TRANSITION SRA-MAP Secure Remote Access User Guide
- June 6, 2024
- TRANSITION
Table of Contents
**Secure Remote Access (SRA)
**
Quick Start Guide
Note: See the related manuals for important Ordering, Features,
Specifications, Applications, Back Panels, LEDs, Unpacking, Package Contents,
Power Supply, Setup, Network Config, System Requirements, Product Views,
Troubleshooting, Labeling, Regulatory Agency, Safety, Cautions and Warnings,
and Warranty information.
Introduction
The Transition Networks Secure Remote Access (SRA) solution creates a secure
tunnel to provide a bidirectional communication channel from a Network
Operations Center (NOC) to a Remote Site. The solution generally does not
require configuration changes to the Remote Site Firewall. The Remote Access
Device (RAD) is located at a Remote Site and initiates a connection with the
Management Access Portal (MAP) located at the NOC or Host Site. Once the
tunnel is established, the Network Administrator at the NOC can connect via
VPN over the tunnel to devices in the same network as the Remote Access
Device, or via Port Forwarding to any device, the RAD can address. Note: When
using VPN mode, IP addresses at the Remote Site and NOC or Host Site cannot
overlap (i.e., must be on different sub-networks).
Package Contents
Verify you have received one SRA-RAD-01 or one SRA-MAP-01, one Doc postcard,
one Power Supply per device, this document, and one Bag with screws, rubber
plugs, and rubber feet. One CABLE-SRA-NMC (USB to DB9F Serial Null Modem
Cable) may be included as an optional accessory.
Power Supplies
SRA power supplies include 25168 for North America, 25183 for United Kingdom,
and 25184 for Europe.
System Requirements
SRA devices must have one interface with a gateway that allows Internet
access.
You must have OpenVPN (Windows) client installed when using the VPN solution
for the remote site; not necessary for Port Forwarding. Note that some Windows
versions allow just one active VPN client connection at a time.
- When using VPN mode, the IP subnet for the LAN1 interface on the MAP cannot overlap with the IP subnet being forwarded by any of its RADs.
- External IP (Internet-facing IP) address with available port 443.
- IP address(es) for the MAP within your network topology.
- Network setup details of remote sites.
- A null modem cable with a female DB9 connector, such as the CABLE-SRA-NMC available through Transition
- Networks if using CLI to program units.
MAP Configuration Requirements
- MAP users” refers to users at headquarters/Network Operations Center (NOC) using SRA to access devices at remote sites. MAP requirements:
- The MAP requires Internet-accessible port 443 available: o this will likely be forwarded from the firewall and it doesn’t matter which interface is given port 443;
- the interface receiving 443 should have a gateway providing Internet access.
- MAP users will access the Web UI via the LAN1 interface.
- The MAP must have Internet access to communicate with the RADs; so one interface must have a gateway assigned statically or via DHCP.
- If both interfaces are in use, make sure only one has a gateway assigned.
The simplest configuration would be to disable WAN1, statically assign an IP
address with gateway on LAN1 and forward port 443 from an external IP Address
on your firewall to this IP address. DHCP can be used on LAN1 but it is
expected that the IP Address does not change; configure your DHCP server to
hand out a specific IP address to the LAN1 port.
If the MAP is to be on separate (tiered) networks, the WAN1 interface can be
configured with DHCP, configuring the DHCP server to hand out a specific IP
address to the WAN1 interface, or with a static IP Address and gateway while
the LAN1 interface is given an IP address on the separate MAP users network.
In this scenario, port 443 would be forwarded from the firewall to WAN1. Make
sure that if the MAP is behind a firewall that port 443 from the External IP
Address is forwarded to one of the interfaces on the MAP.
RAD Configuration Requirements
The RAD requires 1) Internet access and 2) access to devices/networks that MAP
users want to manage. Most RAD networks are a single (flat) network with DHCP
servers available. For Port Forwarding, the simplest configuration is the
default: WAN1 connected to this flat network, LAN1 not used. The RAD will use
WAN1 both for internet access and to connect to the devices the MAP users must
manage.
For VPN, WAN1 would be connected to the network with Internet access, likely
using DHCP (the default setting on WAN1) or configured with an IP Address and
gateway. For VPN, LAN1 would be configured for the separate network that is to
be accessed by the MAP users.
Note that a RAD ID can include spaces and that disconnected RADs can be
removed (RED status). A RAD ID can be modified while connected to the MAP. On
the MAP, duplicate RAD IDs can exist; avoid this if possible. If multiple RADs
are created with the same RAD ID, disconnect the matching ones and then delete
all from the MAP. While disconnected, the RAD IDs should be changed so they
are unique.
Overall View Note: see the Configuration Examples section in the Web User
Guide manual.
Setup Caution: To avoid arcing on the DC jack, plug in the DC jack first,
then plug the AC adapter into mains.
Power Supplies: The available power supplies for SRA include 25168 North
America Power Supply, 25183 UK Power Supply, and 25184 Europe Power Supply.
The 25168 power supply for North America, 25183 for the UK, and 25184 for
Europe are the same except for the connector and housing. Compliance labeling
varies by market.
Use Serial port settings Baud Rate: 115200, Data Bits: 8, Parity: None, Stop
Bits: 1, HW Flow Control: None, and SW Flow Control=No as console port
settings. You cannot use the serial cable to update the firmware. When
connecting to the serial port on SRA units, use a null modem cable with a
female DB9 connector, such as the CABLE-SRA-NMC available through Transition
Networks.
MAP Setup
- Connect Cat5/6 cable from PC to LAN1 port on MAP.
- Open a web browser and go to 192.168.1.10.
- Login using default username/password: admin/admin.
- Go to MAP Configuration Tab and fill in MAP ID, Internet Facing IP, and Ext Port. Click Apply.
- Go to the Network Configuration tab.
- Fill in the network configuration information. Click Apply.
- Change PC IP address to work with new MAP IP address.
- Log back into the MAP.
- Go to the Network Info tab and verify network information is correct.
RAD Setup
- Connect Cat5/6 cable from PC to LAN1 port on RAD.
- Open a web browser and go to 192.168.1.10.
- Login using default username/password: admin/admin.
- Go to the Network Configuration tab.
- Fill in the network configuration information. Click Apply.
- Change the PC IP address to work with the new RAD IP address.
- Log back into the RAD.
- Go to the Network Info tab and verify network information is correct.
- Go to the Configurations tab assign a Site ID and select Update ID.
- Go to the Configurations tab and select Configure VPN.
- Fill in Mgmt IP, Client IP, and Client count. (Note: Leave VPN Mode as “Disabled”.)
- Select Save VPN Config.
- Go to the Configurations tab and select Add MAP.
- Fill in Internet-facing IP, External Port, set Mode to VPN, set Status to Enabled in the order shown below.
- Select Save MAP Config. You will now lose connection to the RAD unit.
- Connect WAN1 and LAN1 into the 192.168.2.0/24 network at the remote site.
Back Panels
CONSOLE : DB-9 connector for Command Line Interface (CLI) operation.
WAN1: RJ-45 connector for IP connectivity.
LAN1: : RJ-45 connector for IP connectivity.
LAN2: : RJ-45 connector; currently not used (SRA-MAP only).
PROG1: RJ-45 connector; currently not used (SRA-MAP only).
USB: USB connector for firmware upgrades.
12VDC: Power connection to DC power supply.
Front Panel
The front panel has three green LEDs (labeled PWR, 1, and 2) and a RESET
button (not used).
RAD LED Descriptions
PWR: Power; continuously lit means RAD power is good.
LED 1: currently not used; always off.
LED 2: currently not used; always off.
MAP LED Descriptions
PWR: Power; continuously lit means MAP power is good.
LED 1: currently not used; always off.
LED 2: currently not used; always off.
Basic Troubleshooting:
- Verify Ordering Information.
- Verify Features are supported.
- Verify Specifications.
- Check Front Panel LEDs.
- Verify System Requirements.
- Review Setup.
- Record Device and System Information.
- Contact Transition Networks Technical Support.
CLI Troubleshooting: The most common mistake is not using a null-modem cable: if you have a multimeter, check that the pins 2 and 3 are crossed. Do NOT use gender changers! The recommended terminal emulation program for any platform is PuTTY. See the PuTTY download site. Use Serial port settings Speed: 115200, Parity: None, Data bits: 8, Stop bits: 1, HW Flow Control: No, and SW Flow Control: No as console port settings. Do not use the serial cable to update the firmware. Use a null modem cable with a female DB9 connector, such as the CABLE-SRA-NMC available through Transition Networks.
For More Information: For Transition Networks Drivers, Firmware, etc. go to the Product Support webpage (logon required). For Transition Networks Manuals, Brochures, Data Sheets, etc. go to the Support Library (no logon required). Related Manuals: SRA Install Guide 33838, Web User Guide 33795, CLI Reference 33839, and Release Notes.
Contact Us:
Transition Networks
10900 Red Circle Drive, Minnetonka, MN 55343 USA
tel: +1.952.941.7600
toll free: 1.800.526.9267
sales@transition.com
techsupport@transition.com
customerservice@transition.com
Trademark notice:
All trademarks and registered trademarks are the property of their respective
owners. Copyright restrictions: © 2021 Transition Networks. All rights
reserved. No part of this work may be reproduced or used in any form or by any
means – graphic, electronic, or mechanical – without written permission from
Transition Networks.
https://www.transition.com
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>