 11 26 reboot php v Google ov de v Pager Safetyy v p s Favorites transformer local Diagnostics Reboot System webGUI Configuration transformer local APPLICATIONS INC ig Diagnost
67. ng it more difficult for eavesdroppers and affording more privacy Prefer temporary addresses This is checked to give preference to temporary addresses over public addresses in source address selection when connections are initiated from the Transformer itself or from the host side legacy device Temporary address valid lifetime Enter the valid lifetime of the temporary address in seconds or leave blank for the default of 1 week Temporary address preferred lifetime Enter the preferred lifetime of the temporary address in seconds or leave blank for the default of 1 day 37 le http 192 168 11 26 ifconfig php System General setup Set Date Time Interface setup Host side Registration Address pool 172 31 0 2 116 Static address map IPv4 address of the IPv4 only device on the host side of Transformer DHCPv6 client DHCPv4 server 172 31 0 1 16 Static routes IPv4 address for Transformer s host side interface SNMP Server FTP Gateway Network side Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics System Interface setup 2005 2 64 IPv6 address for IPv4 only device on the network side of the Transformer 2005 26 64 address for Transformer s network side interface 192 168 11 222 1327 IPv4 address of the IPv4 only device the network side of the transformer 192 168 11 26 24 IPv4 address for Transf
68. nsport mode In tunnel mode an outer IP header comprised of the tunnel endpoints is pre pended to the original packet before AH or ESP processing is performed onthe entire original IP packet Therefore in tunnel mode IPsec processing covers both the original IP header and the payload In transport mode ESP encryption mainly covers the IP payload and AH integrity covers both the IP header and the payload Local tunnel This is the IP address ofthe local gateway or local tunnel endpointthat will appear in the outer IP header In the outbound direction this would be the tunnel source endpoint In the inbound direction this would be the tunnel destination endpoint This field is only active when the Mode is tunnel Remote Gateway This is the IP address ofthe remote gateway or remote tunnel endpoint that will appear inthe outer IP header In the outbound direction this would be the tunnel destination endpoint In the inbound direction this would be the tunnel source endpoint This field is only active when the Mode is tunnel Level This specifies how the SA is to be regarded required means an SA must exist or the packet will be discarded use means an SA is not mandatory but if an SA exists itwill be used unique means apply a specific SA that uniquely corresponds to this SP This one to one correspondence is established through the unique parameter Level is only active ifthis SP s Policy is to perform ipsec 57 Unique Number
69. nttent tette 19 FIGURE 6 REGISTRATION 24 FIGURE 7 UNREGISTERED TRANSFORMER 5 25 FIGURE 8 SYSTEM INFORMATION 5 eret tette tentent tente tereti 30 FIGURE 9 GENERAL SETUP SCREEN teet 3l FIGURE 10 SET DATE TIME 34 FIGURE 11 EXAMPLE NETWORK SETUP 36 FIGURE 12 INTERFACE SETUP SCREEN nette tette esee en ese coe 38 FIGURE 13 IPV4 ADDRESS 39 FIGURE 14 ADDING OR EDITING THE ADDRESS POOL SCREEN 40 FIGURE 15 STATIC IPV4 IPV6 ADDRESS MAP 41 FIGURE 16 DHCPV6 CLIENT 42 FIGURE 17 4 SERVER 44 FIGURE 18 STATIC ROUTES SCREEN 46 FIGURE 19 SNMP SERVER 48 FIGURE 20 FTP GATEWAY 50 FIGURE 21 MANUAL IPSEC SECURITY POLICIES 51 FIGURE 22 MANUAL IPSEC SECURITY ASSOCIATIONS SCREEN eere 52 FIGURE 23 MANUAL IPSEC SECURITY POLICY EDIT 5 54 FIGURE 24 MANUAL IPSEC SECURITY POLICY EDIT SCREEN CONTINUED 55 FIGURE 25 MANUAL IPSEC SECURITY POLICIES DISPLAY AFTER EDITING 59 FIGURE 26 MANUAL IPSEC SECURITY ASSOCIATION ED
70. ormer s network side interface Accept router advertisements Check to enable RFC4862 stateless address auto configuration Use temporary addresses Check to enable RFC3041 privacy extensions a k a temporary addresses Prefer temporary addresses Check to prefer temporary addresses to public addresses Time in seconds or leave blank for default of 1 week Time in seconds or leave blank for default of 1 day Figure 12 Interface Setup Screen Address pool The Address pool form displays the starting and ending addresses ofthe range of IPv4 addresses that are used to automatically map an IPv6 address in an IPv6 packet received from the network side to an IPv4 address so that the IPv6 packet can be translated to IPv4 and forwarded to the IPv4 legacy host The IPv4 Address Pool Screenis displayed in Figure 13 IPv4 Address Pool Screen transformer local System General setup Set Date Time Interface setup ae ass Registration 172 31 0 1 172 31 255 254 Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph Diagnostics 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off 100 Figure 13 IPv4 Address Pool Screen The following buttons are provided for editing the entr
71. ped to an IPv6 address A mapping may existif an IPv6 host on the network initiated a session with the IPv4 legacy host and the packet received from the network contained the IPv6 address of the remote IPv6 host as the source address This IPv6 source address would have been translated to an available IPv4 address from the Address pool before the packet could be forwarded to the legacy device The legacy device could then send a PTR record query for the IPv4 address from the address pool In this case the Transformer must translate the IPv4 PTR record query into an IPv6 PTR record query for the domain name of the IPv6 address to which the IPv4 address is mapped The IPv6 PTR record query is sent to the DNS Server The IPv6 PTR record response from the DNS Server contains a domain name that is then translated into an IPv4 response containing the same domain name unchanged is also possible for the Transformer to receive a PTR record query for an IPv4 address that is not bound to an IPv6 address In the case of Passthrough which is used for communication between two IPv4 hosts there is no IPv4 IPv6 binding The Transformer forwards a PTR record query from the legacy device for an unbound IPv4 address directly to the DNS Server The response is forwarded directly to the legacy device Configuration The DNS Server address is either manually configured on the General Setup form or may be served from a Server as specified onthe
72. r a given domain name A DNS reverse lookup requests the domain name for a given IP address Henceforth an A record query will referto a DNS lookup of an IPv4 address for a given domain name and an AAAA record query will refer to a lookup for an IPv6 address for a given domain name DNS Lookup or A AAAA record Query The Transformer receives A record queries from the IPv4 legacy device and translates them into AAAA record queries before forwarding them to the DNS Server The DNS Server either responds with an address or not If an IPv6 address is received in response the IPv6 address is mapped to an available IPv4 address from the IPv4 Address pool The AAAA record response is then translated into A record response containing the IPv4 address and forwarded to the legacy device To the IPv4 legacy device the IPv4 address looks as if it came from the DNS Server directly 16 If the DNS Server does not respond to the AAAA record query the Transformer tries to getan IPv4 address for the domain name by sending the DNS Server an A record query The A record response is then forwarded to the IPv4 legacy device without translation Reverse DNS Lookup or PTR record Query The DNS ALG also supports reverse lookups Henceforth Pointer PTR record will refer to reverse lookups that ask for the host and domain name of a given IP address If the Transformer receives a PTR record query for a given IPv4 address it checks if itis map
73. racter MvA abc3Z is valid c New passwords must not be reused from any of the previous ten passwords Automatic expiration of passwords is not supported at this time 4 Afterlogging in the Transformer s System Information screen below will appear b Guo http 172 31 12 113 index php Search More SignIn A General setup Set Date Time Interface setup Registration Address pool Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph transformer local Ld Page Safety v Tools v transformer Datatek IPv4 IPv6 Transformer Version 4 0 0 Disk 090111 3 made by tsun Build 080511 2 made by tsun DTX4260 VERSION 3 00 21 Thu Sep 1 16 22 39 UTC 2011 view graph 14 Figure 8 System information Screen General Setup The General setup form displays configurable information that applies to the entire Transformer as a whole rather than to a specific interface address or feature APPLICATIONS iw cM Configuration System General setup Set Date Time Interface setup Hastaame transformer Registration host name of the transformer without domain part Address pool e g Static address map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware admin
74. ransformer uses the legacy device s original IPv4 address on its network side port and the legacy device will use a private address that s only visible on the host side of the Transformer However if the legacy device is setup to get these parameters from a DHCP server the Transformer will automatically reconfigure the legacy device How hard is it to configure the Transformer The Transformer is shipped with a default configuration that provides basic capabilities for a typical device If this default configuration works for you no changes are required For more complex features and special network configuration the Transformer provides a secure web based graphical user interface GUI that s accessible from either the host or network side ports using either IPv4 or IPv6 In addition a serial console interface enables initial configuration when the LAN ports are unavailable Q7 Why shouldn t just upgrade the software on my legacy device to support IPv6 7 tf you can you should However this may be more difficult than it appears The software running on a legacy device typically consists of an operating system and several network applications Both the operating system and the network applications will need to be upgraded to support IPv6 Forolder systems upgrades for every component may not be available Even when upgrades are available the cost of the new software and additional costs to re test and re certify it ma
75. rface both have links to the registration page The registration page has three main fields 1 Product ID 2 Software version 3 Authorization code to be entered by the user The product ID and software version should be provided to Datatek and the authorization code obtained from Datatek should be entered into the Authorization code field The user must reboot upon successfully entering the Authorization code The reboot indicator is displayed on most web pages and the not registered indicator is removed Setting the unit back to the factory defaults will remove the authorization code Warning newone vill need to be obtained from Datatek To obtain an Authorization Code you may contact Datatek at Datatek Applications Inc 379 Campus Drive Suite 100 Somerset NJ 08873 Phone 732 667 1080 Fax 732 667 1091 www datatekcorp com ipv6support datatekcorp com Figure 6 Registration Screen displays the Transformer Product ID and Software Versionand a field where the user must enter the Registration Code 2 locals ystem E http 192 168 11 26 register php J search More SignIn dh v Pagev Safetyy Qv WebGUI Configuration System Transformer Registration eae Transformer Product ID amp 58LPK 18ND4 W3AZV QG231 4 0 0 Interface setup Ene 0 Registration Send this product ID and software version to Datatek Applications Ad
76. rt to the IPv6 network Connectthe console portto an ASCII terminal PC com port with terminal emulator or via a console access device Terminal settings are 9600 baud 8 bit no parity one 1 stop bit GN1 The console cable used should be a cross over db9 pin null modem cable See Appendix A for the crossover connector pinout diagram The console port is used for initial configuration ofthe Transformer It s possible to do the initial configuration using the IPv4 port provided that the factory default IP address assigned to the port works for you Power up the Transformer and monitor booting from the console You may safely ignore traces during the boot process The following is what the user will typically see during the boot process kernel text 0x4c70d8 data 0x50714 0x5b47c Loading mfsroot 6000000 0107 0280 00 00 00 00000000 00000000 Booting B 0020 02000000 0107 0290 00 3F 00 0000E101 A0000000 10 Trying to mount root from ufs dev md0a Found configuration on ad0 Initializing timezone done Initializing PC cards failed probably no PC card controller present Configuring firewall done Configuring LAN interface done Configuring WAN interface done Starting syslog sservice 151 link state changed to DOWN done Starting webGUI done Starting DNS forwarder done Starting DHCP service done Starting NTP client done Initializing SSH start
77. sed to protectthe IP payload Each algorithm must use a key of a specific length Encryption Password This is the key the encryption algorithm uses to provide confidentiality The mandatory length of each key is determined by the encryption algorithm The encryption key can be entered as an ASCII character string in double quotes or as hexadecimal sequence starting with Ox If the key is entered as an ASCII string each character is treated as an 8 bit quantity E g 12345678 is a 64 bitkey equivalent to 0x3132333435363738 Encryption Algorithm Key Length bits aes cbc 128 192 256 aes ctt 160 224 288 61 aes ctr is not recommended for use wth static keys Only use aes ctr if IKE Internet Key Exchange is used for establishing keys Warning Hash Algorithm This is the authentication algorithm used to calculate the authentication data field applied across the encrypted payload Each algorithm must use a key of a specific length Hash Password This password or key is used by the authentication algorithm to provide authentication and integrity The authentication key can be entered as an ASCII character string in double quotes or as hexadecimal sequence starting with Ox If the key is entered as an ASCII string each character is treated as an 8 bit quantity E g 12345678 is a 64 bit key equivalent to 0x3132333435363738 Authentication Algorithm Key Length bits 128 hmac md5 Security Paramet
78. ss map DHCPv6 client DHCPv4 server Static routes SNMP Server FTP Gateway Manual IPsec Firmware Status System Interfaces Traffic graph gt Diagnostics tatek Applications Inc All rights reserved view license Internet Protected Mode Off 100 Figure 15 Static IPv4 IPv6 Address Map Screen Adda static binding between an IPv4 and IPv6 address to the table Edit an existing static binding Delete an existing static binding 000 client The Transformer can be enabled to act as client to some server on the network side The DHCPve client Screen is displayed in Figure 16 DHCPV6 client Screen System DH Window 2 http 192 168 11 26 services_ webGUI Configuration transformer loca APPLICATIONS INC System DHCPv6 client General setup Set Date Time Interface setup Registration Address pool Only exchange informational parameters Static address map DHCPv6 client Send rapid commit option DHCPv4 server Static routes Request a list of Domain Name Servers SNMP Server FTP Gateway Request a DNS search path Manual IPsec Firmware Request a list of NTP server addresses Status System 0001000115c1a200000024cb5284 Interfaces Traffic graph 0001000115cbe01d000024cb5285 gt Diagnostics 11 Datatek Applications Inc All rights reserved view
79. t s for a refund Software License You may only install and use one copy of the SOFTWARE on one computer unless otherwise licensed by Manufacturer Notwithstanding the foregoing and except as otherwise provided below any number of Devices may access or otherwise utilize the services of the SOFTWARE You may not reverse engineer decompile or disassemble the SOFTWARE except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation You may not rent lease or lend the SOFTWARE in any manner You may permanently transfer all of your rights under this LICENSE provided you retain no copies you transfer all of the SOFTWARE including all component parts the media and printed materials any upgrades this LICENSE and if applicable the Certificate s of Authenticity and the recipient agrees to the terms of this LICENSE If the SOFTWARE is an upgrade any transfer must also include all prior versions of the SOFTWARE Without prejudice to any other rights Manufacturer may terminate this LICENSE if you fail to comply with the terms and conditions of this LICENSE In such event you must destroy all copies of the SOFTWARE and all of its component parts Intellectual Property Rights The SOFTWARE is licensed not sold to you The SOFTWARE is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties You may not copy the printed ma
80. terials accompanying the SOFTWARE All title and intellectual property rights in and to the content which may be accessed through use of the SOFTWARE is the property of the respective content owner and may be protected by applicable copyright other intellectual property laws and treaties This LICENSE grants you no rights to use such content rights not expressly granted under this LICENSE are reserved Manufacturer and its licensors if any Software Support SOFTWARE support is provided by Manufacturer or its affiliates or subsidiaries separate from the computer on which it may be installed SOFTWARE support is limited to the warranty period stated below unless either a separate maintenance contract has been consummated between you and the manufacturer or the manufacturer has agreed in writing at the time of purchase by you of the software to an extension of the warranty Should you have any questions concerning this LICENSE or if you desire to contact Manufacturer for any other reason please refer to the address provided in the documentation for the SOFTWARE Export Restrictions You agree that you will not export or re export the SOFTWARE to any country person or entity subject to U S export restrictions You specifically agree not to export or re export the SOFTWARE 1 to any country to which the U S has embargoed or restricted the export of goods setvices which as of March 1998 include but are not necessarily l
81. the Transformer a host side interface and a network side interface Host side Device IPv4 address This is the IPv4 address ofthe legacy device Transformer IPv4 address This is the IPv4 address ofthe Transformer s host side interface Network side Device IPv6 address This is the IPv6 proxy address ofthe legacy device This IPv6 proxy address is bound to the IPv4 address ofthe legacy device In translating IPv4 packets from the legacy device the IPv4 device address is translated to the IPv6 proxy address Transformer IPv6 address This is the IPv6 address ofthe Transformer This is one ofthe addresses to which the web browser may connect in order to talk to the Transformer s web server other address the web browser may use is the Transformer IPv4 address Device IPv4 address This is an IPv4 address for the legacy device that appears onthe network side interface Nodes on the network side that wishto talk to the legacy device must use this address This IPv6 proxy address is bound to the IPv4 address of the legacy device In translating IPv4 packets from the legacy device the IPv4 device address is translated to the IPv6 proxy address 35 Transformer IPv4 address This is the IPv4 address ofthe Transformer on the network side interface This is one of the addresses to which the web browser may connect in order to talk to the Transformer s web server The other address the web browser may use is the IPv4
82. tion sse 43 Request a list of Domain Name Servers 43 Request a DNS search 2 2 43 Request a list of NTP server 43 Transfomner 43 Device DUID ioo iioii eb En bb to ea tam eR a E nip ue 43 Enable DHCP server on host side 45 MEE 45 45 Available addresses 45 lU IE 5 AMNEM 45 Default lease 45 Enable 52 PATIO E 22 MENTI 55 55 Direction 56 Higher Layer PHONO CON 56 56 IPsec Proto Ol nananana 57 E E 27 Local E E E ORES 57 hemole Galway ose o a e E Pe a RC a AR anf 37 NM PRAEC 27 Unique 58 DSS TINT 58 nu 58 Disabil
83. to send out the network side interface It receives IPv6 packets from the network side interface and translates them into IPv4 packets and sends them out the host side interface The Transformer uses a mapping table that contains bindings between an IPv4 address and an IPv6 address The binding betweenthe legacy IPv4 address and its proxy IPv6 address is automatic Other bindings are either configured manually using the Static address map form or created dynamically by the Transformer when it selects an available IPv4 address from the IPv4 address pool that was configured on the Address pool form The Transformer has IPv4 and IPv6 addresses assigned to represent itself to the world for management purposes butthe Transformer also establishes public IPv4 and IPv6 addresses to represent the host s private IPv4 address When the IPv4 host tries to talk to an IPv4 address onthe network side the Transformer maps their private IPv4 address to the public IPv4 address onthe Transformer which is then routed to the network IPv4 address and a sessionis established When the IPv4 host tries to talk to an IPv6 address their private IPv4 address is mapped to the public IPv6 address onthe Transformer and protocol translation from IPv4 to IPv6 is performed This message is then routed to the network IPv6 address If the IPv4 host tries to connect via name the DNS returns an AAAA record if there is an associated IPv6 address for that name and then the Transformer will
84. up Restore Factory defaults Reboot system 2005 2011 Datatek Applications Inc All rights reserved view license Internet Protected Mode Off Q10 Figure 42 Backup restore Configuration Screen Password and SSHFiles The Password and SSHFiles tab is selected to backup the password files used by Secure Shell SSH to the host that is running the web browser or restore them from the web browser host to the Transformer L transformer local Diagnostic mss x 28 Googie p dir Favorites 6 transformer local Diagnostics Backup restore if B U d Pager Q7 4 e h http 192 168 11 26 disg backup passwds php WebGUI Configuration transformer local APPLICATIONS INC a Diagnostics Backup restore General setup Set Date Time 9 77 Password and SSH Files Backup password files and SSH host keys Interface setup Registration Address pool Static address map Click this button to download the system s password files and Secure Shell host keys DHCPv6 client to another host DHCPv4 server Static routes Download password and SSH files SNMP Server PEE iat Rest d files and SSH host k Manual IPsec estore passwort es 05 5 Firmware Select the password and SSH host key files and the button below to restore them Status to the Transformer System Note Interfaces A re
85. ures 4 and 5 LNK ACT LNKACT LNKACT LNKACT LNK ACT LNKACT LNKACT LNKACT 1 44 Transformer di TF 31 AUX6 5 AUX4 AUX3 AUX2 AUXI IPv4 6 CONSOLE RESET Feature Description 1 LEDs Green power LED Red alarm LED 2 Reset Button Button used to rebootthe unit 3 Serial Console 9 pinserial console interface 4 IPv6 Port LAN port supports 10 BASE T or 100 BASE T 5 IPv4 Port LAN port supports 10 BASE T or 100 BASE T 6 N A Reserved for Future Use Figure 4 Transformer Front View 100 120 200 240 2 0 1 0A 60 501 Feature Description 1 Power Switch Powers the Transformer off on 2 Power AC power receptacle Figure 5 Transformer Rear View 19 Transformer Setup The Transformer must be setup and minimally configured in order to use a web browser to completely configure the Transformer To setup the Transformer Unpack the Transformer and its power cable Connectthe Transformer s IPv4 portto the IPv4 device with standard Ethernet cables for example Cat5 If there is no hub betweenthe Transformer s IPv4 port and the IPv4 device use a cross over cable to directly connect the Transformer s IPv4 portto the IPv4 device Connectthe Transformer s IPv6 Network portto the IPv6 network with standard Ethernet cables for example Cat 5 If there is no hub between the Transformer s IPv6 port and the router use a cross over cable to directly connect the Transformer s IPv6 Network po
86. y be prohibitive In these cases the Transformer is a cost effective solution Q8 How many legacy devices can a Transformer support Just one and here s why There many approaches to IPv4 IPv6 translation but most create more problems than they solve This is particularly true of translators that operate inthe center of network that try to serve many hosts In fact they are so problematic that the IETF has published an RFC devoted entirely to enumerating their faults and discouraging their use Datatek s IPv4 IPv6 Transformer avoids these pitfalls by operating at the edge of the network and devoting itself to a single legacy device 10 Q9 I use a Transformer can my legacy device still use IPv4 to communicate with other legacy devices on the network that don t have Transformers A9 Yes of course The Transformer adds IPv6 capability to a legacy device that only supports IPv4 It doesn t remove the legacy device s IPv4 capability Q10 can I put a Transformer between two routers A10 No that s not supported Q11 My legacy device gets its IP address from a DHCP server Will this still work with a Transformer A11 Yes the Transformer can act as a DHCP server to the legacy device Q12 My legacy device connects to hosts by using domain names not IP addresses Can it still do this 12 The Transformer has DNS ALG Application Layer Gateway that will forward your legacy device s queries for an IPv4
Download Pdf Manuals
Related Search