VPN Internet Gateway User`s Manual
Contents
1. AdministratiorSettings The Administration Settings section allows you to configure the device s Password settings System Administration System Log System Parameters UPnP and TCP session EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM repairs Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu DHCP SERVER ADMINISTRATION SETTINGS SETTINGS PASSWORD SETTINGS VIRTUAL SERVER The new password will be used to authenticate the user when SETTINGS configuring the device ROUTING New Password p SETTINGS Retype Password er FILTER SETTINGS SYSTEM ADMINISTRATION ADMINISTRATION HTTP Port No so SETTINGS T Allow remote user to configure the device DYNAMIC DNS Remote administration host IP Address lo T lo lo o fo URL FILTER SETTINGS T Allow remote user to ping the device FPEF SYSTEM LOG ALERT I Enable System Log Function Logout Log server IP address i I Enable Detail Debug IPSec Log MISCELLANEOUS V Force to reconnect PPPoE if packets can not Send Receive from PPPoE connection SYSTEM PARAMETERS T Enable TCP MTU Adjustment Function MTU Setting fi 500 TCP SESSION Telnet SSH Session Timeout aso Min 13600 Other TCP Session Timeout eo Min 1 60 UPnP T Enable UPnP Function NOTE 1 Please click Submit to enter inputted data NOTE 2 This function will enable the system log daemon to log all the system in2. Parameter Description User name Password Idle Time PPTP Client IP Connection ID Connection Type Dynamic Fixed Enter the user name of your ISP account Enter the password of your ISP account Optional You do not have to configure this section It depends on the users need s If the Internet connection has been idle for a certain period of time the Idle Time selected the Idle Time function will automatically disconnect the Internet connection Enter the PPTP client IP address Provided by your ISP Input this ID information only if your ISP has given you one Select ONE of the following Always Connect The VPN Internet Gateway will always connect with your ISP If this is the case the Idle Timefunction is unavailable Trigger on Demand Once the VPN Internet Gateway detects any packets want to get to Internet the VPN Internet Gateway will connect with your ISP automatically Manual You can manually disconnect connect with your ISP for the WAN port Cable xDSL If this is the case you have to go to the DEVICE STATUS page and click Connect button to establish the connection or click the Disconnect button to disconnect the connection Select ONE Dynamic If your ISP will automatically assign you an IP address 18 Fixed If your ISP has given you a fixed IP address already then enter that IP address in the IP_assigned by your ISP box Also enter the subnet mask provided by ISP
3. Parameter Description Hourly The router will send an alert once every hour to the E Mail specified above Daily The router will send an alert once a day to the E Mail specified above You can specify the exact time from the drop down menu When log is full The router will send an alert to the E Mail specified above only when the log is full NOTE Click the SUBMIT button to input save the configuration into the Gateway Save amp Restart Save amp Restartlets you save the inputted settings to the VPN Internet Gateway and then restarts reboots the device When you have finished making all the changes on the various pages above on chapter 5 please click Save amp Restarto save the settings and to restart the device If you would like to configure the setting s again click on a function see screen below this will link you to that particular functions configuration screen After the device restarts reboots the device will function according to the saved settings EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM rom Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS You have successfully submitted the settings to the device Ke DHCP Server Settings Ke Virtual Server Settings You can configure the device to function as a DHCP You can configure your private LAN servers to be server for the workstations on the LAN accessible from Internet
4. Serial WAN Status Power 8 C LED LED Status Description LAN 1 4 Link Act Off Green Blinking Green Serial Off Green LED will NOT Light if there is no connection Green LED will LIGHT when a connection has been established Green LED will BLINK if packets are been transmitted or received Green LED will NOT Light if there is no connection 7 LED LED Status Description Green Green LED will LIGHT when a link has been established WAN Off Green LED will NOT Light when a link has not been established Green Green LED will LIGHT when a link has been established STATUS Blinking Orange Orange LED will BLINK when the device is booting up or upgrading a firmware POWER Off NO Power RED Red LED will LIGHT if the Gateway is receiving power HardwarelnstallationSetup The diagram below shows how the VPN Internet Gateway is typically setup VPN Internet Gateway ADSL Cable Modem Server Host Clients VPN connection ees E zm through Dial Up Modem the Internet Internet Backup When you setup the hardware installation please note the following Make sure that the power supply outlet voltage is compatible with the power adapters of your PCs Cable xDSL modem and the VPN Internet Gateway For the VPN Internet Gateway only use the power adapter that comes with it Connect a network cable from your PC s Ethernet port to one of the LAN port
5. TIME ZONE ee 1 Select the ISP Settings List below DEVICE IP n 8 LINES Static IP Settings DI ech IP assigned by your ISP 211 20 45 es ISP ADDITIONAL SETTINGS IP Subnet Mask 255 255 255 o MODEM SETTINGS ISP Gateway Address 211 20 45 81 VPN SETTINGS 2 Click Next to send your request to the Cable xDSL Broadband Router Logout Copyright 2003 Step 8 3 PPPoE Settings Select PPPoE Settings if your ISP requires the PPPoE protocol to establish an Internet connection You will have to enter the following information Parameter Description User name Enter the user name of your ISP account Password Enter the password of your ISP account Retype password Enter the password of your ISP account again to re confirm Connection Type Select ONE of the following Always Connect The VPN Internet Gateway will always connect with your ISP If this is the case the Idle Timefunction is unavailable 16 Parameter Description Trigger on Demand Once the VPN Internet Gateway detects any out going packets the VPN Internet Gateway will connect with your ISP automatically Manual You can manually disconnect connect with your ISP for the WAN port Cable xDSL If this is the case you have to go to the DEVICE STATUS page and click Connect button to establish the connection or click Disconnect button to disconnect the connection Dynamic Fixed Select ONE of the following Dynam
6. linked to the remote network Destination IP address Adda Static Routingsetting Click the Add button to add the configuration into the Static Routing table Delete a Static Routingsetting Check the Static Routing table s Del box and click the DEL button to delete a configuration Dynamic routing settings Allows the VPN Internet Gateway to route IP packets to another network automatically dynamically The RIP protocol is used to do the dynamic routing RIP communicates routing 46 information with other routers periodically SEND Optional choose the routing protocol routing information that you wish to transmit to other routers on your network RECEIVE Optional choose the routing protocol routing information that you wish to receive from other routers on your network NOTE Click the SUBMIT button to input save the configuration into the Gateway Filter Settings The Filter Settings is divided into LAN Filter Settingsand WAN Filter Settings EtherR outer Coble Zsfat Broadband VPM Bouter HELP WEH nterne DEVIE DEVICE SETE PEN aert Gaira InN DRAMATI DH STATO KE Pn Dn ds LAA FILTER BETTIS Back kw F Lan able Filter Enabled De auht LAM Sxia Fiter Ze Block Pare Lisi Filter Entry ZS Block O Part Protocole A F Add Range From ER E Ta L Dpszpaton Port Range z A eme een LAM Side Fiker Table MOTE Fierio click Submi
7. 001091045450 44 DHCP LOG fat MACO E SS gt o DHCP Log MA address Lease Time 142 168 22 DHCP IY OEIC AZA 2Day 238 55Mn Update DONS Logout Coppraght F004 Parameter Description WAN Ethernet Shows the Devices WAN _ information Cable xDSL shows whether the Internet connection is active or inactive Connected by DHCP shows the WAN connection type e g DHCP Static PPPoE PPTP or Telstra ISP s Gateway IP address device s WAN IP address device s Netmask and the DNS IP address that the VPN Internet Gateway is using 36 Parameter Description Release Disconnectand Renew Connect Modem Dialup Hang Up and Dial Up Device IP VPN Status You can manually disconnect connect with your ISP for the WAN port Cable xDSL Click the Release Disconnectpbutton the VPN Internet Gateway will disconnect with the ISP Click the Renew Connect button the VPN Internet Gateway will connect with the ISP The modem asynchronous port can be used as a backup Internet connection dialup for the Cable xDSL connection or as an Internet access connection If the current connection is via the backup modem it will show Modem Active otherwise it will show Not Activ You can manually disconnect connect with your ISP for the asynchronous port Dial Up ISDN TA Ifthe Modem Dialupshows Modem Active clicking on the Hang Up button will DISCONNECT the asynchronous port s Internet
8. 6 Help chapter 7 34 Chapter 3 Device Information The Device informatiorsection displays the VPN Internet Gateway s network and firmware information EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Leip Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Mammenu CABLE XDSL BROADBAND YPN ROUTER INFORMATION Device Name EA3104VPN IP Address 192 168 2 1 Private LAN Mac Address 00 03 04 54 56 46 Public WAN Cable xDSL Mac Address 00 03 04 54 56 47 Firmware Version FO 01 2003 03 20 Logout Copyright 2003 Parameters Description Device Name Displays the name of the VPN Internet Gateway IP Address Displays the IP address of the VPN Internet Gateway Private LAN MAC Address Displays the MAC address of the VPN Internet Gateway s LAN port Public WAN Cable XDSL Displays the MAC Address of the Internet Mac Address Gateway s WAN Ethernet port Firmware version Displays the VPN Internet Gateway s current Firmware Version and its release date 35 Chapter 4 Device Status Device status displays the current connection status of the VPN Internet Gateway EtherRouter Cable xb5sL Broadband VPM Router Melu DEVICE DEVICE HETUP ADVANCED FYETE HELP Galeway TFR TEO STATUS WIZARD SEIN TOOLS bal ena DEVICE STATUS WAN Ethernet Catlett Hei a Cate SL Medien Modem Dialup Modem Hoi Ave ODE BACHE Device IP Pond 108 21 AH WC
9. Click on Refresh to update the latest information 38 Click on Clear Log to clear the VPN log soft Internet E gt Sun 00 00 0 0 02 24 EA3104VPN IPsec ISAKMP received 00 00 0 0 02 24 EA3104VPN IKE Peer Initialized IKE Main Mode 00 00 0 0 02 24 EA3104VPN IKE 123 RX lt lt MM_ 11 211 20 45 85 00 00 0 0 02 24 EA3104VWPN IKE OAKLEY_PRESHARED_KEY OAKLEY_3DES_CBC MODP768 00 00 0 0 02 24 EA3104VPN IKE 123 TX gt gt MM_R1 211 20 45 85 DO 00 0 0 02 24 EA3104VPN IPsec ISAKMP received 00 00 0 0 02 24 EA3104VPN IKE 123 RX lt lt MM_I2 211 20 45 85 00 00 0 0 02 25 EA3104VPN IKE 123 TX gt gt MM_R2 211 20 45 85 00 0070 0 02 27 EA3104VPN IPsec ISAKMP received 00 00 0 0 02 27 EA3104VPN IKE 123 RX lt lt MM_I3 211 20 45 85 00 00 0 0 02 27 EA3104VPN IKE 123 TX gt gt MM_ R3 211 20 45 85 000000000 Refresh Clear Log Parameter Description Update DDNS Click the Update DDNS button to manually update the IP address of your domain name dynamic IP address for Gateway s WAN port Note DO NOT click the Update DDNS button too often Some ISP s may perceive this as an attack and may disable your account Warning Forcing update can cause ABUSE Are you sure you want to force the update Yes No EH 39 Chapter 5 Advanced Settings The Advanced settingssection is where you can configure all the major features and functions
10. SPI at the remote site other end of the VPN tunnel Enter the Outgoing SPI that the local VPN Gateway will use to identify this SA The outgoing SPI value must match the incoming SPI at the remote site other end of the VPN tunnel The VPN Internet Gateway supports six types of encryption algorithms Null DES AES 128 192 256 and 3DES Select an appropriate encryption algorithm The encryption algorithm must match the encryption algorithm in the remote device This string is used as the key to encrypt and decrypt the data transmitted This value must match the encryption key value in the remote device EN 12 Parameter Description Authentication Protocol The VPN Internet Gateway supports two authentication algorithms MD5 amp SHA 1 Select an appropriate authentication algorithm The authentication algorithm selected here must be the same as the one in the remote device Authentication Key This string is used as the key authentication This value must match the authentication key value in the remote device Note In Manual Mode you must fill in the Remote IP Remote IP Networkand Remote Gateway IP FQDN Remote GatewayIP FQDN field cannot be 0 0 0 0 See Appendix VPN example Step G Save amp Restart This is the final step of the Setup Wizard s 7 step by step procedure This step saves the settings you have made in the previous pages to the VPN Internet Gateway Click Save amp Restartto save
11. connection If the Modem Dialup shows Not Active by clicking on the Dial Up button the VPN Internet Gateway will ESTABLISH an Internet connection for the Gateway s asynchronous port Shows the Device s LAN IP address private LAN MAC address and public WAN MAC address This screen displays the current connection status of your VPN connection s The VPN connection status shows the following information 37 Status Active Inactive Connection Name name of the VPN connection Remote IP Virtual Network remote site s Network private network IP Interface Type encryption authentication State phase 1 phase2 TX pkts transmitted packets Rx pkts received packets UpTime how long the connection has been established Drop click the Drop button to disconnect the VPN connection 3 VPN Status Microsoft Intemet Explorer VPN STATUS IPSec Connection Status Connection Virtual Tx SS ur ms e ie ro ESP P1 M n WAN 3DES Estab o Active 123 211 20 45 85 0 0 0 0 0 Ethernet CBC P2 0 D D 0 1 25 Drop MDS Estab Parameter Description DHCP Log Displays the DHCP clients logged to the Gateway s DHCP server Click the DHCP Log button the screen will display the DHCP client s information DHCP client s IP address MAC address IP address lease time VPN Log This screen displays the VPN negotiation that occurred between the VPN Gateway and the remote devices
12. e Be familiar with the terminology and concepts of browsers This guide works under the assumption that you are proficient with the browsers you are using e Have met all the hardware and software requirements The Gateways Rear Panel The diagram below shows the VPN Internet Gateway s rear panel and is where all the hardware connections are made CIAO H WAN Serial Reset 4 Rear View Ports Description Power 12VDC The power port is where you plug the DC power adapter WAN The WAN 100M Ethernet port Supports auto crossover is where you connect your xDSL Cable modem Serial The Serial port is where you connect the 56K modem ISDN TA Reset If you want the device to have the factory default settings press the reset button and hold it for 5 6 seconds This will load the factory default settings into the device Please be careful Do not press the reset button unless you want to clear the currenodnfigurations Ports 4 There are four LAN ports on the rear panel supports auto crossover This is where you connect network devices such as PCs switches hubs print servers LAN servers or other network devices to the VPN Internet gateway The Gateway s FrontPanel LED Description On the routers front panel there are LED lights that inform you of the routers current status Below is an explanation of each LED and its function VPN Router LAN 1 2 3 4 LINK ACT e
13. for specific computer network clients MAC Address Enter the MAC address of the PC or server you wish to reserve an IP for IP Address Enter the IP address that you want to reserve for the above MAC address Addan IP addressReservationsetting Click the Add button to add the configuration into the IP address reservation table Delete an IP addressReservationsetting Check the IP address reservation table s Del box and click the DEL button to delete a configuration VirtualServer Settings Use the Virtual Server function when you want different servers clients in your LAN to handle different service Internet application types e g Email FTP Web server etc from the Internet Computers use numbers called port numbers to recognize a particular service Internet application type The Virtual Server allows you to re direct a particular service port number from the Internet WAN Port to a particular LAN private internal IP address 42 The Virtual server setting allow clients on the Internet to access certain services on your LAN via the Internet Use the Virtual Server function to access a Web FTP or a Telnet server etc on your LAN via the Internet The Port Range Mappingallows you to re direct a particular service port number from the Internet WAN Port to a particular LAN private internal IP address Ether Router AN Breodband WPH Beater VPH interne SCTUE ADY A rD oY Sore A di WT SES ETATU W
14. given you one Note Once you have filled in the above information click Next to proceed to the next step Proceed to step 9 Step D ISP Additional Settingsf this manual EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS HER Main menu S ISP SETTINGS Telstra Settings TIME ZONE en 1 Select the ISP Settings List below DEVICE IP MES Telstra Settings ISP SETTINGS User Name Jabc Password ecccccce ISP ADDITIONAL SETTINGS Retype Password ecccecce MODEM Default Domain SETTINGS 2 Click Next to send your request to the Cable xDSL Broadband Router lt Back Nor gt VPN SETTINGS SAVE amp RESTART Logout Copyright 2003 9 Step D ISP Additional Settings In this section you can input special settings required by certain ISPs You do not need to configure the entire section or any part of the section only the settings needed by your particular ISP if any If your ISP does not require any additional settings then please leave this section blank and proceed to the next step Parameter Description Your ISPs require If your ISP requires you to input a DNS you to manually setting then you must check this box to setupthe DNS settings enable this function and then enter the DNS address see DNS IP Address below 20 Parameter Description DNS IP Address Enter
15. homedns org orgdns org NOTES Please click Submit to enter inputted data Copyright 2003 If you would like to use the DDNS function you will have to register with a DDNS service provider and enter the following information provided by the DDNS service provider Parameter Description Use a dynamic DNS Click on this box to enable the DNS service function Service Server Select the DDNS service provider that you have registered with Host Name Enter the host name of your DDNS account User Name Enter the user name of your DDNS account Password Enter the password of your DDNS account Use wildcards If you use DYNDNS as your DDNS service provider you can enable the Use wildcardsfeature The wildcardsfeature any URL request that contain your domain name e g www router com as part of its URL domain name e g http broad router com request will be given your dynamic IP address NOTE Once you have filled in the above information click the SUBMIT button to input save the configuration into the Gateway URL FilterSettings The URL Filtersettings prevent users from accessing certain websites on the Internet The router can block sites based on specific words or letters Sites will be blocked if any of these words or letters is part of the website s name URL or newsgroup name 56 EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYS
16. in the P Netmask box Note Once you have filled in the above information click Next to proceed to the next step Proceed to step 9 Step D ISP Additional Settingsf this manual Logout Copyright 2003 Step 8 5 EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM vm Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu ISP SETTINGS PPTP Settings SETTINGS 1 Select the ISP Settings List below DEVICE IP S PPPS User Name Jabc Password ecccccce ISP ADDITIONAL Retype Password ecccccce Idle Time no idle timeout DI SETHNGS PPTP Client 1P 210 ke bh ha PPTP Server 1P Pm e bh Connetion ID Name Always Connect Trigger on Demand Manually Dynamic IP automatically assigned by your ISP Fixed Your ISP requires you to input IP address IP assignd by your ISP 61 i 217 fis IP Netmask 255 _ 255 255 2 Click Next to send your request to the Cable xDSL Broadband Router lt Back T Telstra Settings The TelstraSettingsis a service that applies to connections in Australia only You will have to enter the following Parameter Description User Name Password Enter the User Name Provided by the ISP Enter the Password Provided by the ISP Parameter Description Retype password Re Enter the password of your ISP account again to re confirm Default Domain Input the default domain if your ISP has
17. start establishing VPN connections Those who require a private and secure connection will find this device an easy and cost effective solution to a lease line connection The asynchronous port can be connected to a dial up modem or to an ISDN TA and provides you with a backup Internet connection should the Cable xDSL connection fail If there is no Cable xDSL service in your area the asynchronous port can also serve as your Internet access connection The VPN Internet Gateway provides a total solution for those SOHO Small Office and Home Office SMB Small and Medium size Businesses and ROBO Remote Office and Branch Office users who require a VPN and other sophisticated functions at a cost effective price Features e Supports Virtual Private Network VPN connections IPSec e Supports up to 32 IPSec tunnel connections e Supports VPN client software Safenet and SSH e Supports DES 3DES AES128 192 256 Encryption IP Encapsulating Security Payload ESP Authentication MD5 SHA 1 Shared Internet connection via any Cable or xDSL modem 4 Asynchronous port for backup or dial up Internet connection Supports up to 253 users Provides solid firewall protection for LAN clients computers Built in high speed 4 port 10 100 auto detection switch to connect to computers or to additional switches hubs Ethernet WAN port 10 100 Base T automatically detects the cable type Provides centralization of all network address setting
18. this function type the devices WAN IP address and the HTTP port No e g http 202 19 100 1 1023 into the browser of the specified remote administrator http lt WAN IP Address gt lt Port No Parameter Description SYSTEM LOG Miscellaneous System Parameter If the HTTP port number is NOT the default PORT No 80 then the LAN administrator must also enter the new port number specified in HTTP port Na in order to access the device s web based configuration e g Device LAN IP address with HTTP port no 1023 http 192 168 2 1 1023 Allow remote user to ping the devic you enable this function the device will respond to any pings it gets from the Internet If you disable this function the device will not respond to any ping requests The System Log function allows the administrator to assign an IP address to a server on which a log server is running When a particular event occurs the router will send a notification to the log server The log server can then present the log to the administrator Free log server can be downloaded from Internet such as Kiwis SysLog Daemon Some ISPs require you to force a PPPoE re connection when the Internet connection cannot send or receive packets The System Parameter allows you to set the MTU value Maximum Transmission Unit for your Internet connection If you would like to enable the MTU setting check the box The default MTU value is 1500 bytes S
19. 2003 Main Menu Description Intruder Detection Log Displays any possible Hacker attacks that may have occurred to the VPN Internet Gateway Display Routing Table Displays the device s current static routing configuration System Diagnostics Displays the device s current configuration and Diagnostics information Save Settings Allows you to save the devices current configuration to a file Load Settings Allows you to load the factory default settings or files of previously saved configurations into the device Upgrade Firmware Allows you to upgrade the latest firmware into the device Reset Device Allows you to restart reboot the device 60 System Tools IntruderDetectionLog The Intruder Detection log displays the possible hacker attacks that may have occurred to the VPN Internet Gateway Up to 32 hacker attacks may be logged listed Below is an explanation of the Intruder Detection log display EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE SETUP ADVANCED SYSTEM VI Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS La Main menu INTRUDER DETECTION LOG INTRUDER CETECITANLOS Index Time Protocol Source IP Port Dest IP Port Event RP 2003 03 25 TCP 192 168 100 121 192 168 100 112 TCP ROUTING TABLE phe Bie ey 1079 23 Intruder 2 2003 03 25 TCP 192 168 100 121 192 168 100 112 TCP DIAGNOSTICS 19 13 33 1079 23 Intruder Logout Copyright 2003 P
20. 5 System Tools Upgrade Firmware 65 System Tools Reset Device oooooocnoccnocnnoconnnoonconnnannnnnonnncn nono nonnn cono cnnocnn cnn reSt EVTEK non neon aran corn SENEO ssa Svs 66 CHAPTER 7 HEL Configuring Your PC to Obtain an IP automatically ooooonconnccnonococononanonnconocononononononac cono rn nora conncnnoos 67 Viewing Your PC Network Information oocoocnonononcnnnnonnnonononcnnnnnnnnononnnon noc no cono cnnconn cn neon nc cn nora nena ninos 68 Virtual Private Network VPN Examples cessceseceeseeencecesecesceceseeesaeeceeeseneeceeeecaaeceneessaeeeseeena 70 Chapter 1 Introduction This manual contains detail instructions on how to setup and operate the VPN Internet Gateway The VPN Internet Gateway provides an easy and cost effective way to communicate securely over a public network such as the Internet You can configure the VPN Internet Gateway to automatically encrypt all data transmitted to a particular site or sites over the Internet The VPN Internet Gateway can create a secure connection between two or more sites The VPN Internet Gateway is equipped with e A WAN Ethernet port connects to any Cable xDSL modem e 4LAN Ethernet ports connect to a PC client or a Hub switch etc e One asynchronous port connects to a dial up modem or an ISDN TA Connect any Cable xDSL modem to the VPN Internet Gateway to establish a high speed Internet connection Once an Internet connection is made you can
21. Adapter File and printer sharing for Microsoft Networks e Add Remove Properties Primary Network Logon Client for Microsoft Networks File and Print Sharing Description TCP IP is the protocol you use to connect to the Internet and wide area networks cancel 67 4 Click the Propertiesbutton then choose the IP ADDRESS tab Select Obtain an IP address automatically TCP IP Properties x Bindings Advanced NeBlos DNS Configuration Gateway WINS Configuration IP Address An IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below 5 Then select the DNS configurationab to add a DNS IP address If you do not wish to add a DNS IP address you can select the DisableDNS function Press OK You have completed the client settings 6 After clicking OK windows might ask you to restart the PC Click Yes TCP IP Properties 2 x Bindings Advanced NetBios DNS Configuration Gateway WINS Configuration IP Address Cancel Viewing Your PC s Networkinformation There are two tools for finding out a computers IP configuration MAC address and default gateway 68 WINIPCFG for windows 95 98 Inside the windows 95 98 Start button select Run and type winipcfg In the example below this compute
22. IP addresses Make sure the LAN Client is on the same subnet as this VPN Internet Gateway if you want this VPN Internet Gateway to be your LAN clients default gateway EtherRouter Ceble eOS5L Broadband VFN Router VF internet DEVICE PETTEE SETUP ADRSHEED SYSTEM Goleway THIF ORATION STATING WIZARD SETTINGS TOOLE REN DHCP SERVER SETTINGS VIRTUAL SERVER radio DHCP Server Functions SETTINGS apes IP Address Pool Range ROUTINE eer From 192 168 2 2 FILTER To 192 168 alie SETTINGS WINS Serwer Address ADMINISTRATION Primary SETMTINES Secondary DYHASDIE DHS SEMINGS IP Addiess Heservation wesen FF EE E FE BET A SETTINGS IP Addroas 190 168 2101 ADD Logout PT MAABEBCEDOEEFF 192 168 2 100 ES summer NOTE Please chock Submit to ever inputied data Parameter Description Enable DHCP By default the VPN Internet Gateways DHCP Server Functions server is enabled If you would like to disable the 41 Parameter Description DHCP server unclick the Enable DHCP Server Functions box marked red see screen above IP Address Pool Range The IP address pool contains the range of IP IP Address Reservation addresses that ill be used by the device s DHCP server to automatically assign IP addresses to your network clients The Default IP address range is From 192 168 2 2 to 192 168 2 100 The IP address reservation setting allows you to save fixed private IP address
23. M Bee Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu RESET DEVICE INTRUDER DEFEAT Resetting the device will restart it Please click on the START button to proceed DISPLAY ROUTING TABLE DIAGNOSTICS SAVE SETTINGS LOAD SETTINGS Wi 4 m z UPGRADE FIRMWARE RESET DEVICE Logout Copyright 2003 66 Chapter 7 Help On the Main Menu Tool bar click on the Help Menu if you seek further information about a certain function or if you would like to understand certain terminology used in the manual This section provides a list of frequently asked questions and terminology Appendix ConfiguringYourPC to Obtainan IP automatically If you do notwant to set a static IP address for your PC you will need to configure your PC to request an IP address from the Gateway 1 On your PC click the Start button select Settings then select Control Panel 2 Double click the Networklcon 3 In the configuratioriab select the TCP IP protocol lin hat is associated with your network card adapter H there is no TCP IP line listed you will need to first install the TCP IP protocol Network 2 x Configuration Identification Access Control The following network components are installed Y Microsoft Network Monitor Driver gt Dial Up Adapter Y Microsoft Network Monitor Driver gt PCI 10 100 Fast Ethe Y TCP IP gt Dial Up Adapter aya TCP IP gt PCI 10 100 Fast Ethernet
24. NGS SETTINGS Note External IP 0 0 0 0 means dynamically assigned IP VIRTUAL SERVER SETTINGS Port Range Mapping ROUTING External IP External Port Range lo lo fo fo fi 65535 SETTINGS Internal IP ADMINISTRATION fis2 168 E r D SETTINGS C Port Redirection DYNAMIC DNS SEINES External IP External Port URL FILTER E MAIL Internal IP Internal Port ALERT IT Logout DefExternal IPJExternal Port Internal IP Internal Port NOTE Please click Submit to enter inputted data Copyright 2003 RoutingSettings The Static routing settingalllow the VPN Internet Gateway to route IP packets to another network subnet The routing table stores the routing information so that the VPN Internet Gateway knows where to redirect the IP packets 45 EtherRouter Cable ebSL Brsadband VEN Reuter VE Internet EW DCE DET ADTA ED EVETER Gateway IMMA ATER OCH WI A Pad DL LECE Fiolet minra ROUTING TABLE STATIC ROUTING TABLE Gatenay 1P address flS2 16H fz raa CY AAP RRL SENO i makis HELENI Cheese MOTE Flesse click Swbmii bo erder inputted dain Parameters Description Destination IP Address Enter the destination IP address of the remote network to which you want to assign a static route Subnet Mask Enter the subnet mask of your network IP address Gateway IP Address Enter the IP address of the interface LAN WAN port
25. PN Internet Gateway Main menu TIME ZONE SETTINGS DEVICE IP SETTINGS ISP SETTINGS ISP ADDITIONAL SETTINGS MODEM SETTINGS VPN SETTINGS SAVE amp RESTART Logout INFORMATION DEVICE DEVICE STATUS YPN SETTINGS Connection Name Enable UID Unique Identifier String Local IPSEC Identifier SETUP WIZARD Cable xDSL Broadband VPN Router SYSTEM TOOLS ADVANCED SETTINGS late abc Disable UID Remote IPSEC Identifier T Enabled Keep Alive Remote Site Remote IP Network Remote IP Netmask Remote Gateway IP FQDN Network Interface Secure Association Perfect Forward Secure Encryption Protocol PreShared Key Key Life IKE Life Time I Enabled NetBIOS Broadcast Single User LAN I de ch T 255 fi 63 95 1 1 WAN ETHERNET y Main Mode Aggressive Manual Enabled Disabled 3DES y fi 2345678 3600 Seconds 28800 Seconds CED NOTE Local IPSEC Identifier and Remote IPSEC Identifier are disabled for entering when Disable UID is checked Copyright 2003 Parameter Description Connection Name Enable UID This is the Connection Name you entered in the previous screen Connection Name Optional This will enable the Unique Identifier string UID Disable UID will disable the UID The VPN Internet Gateways use the UID for authentication purposes see Local Remote IPSEC Identifierbelow 25 Parameter De
26. QDN Network Interface This is the remote site s subnet mask Input the remote site s Gateway IP address for Remote Site LAN only or the Fully Qualified Domain Name FQDN FQDN consists of a host and domain name including top level domain For example WWW VPN COM is a fully qualified domain name WWW is the host VPN is the second level domain and COM is the top level domain When you enter the FQDN of the remote site the VPN gateway will automatically seek the IP address of that FQDN Note In IKE Mode if the Remote Gateway IP has a dynamic IP address you must enter 0 0 0 0 in the Remote Gateway IP FQDN field In Manual Mode you must fill in the Remote IP Remote IP Networkand Remote Gateway IP FQDN field Remote Gateway IPFQDN field cannot be 0 0 0 0 for the manual mode See Appendix VPN example Select an interface type for the this VPN connection 11 3 Secure Association Secure Association is a method of establishing a security policy between two points There are three methods of creating a Secure AssociationSA Method 1 Main mode By default Main modeis selected Method 2 Aggressivemode Method3 Manual mode 27 11 3 Method 1 Main Mode Main mode is an automated method of establishing a shared security policy and authenticated keys A preshared key is used for mutual identification IKE Secure Association GG May Mode Aggressive Manual Perfect Forward Secure Enable
27. S ISP SETTINGS ISP ADDITIONAL SETTINGS MODEM SETTINGS Please wait a moment VPN SETTINGS SAVE amp RESTART Logout Copyright 2003 Logout Click Logoutif you would like to exit logout the router s web based configuration page Only one user can log onto the Gateway s web based configuration at a time When you logout of the web based configuration only then can another computer log onto the device Click Yes the screen will close Click No the screen will not close 3 Successfully Logout Microsoft Internet Explorer File Edit View Favorites Tools Help Bak gt A GQsearch yFavorites meda 4 BD S A E address E http 192 168 2 1 logout html o Links gt You have successfully logout Microsoft internet Explorer 2 The Web page you are viewing is trying to close the window Do you want to close this window Thanks for using E Done gp Internet 33 Congratulationd You have successfully configured the setup wizard You may now use the VPN Internet Gateway to access the Internet If you would like to configure or monitor the many features that this Gateway has to offer then proceed to the appropriate chapters for more details Below is a list of the other Main Menus and their corresponding chapters Device Information chapter 3 Device Statugchapter 4 Advanced Settings chapter 5 SystemTools chapter
28. TEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu GENEE URL FILTER SETTINGS SETTINGS HELP VIRTOAL SERVER V Enable URL Filter Functions SETTINGS www yahoo com ROUTING SETTINGS FILTER SETTINGS ADMINISTRATION SEDIINES Delete Clear List DYNAMIC DNS SETTING P Filter String sex Add URL FILTER SETTINGS ren suse ALERT Logout NOTE1 http is not allowed in URL Filter Funtion Please do not enter http into filter string NOTE2 Please click Submit to enter inputted data Copyright 2003 Parameter Description Enable URL Filter Functions Click on this box to enable the URL filtering function Filter String The VPN Internet Gateway will block any web page requests that have words or letters specified here NOTE DO NOT enter http into the filter string NOTE Click the SUBMIT button to input save the configuration into the Gateway E Mail ALERT Your router can periodically email you a log of security related events Such as denied incoming service requests and administrator logins The router can also email you an immediate alert when it detects a significant security incident such as a known attack directed at your IP address a computer on the Internet scanning your IP address for any open ports and someone on your LAN trying to visit a blocked site Fill out the settings on the screen below if you would like to
29. VPN Internet Gateway Users Manual CONTENTS e E 4 Package EE 5 Minimum System Requirements 0 cece eeeeeeeeeceseeeeeeeeecesecaecaecsaecaeecsecsaecaeseaeseaeseeeeeeeeeeeseeeseeatens 5 Pre Installati n Check Ust s0 scccn cits iren a tien a Be 6 The Gateways Rear anch eege Eeer 6 The Gateway Front Panel LED Description 0 0 0 eee eceeceeeeeeeeeeceeeeesecesecaecnaeceaeeaeesaeseaeeeeeeeeenes 7 Hardware Installation Setup 8 CHAPTER 2 GETTING BARTED Setup Wiz Ardo iii ai gee Aah Sek ads wad ENT Sap aed ake ate he Seton Geel ed et AA eebe wae ane de Ghd Tim ZONE et 444 wale Mass ed ied she Gey shan dae A aw ENEE od eee aka At 4 Rae gg She ea aes wate eae alte Device UP Seti gis sii ch olde eo Gee ate bares Sead Gea Eege aed Ghat at ides ann set O ad et ode See dead a ISP Setting EE EE Connect to Cable ISP 00 ura ae hit Deh oS ek Soh wl GH es ee a ke le he Ae es t ae e Aer Static IP Settings wie ZE et ut 0 Me E Veh Best aie bite aoe Genoa ee eit ad eek ee Oe dee TA deht ler PPPOE S ttings 2 cate ase enn See ala ded See eee Ged ape ads NEE A le Aide pita en air ats Hid Seas Se PPTP EE EE Telstra EG EE ISP Additional Settings oia e Deet fade W AEN Cea eth Ne deka d t Get ed ell e A Age K ee Mode Setting sis d onan glee EN AE AEN Gas E db ew See Gee aE eg SR DA eae e Seit SN MEN Settings aie sieua aiea AE A el Gee hd Sed ah ee Age wher ee ie ee Gee RDA a ie eh a
30. ame and password will appear Leave the password box empty and type admin the default username in the username box Click OK Enter elm rk Dapessoed 3 3 x qe Please hype pour user name and pasad Sia 13216821 Ftal Logini 24 pinin 4 L i LJ see Hang sir n Giren thet bzemgd an up partiana kt cma 5 The main menu will appear It displays all the available functions and configurations for the VPN Internet Gateway EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM ep Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Broadband VPN Router EtherRouter Device Information Setup Wizard Display the device name IP address firmware This is the area where the essential device version and the MAC addresses for the LAN amp configuration settings are entered WAN connections Device Status Advanced Settings Check the status of your Broadband VPN You can configure much more specific functions Router Check your connection to the Internet in advanced settings and the status of your Broadband VPN Router YPN Settings System Tools VPN Function Settings Perform System Tests reset your gateway and more with the Broadband VPN Router tools Help Get help with commonly asked questions about the Broadband VPN Router Start the Setup Wizard Logout Copyright 2003 The User Interface is extremely user friendly and is divided into 6 main sections These sections are listed on the
31. arameter Description Index Lists up to 32 Intruder detection logs Time The time in which the attack occurred Protocol The attack s protocol type TCP UDP Source IP Port The source IP address and source Port number of the attack Dest IP Port The destination IP address and destination Port number of the attack Event The type of attack 61 System Tools DisplayRouting Table The routing table screen below displays the device s current static routing configuration that was configured in the Routing Settings see chapter 5 Routing Settings for more details EtherRouter Cable xDSL Broadband VPN Router VPN internet EVI DEVICE SETUP ADVANCED SYSTEM HELP Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu DISPLAY ROUTING TABLE TRUDER DETECTION LOG Destination LAN IP Type Subnet Mask a Hon Address Count GE INEEN M22630 GL Eet 1 INTF 192 168 100 0 2993 292 2290 192 168 100 112 1 YSTEM DIAGNOSTICS SAVE SETTINGS D o Z 2 Ai gt LOAD SETTINGS UPGRADE FIRMWARE RESET DEVICE Logout Copyright 2003 System Tools System Diagnostics The System diagnostics screen shows the device s configuration information It also displays the device s current status Parameter Description Configuration Displays the device s current firmware version ISP settings Internet connection details Device Settings VPN Internet Gateway s LAN information Dia
32. ass WAN clients specified in this Filter Entry Protocol Select the Transport protocol type TCP or UDP for the Destination Port Rang below that will be filtered IP Address Range Enter the Public IP address range that you wish to apply this filter rule to These are the external users IP addresses that you wish to apply this filter to If you only want to specify one external IP address for this filter rule then enter the same IP address in both the From and the To box Note WAN clients must have a fixed static Public IP address for the filter rule to work properly Destination Port Range Enter the Internet application service port number range for the above IP address range that you wish to apply this filter rule to If you only want to specify one service port then input the same service port in both the boxes Adda FilterEntrysetting Click the Add button to add the configuration into the WAN Side Filter Table Delete a FilterEntrysetting Check the WAN Side Filter Table s Del box and click the DEL button to delete a configuration For example to prevent remote users with IP addresses ranging from 211 21 0 1 to 211 29 0 1 from accessing your LAN s virtual Web server port 80 the settings are as follow 51 WAN Side Filter Enabled Enabled Default WAN Side Filter Pass Filter Block Protocol ALL IP Address Range 211 21 0 1 to 211 29 0 1 Destination Port Range 80 80 HTTP
33. ction type Connectto Cable ISP DI Connect to Cable ISP Automatically Get IP settings from ISP DHCP server Your ISP requires you to input IP settings Your ISP requires you to logon using PPPoE connection Your ISP requires you to logon using PPTP connection Your ISP requires you to logon using BPALogin connection send your request to the Cable xDSL Broadband Copyright 2003 Connect to Cable have a cable connec and click Next to p Step 8 1 ISP Select Connect to Cable ISPif you tion Please select Connect to Cable ISP roceed to the next page Proceed to step 9 Step D ISP Additional Settingsf this manual Step 8 2 Static IP Settings Select Static IP Settings if your ISP has given you a static IP address You will have to enter the following information Parameter Descr iption IP assigned by your ISPEnter IP Subnet Mask Enter the IP address provided by your ISP the IP subnet mask provided by your ISP Parameter Description ISP Gateway Address Enter the ISP gateway address provided by your ISP Note Once you have filled in the above information click Next to proceed to the next step Proceed to step 9 Step D ISP Additional Settingsf this manual EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM HEE Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu i r ISP SETTINGS Static IP Settings
34. d Disabled Encryption Protocol 3DES D PreShared Key Key Life 3600 Seconds IKE Life Time 28800 Seconds ED Parameter Description PerfectForwardSecure Click either the Enabled or Disabled radio button This feature provides a better security it ensures that the encryption keys generated are not relevant to each other Encryption Protocol The VPN Internet Gateway supports five types of encryption algorithms DES AES 128 192 256 and 3DES Select an appropriate encryption algorithm The encryption algorithm must match the encryption algorithm in the remote device PreShared Key Enter the PreShared Key name you can enter an alphanumeric name This value must match the preshared key value in the remote device Key Life Security is enhanced if the key used to encrypt decrypt your data is changed periodically The key life is where you can specify how often you wish the VPN Internet Gateway to renegotiate another key The value is in seconds for example 3600 seconds 1 hour 28 Parameter Description IKE Life Time The IKE Life Time field allows you to specify a period of time seconds that you want the VPN Internet Gateway to renegotiate the IKE security association For example 28800 seconds 8 hours Note In IKE Mode if the Remote Gateway IP is dynamic you should enter 0 0 0 0 See Appendix VPN example 11 3 Method 2 Aggressivenode Aggressive is an automated method of establishin
35. d ae M in Mode 011 cos aie eit cee Ae de Gen ate Let Gt ete Pah egal Wat Ok er AAT ee 2B Et cies ete Made as Agoressive Mode os cas ake fae lie eek ee en sie God lada a dae Gees QO eu ake Manual Mode uta wes Sa a eis Re See Ga i ei eho She a ad Go ee eke eB ae Sa ds La SR A Saves Restarts aio line BA oe See A Y ENEE MO SOUL s ete A A A eee Et wee eae see e ge oe APD a wats whe ae IS te eee eds et CHAPTER3 DEVICE INFORMATIO CHAPTER 4 DEVICE SATU DHCP Server Seti ita abia Ba oia 41 Virtual Server Set Sii ds 42 Routing Settings esses ii ee eh Re to eee 45 Filter EE 47 Filter Settings LAN Filter Setting Sory reiros ess adi 48 Filter Settings WAN Filter Settings oooooocnnnoninnconnnonnnonconononcnnnnnncnnnonnnrnn cnn o non rannnnr nan rnncrnncnnnrnos 50 Administration Settings nono ncnnn ran crono nn nr narran nan A anno n enn nn conan rca n aran ncnn nano 52 Dynamic DNS Settings ee SEENEN NEE EENS NENNEN betes vevvabeve vidad 55 URL Filter Stret eebe e ees Eege EE deser 56 SEU E CO KEE 57 Save D EE 59 CHAPTER 6 YSTEM TOOL System Tools Intruder Detection Log 61 System Tools Display Routing Table 62 System Tools System Diagnostics 62 System Tools Save Senge 63 System Tools Load Settings oooocnocnonnnonnnonononcnannannnnncnnnc nono nooo nono nono no noc on conoce nn nr nnnrnc nn nrnn cnn rnnn cnn necnneos 64 Upgrade Firmware Load Default Senge 64 Upgrade Firmware Load Settings From File 6
36. de Filter FilterEntry Protocos IP Address Range Destination Port Range You must select whether to enable Yes or disable No the filter function that youve configured in this screen Select to Block or Pass your regular LAN clients Select to Block or Pass LAN clients specified in this Filter Entry Select the Transport protocol type TCP or UDP for the Destination Port Rang below that will be filtered Enter the LAN IP address range that you wish to apply this filter rule to These are the LAN users IP addresses that you wish to apply this filter rule to If you only want to specify one IP address for this filter rule then enter the same IP address in both the From and the To box Note You need to give your LAN PC clients a fixed static IP address for the filter rule to work properly Enter the Internet application service port number range for the above IP address range that you wish to apply this filter rule to If you only want to specify one service port then input the same service port in both boxes Adda FilterEntrysetting Click the Add button to add the configuration into the LAN Side Filter Table Delete a FilterEntrysetting Check the LAN Side Filter Table s Del box and click the DEL button to delete a configuration 49 For example to prevent local users with IP addresses ranging from 10 to 50 from accessing websites HTTP service port 80 the settings are as foll
37. e This value must match the preshared key value in the remote device Security is enhanced if the key used to encrypt decrypt your data is changed periodically The key life is where you can specify how often you wish the VPN Internet Gateway to renegotiate another key The value is in seconds for example 3600 seconds 1 hour The IKE Life Time field allows you to specify a period of time seconds that you want the VPN Internet Gateway to renegotiate the IKE security association For example 28800 seconds 8 hours Note In Aggressive Modeif the Remote Gateway IP is dynamic you should enter D 0 0 0 See Appendix VPN example 30 11 3 Method 3 Manual mode This is a manual way of establishing a shared security policy and authenticated keys The Manual mode allows you to pre define keys The Manual Mode settings in the remote device must match the configuration set here To enable the Manual mode function check the Manual radio box and input the fields as shown on the screen below Secure Association Incoming SPI Outgoing SPI Encryption Protocol Encryption Key Authentication Protocol Authentication Key C Main Mode Aggressive manual mm ooo ooo oes y Kee mos d Parameter Description Incoming SPI Outgoing SPI Encryption Protocol Encryption Key Enter the Incoming SPI that the remote VPN Gateway will use to identify this SA The incoming SPI value must match the outgoing
38. formation to the system log server Copyright 2003 Parameter Description PASSWORD SETTINGS You can setup the VPN Internet Gateway so that a password is required in order to access its 52 web based configuration pages This password will be required the next time you want to configure the VPN Internet Gateway To setup a password type your password in the New Passwordfield and type it again in the Retype Passwordfield to reconfirm Note It is important to remember your password If you lose or forget your password press the small reset buttonlocated on the back of the device for 5 6 seconds The Reset action will reset the device to the factory default settings In factory default the user name is adminand there is NO password SYSTEM ADMINISTRATION This allows remote user s to configure and SYSTEM ADMIN manage the VPN Internet Gateway from a remote site through the Internet The default value of the HTTP port No is 80 You can select a different port number to do the remote web based configuration The default IP address of the Remote administration hosts 0 0 0 0 IP address 0 0 0 0 means that any remote PC can access and manage the VPN Internet Gateway from a remote site Either specify an IP address for the remote administrator or leave it as the default You will have to enable the Allow remote user to configure the devicdo use the remote web based configuration function Once you have enabled
39. g a shared security policy and authenticated keys A preshared key is used for mutual identification Secure Association C Main Mode Aggressive C Manual Perfect Forward Secure Enabled Disabled Encryption Protocol 3DeS D Key Group Diffie Hellman Group D PreShared Key Key Life 3600 Seconds IKE Life Time 28800 Seconds GAVE Parameter Description PerfectForwardSecure Click either the Enabled or Disabled radio button This feature provides a better security it ensures that the encryption keys generated are not relevant to each other Encryption Protocol The VPN Internet Gateway supports five types of encryption algorithms DES AES 128 192 256 and 3DES Select an appropriate encryption algorithm The encryption algorithm must match the encryption algorithm in the remote device 29 Key Group PreShared Key Key Life IKE Life Time Diffie Hellman key agreement describes a method whereby two parties without any prior arrangements can agree upon a secret key that is known only to them The VPN Internet Gateway supports two versions of Diffie Hellman Group 1 and Group 2 Diffie Hellman Group 1 IKE use the 768 bit Diffie Hellman prime modulus group when performing the new Diffie Hellman exchange Diffie Hellman Group 2 IKE use the 1 024 bit Diffie Hellman prime modulus group when performing the new Diffie Hellman exchange Enter the PreShared Key name you can enter a alphanumeric nam
40. gnosis Displays the VPN Internet Gateway s current connection status and LAN WAN information 62 EtherRouter Cable xDSL Broadband VPN Router VPN internet DEVICE DEVICE setrup ADVANCED system Gateway INFORMATION STATUS WIZARD SETTINGS Toors Main menu SYSTEM DIAGNOSTICS INTRUDER Configuration DISPLAY ROUTING TABLE Firmware Version GO 01 sialic ile ISP Settings m IP assigned method Assigned by ISP DHCP server IP address 0 0 0 0 Seino eb aes Gateway IP address 0 0 0 0 DNS 0 0 0 0 LOAD SETTINGS Host Name EAS104VPN PPPoE Enable No eee are PPPoE Username FIRMWARE Modem Settings RESET DEVICE Telephone Number Dial up User Name Idle Timeout O minutes Pre Initial String AT Initial String AT SO 1 Dialup String ATDT Logout Device Settings Device IP address as 192 168 2 1 Device Network Mask 255 255 255 0 DHCP Server Enabled Pool from 192 168 2 2 Pool to 192 168 2 16 Diagnosis ISP Status DHCP IP assignment 192 168 100 112 ISP Gateway IP address 192 168 100 1 DNS1 Server IP Address 168 95 192 1 Link Status Cable xDSL Connected LAN Connected Modem Modem is Not Ready Current WAN connection CablefxDSL Connected LAN MAC Table 192 168 2 2 00 20 13 41 53 BB WAN MAC Table LAN IP 192 168 100 119 MAC 00 E60 18 7D CA 2A HELP System Tools Save Settings The Save Settings screen allows you to save the device s configuration settings to a disk Click Save Fileto sa
41. have alerts and logs sent to you by e mail 57 EtherRouter VPN Internet Gateway Main menu DHCP SERVER SETTINGS DEVICE INFORMATION T Turn E ma VIRTUAL SERVER SETTINGS ROUTING SETTINGS FILTER SETTINGS ADMINISTRATION SETTINGS None DYNAMIC DNS SETTINGS C Hourly URL FILTER SETTINGS C Daily E MAIL 12 00 e ALERT Logout NOTE Please cl Cable xDSL Broadband VPN Router ADVANCED SETTINGS DEVICE STATUS SETUP WIZARD SYSTEM TOOLS AE E MAIL ALERT il Notification On Send Alert And Logs Via E mail Your Outgoing Mail Server Send To This E mail Address When someone attempts to visit Blocked Sites router will send logs according to below schedule C Immediately A M P M When log is full ick Submit to enter inputted data Copyright 2003 Parameter Description Turn Email Notification On Send Alert And Logs Via Wail Your Outgoing Mail Server Send To This E Mail Address When someone attenpts to visit Blocked Sites router will send logs according to below schedule None Immediately Check this box to enable the E Mail alert function Enter Your E Mail account s Outgoing Mail Server Enter the E Mail account that you wish the alert to be sent to The router will not send any alerts at all The router will send an alert immediately after an incident has occurred to the E Mail specified above 58
42. he ISP Settings section is where you input all the information required by your ISP so that you can connect to the Internet There are 5 different types of ISP connections in the ISP Settings section Select the connection required by your ISP from the Select the ISP connection type drop down menu and then proceed to that connection type step The 5 ISP connection types are as follow ISP Connection Type Description Connect to Cable ISP Step 81 Your ISP will automatically give you an IP address Static IP Settings Step 8 Your ISP has given you an IP address already PPPOE Settings Step 83 Your ISP requires you to use a Point to Point Protocol over Ethernet PPPoE connection PPTP Settings Step 84 Your ISP requires you to use a Point to Point Tunneling Protocol PPTP connection ISP Connection Type Description Telstra Settings Step The Telstra Settings is a service that applies to connections Australia only in EtherRouter VPN Internet Gateway DEVICE INFORMATION Main menu ISP SETTINGS TIME ZONE SETTINGS DEVICE IP SETTINGS ISP SETTINGS ISP ADDITIONAL SETTINGS MODEM SETTINGS PPPoE Settings NSE PPTP Settings SAVE amp RESTART Telstra Settings Logout 2 Click Next to Router Static IP Settings Cable xDSL Broadband VPN Router SETUP ADVANCED WIZARD SETTINGS DEVICE STATUS SYSTEM TOOLS Hay Connect to Cable ISP 1 Select the ISP conne
43. ic If your ISP will automatically assign you an IP address Fixed If your ISP has given you a fixed IP address already then enter that IP address in the IP_ assigned by your ISP box Also enter the subnet mask provided by ISP in the P Netmask box Note Once you have filled in the above information click Next to proceed to the next step Proceed to step 9 Step D ISP Additional Settingsf this manual EtherRo uter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM TRAE Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu ISP SETTINGS PPPoE Settings TIME ZONE SETTINGS 1 Select the ISP Settings List below DEVICE IP e SETTINGS PPPoE Settings y ISP SETTINGS User Name Jabc abcnet Password ecccccce ISP ADDITIONAL SETTINGS Retype Password ecccccce MODEM Idle Time no idle timeout DI SETTINGS Connection Type Sue Always Connect Trigger on Demand Manually Dynamic IP automatically assigned by your ISP SAVE amp RESTART Fixed Your ISP requires you to input IP address Logout IP assignd by your isp E bz fis IP Netmask 255 255 l 255 2 Click Next to send your request to the Cable xDSL Broadband Router lt Back T Copyright 2003 Step 8 4 PPTP Settings Select PPTP Settings if your ISP requires the PPTP protocol to establish an Internet connection e g Europe You will have to enter the following information
44. l CANT VPN Internet a S a Gateway a a VPN Router a WAN IP 211 21 2 1 WAN IP 163 95 1 1 Netmask 255 255 255 0 Netmask 255 255 255 0 LAN IP 192 168 2 1 LAN IP 192 168 1 1 Configuration for VPN Internet Gatew kAN 1 Remote Site LAN Remote IP Network 192 168 1 0 Remote IP Netmask 255 255 255 0 Remote Gateway IPFQDN 163 95 1 1 YPN SETTINGS Connection Name VPN First Enable UID Unique Identifier String Disable UID Local IPSEC Identifier Remote IPSEC Identifier I Enabled Keep Alive J Enabled NetBIOS Broadcast Remote Site C Single User LAN Remote IP Network he he i bo Remote IP Netmask 255 4255 255 fp Remote Gateway IP FQDN essa Network Interface WAN ETHERNET Note In IKE Mode if the Remote Gateway IP is dynamic enter 0 0 0 0 in the Remote Gateway IP FQDN field In Manual Mode you have to fill in the Remote IP Remote IP Networkand Remote Gateway IP FQDN fields Remote Gateway IPFQDN field cannot be 0 0 0 0 70 Topology 2 Single User PC s to Network mode 1 and 2 The diagram below is used to describe mode 1 and 2 VPN Internet mj J T ka ZS 211 21 2 1 i WAN IP 163 95 1 1 Netmask 255 255 255 0 e Netmask 255 255 255 0 Virtual LAN IP 196 168 2 1 LAN IP 192 168 1 1 Mode 2 Mode 1 PC A must have an IPSec Client software installed eg Safenet or SSH etc If you do not know PC A s IP address because it has a dynamic public IP then the VPN Internet Gateway
45. ly setup DNS settings DEVICE IP SENTING onsi Jo fo fo fo ISP SETTINGS Dusch fo o o ISP pito TI Your ISP requires you to input Host Name or Domain Name MODEM Host Name EA3104VPN SETTINGS Domain Name admin FT Your ISP requires you to input WAN Ethernet MAG MAC Address oo Im na ku kr far lt Back Next gt NOTE Please click Next to enter inputted data Copyright 2003 VPN SETTINGS SAVE amp RESTART Logout 10 Step E Modem Settings The modem settings screen is where you can setup the asynchronous port as either a backup connection for the Cable xDSL connection or a dialup Internet access connection Note This section is Optional You may proceed to Step F if you do not wish to use the asynchronous port Parameter Description Dialup Modem When Click on this box to enable Cable xDSLis not the asynchronous port Connected ISP Phone Number Enter the ISP phone number Dial Up User Name Enter the User Name for the dial up Password Enter the Password for the dial up Retype Password Enter the Password again to re confirm 22 Parameter Description Idle Time External IP Modem String settings Note Once you have filled proceed to the next step You can select an idle time threshold minutes for the WAN port This means if no packets have been sent no one using the Internet throughout this specified period then the router will automaticall
46. n to emor inpullad daba 47 Menu Description LAN Filter Settings WAN Filter Settings The LAN Filter Settingsallow the administrator to define whether a local user is permitted to access the Internet The WAN Filter Settingsallow the administrator to define whether a remote outside user s is permitted to access the private local area network FilterSettings LAN Filter Settings The LAN Filter Settingsallow the administrator to define whether a local user is permitted to access the Internet To activate this feature check LAN Side Filter Enadled and then define a filtering policy To define a filtering policy enter the IP address range enter the network port number and select the transport protocol s EtherRouter Cable xDSL Broadband VPN Router VPN Internet Gateway Back LAN FILTER SETTINGS WAN FILTER SETTINGS Logout DEVICE DEVICE SETUP ADVANCED SYSTEM HELP INFORMATION STATUS WIZARD SETTINGS TOOLS LAN FILTER SETTINGS KR LAN Side Filter Enabled Default LAN Side Filter Block Pass Filter Entry Block C Pass Protocols TCP D IP Address Range From ha bes l 2 y fio To ha bes 2 0 Destination Port Range eo BEN ADD LAN Side Filter Table oei tyre _protocoi erom ro Porranse NOTE Please click Submit to enter inputted data Copyright 2003 48 Parameter Description LAN Side Filter Enabled Default LAN Si
47. nin mimma Gilet VIRTUAL HERSER ETTING Hato Extend Pr 000 0 mear dynamically assigived IF Pon Rango Mapping Estoril iF Exfurmal Port Harga ES A gt Ze Par Hedireci an Enxtormnal IF Extrema Pow Leef es Cem Pow Ges MOTTA NOTE Please click Sucbmlt to ester inpe data Parameter Description External lP Enter the WAN IP address which allow remote user to access Note You can leave the field to 0 0 0 0 when the WAN IP has been auto assigned ExternalPort Enter the port numbers of the services requests from the Internet that will be sent to the Internal IP address InternallP Enter the LAN server host IP address that the service requests from the Internet will be sent to Note You need to give your LAN server host a fixed static IP address for the Virtual Server to work properly 44 Parameter Description Internal Port Enter the port numbers of the services that will be sent to the Internal IP address The DMZ function re directs all packets regardless of services going to your WAN IP address to a particular LAN client server If you would like to enable the DMZ function enter the External Port Rangerom 1 to 65535 The value 0 means that the WAN IP address is auto assigned EtherRouter Cable xDSL Broadband VPN Router VPN Internet VIC DEVICE SETUP ADVANCED SYSTEM HELP Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu EE VIRTUAL SERVER SETTI
48. oL ATM TEMPLE HPLP Main menres VIRTUAL FERWER BETTING Rote Exbernad 1 0 0 0 0 means dynamically smigmad IF Port Ramga Mapping Paternal EP Extemal Port Kamgqe BE En a5 E In 21 sl IP bs et o Port Rodiraci on Cagern al EP External Hen infernal Di infernal Hem esst es C mees E men mp Delestemal extemal Portfirternal A Lodtosn MOTE Pigaso olok ZSsbmltr to enter gaiid dea Parameter Description ExternallP Enter the WAN IP address which allows a remote user to access Note You can leave the field to 0 0 0 0 to represent the routers WAN IP address assigned by the ISP InternallP Enter the LAN server host IP address to which the requested services from the Internet will be sent to Note You need to give your LAN server host a fixed static IP address for the Virtual Server to work properly External PortRange Enter the port numbers range of the services requests from the Internet that will be sent to the Internal IP address Specified above 43 Note If you only want one service port number e g 80 HTTP for the specified Internal IP address then enter 80 in both the service port range s boxes The Port Redrection function allows you to re direct a specific service port number from the Internet WAN Port to LAN private internal IP address EtherRouter AN EA E WPH internet SCNMICT WI HETUS ADA ED 3Y ti cea IAP EAT EI ETATEE WALA KETTIH K TOOLEN Mi
49. of the VPN Internet Gateway They include DHCP Server Settings Virtual Server Settings Routing Settings Filter Settings Administration Settings Dynamic DNS Settings URL Filter Settings and E Mail ALERT On the Menu Tool click Advanced Settings Main Menu Description DHCP Server Settings Provides centralization of all your LAN s network IP addresses Virtual Server Settings Allows remote access to Web FTP and other services on your network The DMZ function allows full 2 way communication between a server on your LAN and the Internet Routing Settings Create a routing table so that the VPN Internet Gateway can route packets to different networks Filter Settings Create LAN or WAN filters to protect your network Administration Settings Allows you to configure the device s administrative settings such as passwords etc Dynamic DNS Settings Allows you to have a Web or other server behind a Dynamic IP address URL Filter Settings Filter web page request based on the web page s wording E Mail ALERT Allows you to be alerted of any security infringements 40 Main Menu Description Logout Logout or exit the VPN Internet Gateway s Web based configuration DHCP Server Settings You can enable or disable the DHCP server By enabling the DHCP server the router will automatically give your LAN clients an IP address If the DHCP is not enabled then youll have to manually set your LAN clients
50. ome ISPs restrict the packet size for a PPPoE connection Use the system parameter to change the MTU to cater to your ISP s connection requirement 54 Parameter Description UPnP The Universal Plug and Play UPnP function allows Windows XP to automatically configure the router to cater to various Internet applications such as games and videoconferencing NOTE Click the SUBMIT button to input save the configuration into the Gateway DynamicDNS Settings The Dynamic DNS DDNS service allows Web or other servers with a dynamic IP address to be accessible from the Internet This means that even if your VPN Internet Gateway has a dynamic WAN IP address Internet users can still access your web server domain name in your LAN EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu DHCP SERVER DYNAMIC DNS SETTINGS SETTINGS HELP VIRTUAL SERVER D N D D H SENTING M Use a dynamic DNS service ROUTING SETTINGS Service Provider www dyndns org DI FILTER members dyndns org SETTINGS Host Name abc ADMINISTRATION SETTINGS Domain Name homeip net DYNAMIC DNS User Name abc SETTINGS Password a URL FILTER SETTINGS T Use wildcards E MAIL ALERT Logout SUBMIT NOTE1 Service Provider ex members dyndns org members orgdns org NOTE2 Domain Name ex dyndns org
51. ow LAN Side Filter Enabled Enabled Default LAN Side Filter Pass Filter Block Protocol TCP IP Address Range 10 50 Destination Port Range 80 80 HTTP Filter Settings WAN Filter Settings The WAN Filter Settingsallow the administrator to define whether a remote outside user s is permitted to access the private local area network To activate this feature check WAN Side Filter Enabledand then define a filtering policy To define a filtering policy enter the IP address range enter the network port number and select the transport protocol s EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS star Back WAN FILTER SETTINGS SEISINGS E WAN Side Filter Enabled WAN FILTER KE e SETTINGS Default WAN Side Filter Block Pass Logout Filter Entry Block C Pass Protocols all IP Address Range From pr 21 fo fi To bn ES lo fi Destination Port Range eo BE ADD WAN Side Filter Table oei type _ protocol From te O NOTE Please click Submit to enter inputted data Copyright 2003 50 Parameter Description WAN Side Filter Enabled You must select whether to enable Yes or disable No the filter function that youve configured in this screen Default WAN Side Filter Select to Block or Pass your regular WAN users FilterEntry Select to Block or P
52. r has an IP address of 192 168 2 100 and the default gateway is 192 168 2 1 The default gateway should be the network Router device s IP address The MAC address in windows 95 98 is called the Adapter Address Note You can also type winipcfgin the DOS command IP Configuration Le i x Ethernet Adapter Information Adapter Address 00 90 CC A2 F6 04 IP Address 192 168 2 100 Subnet Mask 255 255 255 0 Default Gateway 192 168 2 1 Release All Renew All More Info gt gt e IPCONFIG for Windows 2000 NT In the DOS command type IPCONFIG and press Enter Your PC IP information will be displayed as shown below Gallia ities Gix gt ipconfig Windows 26866 IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IP Address c a e lt lt 192 168 2 1890 Subnet Mask s o e a s o aa a eee do Default Gateway o e s o a o 192 168 2 1 Ethernet adapter Local Area Connection 2 Media State Cable Disconnected 69 VirtualPrivateNetwork VPN Examples There are 2 types of VPN architectural topologies Topology 1 LAN Network to Network Topology 2 Single User PC s to Network mode 1 and 2 Topology 1 LAN Networkto Network This type of architecture creates a secure VPN tunnel between two networks for instance a VPN Internet Gateway LAN 1 and a VPN Router LAN 2 see diagram below LAN 2 L
53. s shown below EtherRouter VPN Internet DEVICE Gateway INFORMATION Main menu TIME ZONE SETTINGS DEVICE IP ISP SETTINGS ISP ADDITIONAL SETTINGS SETTINGS VPN SETTINGS SAVE amp RESTART Logout Copyright 2003 DEVICE SETUP ADVANCED SYSTEM STATUS Cable xDSL Broadband VPN Router WIZARD SETTINGS TOOLS tay TIME ZONE SETTINGS Please choose your local time zone SETTINGS GMT 08 00 Pacific Time US Canada Tijuana E MODEM NOTE 1 Please click Next to enter inputted data NOTE 2 Please remember to click Save amp Restart after you have finished the changes to the device settings The Setup wizard will take you through 7 step by step 7 steps buttons on the left configuration procedures that you ll need to do in order to setup the VPN Internet Gateway e g connecting to the Internet establishing a VPN connection You can click on one of the 7 buttons on the left to jump to that specific setting Otherwise by clicking Next you will proceed to the next step sequentially We recommend that you follow the 7 steps sequentially The 7 steps are as follows Step A Time Zone Settings Step B Device IP Settings Step C ISP Settings Step D ISP Additional Settings Step E Modem Settings Step F VPN Settings Step G Save amp Restart 7 Step A Time Zone SettingsPlease choose a local time zone Once you have selected a time zone click
54. s DHCP Comprehensive device monitoring system Device status Device information System Tools Intruder Detection log and more Easy to use Web based setup and configuration Dynamic DNS to have Web and other Servers behind a Dynamic IP address Acts as a Virtual server to enable remote access to Web FTP and other services on your network Support Multiple WAN IP address Port Range Mapping and Port Redirection DMZ for full 2 way communication between your LAN and the Internet URL filtering function Supports the UPnP protocol E Mail alert when a network security breach occurs Package Contents Please inspect your package The following items should be included 1 VPN Internet Gateway the Device 2 Power adapter 3 Users Guide If any of the above items are damaged or missing please contact your dealer immediately MinimumSystem Requirements Microsoft Internet Explorer 4 0 or later version or Netscape Navigator 4 0 or later version One computer with an installed 10Mbps 100Mbps or 10 100Mbps Ethernet card 5 One external xDSL or Cable modem with an Ethernet port RJ 45 One Modem or ISDN TA if a dialup connection is needed One RJ 45 Cable xDSL Internet connection TCP IP protocol installed in your computer UTP network Cable with a RJ 45 connector Pre InstallationChecklist Before installing the VPN Internet Gateway you should Have carefully read the entire manual
55. s VPN configuration is as follow Configuration for VPN Internet Gateway Remote Site Single User Remote IP Network 0 0 0 0 Remote IP Netmask 0 0 0 0 Remote Gateway IPFQDN 0 0 0 0 NOTE If you dont know the IP address Remote IP Network for PC A input 0 0 0 0 in the Remote IP Network field but the request for the VPN connection has to be initiated by PC A If you select Manual Mode you have to fill in the Remote Gateway IPFQDN Remote Gateway IP FQDN field cannot be 0 0 0 0 Mode 2 In this example PC A is given a fixed IP address by its ISP PC A must have an IPSec Client software installed e g VPNCOM acts as a virtual NIC The VPN Internet Gateway s VPN configuration is as follow Remote Site Single User Remote IP Network 92 168 2 0 Remote IP Netmask 255 255 255 0 Remote Gateway IPFQDN 211 21 2 1 71 Note In IKE Mode if the Remote Gateway IP has a dynamic IP address you must enter 0 0 0 0 in the Remote Gateway IP FQDN field In Manual Mode you must fill in the Remote IP Remote IP Networkand Remote Gateway IP FQDN field Remote Gateway IPFQDN field cannot be 0 0 0 0 for manual mode 72
56. s at the rear panel of the VPN Internet Gateway Do the same with all of the PCs or switches hubs you wish to connect to the VPN Internet Gateway Connect the network cable from your Cable xDSL modem to the WAN Ethernet port at the rear panel of the VPN Internet Gateway Chapter 2 Getting Started To setup the VPN Internet Gateway and get connected to the Internet follow the following step by step procedure 1 Setup your hardware network installation see Chapter 1 Hardware Installation setup 2 Configure your network computers LAN server client host to Obtain an IP address automatically See Appendix Note By default the VPN Internet Gateway s DHCP is enabled so by setting your computer to Obtain and IP address automatically you can connect to the Gateway automatically 3 Launch your web browser and type the router s default IP address http 192 168 2 1 into the browsers address box and press Enter BEE File Edit View Favorites Tools Help l EJ Bak gt Q A A Asearch GFavorites history B Ey Sf 3 Address http 192 168 2 1 Po Note If you have setup your computer to use a static IP addr es please make sure your PCS IP address is in the same network as the routers In windows 95 98 y ou can type WINIPCFG and in windows 2000 NT you can type IPCONFIG see appendix to find out if you are on the same network 4 A usern
57. scription Local IPSECIdentifier Remote IPSEC Identifier Enabled Keep Alive Enabled NetBIOS Broadcast Remote Site Remote IP Network Optional This field allows you to identify multiple tunnels if you enable the UID function then you must set the Local IPSec Identifier so that it matches the remote sides Remote IPSec Identifier You can enter a proper name in this field Optional This field allows you to identify multiple tunnels if you enable the UID function then you must set the Remote IPSec Identifier so that it matches the remote sides Local IPSec Identifier You can enter a proper name in this field Optional If this function is enabled it will keep this VPN connection alive connected Optional This function allows NetBIOS broadcast to be transmitted in this VPN connection Select One of the following Single User Select Single User if the remote VPN site is a VPN client e g remote site has no VPN Internet Gateway The remote VPN client must have VPN client software installed e g Safenet SSH etc LAN Select LAN if the remote VPN site has a VPN Internet Gateway This is the remote site s NETWORK IP address Single User Input the actual IP address of the Remote VPN client LAN Input the network IP of the remote gateway s internal private network 26 Parameter Description Remote IP Netmask Remote Gateway P F
58. se click Next to enter inputted data 23 11 Step F VPN Settings The VPN Settings section is where you can enable and configure the VPN function Specifically this device supports the widely used IPSec protocol standard for its VPN connection VPN allows a secure connection between two parties over a public network such as the Internet Note This section is Optional You may proceed to Step Gif you do not wish to establish a VPN connection The VPN settings has 3 steps 11 1 Select Setup IPSEC Settings Input a Connection Name to add establish a VPN connection 11 2 Configure the VPN Connection 11 3 Secure Association 11 1 Add a VPN connection Connection Name EtherRouter Coble xDSL Broadband VPN Router Malta DEVICE DEWICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TODA HELP VPN SETTINGS TIME LUNE z HES Seip IFSEC Setings e Connecion Hame abe ADDO T Disable Imervel Access VPN Tunnel Onbyi SATE amp RESTART Copyright Parameter Description ConnectionName To add a VPN connection Enter a string name into the Connection Name box and then click the ADD button 24 Note Once you have entered the connection name click on the ADD button to start configuring this VPN connection The screen below will appear and this is where the VPN configuration is entered 11 2 Configure the PN Connection EtherRouter V
59. ta Routing Settings Ke Filter Settings You can configure Static Routing and Dynamic LAN Side Filter and WAN Side Filter Routing here Ke Administration Settings ta Dynamic DNS Settings You can configure Password Settings Remote You can configure your dynamic DNS service and Administration Miscellaneous and MTU here wildcards function Ke URL Filter Settings Ke E MAIL ALERT You can configure your URL Filter funtion here E Mail Alert can be sentwhen someone on your LAN tries to visit a blocked site Start to save the submitted settings and restart iQ Save amp Restart NOTE 1 Please continue the advanced setup by clicking the options NOTE 2 Once you have submitted all the necessary settings please click the SAVE amp RESTART button to save the changes to the device New settings will take effect after the device has been restarted 59 Chapter 6 System Tools The System Tools section displays and detects the status of the VPN Internet Gateway The System Tools 7 sections are briefly described below EtherRouter Cable xDSL Broadband VPN Router VPN Internet VIC DEVICE SETUP ADVANCED SYSTEM ateway INFORMATION STATUS WIZARD SETTINGS TOOLS HELP Main menu INTRUDER DETECTION LOG INTRUDER DETECTION LOG Index Time Protocol Source IP Port Dest IP Port Event DISPLAY ROUTING TABLE SYSTEM DIAGNOSTICS SAVE SETTINGS LOAD SETTINGS UPGRADE FIRMWARE RESET DEVICE Logout Copyright
60. ter Load Default Copyright 2003 Menu Description Load Default Settings The Load Default Settingsscreen allows you into load the factory default settings to your device Load Settings From File The Load Settings From Filecreen allows you to load a previously saved file into the device again Upgrade Firmware Load Default Settings The factory default setting is the configuration when you first purchased the Gateway Click the START button to start loading the factory default settings Your previous configurations will be deleted Note Load the factory default settings if you have forgotten the VPN Internet Gateway s password The factory default user name is admin and there is NO password 64 Upgrade Firmware Load Settings From File The load settings from file screen allows you to load a previously saved file to the device again EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS lito EE LOAD SETTINGS FROM FILE ALITIN N Click Start to load settings from a saved file LOAD SETTINGS FROM FILE Logout Load Settings File SES START Copyright 2003 Parameter Description Load Setting File To load a previously saved configuration file into the Gateway again you first need to enter the configuration file name and its path in the box provided Yo
61. the DNS IP address provided by ISP Some ISPs use Host Name lf your ISP requires you to fill in a Host and Domain Name to authenticate the user Host Name Domain Name Your ISPs require youto input the LAN care Mac address MAC Address proceed to the next step Name and Domain Name then you must check this box to enable this function and then enter the Host Name and Domain Name see Host Domain Namebelow Enter the Host Name provided by your ISP Enter the domain name provided by your ISP If your ISP requires a specific MAC address in order for you to connect to the Internet then check the box to enable this function and then enter the Mac address see MAC Addressbelow NOTE Some ISPs may only recognize your PC s LAN card MAC address as a legal user In this case you will have to copy the LAN card MAC address of that PC and input it in the MAC address field For WIN 95 98 you can run winipcfgto see the LAN card Mac address For WIN 2000 NT you can run ipconfig allto see the LAN card Mac address Enter the PC s LAN card MAC address that your ISP recognizes as the legal user Note Once you have filled in the above information click Next to 21 EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS HELP Main menu ISP ADDITIONAL SETTINGS TIME ZONE SETIINGS I Your ISP requires you to manual
62. the Next button to continue to the next step 8 Step B Device IP Settings In this section you have to give your VPN Internet Gateway an IP address for the local area network LAN side This is not the IP address given to you by your ISP but rather the local internal LAN Private IP address of your network The IP address 92 168 2 1 is the default value of your VPN Internet Gateway EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS HELP Main menu DEVICE IP SETTINGS TIME ZONE SETTINGS The device IP address and subnet mask settings DEVICE IP SETTINGS IP Address 192 l fies p d H ARS IP Subnet Mask bes 255 255 ho ISP ADDITIONAL SETTINGS SETTINGS A NOTE Please click Next to enter inputted data SAVE amp RESTART Logout Copyright 2003 The screen shown above is described in the following table Parameters Description Device IP AddressSettings IP Address Assign an internal LAN IP address for this VPN Internet Gateway or leave it as the default value 192 168 2 1 IP Subnet Mask Enter the subnet mask you can usually leave it as the default entry 255 255 255 0 Once you have filled in the above information click the Next button to continue to the next step Step C ISP Settings Different ISPs require different methods of connecting to the Internet T
63. the settings and to restart the device After the device has restarted the device will function according to the saved settings EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS wee Main menu SAVE amp RESTART TIME ZONE AENA You have successfully configured the settings for the device RETA NOTE After you have finished making all the changes on the various pages please click Save amp Restart to save the settings and restart the device After the restart the device ISP SETTINGS e A will function according to the saved settings ISP ADDITIONAL i SETTINGS Click Save amp Restart to save the settings and restart the device MODEM SETTINGS VPN SETTINGS SAVE amp RESTART Logout Copyright 2003 32 During the startup process the LED of the device will blink Please wait until the LED lights have stopped blinking before proceeding EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS sty Main menu are i The device is saving the settings and will restart During the TIME ZONE startup process the LED of the device will blink Please wait SETTINGS until the blinking of the device stops before proceeding The Home page will be loaded automatically after restart is HEE Ue completed SETTING
64. top Tool bar see screen above and appear at the top of every browser screen for easy access For your reference the 6 sections are as follow Main Menu Description Device Informationchapter 3 The Device Informatiorsection displays the VPN Internet Gateway s network and firmware information Device Status chapter 4 Device Status displays the current connection status of the VPN Internet Gateway Setup Wizard chapter 2 This is the most important section out of the 6 sections You must configure this section to begin using the VPN Internet Gateway The Setup Wizardis where you input the information required to connect the VPN Internet Gateway to your Internet Service Provider ISP 11 Mam Menu Description Advanced Settings chapte5 System Tools chapter 6 Help chapter 7 The Advanced Settingssection is where you can configure all the major features and functions of the VPN Internet Gateway They include DHCP Server Settings Virtual Server Settings Routing Settings Filter Settings Administration Settings Dynamic DNS Settings URL Filter Settings and E Mail ALERT The System Toolssection monitors the status of the VPN Internet Gateway such as Intruder Detection Log Display Routing Table System Diagnostics Save Settings Load Settings Upgrade Firmware and Restart Device A help section for the VPN Internet Gateway 6 Click the SETUP WIZARD The setup wizards page will appear a
65. u can also use the Browse button to find the file Once you have located the file s location click START to start loading the saved configuration into the VPN Internet Gateway System Tools UpgradeFirmware The upgrade firmware screen allows you to upgrade the latest firmware into your device EtherRo uter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS HELP Main menu UPGRADE FIRMWARE INTRUDER BETS EOS Enter the firmware file path into the box and click START to ETE proceed with the new firmware upgrade ROUTING TABLE SYSTEM DIAGNOSTICS y Firmware Upgrade File Al SAVE SETTINGS LOAD SETTINGS UPGRADE FIRMWARE o z S gt EI RESET DEVICE Logout Copyright 2003 65 Parameter Description Firmware Upgrade File Enter the new firmware s file path into the box provided and click START to start upgrading the new firmware into the VPN Internet Gateway You can also use the Browse button to find the new firmware file System Tools Reset Device Reset the Gateway if the Gateway stops responding correctly Yoursettings will not be changedThe Reset Device screen allows you to essentially restart reboot the device Click on the START button to restart reboot the device EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTE
66. ve your current settings to a file Then click save to save this configuration file to your disk You can reload the saved configuration back into the Gateway in the Load Settings System Tools section VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS Main menu SAVE SETTINGS INTRUDER DETECTION LOG click save this file to disk in the browsing wizard DISPLAY ROUTING TABLE SYSTEM DIAGNOSTICS SAVE SETTINGS LOAD SETTINGS UPGRAD FIRMWA RESET DEVICE Logout Copyright 2003 63 EtherRouter Cable xDSL Broadband VPN Router HELP Click Save File to save your current settings to a file Then System Tools Load Settings The Load Settings screen allows you to load the factory default settings to your device and load settings previously saved configuration files to your device The Load Settings section consists of 2 sections as described below Load Default Settingsand Load Settings From File EtherRouter Cable xDSL Broadband VPN Router VPN Internet DEVICE DEVICE SETUP ADVANCED SYSTEM Gateway INFORMATION STATUS WIZARD SETTINGS TOOLS HELP Back LOAD DEFAULT SETTINGS LOAD DEFAULT SETTINGS Load Default Settings will load the factory default settings for Sc the device Please click on the START button to proceed LOAD SETTINGS FROM FILE Logout Note The Device IP Address will be reset to 192 168 2 1 af
67. y disconnect with your ISP Optional If your ISP requires you to input an IP address then please input the IP address here Otherwise leave it as the default setting 0 0 0 0 Optional Some modems require specific communication strings This section allows you to specify strings on the router so that it can communicate with your modem if required H you would like to change the baudrate speed you can do so in the Baudrate Settingsield Please refer to your modem s or ISDN TA s manual for more information in the above information click Next to EtherRouter VPN internet Gateway Main menu TIME ZONE SETTINGS DEVICE IP SETTINGS ISP SETTINGS ISP ADDITIONAL SETTINGS MODEM SETTINGS VPN SETTINGS SAVE amp RESTART Logout DEVICE INFORMATION Cable xDSL Broadband VPN Router DEVICE SETUP ADVANCED SYSTEM STATUS WIZARD SETTINGS TOOLS BES MODEM SETTINGS Y Dialup Modem When Cable xDSL is not connected ISP Phone Number 012345678 User Name fabc Password Lee see see Retype Password Jee ssssse Idle Time no idle timeout If your ISP requires you to input IP Address please input the IP Address Otherwise leave it as default settings 0 0 0 0 External IP o To Jo To MODEM STRING SETTINGS Baudrate Settings 115200bps 28 8kK 33 6K 56K modem or ISDN TA Pre Initial String AT Initial String AT 5051 Dialup String JATDT NOTE Plea
Download Pdf Manuals
Related Search