Bintec-elmeg Elmeg T444
Contents
1. Things to note for this configuration PABX In its initial setting the PABX system is pre configured for address assignment via DHCP You need to choose an ISP To do this follow the instructions given in the manual or the brochure On the fast track to the Internet Note When delivered the DHCP server is already activated and pre configured If required you can define the start ad dress first IP address allocated by DHCP and the maximum number of LAN clients PCs LAN Client PC Configuration PCs with operating systems starting from Windows 98SE are already correctly configured in their standard settings for address assignment via DHCP If other means of Internet connection for example modem or an ISDN card have already been configured on the LAN client PC observe the information given in the section Settings in Internet Explorer Internet Options with Windows in this manual Note Please keep in mind that any changes made to the Windows network settings may have serious effects on the LAN clients PCs Other methods of connection or applications may also be affected by these changes In the event that your network settings have already been changed contact your system administrator You may have to backup all of your data The configuration presented in the following represents only one of many possibilities These settings are recommended However depending on the infrastructure of your environment it may be meani2. Switch HomePN optional module not included in standard supply scope of system or a USB port LANI sets itselfautomatically from 10 Mbit s half duplex up to 100 Mbit s full duplex to the maximum data trans fer rate of the remote location PC These PCs are also part of your local network and can for example exchange files or take advantage of the Internet connections via the router All LAN clients that are linked are integrated into the local network via the TCP IP proto col Further PCs can be linked to your network via RAS access Here the IP address is always assigned by the telephone system even when the DHCP server is de activated Under Address assignment in the configuration program you can de activate the DHCP server and input the starting address for RAS The following 11 IP addresses are then auto matically reserved for RAS Using the Remote Access Server RAS a field representative for example can call into thelocal network from an ex ternallocation and then via the local network access the Internet Access from an external location is only possible via an ISDN connection External access is provided with user name and password protection Ifthe callis made from an externallocation only the phone number can also be monitored as an added protection feature Note that this access portal is not protected by a firewall Note Please note the further instructions given in the operator s manual of the PABX system for co
3. from a port scan program SSH Filter This filter permits the use ofthe 443 service programme on computers in the Internet by enabling packets to port xxx for outgoing connections and incoming packets from that port to non privileged ports TELNET Filter This filter permits the use ofthe telnet service programme at computers in the Internet by enabling packets to port 23 for outgoing connections and incoming packets from this port to non privileged ports P2P Filter This filter allows peer to peer P2P file sharing software to be used The following ports are enabled to provide one single filter for the various P2P systems Incoming packets from port 80 to non privileged ports from port 1214 to non privileged ports from non privileged ports to port 80 from non privileged ports to non privileged ports Outgoing packets from non privileged ports to port 80 from non privileged ports to port 1214 from non privileged ports to port 4661 from non privileged ports to non privileged ports With this filter the firewallis wide open Gaming Filter Usethis filter to play Internet games The following port enables have been provided Incoming packets from port 7002 to non privileged ports for TCP from non privileged ports to non privileged ports for UDP Outgoing packets from port 7002 to non privileged ports for TCP from non privileged ports to non privileged ports for UDP Realplayer Filter Thi
4. proxy assumes a surrogate function for the local network LAN in a different external network Here the DNS proxy accepts the name queries from the LAN client and submits them to the external network e g Internet as its own queries The proxy then takes the response from the external network and forwards it to the LAN client that pla ced the original query In addition the result from the query is stored for a defined time configurable to answer any subsequent queries of the same type Dynamic DNS Using Dynamic DNS you can also offer your own Internet services e g WEB FTP or e mail servers Usually you must have a fixed line or a set IP address for this so that you can always be reached at the same URL For example www bintec elmeg com Youare assigned a new IP address by the ISP each time you dial in to the Internet however Using Dynamic DNS you can link this automatic dynamic IP address with a set name The router will then inform your Dynamic DNS service provider e g www dyndns org automatically of the new IP address Internet enquiries for your Web services are then automatically forwarded to your dynamic IP address via your service provider Using Dynamic DNS Configurean Internet address URL ata Dynamic DNS service provider For example at www dyndns org configure the address www my homepage dyndns org Configure the LAN client ofthe network in which you wish to offer your Web services with a set IP a
5. 0 0 0 0 0 from port 80 to non privileged ports for the WAN address of the PABX system Configuration example for a portmapping entry into the firewall for the ssh protocol The ssh protocol secure shell is used among other things for web server administration or to implement VPN tun nels Data can betransferred encrypted using the ssh protocol not significant for configuration ofthe firewall howe ver Normally port 22 of the TCP protocol is used In the example shown here the web server in your LAN has the set assigned IP address 192 168 1 42 Administration access should be provided for this web server in your LAN via ssh from the Internet Please note that you also require equivalent filters for Port 80 if the contents of the web server are to be accessible from the Internet You must generate three rules for the firewall based on this information with the default setting Response by last fil ter rule discard ssh MAP This filter routes incoming packets from any IP addresses and non privileged ports to the Internet end IP address of the telephone system router unit to the computer with the IP address 192 168 1 42 Port 22 is retained ssh WAN in This filter permits passing of incoming packets from any IP address and non privile ged ports to the Internet end IP address of the telephone system router unit ssh WAN out This filter permits outgoing packets from Port 22 to pass through the WAN interface i e the connecti
6. nedas set permanent IP address Edit or supplement the settings for network mask gateway and DNS server as appropriate Refer to the parameters thatare to be setin the sample configuration with mixed ad dress assignment or in the sample configuration with set address assignment on the following pages Confirm your settings by clicking OK Note Also follow the instructions given in the documentation and the Help function of your operating system Note A further option available is assigning a portion ofthe IP addresses manually and having the remaining addresses allocated by DHCP Ensure that theIP address for the router and any manually assigned IP addresses are notlocated in the range for available DHCP addresses Configuration examples Sample configuration of a network with mixed address assignment Sample configuration of a network with mixed address assignment Set IP addresses and IP addresses allocated by DHCP NT NT Splitter Connection for the service provider Modem External HUB Switch by means of LAN2 100 MBit s Network PC 4 at HUB Switch Network PC3 at the HUB Switch Network PC2 at the HUB Switch PC 1 at USB port 6 9 0 99009 IP address forthe PABX 192 168 1 250 Subnet mask 255 255
7. 23 Filter nllo A EGS 25 Gaming Filter E eae Be S Ga 27 ror Filter y yane dadig a n aa e A aos ya GREE ae e ida 28 Mediaplayer lt BUSES 0 na 397 do je RES ii A diede UAR ey MERE do den dee 28 Filter updates esse sze Soho n bh Be SER a d p RAE i mE SG drm rar 28 Introduction Router of the PABX elmeg T444 elmeg T484 The PABX elmeg T444 elmeg T484 is equipped with an integrated router You can provide access to the Internet and network several PC via this router What is a router A router allows LAN clients computers PC within a network of one network LAN to obtain access to a different network for example Internet Access to the Internet is made available by various Internet service providers ISP In this process the router searches for a path on which data can be exchanged between the LAN clients in the local network and the Internet Linking to the Internet can be carried out via an xDSL and or an ISDN connection Router of the PABX system The PABX system router is equipped with a WAN xDSL and a LAN port The PABX system is connected to another network for example the Internet via the WAN xDSL port You can hook up a DSL or cable model for connection to the Internet The LAN ports are for your local network Here you can directly connect up to two PCs equipped with built in net work cards If you wish to network more than two PCs you can do this using an additional HUB
8. 255 0 Start address DHCP 192 168 1 50 Number of DHCP addresse20 PCI Fixed IP Gateway DNSserver Subnet mask PC2 Fixed IP Gateway DNSserver Subnet mask PC3 IP via DHCP Gateway DNS server Subnet mask 192 168 1 91 192 168 1 250 192 168 1 250 255 255 255 0 192 168 1 93 192 168 1 250 192 168 1 250 255 255 255 0 192 168 1 50 transmitted automatically via DHCP transmitted automatically via DHCP transmitted automatically via DHCP transmitted automatically via DHCP Sample configuration of a network with mixed address assignment Configuration examples PC4 IP via DHCP 192 168 1 51 transmitted automatically via DHCP Gateway transmitted automatically via DHCP DNS server transmitted automatically via DHCP Subnet mask transmitted automatically via DHCP Sample configuration of a network with set address assignment IP address for the PABX 192 168 1 250 Subnet mask 255 255 255 0 Startaddress DHCP DHCP server is off NumberofDHCP addresses DHCP server is off PCI FixedIP 192 168 1 81 Gateway 192 168 1 250 DNS server 192 168 1 250 Subnet mask 255 255 255 0 PC3 Fixed IP 192 168 1 83 Gateway 192 168 1 250 DNS server 192 168 1 250 Subnet mask 255 255 255 0 PC4 Fixed IP 192 168 1 84 Gateway 192 168 1 250 DNS server 192 168 1 250 Subnet mask 255 255 255 0 PC5 FixedIP 192 168 1 85 Gateway 192 168 1 250 DNS server 192 168 1 250 Subnet mask 255 255 2
9. Depen ding on how many clients PCs are connected the IP address lies within a range from 192 168 1 50 to 192 168 1 69 When these values are displayed the network adapter and the Windows network settings have been configured correctly The value for the physical address is different for each network adapter The values for thelease depend on when the PC is switched on If other data are shown this may be due to the following reasons Changes have already been made to the initial setting for the PABX system in the Professional Configura tor The Windows network configuration for the client PCs does not correspond to the factory settings De fault setting Current IP address of the pabx as gateway DHCP server and DNS server Check your installation as descri bed in the operator s manual for the PABX system Installation and Commissioning section The TCP IP protocol is not installed on the PC or it has no link to the network adapter connected to the PABX system Checking the TCP IP Configuration Windows XP Openthe Windows XP network connections Select the network adapter connected to the pabx by pressing the right mouse button Then click Status Name Typ Status Geratename LAN oder Hochgeschwindigkeitsinternet A LAN oder Hochges Aktiviert elmeg USB Remote NDIS Network Device Deaktivieren Status Repareren Verbindungen berbr cken Verkn pfung erstellen L schen Umbenennen Eigen
10. Internet Explorer inputting an Internet URL and confirming with Enter when requested to do so by an application default setting Checkto ensure that automatic connection to the Internet has been de activated see Configurator Net work Internet the connection must then be established manually via the elmeg ControlCenter The PC is linked to the PABX system via USB Using the Windows 98SE ME 2000 XP operating systems you can only run one LAN client PC at the USB port ofthe PABX system The required USB driver is installed automatically when you initially connect the PC with the PABX sys tem This driver is located on the CD supplied with the system After installing the USB driver successfully follow the procedure for Ethernet LAN clients Note The USB driver supplied with the system RNDIS islocated in the device manager of the Windows control panelas a virtual network adapter Communication between the PABX system and the PC connected via USB is effected via the TCP IP protocol Data for LAN CAPI are also transferred using this protocol Checking the TCP IP Configuration The examples described below are base on the recommended network configuration with automatic address alloca tion Whatthis means is that the LAN clients get their IP address via DHCP IP address fetched automatically and that the DHCP server in the PABX system is switched on initial setting Windows 98SE ME Startthe progr
11. P C 1 Router of the PABX elmeg T444 elmeg T484 llle 1 dcs ce reia Ten Ge TR a a OS Ee a o TE a 1 R uter of the PABX SYSTEM tour pi woect pic poten ese dide ehe b oun psc ded ao ee oin dod 1 Which Internet c tine tionsz te SUPPORT o to do ACC e cec o coe cei c 4 908 1 Dial in into the LAN RAS aiia deed HECHO oe A A 2 RAS Callback o ounce RAR CREER OR CAN IC eed GR doo C qi n oc t GU e Kec t d E 2 DHCP server and IP address alocado susi ac eig deb sS s s go Ac PCR RT a e en 3 Direct connection DHCP eR rs 3 Default setting of the PABX uuu ua eh edhe CoS eod Rob RR ee a 3 Default IP addresses for the localarea network via ase x X 9x ES 3 Whatare IP addressesand subnetwork masks 4 4 46 dux RR AS ac er 4 Example wit iG PABX uod ket o4 OS SEGRE bb hd de CERE AR aea epg T ated 4 Router ORCOS s lt 6 haat earth oe oodd on eda Rid oh te eta Ea oe op oed e Automatic Tarermet access fallback a o sida oo OS dc RAR ASA TR DE DEE Rd d beu ade 4 Short P O ING He Ew He Gag Gk ae Sat 4 Dynamic ISDN LT 4 DECESO A dep qo ded ED EES GEESE EEE SEES 5 rcs e ia ok oh A EE EAS EA RE PARAS 5 logo C P DTI 5 Dynamic DNS s se v ucioq qd goa e ee RAN Que dea e SUR A e RUE E 6 Router control via system PHONE uua acre xx EA A ORG e Bp a d e d 8 Status display CAPI TAPIin the ControlCenter rin were dr xp BES Ro OX bo ORR OY c 8 Configuration examples uuu ex cm era ERR GONE So Pup
12. POR X UR wo RO RO 9 Address assignment by DHCP Recommended configuration Default setting 9 Things to note for this COMBO sias uox CR e Rote Rob dede oer AO Oei a Raed D 96e de go 9 Address assignment without DHCP set mixed IP addresses 0 ee 11 Things t note for this config ration E sz ung qd brace e a s 12 LAN Cli nt PC Configurations soss eem a de dr She s va aiat ee de dde Be Ho ge e d eq m dea 12 PC settings in Windows Operating systemi ia sae odia e REX GO Ew de alk P ORO OR ed 12 Sample configuration of a network with mixed address assignment 14 Sample configuration ofa network with set address assignment ooo momo 15 Checking the LAN clients PCs usua ded ER AR RARA AAA 16 Configuration for Windows 98SE ME 2000 XP clle 16 Checking the TCP IP Configuration lt so eR R9 E 17 Windows 2658 ME ucc acci O A 17 Windows 2000 P Nr gee cia E Ao aah Rasa E 17 Windows e 19 Configuring Internet access on a PC iiu der RO odor dk E oe OR RC RR Ro Rc ee 20 Internet Explorer settings WindowsInternetoptions leen 20 Configure firewall filters seges 46 s s2 23425608848 sv ll 22 Basic information about firewall configuration oos oho hr oh do X UR ee wa 22 Four place holders are provided to achieve an abstraction whendefiningthefilters 23 You can configure the following parameters sse ede Rae a
13. also specified to you by your provider for example number IP address and DNS server The ISP that you wish to use for your Internet connections is set in the configuration of the PABX system You can configure up to 10 ISPs You can then define further settings for each ISP such as user name password phone num ber etc You can also define whether the connection to the Internet is to be set up automatically default setting and that the next ISP in your list is to be selected once the connection has been established fall back When the PABX system router receives the command to establish an Internet connection this connection is set up using the first ISP in your list If the connection is set up successfully all of the clients in your network can access the Internet If the Internet connection is no longer needed inactivity it is terminated after a defined time Ifan Internet connection can not be set up using the selected ISP an attempt is made to establish the connection using the next ISP in your list fall back When an Internet connection is terminated the first ISP in the list is used when the next connection attempt is initi ally carried out Note For more information about configuring ISPs and establishing an internet connection refer to the operator s ma nual of your PABX Note If hubs are installed in your network for example or if a connection to the Internet still exists data packets may continue to be sen
14. before you begin configuring the fire wall If your knowledge about this is not so in depth we recommend using a filter wizard The firewall functions like a chain of rules through which each IP packet is routed If a rule applies to a packet the action associated with this Filterwizard version 1 13 international Please select the compatible filters for your router The resulting filter table will be generated automatically and is available for editing by you r Secure system privileged ports Active FTP Closes firewall for critical connection on default requests DoS from the internet r IP Spoafing Blocks packets with fake on default IP addresses helps to avoid hacker off attacks r DNS Enables the resolution of URLs on default webaddresses into IP addresses C off Very important switch it on Enables active ftp transfers does C on not affect downloads with off default webbrowses these are using passive ftp m Passive FTP Enables downloads using ftp protocol Ce amp g with webbrowser c z defaut HTTP Enables intemet surfing and http downloads with or without port 8080 on default proxies Make sure to switch DNS C oit l Finish Cancel rule will be executed allow deny or execute port map All rules are given in the list under Net work Filters Please note that for certain confi gurations the orde
15. 55 0 Checking the LAN clients PCs Configuration for Windows 98SE ME 2000 XP Ifa connection to the PABX system or to the Internet can not be set up you can check the configuration of the LAN clients PCs based on the following information Note The procedure described here assumes that you are using the recommended configuration with address as signment by DHCP The PC is linked to the PABX system via Ethernet LANI jack Checkto ensure that the network adapter Ethernet adapter Home Phoneline Networking Adapter or USB installed in the LAN client PC is connected properly to the PABX system The connection status is displayed by the LEDs of the PABX A description of the LEDs is given in the operator s manual for the PABX system Checkto ensure that the PABX system has assigned an IP address to the LAN Client PC see page in secti on Checking the TCP IP Configuration Checkto ensure that an Internet service provider ISP has been configured in your PABX see operator s manual for the PABX leaflet On the fast track to the Internet or the online Help function of your PABX system Checkto ensure that the Internet browser s has have been configured correctly in your PC see Page in section Settings im Internet Explorer Internetoptionen of Windows fyou have made the settings as described above the telephone system will establish a connection to the In ternet automatically e g by opening the
16. NS queries can pass through the firewall when this filter is de activated Active FTP Filter Together with the corresponding software module in the firewall this filter permits active FTP Active FTP differs from passive FTP in that the FTP server sets up a connection for data transfer at the request of the clients applies both to the response to the FTP command ls and to the file transfer proper The problem here is that the connecti on setup by the FTP server is made at any non privileged port thus requiring that a large region of the firewall be enabled Outgoing connections at ports 20 and 21 and incoming ones from these ports to non privileged ports are enabled Passive FTP Filter This filter permits file transfer via FTP with the connection always being established by the FTP client Outgoing connections to port 21 and incoming ones from this port to non privileged ports are enabled HTTP Filter This filter permits Web browsing by enabling packets to ports 80 and 8080 when using http proxies for outgoing connections and incoming packets from these ports to non privileged ports HTTPS Filter This filter permits secure Web surfing by enabling packets to port 443 for outgoing connections and incoming pa ckets from this portto non privileged ports The https protocolis frequently used for home banking and online shop ping http connections are used for transfer of secure packets using encryption HBCI Filter Thi
17. This place holder represents the WAN address for the router that is assigned dynami cally by the ISP when PPoE or PPP is used Dynamic allocation allows an IP address to be assigned from the inventory of your ISP for the WAN port each time a connection is set up to the Internet The WAN address can not be entered as an absolute value for fil ter configuration when you are defining the configuration PPPoE is required for T DSL for example PPP is used for Internet connections with ISDN dial in If you have been assigned a set public IP address by your provider for your Internet access this address will be used for WAN ADDR The firewall is adapted automatically in accordance with the defined rules after the IP address is assigned to the WAN port or ISDN channel Represents all WAN addresses located in the same IP subnetwork as the WAN port This parameter is currently not used and will not be significant for future software updates You can configure the following parameters Name ofthe filter Action TCP Flag Protocols Interface Connection Source address definition Each filter must be assigned a unique name Select a name for the filter that uniquely describes the function for that filter this will make it easier for you later if you wish to change any filters The following options can be selected allow deny discard and portmap When al low is selected all packets which correspond to the parameters of the assoc
18. ailed description of the options available in the Filter Wizard in an easy to read format see following tips and hints If newer versions of the description files are available there you can download these to your PC existing files are overwritten The description files are located in the subdirectory filterinfo that can be found in the installation di rectory for the configuration software for your telephone system for example C WIN ToolsTools V6 02x the files filterwizardtab txt and Filter_Info txt are also located here When you then restart the Filter Wizard from the configuration software and click the button Restore standard the new filters will be available immediately Filter update Configure firewall filters Note If the Restore standard button is grayed out you must first modify one of the given filter settings activate or de activate any given filter before this button is activated Thebutton Help is located in the configuration branch Network Filters The text that is displayed when you click this button is taken directly from the file Filter Info txt allowing the Help function for the Filter Wizard filters to be updated without performing an overall software update Index A Address assignment by DHCP 9 10 11 12 13 Automatic Internet access 4 B Blocking Internet access br n 8 C CAPI im LAN o xro ae eg ka sued 7 CE marks vs eszes owe demo
19. am Winipcfg Select Run inthe Windows start menu Enter winipcfg into the input field and click OK to confirm Finally press the button More info E IP Konfiguration Id f Current IP address of the pabx as DNS ser Hosting E Hostname WNSLAPS ver DNS amp ewer 1921691250 4 rero Bd 2 Select the network adapter connected to NeBlOSBeeichslD j the pabx IP Roubng aktiviert WINS Prowy aktiviert Wee bee 3 Current IP address of the network adapter Ethernet Neteweikkatteninf 1 I AC UM FE5748 3Com Megahertz 10 100 LAN PEC Sed y client Neizwekkatenadesse ODODESEFDZBA 4 Current IP address of the pabx as gateway IP Adresse 19168150 3 CO ea and DHCP server Standard Gateway 192 168 1 250 DHCP Server 19216812580 Erster WINS Server Zweiter WINS Server IP Adresse erteik am 31 07 02 09 54 16 IP Adresse g ltig bis 31 07 02 10 54 16 CEST Freigeben Aktualisieren Alles freageben Alles aktualisieren e The values shown in the screen shot are set as defaults for the initial settings of the PABX system Depen ding on how many clients PCs are connected the IP address lies within a range from 192 168 1 50 to 192 168 69 When these values are displayed the network adapter and the Windows network settings have been configured correctly Should the program Winipcfg show other values click the buttons Enable everything and then Update everything If Winipcfg
20. an be provided with a major portion of the configuration required for LAN and Internet access via the DHCP Dynamic Host Configuration Protocol The DHCP server integrated into the PABX is capable of supplying corre sponding configurations to up to 100 PCs clients IP addresses are dynamically allocated to the clients The DHCP server task of the PABX system is activated in the initial status of the PABX You can configure the integrated DHCP server under Network address allocation You can configure the first IP address assigned by the DHCP server The required number of IP addresses is assigned to the PCs DHCP clients in ascending order Eleven additional IP addresses for the DHCP server are always reserved for PCs that are integrated through RAS re mote access server into the local network If the integrated DHCP server is activated the 1 1 IP addresses which come after the configured DHCP address range are used for RAS clients When the DHCP servers are de activated the 11 IP addresses that come after the set DHCP start address will be used for RAS clients Direct connection DHCP This setting is used to utilize a direct WAN connection with automatic allocation of the IP addresses via DHCP In this case theIP address is notassigned by your PABX system router but by the network in which the router is integra ted The router DHCP must be de activated in the configuration for this Default setting of the PABX Default IP addresse
21. bintec elmeg Teldat Group Company elmeg T444 elmeg T 484 elmeg Router English Declaration of conformity and CE marks This device meets the requirements of the following EC directive R amp TTE 6 3 EG C Directive 1999 5 EC of the European Parliament and ofthe Council of9 March 1999 on radio equip mentand telecommunications terminal equipment and the mutual recognition of their conformity You can also request this EC declaration of conformity at the following Internet URL http www bintec elmeg com posed of separately from normal domestic waste at an appropriate waste disposal facility at the end of its useful service life You will find additional information on an individual returning of the old appli ENEN ances under www bintec elmeg com et The waste container symbol with the X through it on the device indicates that the device must be dis bintec elmeg GmbH All rights reserved Reprinting of this document even excerpts is permitted only with the express consent of the publisher and with pre cise source information regardless of the media used mechanical or electronic Function descriptions included in this documentation which refer to software products of other manufacturers are based on the software used and valid at the date the documentation was prepared or published The product and company names used in this documentation may be protected by trademarks Table of contents Introduction
22. cally to use for the Internet connection This function is available for inco ming and outgoing voice links This performance feature requires that the ISDN Speed Manager be installed or that Internet access is made via the router The Speed Manager is included in the T Online installation Completion of call to busy subscriber You can not be reached by an external telephone call when you are surfing the Internet and are using two B channels for downloading As signaling of a further call is made via the D channel your telephone system has the capability of specifically de activating one B channel depending on current settings so that you can take a call You can define the following settings in the PC Configurator Rejecting a call The caller will hear the busy signal and both B channels remain active Internal MSN extension number One B channel is de activated the call briefly hears music on hold see also Page and the call is signaled at the sub scriber entered under Internal number This terminal device may not be located on the same ISDN bus or at the same USB port as the PC Forwarding Call Deflection to an external extension number One B channelis de activated and the call signaled at the subscriber entered under External number You can also have the call forwarded to an external subscriber by the exchange allowing both B channels to remain active Calls can also be transferred for example for T NetBox or c
23. continues to show other values after this this may be due to the following reasons Changes have already been made to the initial setting for the PABX system in the Professional Configura tor The Windows network configuration for the client PCs does not correspond to the factory settings De fault setting Faulty installation ofthe network adapter in the client PC or the network adapter is not connected pro perly with the PABX system Check your installation as described in the operator s manual for the PABX system Installation and Commissioning section The TCP IP protocol is not installed on the PC or ithas no linkto the network adapter connected to the PABX system Windows 2000 Start ipconfig Select Run in the Windows start menu Enter cmd and then click OK to confirm Enter the command ipconfig all and then press Enter to confirm D Select the network adapter connected to the pabx men TITTEN NIVIY 2 Current IP address of the network adapter lt C gt Copyright 1985 1999 Microsoft Corp A C x gt ipconfig all client nis quium 3 Current IP address of the pabx as gateway E DHCP server and DNS server 3Com EtherLink XL 10 100 PCI TX NIC BB A0 24 59 64 43 X 132 168 1 58 255 255 255 0 192 168 ZE 250 1 2 H ust 2002 14 35 04 Freitag 9 dam t 2002 15 35 04 The values shown in the screen shot are set as defaults for the initial settings of the PABX system
24. ddress For example let s say we wantto configure a Web server with the IP address 192 168 1 200 Activate the Dynamic DNS function in the router and enter the Internet address URL for your Dynamic DNS provider in the example here www dyndns org Add the necessary filters in the firewall to allow the PC with the Web services to be reached from an external location Configure port mapping for Port 80 HTTP protocol to IP address 192 168 1 200 Configure the filters that permit incoming and outgoing WAN connections at Port 80 Therouter will automatically inform your Dynamic DNS provider of your current dynamic IP address each timea connection is setup with the Internet The information about the IP address is transferred after set ting up a new Internet connection as well as during an ongoing Internet connection A PC in the Internet enters the address URL www my homepage dyndns org In this way it reaches your Dynamic DNS service provider Your service provider reroutes the connection to your current dynamic IP address Any incoming connection is handled in accordance with the configured filters In the example given here theincoming WAN connection at port 80 is forwarded to the LAN client with the IP address 192 168 1 200 The available Internet sites of your Web server are displayed on the external PC NAT NAT Network Adress Translation protects the connected LAN clients against attacks from the Internet Here the int
25. des kb be S B Checking the LAN clients uuo rh 16 Configuration examples 9 10 11 12 13 14 15 16 Configure firewall filters 22 23 24 25 26 27 28 29 Configure Internet access on a PC 20 21 Configuring firewall filters saa Re dk arado Se andes 22 23 24 25 26 27 28 29 Configuring Internet access ona PC 20 21 Connection test 8 D Declaration of conformity B Default setting oors enc otk ee RARIOR a 2 DHCP Serye cora aaga LES Send IOS es 3 5 Dial in into the LAN 2 Direct connection DHCP 3 DNS SOVET a ug osos e UE REC SU 5 DNS PIOXY 23232 ERES 645 5 Dynamic DNS us de ge aac age deb a o 6 Dynamit ISDN exire eeri na 4 Dynamic ISDN for outgoing calls 5 F Fallback cere ca 4 Filter Wizard 25 26 27 Firewall io de tee e ee G2 6 I Internet Explorer settings 20 Internet options of Windows 20 Internet connections 1 IP address allocation 3 IP addresses 0 0000 eee 4 L LAN CABL os See eked Sie eum eae Se x 7 LAN TAPI s uad eed Coke eee SG 8 LED Settings cus eek ders dae sus s 8 N BAT a gata xo BRS Se Eee Da px 6 Network Address assignment without DHCP 11 mixed address assignment 14 15 with DHCP address allocation 11 P Packet Filter Firewall 6 Parliament A B P rtmapping uires ee wee E ho
26. e The TCP IP protocol is not installed on the PC or ithas no link to the network adapter connected to the PABX system Checking the TCP IP Configuration Configuring Internet access on a PC Configuring Internet access on a PC Ifyou have used the Windows dial up network for Internet access up to now this connection was always established asa Dial up connection analog or ISDN Set up and termination of an Internet connection was initiated automa tically by the programs If you set up an Internet connection via the PABX system router this represents a normal network connection for each PC Ifa PC wants to use an Internet connection the network router which acts as a gateway and establishes con nections to other networks is informed of this The router in our example here the PABX system then sets up a con nection to one of the Internet service providers that has been configured As defined in the configuration for the PABX system this connection is established terminated automatically The Internet service provider is configured using the PABX system s Configurator Internet Explorer settings Windows Internet options Thefollowing description illustrates the settings for Internet connections for the various operating systems Proceed as described below for your operating system and activate the corresponding option Windows 98SE Start Menu Settings Control Panel Internet Options Connections Windows ME Start Menu Sett
27. ell phone without a B channel of the telephone system being allocated Normal call distribution One B channel is de activated and the call signaled at the subscriber entered under Call allocation for the External number Dynamic ISDN for all outgoing calls You can not make an outside call if you are surfing in the Internet while using two B channels for downloading Ho wever depending on the PC configuration your telephone system does have the capability to specifically de activate one B channel so that you can make calls while connected to the Internet DHCP server PCs can be provided with a major portion of the configuration required for LAN and Internet access via the DHCP Dynamic Host Configuration Protocol The DHCP server integrated into the PABX is capable of supplying corre sponding configurations to several PCs LAN clients IP addresses are dynamically allocated to the clients This mode is recommended to dispense with the complicated manual configuration of the IP addresses for the PC that would otherwise be required DNS server The DNS server Domain Name Server has the task of establishing names within a network In this process the IP ad dresses ofthe PCs e g LAN clients are transformed into names You must therefore know the name and not the IP address ofa PC that you wish to access or are searching for The DNS server can also establish names that are not in cluded in the local network DNS Proxy
28. er control via system phone Starting with Version 4 you can configure a function key on system telephones CS290 CS410 CS400xt for control ling the router LED Settings Through PABX system configuration you can de activate the LEDs except for the On LED When you re activate the LEDs the ISDN LED may indicate a false status You should therefore disconnect the external ISDN port for a brief period from the NT Status display CAPI TAPI in the ControlCenter Information used for monitoring the CAPI TAPI functions can be displayed using the Control Center menu Indica tion of the associated function s is made only when TAPI and CAPI clients are installed on your PC e The number of TAPI licenses currently in use max 10 is indicated when there is a TAPI connection with the PABX system The number of CAPI licenses max 10 is indicated along with allocation of the internal and external B channels max 2 each when there is a CAPI connection with the PABX system Configuration examples Address assignment by DHCP Recommended configuration Default setting Address assignment via DHCP is the easiest configuration method for the PABX system and at the clients PCs You can configure a LAN client in the network such that it automatically receives its IP address from a DHCP server from the PABX system on startup In this case you do not have to enter an IP address or subnetwork mask in the con figuration of the LAN client
29. ernal IP addresses are not passed on to the Internet The router carries out the transfer to the Internet and distribu tes the incoming data packets in the internal system This only requires one external IP address The internal IP ad dresses are protected from attacks from outside The internal IP addresses can not be targeted by hackers as these IP addresses are non accessible Packet Filter Firewall The integrated filter firewall packet also provides you with enhanced security against attacks from the Internet A fi rewall acts as a logical wall for data packets between the Internet and the LAN which has holes for certain packets firewall rules also known as filters allowing these packets to pass through the wall The filters are described by ru les whose configuration requires expert knowledge about the TCP IP protocol family The firewall ofyour PABX sys tem can be easily configured using a Filter Wizard in which you need to indicate in plain text whether you wish to allow defined applications access to the Internet Portmapping You wish to access your PC from an external location via Internet Normally access via the firewall should be prohi bited When you use port mapping access to a router port that you have enabled is permitted from an external locati on The router then forwards the access request to the defined port ofthe PC in the network A fixed IP address must be assigned to this PC When the PC returns data packets
30. es In the event that your network settings havealready been changed contact your system administrator You may have to backup all of your data The configuration presented in the following represents only one of many possibilities These settings are recommended However depending on the infrastructure of your environment it may be meaningful to choose a different configuration Example Windows 98SE and Windows ME Open the Control Panel from the Windows Start Menu Open the Network folder e Select TCP IP and click Properties Now select whether the PC is to receive its address automatically from a DHCP server or if it is to be assig ned as permanent IP address Edit or supplement the settings for network mask gateway and DNS server as appropriate Refer to the parameters that are to be set in the sample configuration with mixed address as signment or in the sample configuration with set address assignment on the following pages Confirm your settings by clicking OK Example Windows 2000 and Windows XP Open the Control Panel from the Windows Start Menu e Under Windows 2000 open the folder Network and Dial up Connections Under Windows XP open the folder Network connections Right clickon LAN connection and then click on Properties e Select TCP IP and dick Properties e Now select whether the PC is to receive its address automatically from a DHCP server or ifit is to be assig
31. et would not be able to locate this other PC if itis not within its own network In addition the same subnetwork mask must also be entered at all LAN clients located within the same network Router functions Automatic Internet access fallback Several ISPs ISP Internet Service Provider can be set up in the PABX Connectivity to the Internet is provided via the WAN port e g DSL port or via an ISDN port If required connection to the Internet can be set up automatically If your selected ISP is not available the next ISP in the list will be selected automatically Short Hold Short Hold means that the PABX system terminates the Internet connection automatically after a configurable time period when there is no exchange of data from to the Internet inactivity You can set this time separately for each ISP that you have configured This can result in increased connection costs with frequent short excursions into the Internet for example for pi cking up e mails as the connection is always maintained for the duration of the set holding time Dynamic ISDN Higher data transfer rates can also be achieved for Internet access via the ISDN connection by bundling the two B channels for the connection If an Internet connection with channel bundling is active and a B channel is needed for telephony or fax messages one B channel is disconnected from the Internet connection On completion of the voice connection the B channel reverts automati
32. he configuration carried out by the Wizard The rejection rules mentioned above are nevertheless retained to reject packets used in certain attacks at the earliest possible stage to prevent the packets from passing through the entire chain of filter ru les this enhances firewall performance in the event of a real attack Example for predefined filters in the filter wizard Help for the various filters contained in the Filter Wizard can be found in the file Filter Info txt in the Win Tools installation directory e g C filesWIN ToolsTools V6 02 or by clicking the corresponding Help button Protecting the system This filter blocks the firewall against connection setups at privileged ports 0 1023 for TCP and UDP Most rele vant data services are offered via privileged ports establishing names file transfer etc IP Spoofing Blocking This filter blocks the firewall against fake spoof packets on the wrong side of the firewall As a result data pa ckets which would certainly belong in the LAN based on their IP address but would be routed to the port for the DSL modem by an attacker from the Internet are ignored same applies to ISDN links to the Internet DNS filter This filter permits establishing of names assignment of IP addresses to URLs by enabling outgoing UPD and TCP packets at port 53 as well asincoming ones from port 53 Longer replies and zone transfers are also permitted by en abling TCP No D
33. iated filter can pass through When deny is selected the corresponding IP packets are rejected and the sender of the packet is informed discard results in packets being discarded refused without the sender being informed The option portmap permits specific forwarding of packets with TCP and UDP protocols to the IP address of a PC in the LAN If a TCP connection is to be set up for example for downloading files certain bit sam ples are set in the packets involved with this the TCP flags The option connection in progress stands for the SYN flag the option connection established for the Established flag UDP TCP ICMP and all protocols can be selected as protocols The selection of the protocol can affect further options as for example there are no TCP flags available for UDP or no port for ISM while there are certain types of protocols available however Here you can define the interfaces for the correspondend filter At present the setting WAN is useful for most cases as all packets are allowed at internal interfaces with this setting Use this field to define the direction of the IP packet for which the configured filter is valid Possible parameters in out and in out bi directional Here you specify the source address for the IP packets for which this filter is valid Take into account any potential abstractions brought about by place holders Targetaddressdefinition Here you specify the
34. ings Control Panel Internet Options Connections Windows 2000 Start Menu Settings Control Panel Internet Options Connections Windows XP Start Menu Settings Control Panel Network and Internet connections Internet Options Connections Eigenschaften von Intemet o 2 xj Allgemein Sicherhe Inhat Verbindungen Programme Enveitet 2 Verwenden Sie den VeibindungsAssistenten E um den Computer mt dem Internet zu e verbinden p DFU Einstelungen j T Oriine Cal by Cal Standard Hinzuf gen interes Eigetehingen Keine Verbindung w hlen Nur wahlen wenn keine Netzwerkverbindung besteht C mener Standardverbindung w hien Aklueler Standard T Onine Call by Cal le Standard Dial up connections configured at the client are displayed here These connections are not required for accessing the Internet with the pabx Check Never You can use other devices besides your PABX system to hook up to the Internet You may have to se lect the option Dial whenever a network connection is not present There are no settings required under LAN Settings Configuring Internet access on a PC Checking the TCP IP Configuration es Netzwerk LAN Configure firewall filters You can only configure filters in the Professional Configurator User defined filters for the router integrated into the PABX system with packet filter firewalls can be configured u
35. ings present on the LAN clients PCs For information about this use the online Help function of the Configurator NT NT Splitter Connection for the service provider Modem External HUB Switch by means of LAN2 100 MBit s Network PC 4 at HUB Switch Network PC3 at the HUB Switch Network PC2 at the HUB Switch PC 1 at USB port 990990 99009 LAN Client PC Configuration You must make the following minimum settings manually e IP address for the LAN client PC Netmask Subnet mask which is also entered in the PABX router Paddress ofthe PABX system as the gateway interface to other networks for example Internet Paddress ofthe PABX system as the DNS server server that converts the Internet addresses into IP ad dresses Note Observe the instructions for address assignment given on the previous pages PC settings in Windows operating system The procedures described below deal only with examples which may differ somewhat depending on the operating system used and the configuration of the PC Note Please keep in mind that any changes made to the Windows network settings may have serious effects on the LAN clients PCs Other methods of connection or applications may also be affected by these chang
36. le given here this filter would counteract the configured functionality as the ssh port 22 is a privileged port We urgently recommend blocking all privileged ports that are not needed it may therefore be expedient to use the filter configured by the Filter Wizard that has been appropriately adapted or that is located at the appropriate position in the table Note If you are not sure which ports must be routed to the LAN PC for certain applications or for attaining defined user privileges in exchange networks using port mapping by your telephone system router enter the name ofthe appli cation and the terms port and firewall in an Internet search engine configuration instructions can usually be found quite easily in this manner You can reroute one single port or port ranges for example 4661 4665 using a port map rule Filter Wizard Thefirewallis configured such that all data packets for which no explicit rule filter exists which would otherwise al low the packets to pass are rejected This procedure makes the configuration of the firewall somewhat more compli cated but significantly reduces the probability of overseeing the blocking of some packets to prevent them from passing through the firewall Some filters contain rules for rejecting packets which would actually not be required for the selected basic configura tion of the firewall because the firewall would reject any packets not enabled by the filters based on t
37. lect the LAN Connection for the PABX by pressing the right mouse button Then click Properties Select TCP IP and click Properties Then specify that the PC is to receive its IP address automatically All other settings for example DHCP network mask gateway and DNS server should be de activated or blank The PABX system automatically transfers all required settings to the client PC via DHCP Confirm your settings by clicking OK Note Also follow the instructions given in the documentation and the Help function of your operating system If it is not possible to set up a connection to the PABX or to the Internet refer to the section Checking the LAN client PC configuration in this manual Address assignment by DHCP Recommended configuration Default setting Configuration examples Sample configuration of a network with DHCP address allocation Configuration of the PABX system in its initial settings NT o Q9 2 NT Splitter P 8 Connection for the service provider 4T 4 Modem Network PC 2 at HUB Switch ai 6 PC 1 at USB port IP address for the PABX 192 168 1 250 Subnet mask 255 255 255 0 Startaddress DHCP 192 168 1 50 Number of DHCP addresse20 PCI IP via DHCP 192 168 1 50 transmitted automatically via DHCP Gateway transmitted au
38. n der Network Filters Note We recommend configuring the firewall filters with the aid of the Filter Wizard to ensure configuration s appro priate for and compatible to the applications being used These filters provide protection against data packets from the Internet that may result in you being charged for certain connections The function for the Automatic connec tion setup for example may otherwise not always be ensured A port scan from the Internet usually the initial sta ge of a hack attack may sometimes occur the telephone system firewall then replies to this scan with Reject pa ckets But this may nevertheless result in data traffic that prevents automatic setup of a connection Note The filters available using the Filter Wizard have been implemented using the latest knowledge We can however provide no guarantee for the function of the filters Use ofa firewall should go hand in hand with use of virus scan ning software on all your PCs Firewalls and virus scanners cover different areas of data security and are an ideal compliment to one another but can not replace one another To configure self defined filters click the button New or change an existing entry in the filter list by double cli cking on that item An explanation of the filter function is given when you click on Help Basic information about firewall configuration It is important that you have detailed knowledge about the IP protocol family
39. ngful to choose a different configuration If you need to reset the Windows network settings to their standard default status proceed as follows Example Windows 98SE ME Open the Control Panel from the Windows Start Menu Windows 98SE Open the folder Network Windows ME Right click on LAN connection and then click on Properties e Select TCP IP and dick Properties Configuration examples Address assignment by DHCP Recommended configuration Default setting Note The network adapter connected to the PABX system must be linked to the TCP IP protocol which is a component of Windows You may have to manually add this protocol The network adapter may only be linked to the T DSL PPPOE protocol especially if a stand alone version ofthe T DSL driver has been installed Add the TCP IP protocol manually using the buttons Add Protocol Microsoft TCP IP Then specify that the PC is to receive its IP address automatically All other settings for example DHCP network mask gateway and DNS server should be de activated or blank The PABX system automatically transfers all required settings to the client PC via DHCP Confirm your settings by clicking OK Example Windows 2000 and Windows XP Open the Control Panel from the Windows Start Menu Under Windows 2000 open the folder Network and Dial up Connections Under Windows XP open the folder Network connections Se
40. nnecting a pcs Which Internet connections are supported You can set up a connection to the Internet with your PABX system as follows e Dial up connections via ISDN using PPP protocol with one or two ISDN B channels i e at 64 kbit s or 128 kbit s These types of connections require access data with the number to be dialed the user name and password and in some cases other information such as the IP address ofthe name server and any information about the data compression method that is used VJH e UsingxDSL for example ADSL T DSL in conjunction with a DSL modem that is compatible with your ISP via PPPoE These connections require your user name and password as access data UsingxDSL for example SDSL in conjunction with a DSL modem that is compatible with your ISP with a set publicIP address These connections require the public IP address that you have been assigned the IP address ofthe next gateway next hop and the IP address for the name server of your provider Tunneling Here data packets of one protocol are packed into the shell ofa different protocol to route them on to the Internet At the recipient the shell is then removed and the data packet routed on with the original protocol This tunneling is used to overcome incompatible networks or when taking into consideration se curity and cost aspects for example PPTP Normally you only need your user name and password as ac cess data Indicate all the data that is
41. on for the DSL modem or the ISDN dial up connection to the Inter net to any IP address and non privileged ports Filter name TCP Flag Interfa Action Protocol Connection SourceIP Sourceport TargetIP Target port ce NetBios block none WAN discard UDP out 0 0 0 0 0 137 139 0 0 0 0 0 any ssh_portmap none WAN portmap TCP in 0 0 0 0 0 22 192 168 1 42 22 ssh WAN in none WAN allow TCP in 0 0 0 0 0 any WAN ADDR 22 ssh WAN out none WAN allow TCP out WAN ADDR 22 0 0 0 0 0 any Note Asa result the PC in your LAN with the IP address 192 168 1 42 has no protection whatsoever from the firewall in your telephone system at Port 22 TCP You can restrict access options where required if access is to always be effec ted from an Internet connection with a set IP address for example T Interconnect Here any entries which con tain 0 0 0 0 0 should be matched to the known IP addresses ofthe remote location 0 0 0 0 0 is a global proxy address for all IP addresses Note If you wish to employ a combination of filters consisting of filters that have been generated using the Filter Wizard and your own custom filters or port map entries be sure to check the order ofthe rules in the table you can change theorder using the buttons up and down The Secure system filter which blocks all packets directed toward so called privileged ports is offered in the Filter Wizard In the examp
42. r of the filters can be of great significance for the functioning of the firewall Therefore after you mark a filter rule you can de fine the order of the rules in the table using the buttons up and down If no rule applies to the IP packet a super ordinate basic rule at the end ofthe chain decides on the action to be taken behavior by last filter rule This is why you must define the behavior for this super ordinate rule at the beginning of the filter configuration You can choose between Allow or Discard for this Discarding of the packet is generally a safe procedure as only those packets for which an explicit rule i e deliberately configured exists are authorized in such a configuration When defining the filters it is essential to take into account that basically all packets are permitted at all LAN ports LANI LAN2 USB port You therefore do not need to define filter rules for passing IP packets from the LAN to the PABX system router nor for their Return Four place holders are provided to achieve an abstraction when defining the filters LAN ADDR LAN NET WAN ADDR WAN NET Represents the LAN address for the router based on the default configuration i e 192 168 1 250 with the network mask 255 255 255 0 192 168 1 250 24 This place holder represents all of the LAN addresses based on the default configurati on i e 192 168 1 0 with network mask 255 255 255 0 192 168 1 0 24
43. rver What are IP addresses and subnetwork masks With the initial settings IP addresses and subnetwork masks are already set for the PABX system router Both of these values are each 4 bytes in length IPaddress 192 168 1 250 Subnet mask 255 255 255 0 The IP address is an address that is reserved for private local networks The subnetwork defines that this is a Class C networkin which up to 254 LAN clients can be linked Using the subnet work mask an IP address can be divided into the network address and the host address address of the PC Example with this PABX IPaddress ofthe 192 168 1 250 PABX IP netmask for the 255 255 255 0 PABX Network part ofthe 192 168 1 xxx IP addresses Hostpartoftheaddress x x x 250 First usable 192 168 1 1 netmask 255 255 255 0 IP address Last usable 192 168 1 254 netmask 255 255 255 0 IP address Youcanassign the available IP addresses to the individual LAN clients manually or have them assigned by the PABX system via DHCP No IP address may be used simultaneously by more than one client however With regard to the example given above this means that the address 192 168 1 250 may not be allocated again as it is already being used by the PABX system The network part of the IP address may not be changed as otherwise the LAN clients would not all be located within the same IP network A PC with the IP address 192 168 2 1 is located in a different network A PC from the PABX n
44. s filter makes it possible to use the RealPlayer for streaming audio and video The following port enables have been provided Incoming packets from port 554 to non privileged for TCP from port 7002 to non privileged ports for TCP from non privileged ports to ports 6970 7170 for UDP Outgoing packets from non privileged ports to port 554 for TCP from non privileged ports to port 7070 for TCP Mediaplayer Filter This filter makes it possible to use the RealPlayer for streaming audio and video The following port enables have been provided Incoming packets from port 1755 to non privileged ports for UDP from port 1755 to non privileged ports for TCP Outgoing packets from non privileged ports to port 1755 for UDP from non privileged ports to port 1755 for TCP Filter update As it may be necessary to provide an update for the firewall configuration to enable new applications or to fend off hacking attacks from the Internet for example the Filter Wizard operates using a descriptive file that you can easily update without necessarily having to update the software in your PABX your router or PC Check at regular intervals whether new description files are available names filterwizardtab txt and Filter In fo txt under http www bintec elmeg com These two files belong together The file filterwizardtab txt controls the behavior of the Filter Wizard the file Filter Info txt contains a det
45. s filter permits the use of HBCI for home banking by enabling packets to port 3000 for outgoing connections and incoming ones from this port to non privileged ports E mail send filter This filter permits transmission of e mails via SMTP sending e mails by enabling packets to port 25 for outgoing connections and incoming packets from this port to non privileged ports E mail reception Filter This filter permits transmission of e mails via POP receiving e mails by enabling packets to port 110 for outgoing connections and incoming packets from this port to non privileged ports ICMP all Filter This filter permits the ping program to be used for example to check the availability and accessibility of computers in the Internet and to measure the transfer time of IP packets to these computers This can be useful for example for locating the server with the most rapid response time for Internet games When you activate this filter you can also reach the router using the ping program but not any computer in the LAN behind i e downcircuit of the rou ter as theseare protected by NAT This filter enables all ICPM protocols and not only those used for ping If neces sary you can set further restrictions for this filter by having only ICMP protocols 0 and 8 enabled echo request echo reply Overall security is increased when you do not activate this filter as the firewall can not be easily located by a simple ping
46. s for the local area network In its basic setting you can use your PABX system as a router for Internet access for your local network You have to define when configuring the PABX the Internet service provider that you wish to use The IP addresses for your local area network are then distributed as follows 192 168 1 1to Freely assignable IP addresses as for example for LAN clients with a fixed IP address 192 168 1 49 192 168 1 50 to IP addresses that are allocated to corresponding LAN clients by the PABX system 192 168 1 69 Number of DHCP clients 20 192 168 1 70 to Reserved IP addresses 11 RAS These addresses must always remain reserved and 192 168 1 80 may not be assigned as set IP addresses 192 168 1 81to Freely assignable IP addresses as for example for LAN clients with a fixed IP address 192 168 1 249 192 168 1 250 IP address for the PABX 192 168 1 251 Freely assignable IP addresses as for example for LAN clients with a fixed IP address to 192 168 1 254 Note Please note that each IP address can only be assigned once The first and last IP address for a network may not be as signed to LAN clients In this example 192 168 1 0 and 192 168 1 255 Example for the hint 255 255 255 0 Subnet mask for all components on the network PABX LAN clients 192 168 1 250 IP address for the gateway PABX 192 168 1 250 IP address for the DNS server PABX The PABX system also acts as a DNS proxy in place of the ISP DNS se
47. schaften AF im WAP oa Allgemein Netawerkunterstutzung Netzwerkverbindungsdetails Eigenschaft Wert Intemetprotokoll TCPAP Physikalische Adresse 00 09 4F 00 45 46 Adresstyp Von DHCP zugewiesen IP Adresse 192 168 1 51 ay Subnetzmaske 255 255 255 0 istae 7 Lease l uft ab Standardgateway 1921681250 DNS Server ME e The values shown in the screen shot are set as defaults for the initial settings ofthe PABX system Depen ding on how many clients PCs are connected the IP address lies within a range from 192 168 1 50 to 192 168 1 69 When these values are displayed the network adapter and the Windows network settings have been configured correctly If other values are shown click the button Repair The value for the physical address is different for each network adapter The values for thelease depend on when the PC is switched on If other data continues to be shown this may be due to the following reasons e Changes have already been made to the initial setting for the PABX system in the Professional Configura tor The Windows network configuration for the client PCs does not correspond to the factory settings De fault setting Faulty installation ofthe network adapter in the client PC or the network adapter is not connected pro perly with the PABX system Check your installation as described in the operator s manual for the PABX system Installation and Commissioning section
48. stalled on any PCin the network This gives you the possibility of running your TAPI application from a central location via an interface i e the PABX system There is no ISDN card required for the PCs Please note that software used for the TAPI application may require certain license agreements with the software manufacturer The program TAPI in LAN does not require a license to run Blocking of Internet access by the provider After several failed attempts of inputting user names or passwords the provider will block access to the Internet for a defined period To prevent this the router only allows three attempts to be made After that you must then reconfigu re the router and enter a correct user name and password The router must then be enabled again after this via the Control Center Connection test You can test the connection to your provider without a connection actually being set up The item Connection test T Online for DSL and ISDN is given in the provider list in the configuration Select this item as the first provider and storeitin the PABX system You can then manually set up a connection to the Internet via the ControlCenter and the results for this connection are then displayed after a few seconds No actual Internet connection is established here however If the results are positive delete the current provider and enter the settings supplied by your provider in the configuration for setting up Internet connections Rout
49. t enable can also be configured for each user Note Note that this access portal is not protected by a firewall A PC that dials into the local network via RAS is automatically assigned an IP address by the integrated DHCP server Time controlled router inhibition With the aid of the calendar or a manual function of the PABX system you can set the time s of day when Internet access is possible permitted These times are defined via the calendar assigned to the router in the configuration Here it is stipulated that Internet connections can not be set up during night time operation You should therefore set the switching times accordingly Starting with Version 4 of system phones CS290 CS410 the telephones can be switched using function keys on the phone this setting is then retained until the next calendar based switchover LAN CAPI The package includes a program called CAPI for LANs for use in your network This software can be installed on any PCinthe network This gives you the possibility of running your CAPI application from a central location via an interface i e the PABX system There is no ISDN card required for the PCs Please note that software used for the CAPI application may require certain license agreements with the software manufacturer The program CAPI in LAN does not require a license to run LAN TAPI The package includes a program called TAPI for LANs for use in your network This software can be in
50. t to the router and the connection can not be terminated Dial in into the LAN RAS Usingthe Remote Access Server RAS a field representative for example can callinto the local network from an ex ternallocation and then via thelocal network access the Internet Access from an external location is also possible via an ISDN connection External access is provided with user name and password protection If the call is made from an external location only the phone number can also be monitored as an added protection feature Access can be enabled for up to 8 users A Windows enable access to computer files or printers and Internet enable can also be configured for each user A PCthat dials into thelocal network via RAS is automatically assigned an IP address by the integrated DHCP server RAS Callback Ifyoudo not want to be charged for connections within your company network you can configure the RAS connecti on as an automatic call back For this a brief connection is set up to the company network for which you are char ged that then initiates a call back The PABX system at your company then calls you back and you are not charged for the ensuing connection time You can enter a number for the corresponding RAS connection in the configurati on Automatic call back is then only possible from this number If you do not enter a number here the automatic call back can be made from any number DHCP server and IP address allocation PCs c
51. target address for the IP packets for which this filter is valid Take into account any potential abstractions brought about by place holders Warning messagefor port A warning appears if you attempt to enter an unknown name in the field for the TCP protoco association port If this is bothersome you can suppress this message by removing the correspon ding check in the box Example of configuration for enabling the firewall for Web surfing First set the response by the last filter rule to discard The IP packets for two services must be routed through the firewall in order that pages from the World Wide Web can be displayed DNS for establishing names and the html data flow When you enter a URL in the Web browser the browser uses a DNS enquiry for transforming the plain text name for example www Telekom de into an IP ad dress in the example here 217 160 73 88 After that the browser establishes at least one connection to this IP ad dress via TCP IP This yields the following filter configuration The UDP and TCP protocol must be enabled for DNS protocol name domain for the destination port 53 ofany DNS server from any non privileged port same applies for the return route Access to any destination addresses for port 80 must be possible for http requests for the TCP protocol via the WAN interface from non privileged ports The return patch for reply packets must be enabled appropriately From any In ternet IP addresses
52. the IP address and port number of the PC are replaced by the router with the number for the port mapping port and the router IP For outsiders on the Internet it then appe ars as though there is only one connection to the router Note Please note that when you use port mapping the firewall for the ports enabled for this function is ineffective The target PC in your LAN may then be susceptible to any potential attacks Port mapping is practical when you wish to run a game server on your own for example Youcan make this server accessible via the Internet to other users Or ifyou require certain peer to peer file sharing software that provides greater download bandwidth e When the corresponding PC in your LAN is to be accessible from the Internet not possible in the standard configuration with NAT In this case certain UDP and TCP ports must be rerouted to a PC in theLAN RAS Server Using the Remote Access Server RAS a field representative for example can call into thelocal network from an ex ternal location and then via the local network access the Internet Access from an external location is also possible via an ISDN connection External access is provided with user name and password protection If the call is made from an external location only the phone number can also be monitored as an added protection feature Access can be enabled for several users A Windows enable access to computer files or printers and Interne
53. tomatically via DHCP DNS server transmitted automatically via DHCP Subnet mask transmitted automatically via DHCP PC2 IP via DHCP 192 168 1 53 transmitted automatically via DHCP Gateway transmitted automatically via DHCP DNS server transmitted automatically via DHCP Subnet mask transmitted automatically via DHCP In the example given here the IP addresses for the clients PCs can lie within a range from IP 192 168 1 50 to 192 168 1 69 The IP addresses are assigned in the order that the clients PCs request them for example by switching on the PCs Ifan IP address is released for example by switching offa PC that IP address is then available to be re assigned again Address assignment without DHCP set mixed IP addresses You can dispense with a DHCP server in a network or also configure LAN clients PCs with set IP addresses as an ad dition to the DHCP clients Note Much more time and effort is involved for configuring the network if a configuration is chosen without DHCP If Configuration examples Address assignment by DHCP Recommended configuration Default setting you are relatively new to Windows network configuration we recommend a configuration using DHCP Things to note for this configuration PABX You can de activate the DHCP server for the PABX system using the Professional Configurator program Note You may have to adapt the IP addresses and subnetworks of the PABX system to the sett
54. we E S 7 R RAS 4544 99 ak mink Sor qd d rdc 2 RAS Callback os ara dea qoe eR tas 2 a o ce c X ora weed apo nb ek 7 RUI s C 1 TUUS CORPO a ec dC we dos cn 8 S Sold cioe oeste ted des 4 Speedmanager vecinet TE 5 Status display CAPI TAPII 8 SUDMELMIGKS di eee 4 T TAPI UC Ue LAN s s aec a Cheese deed 8 TCP IP Check configuration 17 18 19 20 21 Windows 2000 nu cq i esr I RC Cre 17 Windows98SE ME 17 Windows XP a sze cass cR RG wo 19 Time controlled router inhibition 7 TUI a oie e ato wed merid 2 W Windows Operating systeM 12 bintec elmeg Teldat Group Company bintec elmeg GmbH Siidwestpark 94 D 90449 Niirnberg For information on support and service offerings please visit our Website at www bintec elmeg com where you will find a Service Support area Subject to modifications Ausgabe 6 20131217
Download Pdf Manuals
Related Search