User`s Manual - EUSSO Technologies, Inc.
Contents
1. 44 When using VPN Dynamic IP Setting this router is working as a Dynamic VPN server Dynamic VPN Server will not check VPN client IP information so user can build VPN tunnel with VPN gateway from any remote host regardless of its IP information 4 6 5 3 VPN Settings L2TP Server Adminisitrator s Main Alenu Settings LIIF Server 2 0 dem o BP 000 b LZTP Server Enable b Viral IP of LITE Server ho 1 Protocol CEAP CHAP CMSCHAP ID TewsNam UserName Password _ pe LL d 3 NENNEN Pp 4 5 mnm L2TP Layer2 Tunneling protocol combine features of both Point to Point Tunneling Protocol PPTP and Layer 2 Forwarding L2F technology L2TP provides security for a virtual private network VPN connection from the remote user to the corporate LAN User can build up to five L2TP tunnels for L2TP clients Each tunnel can accept more than one client User is required to configure Virtual IP of L2TP Server Authentication Protocol L2TP Tunnel Name and User Account Password Virtual IP of L2TP Server L2TP server s virtual IP User must assign a virtual IP for L2TP Server Authentication Protocol Protocols that Clients can use to authenticate to Server L2TP Tunnel Username and Password Each tunnel defined a username and password that clients can use to connect to L2TP Server 45 4 6 5 4 VPN Settings PPTP Server PPTP Point to Point T2. 3 Enter the Pinter Name Comments then forward ipfa ie ll fr PUB 88 8E ea ASAI s oer SEES LL BUT Ar RESTER 5 78 4 Select LPD protocol and then forward Win Xovell NCP HAPTER JotDirect 5 Enter the router LAN IP Address and the queue name Ip Then forward vE RUE alli 79 6 Select the Printer Brand and Model Name Then Forward eR RATA MAISAMA XE ESR ME PostScript BAe LaserJet 2100 ei eee LaserJet 2D 7 Click Apply to finish setup LA HA Unix fr9 lp Router LAN IP Address EMRIP LaserJet 2200 zm 80 8 At last you must click Apply on the toolbox to make the change take effective ee ee Ed aj uh ade n n boy I I PEE Lo BGD uL es tasa spooling LPR job 3 complete In Command Mode Linux has built in LPR client you can utilize it for printing You can manual set it or via the tool printtool in X windows PS The spool name is Ip all lowercase letter Below is my setting etc printcap Ip sdz var spool Ipd lp 0 5 rm 192 168 123 254 Then add the corresponding directory mkdir var spool lpd lp Too see the detail please refer to the online manual in linux
3. HP Laser Jet 2200 Series PCL 6 Pro General Sharing Ports Advanced Color Management EE LO 2200 Series PCL E Print to the following Documents will print to the First free checked port Fort Description Printer Serial Print to File Standard Port us hp des Local Part m ye gt Add Pott Enable bidirechonal support Enable printer pooling Cancel Apply Help 76 5 4 Configuring on Unix like based Platforms Please follow the traditional configuration procedure on Unix platforms to setup the print server of this product The printer name is In X Windows for example In Redhat Platforms Please follow the below steps to configure your printer on Red Hat 9 0 1 Starts from the Red Hat gt System Setting gt Printing ww Eg ha ar 4 FEET amp MIRI i s now 7 ub mE JM i ug See oe faga eee et ga un ie Qus it i EDU A zs aS us 9 EL p Ug Xu AM l e e Pee n Wi 1i w d 77 2 Click Add Forward Uis a AEE iE SH i Ce gi HERRERA emet REM GER M p
4. Unicast Packets 0 BTon unicast Packets View Lag List Refresh Dence Time The Oct 09 0229 2003 Activate your browser and disable the proxy or add the IP address of this product into the exceptions Then type this product s IP address in the Location for Netscape or Address for IE field and press ENTER For example http 192 168 123 254 After the connection is established you will see the web user interface of this product There are two appearances of web user interface for general users and for system administrator To log in as an administrator enter the system password the factory setting is admin in the System Password field and click on the Log in button If the password is correct the web appearance will be changed into administrator configure mode As listed in its main menu there are several options for system administration 13 4 2 Status EY raise cus Bh ETE ATenu System Status 20 dm 0 WANSams 0 Remaining Lease Tie 00 00 00 IP Address 00 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 Domain Name Server 0 0 0 0 TP S mamta anita Ort 09 This option provides the function for observing this product s working status WAN Port Status If the WAN port is assigned a dynamic IP there may appear a Renew or Release button on the Sidenote column
5. Matches all ICMP packets betw Matches all IP packets fram this Mame AI IEMP Traffic AIL IP Traffic s rauter p xp rauter Add Edit Remove Cancel Apply Click Add button 106 IP Filter List An IP filter list i composed of multiple filters this way multiple subnets addresses and protocols can be combined into one IP filter router gt Description Edit Remove Filters Use Add Wizard Mirered Description Protocol Source Port Destination Ma ANY ANY gt al i Fo Enter a name such as router gt XP and dis select Use Add Wizard check box Click Add button 107 Filter Properties Addressing Protocal Description Source address Paddess 192 168 123 0 subnet mask 255 255 255 O Destination address specific IP Address address 192 158 1 1 Subnet mask 255 55 Z7hh 255 Mirrored Also match packets with the exact opposite source and destination addresses In the Source address field select A specific IP Subnet Fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 In the Destination address field select A specific IP Address and fill in IP Address 192 168 1 1 If you want to select a protocol for your filter click Protocol page 108 Filter Properties C 3 FEE S i c mie
6. man printcap 81 5 5 Configuring on Apple PC First go to Printer center Printer list and add printer rapea ED te il ae sth E ee eee mao Es HHDH Router Lan ip address Internet DNS 958 SEPA FBR b FIRE um E 2 Choose IP print and setup printer ip address router LAN IP address 3 Disable Default Queue of Server And fill in Ip in Queue name item 4 Printer type Choose General 82 Appendix A TCP IP Configuration for Windows 95 98 This section introduces you how to install TCP IP protocol into your personal computer And suppose you have been successfully installed one network card on your personal computer If not please refer to your network card manual Moreover the Section B 2 tells you how to set TCP IP values for working with this NAT Router correctly A 1 Install TCP IP Protocol into Your PC 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon and select Configuration tab in the Network window 3 Click Add button to add network component into your PC 4 Double click Protocol to add TCP IP protocol Add Cancel ae Pratacal 83 5 Select Microsoft item in the manufactures list And choose TCP IP in the Network Protocols Click OK button to return to Network window Select Network Protocol Banyan Fast Infrar
7. Choose Disable or Enable 2 Lease Time this feature allows you to configure IP s lease time DHCP client 3 IP pool starting Address IP pool starting Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting and ending address of the IP address pool 4 Domain Name Optional this information will be passed to the client 5 Primary DNS Secondary DNS This feature allows you to assign DNS Servers 6 Primary WINS Secondary WINS This feature allows you to assign WINS Servers T Gateway The Gateway Address would be the IP address of an alternate Gateway This function enables you to assign another gateway to your PC when DHCP 21 server offers an IP to your PC 4 4 4 Change Password Administrator s Wain Menu Change Password Old Parzward New Password You can change Password here We strongly recommend you to change the system password for security reason 22 4 5 Forwarding Rules Adbmiinistrater s Viral Sener Allows ollis bo access WWW and on your LAH Special Application This cordiquidion dows somr applications to conieci and work with the rouler Miseellasesus P Host Aou a computer to bs exposed To unrertncted Lay common ion Hote that this
8. Lat you to power up device Domain ar IF address fos Fig Allow configure IF pig devine You can ping a IF to best whether aire 63 4 8 1 System Log Administrator s Menu System Loz Type Dynamic IP Address amp 1 94 Hy TIG Display time Wed Oet 0 001004 2002 200321088 Fr 2003210018 FT 2003210818 FT 20033210818 z 3zgiaNiBH Fi 200310818 EF 200321088 FT 20034 10M 1H FS 200310818 EF 200321088 FT 2003210818 EF 200310818 EF 200321088 FT 200321088 Fr 200310818 EF 2003210818 FT 12 01 3D 12 01 30 12 01 34 12 01 35 12 01 42 12 01 58 12 02 47 12 02 47 12 02 51 12 02 53 12 03 15 12 03 48 12 03 48 12 03 52 12 04 00 12 04 16 You can View system log by clicking the View Log button 64 Dob tigger i382 1656 123 125 2z2868 te 207 46 104 20 jGb DHCP disecewesr DHCP discevar Admin from 192 165 123 125 login seccesetully DHCP 3disecevar DHCP discevar DOD eriggersd internally DHCP 3disecewear DHCP diseewer discever DHCP discover DODp eriggersd internally DHZP discover DBCP discever DHCP discover j DBCP discever 4 8 2 Firmware Upgrade ET Firmware Upgrade Current firmware version i amp K 1 93H vTIG The upgrade procedure takes about 20 seconds
9. Life time The unit of life time 1s based on the value of Life Time Unit If the value of unit 1s second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 seconds If the value of unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways for Its value ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IPSec proposal can be chosen for adding the proposal to the dedicated tunnel There are total ten proposals can be set in the proposal pool At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list Function of Buttons Add to button Click it to add the chosen proposal indicated by proposal ID to IPSec Proposal index list The proposals in the index list will be used in phase 2 of IKE negotiation for getting the IPSec SA of dedicated tunnel 4 6 5 2 VPN Settings Dynamic VPN Tunnel Administrator s Menu WPN Settings Dynamic VPM Tunnel b Tunnel Hame dynamic wn b Dynamic VEH F Enable b Local Subnet E 168 1230 b Local 155 255 255 0 b Preshare 12245678 b TEE Proposal index Select IKE Proposal Proposal mdex Select Pger Proposal Gre in
10. amp ddre amp z 192 168 123 254 Port IP 192 158 123 254 5 Select Custom and then click Settings Add Standard TCP IP Printer Port Wizard Additional Port Information Required The device could not be identified The device is nat found on the network Be sure that 1 The device is turned 2 The network is connected 2 The device is properly configured 4 The address on the previous page is correct IF vau think the address is nat correct click Back ta return ta the previous page Then correct the address and perform another search on the network IF vou are sure the address Is correct select the device type below Device Type 74 6 Select LPR type lowercase letter in Queue Name And enable LPR Byte Counting Enabled Configure Standard TCP IP P 2 lt Port Mame IF_192 168 123 254 Printer Mame or IP Address 132 158 123 254 Fratacaol O Raw M LPR Haw Settings Fart Number LFR Byte Counting Enabled SNMP Status Enab ed SHMP Device Index 75 7 Apply your settings Add Standard TCP IP Printer Port Wizard X Completing the Add Standard TCP IP Printer Port Wizard You have selected port with the following characteristics SNMP Protocol LPR p Device 192 168 123 254 Fort Mame IP 182 158 123 254 Adapter Type To complete this wizard click Finish
11. bs verd oniy whan weeded Hun ziandurd FTF pork You have to configure thos item il you want lo aocess en FTP serves whose pork rumher 15 not 21 when Chent uses active modei 4 5 1 Virtual Server s Wlan LETT Virtual Server IDs Service Ports Serwer TP Enb Use Rule 192168123 2 132168123 r 3 192168123 p 4 192168123 p 5 192 168 123 6 192168123 7 1 serai 8 1215122 9 19216 amp 123 E 10 192168123 11 132168123 12 192168123 13 192168123 r p 14 LC 15 192168123 23 This product s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this product are invisible to the outside world If you wish you can make some of them accessible by enabling the Virtual Server Mapping A virtual server is defined as a Service Port and all requests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 then you need to specify the following virtual server mapping table 192
12. 1 part E S Eu ED Erom any port any port X Tadh nat Oe port Click OK button Then click OK button on IP Filter List window 109 F Edit Rule Properties Connection Type Filter Action Authentication Methods Tunnel Setting Filter List The selected filter action specifies whether this rule negotiates for secure network traffic and how it will secure the traffic Filter Actions Mame Description 0 Permit Permit unsecured IP packets to Request Security Optional Accepts unsecured communicat Require Security Accepts unsecured communicat Add Edit Remove Use Add wizard Select Filter Action tab select Require Security then click Edit button 110 Require Security Properties Security Methods General C Permit C Black Negotiate security Security method preference order Type AH Integrity ESP Confidential ES Add Custom Mone DES ME 3 Custom Mone 3DES Edit Custom None gt SDES Custom Moner DES Remove Custom None gt DES Nove up Move dawn Accept unsecured communication but always respond using IPSec Allow unsecured communication with non lPSec aware computer Session key perfect Forward secrecy PFS Select Negotiate security Select Session key Perfect Forward Secrecy PFS Click Edit button 1
13. 3 Configuring on Windows 2000 and XP Platforms 72 5 4 Configuring on Unix like based Platforms 77 25 Conti suring On Apple 92 Appendix TCP IP Configuration for Windows 95 98 83 Appendix Win 2000 XP IPSEC Setting guide 89 Appendix C PPTP and L2TP Configurations esses 126 Appendix D FAQ and 132 Reset tomactory RESET PUn 132 Chapter 1 Introduction Congratulations on your purchase of this outstanding Broadband Router This product is specifically designed for Small Office and Home Office needs It provides a complete SOHO solution for Internet surfing and is easy to configure and operate even for non technical users Instructions for installing and configuring this product can be found in this manual Before you install and use this product please read this manual carefully for fully exploiting the functions of this product Functions and Features Router Basic functions Broadband modem and NAT Router Connects multiple computers to a broadband cable or DSL modem or an Ethernet router to surf the Internet Auto sensing Ethernet Switch Equipped with a 4 port auto sensing Ethernet switch Printer sharing Embedded a print server to allow all of the networked computers to share one printer Built in USB paral
14. Mote Tio not power off the urat when itis beng upgraded When the upgrade 15 done successfully the unit wall be restarted automatraly Upgrade Cancel You upgrade firmware by clicking Firmware Upgrade button 65 4 8 3 Backup Setting File Download You are downloading the file 2 config bin from 192 168 123 254 Would you like to open the file or save it to your computer Always ask before opening this type of file You can backup your settings by clicking the Backup Setting button and save it as a bin file Once you want to restore these settings please click Firmware Upgrade button and use the bin file you saved 4 8 4 Reset to default Microsoft Internet Explorer k Reset al setting to default You can also reset this product to factory default by clicking the Reset to default button 4 8 5 Reboot Microsoft Internet Explorer You can also reboot this product by clicking the Reboot button 66 4 8 6 Miscellaneous Items alministrator s Wain Menn Miscellaneous 20 Te 0 S g 5 0 b MAC Address for Wake con LAN Wake up b Doman Hame or IP address for Ping Test Fing MAC Address for Wake on LAN Wake on LAN 15 a technology that enables you to power up a networked device remotely In order to enjoy this feature the target device must be Wake on LAN enabled and you have to know the MAC address of this de
15. Options P Performance and Maintenance Double click Performance and Maintenance 89 See Al Performance and Maintenance Also da File Types 28 SystemRestore Pick a task See basic information about your computer E Adjust visual effects gt Free up space on your hard disk 1 Back up your data 1 Rearrange items on your hard disk to make programs run faster or pick a Control Panel icon aus Administrative Tonls E Power Options d Scheduled Tasks Double click Administrative Tools 90 Administrative Tools File Edit View Favorites e 2 search 2 Folders Address 48 Administrative Tools File and Folder Tasks Share this Folder Other Places gt Control Panel My Documents e Shared Documents wj My Computer Network Places Details Local Security Policy Settings Double click Local Security Policy Component Services Shortcut 2 KB Data Sources ODBC B Shortcut e KB Local Security Policy Shortcut 2 Services Shortcut e 9 Computer Management Shortcut 2 KB Event Viewer Shortcut 2 KB 1 Performance Shortcut 2 KB Local Security Settings File Action View Help Security Settings Account Policies Local Policies Public Kev Policies H 1 Software Restriction Policie H 19 IP Security Policies on Loca
16. Time Zone Select a time zone where this device locates Set Date and Time manually Selected if you want to Set Date and Time manually Function of Buttons Sync Now Synchronize system time with network timeserver 50 4 7 2 System Log EL e PTT System Time BO 0 0 oF Get Date and Time by MTF Protocol Synt Mow Tire Server nast gos lime Zone SMT O6 00 Time UE amp Canada b C Set Date and Time uaine Date and Time PC Date and Tame 00310 146 03 47 32 b C Set Date and Time manually Date Yeu Matth Day 1 Tine Hew m 23 Minute 0 53 Second O90 This page support two methods to export system logs to specific destination by means of syslog UDP and SMTP TCP The items you have to setup including IP Address for Syslog Host IP of destination where syslogs will be sent Check Enable to enable this function E mail Alert Enable Check if you want to enable Email alert send syslog via email SMTP Server IP and Port Input the SMTP server and port which are concatenate with If you do not specify port number the default value is 25 For example mail your url com or 192 168 1 100 26 Send E mail alert to The recipients who will receive these logs You can assign more than 1 recipient using or to separate these email addresses E mail Subject The subject of email alert This settin
17. You can click this button to renew or release IP manually B Statistics of WAN enables you to monitor inbound and outbound packets 14 4 3 Wizard Administrator s Main Menu setup Wizard will guide you through a basic configuration procedure step by step Next gt Setup Wizard will guide you through a basic configuration procedure step by step Press Next gt Administrator s Menu C ISP assigns you a static IP address Static IP Address Obtain an IP address from ISF automatically Dynamic IP Address C Dynamic Address with Road Runner Session Management e g Telstra BigPond C Some SPs require the use of PPPoE to connect to their services PPP over Ethernet C Some ISPs require the use to connect to their services lt Back Undo Mext gt Setup Wizard Select WAN Type For detail settings please refer to 4 4 1 primary setup 15 4 4 Basic Setting Administrator s Menu Primary Setup Configure LAM IP and select WAN type DHCP Server The settings include Host IP Subnet Mask Gateway DNS and WINS configurations Wireless Wireless settings allow you to configure the wireless configuration items Change Password Allow you to change system password 16 4 4 1 Primary Setup WAN Type Virtual Computers 6 Plain Primary Setup 0000 IP Address 2 16
18. algorithms can be selected 3DES and DES Authentication algorithm There are two algorithms can be selected 5 and 5 Life time The unit of life time 1s based on the value of Life Time Unit If the value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways Its value ranges from 300 seconds to 172 800 seconds If the value of unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways Its value ranges from 20 480 KBs to 2 147 483 647 KBs Life time unit There are two units can be selected second and KB Proposal ID The identifier of IKE proposal can be chosen for adding corresponding proposal to the dedicated tunnel There are total ten proposals can be set in the proposal pool At most only four proposals from the pool can be applied to the dedicated tunnel as shown in the proposal index list Function of Buttons Add to button Click it to add the chosen proposal indicated by proposal ID to IKE Proposal index list The proposals in the index list will be used in phase 1 of IKE negotiation for getting the IKSAMP SA of dedicated tunnel 42 VPN Settings Set IPSec Proposal JSdmimnidstrator s Wain Mens YPN Settings Tunnel 1 Set IPSec Proposal b IPSex Proposal mdex n ID Proper Name Di Encap protocol Encrypt Auth algorithm Life Tim
19. exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications NOTE This feature should be used only when needed Non standard FTP port You have to configure this item if you want to access an FTP server whose port number is not 21 This setting will be lost after rebooting 26 4 6 Security Settings Adminisirator s Mam Menu Security Setting Packet Filters Allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address of the source and destination Domain Filters Let you prevent users under this device from accessing specific URLs URL Blocking URL Blocking will block Lan computers to connect to pre defined Vedsites Address Control MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain address VPN settings are used to create virtual private tunnels to remote VPH gateways Miscellaneous Remote Administrator Hast In general Intranet user can browse the built in web pages to perform administration task This feature enables you to perform administration task from remote host Administrator Time out The amount of time of inactivity before the device will automatically close the Administrator session Set this to zero to
20. is checked check C will allow the corresponding client to connect to this device In this page we provide the following Combo box and button to help you to input the MAC address DHCP chents select one Copy tn ID You can select a specific client in the DHCP clients Combo box and then click on the Copy to button to the MAC address of the client you select to the ID selected in the ID Combo box Previous page and Next Page To make this setup page simple and clear we have divided the Control table into several pages You can use these buttons to navigate to different pages 38 aai 4 6 5 VPN setting Administrator s Alain Nenu Settings F VEN Enable b number of tunnels D Method IKE Mas 3 s Mex 5 More Prius Wegt gt gt Save Unde WPN Settings GTP Serer Setting Sener Setting Help VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms VPN enable item VPN protects network information from ill network inspectors But it greatly degrades network throughput Enable it when you really need a security tunnel It
21. is disabled for default Max number of tunnels item Since VPN greatly degrades network throughput the allowable maximum number of tunnels is limited Be careful to set the value for allowing the number of tunnels can be created simultaneously Its value ranges from to 5 Tunnel name Indicate which tunnel that is focused now Method IPSec VPN supports two kinds of key obtained methods manual key and automatic key exchange Manual key approach indicates that two end VPN gateways setup authenticator and encryption key by system managers manually However IKE approach will perform automatic Internet key exchange System managers of both end gateways only need set the same pre shared key 39 Function of Buttons More To setup detailer configuration for manual key or IKE approaches by clicking the More button 4 6 5 1 VPN Settings IPSEC s PTT VPN Settings Tunnel 1 IKE 2 0 o B en w o 5 b Tunnel Hame b Local Subset 182 163 123 0 b Local Metraask 255 255 255 0 b Remote Subnet 182 168120 Remo Hetmark 255 255 255 D Galeway dyndns ong b Preshare 12245678 b TEE Proposal index Select IKE Proposal b IPSex Proposal mdex Select Proposal Unde Ree Saved Dems marked wah don t take efective rebooting VPN Settings IKE There are three parts that are necessary to setup the con
22. the dedicated tunnel Proposals for the dedicated tunnel Select IPSec proposal Click the button to setup a set of frequent used IPSec proposalsand select from the set of IKE proposals for the dedicated tunnel VPN Settings Set IKE Proposal Elta ELE ETT Settings Tunnel 1 Set IKE Proposal b TEE Proposal index wn Remowe ID Proposal Name Encrypt algorithm Auth algorithm Life Time 14 Tir Unt l Crap 1 JDES DO 2 DES 1 ES 4 3oES enpi 3DES LE Grp T 1 amp Group 1 9 Grop 1 10 Croup m DES DES SEDE H 4 m IKE Proposal indexes A list of selected proposal indexes from the IKE proposal pool listed below The selecting activity 15 performed by selecting a proposal ID and clicking add to button in the bottom of the page There are only four indexes can be chosen from the proposal pool for the dedicated tunnel Remove button beside the index list can remove selected proposal index before Proposal name It indicates which IKE proposal to be focused First char of the name with 0x00 value stands for the IKE proposal is not available DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 Encryption algorithm There are two
23. this certification authority Use this string preshared key mypresharedkey Cancel select Use this string to protect the key exchange preshared key and enter the preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting 115 Edit Rule Properties IP Filter List Filter Action Authentication Methods Tunnel Setting Connection Type The tunnel endpoint is the tunneling computer closest to the IP traffic destination as specified by the associated IP filter list E takes two rules to describe an IPSec tunnel This rule does not specify an IPSec tunnel The tunnel endpoint is specified by this IP address 192 168 1 1 Configure The tunnel endpoint is specified by this IP address 192 168 1 1 Select Connection Type 116 Edit Rule Properties Select All network connections 117 Configure IKE properties Select General to vpn router Properties vpn router Descriptions Check for policy changes every f al minute s Perform key exchange using these settings Advanced Apply Click Advanced 118 Key Exchange Settings Authenticate and generate a new key after every f 0000 minutes h 1 cem mary Le ommo m m4 wor e qu st m E dE euthenticate and generate a new after ever sessions Protect identities with these
24. user can browse the built in web pages to perform administration task This feature enables you to perform administration task from remote host If this feature is enabled only the specified IP address can perform remote administration If the specified IP address is 0 0 0 0 any host can connect to this product to perform administration task You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted to 88 You can change web server port to other port too Administrator Time out The time of no activity to logout automatically Set it to zero to disable this feature Discard PING from WAN side When this feature is enabled any host on the WAN cannot ping this product SPI Mode When this feature is enabled the router will record the packet information pass through the router like IP address port address ACK SEQ number and so on And the router will check every incoming packet to detect if this packet 15 valid DoS Attack Detection When this feature is enabled the router will detect and log the DoS attack comes from the Internet 47 Currently the router can detect the following DoS attack SYN Attack WinNuke Port Scan Ping of Death and Land Attack etc VPN PPTP IPSec Pass Through Please enable this feature if you need to establish a PPTP or IPSEC connection that will pass through this de
25. without notice Table of Contents Chapter 1 Ut loser dus Ud 3 Functions and Feature ss epo boschi 3 Tit ascenso nto e te or iones 5 Chapter 2 Hardware 6 AT Pe TAY OU 6 2 2 Procedure for Hardware Installation 8 Chapter 3 Network Settings and Software Installation 9 3 1 Make Correct Network Settings of Your Computer 9 3 2 Install the Software into Your Computers 10 Chapter 4 Configuring Broadband 2 02222 12 tatt up and 09 10 5 o oe 13 E TN 14 15 AE Basie SCLIN a 16 4 pPonyardime RUleS sioe oeste 23 AO SECUFID cuis 2 AT Advanced SCUINOS snis poe Mood eta de 49 TOOIDOX estet Sa ce teeta bu ub UD EI 63 Chapters JPrmtUSetV6l 68 5 1 Configuring on Windows 95 98 68 5 2 Configuring on Windows 71 5
26. 11 New Security Method Select Custom button 112 m Custom Security Method Settings Specify the settings For this custom security method Data and address integrity without encryption 2 DAS teret pense E IT F Data integrity and encryption ESP Integrity algorithm Encryption algorithm M Session key settings Generate new key every Generate a new key every Kbytes D seconds Cancel Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button 113 F Edit Rule Properties IF Filter List Filter Action Tunnel Setting Connection Type Authentication Methods Authentication methods specify how trust is established between computers These authentication methods are offered and accepted when negotiating security with another computer Authentication method preference order Detals Preshared mypresharedk eu k a ve d 8 ml Select Authentication Methods page click Add button 114 Edit Authentication Method Properties Authentication Method The authentication method specifies how trust is established between the computers Active Directory default Kerberos V5 protocol Use a certificate from
27. 168 123 2 V 192 168 123 6 V 24 4 5 2 Special AP Adtministrater s b Special Applications yt Ww da o Popular applications select Copy to 25 Sei tut Some applications require multiple connections like Internet games Video conferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT router The Special Applications feature allows some of these applications to work with this product If the mechanism of Special Applications fails to make an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall This product provides some predefined settings Select your application and click Copy to to add the predefined setting to your list Note At any given time only one PC can use each Special Application tunnel 25 1 1 1 m 4 5 3 Miscellaneous Items Administrator s Menu Miscellaneous Items 20 Tem 0 Euh b IP Adder of DME Host 15 gt 168 123 b Non standard FTP port Address of DMZ Host DMZ DeMilitarized Zone Host is a host without the protection of firewall It allows a computer to be
28. 2 168 123 254 So please use 192 168 123 xxx xxx is between 1 and 253 for IP Address field and 255 255 255 0 for Subnet Mask field TCPAP Properties 192 168 123 115 255 255 255 0 87 b In the Gateway tab add the IP address of this product default IP is 192 168 123 254 in the New gateway field and click Add button 192 158 123 254 c Inthe DNS Configuration tab add the DNS values which are provided by the ISP into DNS Server Search Order field and click Add button Properties E mmm 168 95 192 1 158 935 1 1 Remove 88 Appendix B Win 2000 XP IPSEC Setting guide Example Win XP 2000 VPN Router Configuration on WIN 2000 is similar to XP 1 On Win 2000 XP click Start button select Run type secpol msc in the field then click Run t Goto Local Security Policy Settings page 2 Or in Win XP Click Control Pannel E Control Panel Fie Edit View Favorites Tools Help gt 2 Folders E gt Address Control Panel E a Control Panel Pick a category gt Switch ba Classic View hen Appearance and Themes Printers and Other Hardware See Also 27 L M A A windows Update 2 Em 9 Help and Support Network and Internet Connections User Accounts Add or Remove Programs Date Time Language and Regional Options Y j Sounds Speech and Audio Devices Accessibility
29. 2 168133 2 132 168 122 3 ys 162 13 4 192 163 123 DHCP chents select one m Copy to lt Prous Next gt gt Save Undo Help MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address MAC Address Control Check Enable to enable the Address Control of the settings in this page will take effect only when Enable is checked Connection control Check Connection control to enable the controlling of which wired can connect to this device If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control table please see below to connect to this device 37 Control table IP Address l 192 168 123 fo 19216812200 192 168 123 NEN 19216812200 DHCP clients select one Copy to fou nr Control table is the table at the bottom of the MAC Address Control page Each row of this table indicates the MAC address and the expected IP address mapping of a client There are four columns in this table MAC Address address indicates a specific client IP Address Expected IP address of the corresponding client Keep it empty if you don t care its IP address When Connection control
30. 8 123 254 PWAN I ynamir IP Address _ Change b Host Hame ophonall PWAN MAC Address 52922346 Restore MAC P Renew IP Forever Enable auia recameci Undo Virtual Computers Help Press Change Aalrmninistratoer s NIain Menu Choose WAN Type 0s Stat Address assigns you a stabe IP address Address an IP address from ISP autermahcally Dynamic Address with Eoad Runner Session Management e g Telstra FagPond PPP over Ethernet Some ISPs requare the use of PPPOE bo connect to ther Services Some ISPs requar the use of PPTP to connect to ther Services 17 This option is primary to enable this product to work properly The setting items and the web appearance depend on the WAN type Choose correct WAN type before you start 1 LAN IP Address the local IP address of this device The computers on your network must use the LAN IP address of your product as their Default Gateway You can change it if necessary 2 WAN Type WAN connection type of your ISP You can click Change button to choose a correct one from the following four options A Static IP Address ISP assigns you a static IP address Dynamic IP Address Obtain an IP address from ISP automatically Dynamic IP Address with Road Runner Session Management e g Telstra BigPond PPP over Ethernet Some ISPs require the use of PPPoE to connect to their s
31. Administrator s Wiain Vien Outbound Packet Filter 20 o Beet b Chutbound Filter Mw Enable U Allow all te pass except those match the fellowing rule Deny all to pass excepi those match the following rules famosas ROCCO 2 xem o fe gt 0 _ 4 1 5 d EE D FP 0 d l l Schedule rule pp 1 2 3 100 1 2 3 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are all allowed After Inbound Packet Filter setting is configured click the save button Outbound Filter To enable Outbound Packet Filter click the check box next to Enable in the Outbound Packet Filter field 30 Example 1 Outbound Packet Filter b Outbound Filter Enable Allow all to pass except those match the following rules C Deny all to pass except those match the following rules faim 0 p E r 6 TT PO a a en 192 168 123 100 192 168 123 149 They are allowed to send mail port 25 receive mail port 110 Schedule rule O0Always Copy to m Save Undo Inbound Filter MAC Level Help and browse Internet port 80 port 53 DNS is necessary to resolve the domain name 192 168 123 10 192 168 123 20 They do everythin
32. C Local Policies Public Key Policies software Restriction Policies a IP Security Policies on Local c Right click IP Security Policies on Local Computer and click Create IP Security Policy Click the Next button enter your policy s name Here it is to_VPN_router Then click Next Dis select the Activate the default response rule check box and click Next button Click Finish button make sure Edit check box is checked 02 to vpn router Properties Rules General Security rules for communicating with other computers IP Security rules IF Filter List Filter Action Authentication Xbocsuer Hequim Security PresharedKeu 19 router p Require Security Preshared L lt Dynamic gt Default Response Kerberos 1 Add Edit Remove Use Add Wizard Build 2 Filter Lists gt and router gt XP Filter List 1 XP router In the new policy s properties screen select Use Add Wizard check box and then click Add button to create a new rule 93 F Edit Rule Properties Tunnel Setting Connection Type Authentication Methods Filter Action IF Filter List The selected IP filter list specifies which network traffic will be affected by this rule IP Filter Lists Description Matches all ICMP packets betw Matches all IP packets from this all I
33. CMP Traffic Traffic O togter p p router Add Edit Remove Cancel Apply Click Add button 94 IP Filter List d An IP filter list i composed of multiple filters this way multiple subnets zem addresses and protocols can be combined into IP filter Name p gt router Description Remove Filters Use Add wizard Mirrored Description Pretocol Source Port Destination No ANY ANY ANY gt Cancel Enter a name for example XP gt router and dis select Use Add Wizard check box Click Add button 95 Filter Properties Addressing Fratacal Description Source address IP Address 82 2 Thee 102 4d Subnetmask 255 255 255 255 Destination address specific IP Subnet address 192 158 123 Subnet mask Jhh 256 256 0 Mirored Also match packets with the exact opposite source and destination addresses In the Source address field select A specific IP Address and fill in IP Address 192 168 1 1 In the Destination address field select A specific IP Subnet fill in IP Address 192 168 123 0 and Subnet mask 255 255 255 0 If you want to select a protocol for your filter click Protocol page 96 Filter Properties C 3 FEE S i c mie 1 part E S Eu ED Erom any port any port X Tadh nat Oe port Clic
34. M Power adapter 5 Fast Ethernet cable Chapter 2 Hardware Installation 2 1 Panel Layout 2 1 1 Front Panel POWER LIMKINGT WAN 1 2 Ut newer SPEED 10 100 Figure 2 1 Front Panel LED Power Green On Power is being applied to this product indication System Green Blinking This product is functioning properly status 1 The WAN port is linked WAN port Green The WAN port is sending or receiving activity Blinkin g data To reset system settings to factory Reset MI Green Flashing defaults An active station is connected to the n Link Act corresponding LAN port Link status Green 1 4 The corresponding LAN port is Blinking sending or receiving data Data is transmitting in 100Mbps on 10 100 Data Rate Green On the corresponding LAN port USB port Green m The USB port is sending or receiving activity Blinking data X For details please refer to Appendix D FAQ and Troubleshooting 2 1 2 Rear Panel Figure 2 2 Rear Panel Ports Port Description 5VDC Power inlet DC 5V 2A WAN The port where you will connect your cable or DSL modem or Ethernet router Port 1 4 The ports where you will connect networked computers and other devices USB USB Ports for USB printer PRINTER Printer Port Optional All technical and physical specifications are subject to changes without any prior notification The manufacturer reserves the right to alter the product ap
35. Type Static IP Address Wizard Display time Tuesday April 01 2005 92840 AM Tuesday April 01 2003 9 26 34 AM 192 166 123 197 login successful Initial IKE lt 1 58 gt RESP 50 out i36 24 gt H4 KEYRESP 156 HB5 IDRESP 40 192 169 1 1 2 1392 165 1 254 Phasel established gt Q2 QRESP 264 266455457 10000001 out z s543z19905 7Ta70e85881 Inbound i1s57777232 1000010 Outhound 2054219905 0 1 j192 1568 1 1 182 1685 1 254 PhaseziIPSEC established Notify ISAKMP CONNECTED IKE daemon start up INFO GS84 7r IEE daemon start up Tuesday April 01 2003 93 26 19 AM 192 168 125 114 login successful User can view VPN connection process in System Log page and correct their settings Phasel 15 related to IKE settings Phase2 is related to IPSEC settings 125 Appendix C PPTP and L2TP Configurations 1 First please go to the Network connection Sian ihe panman tus Go rire mim thie ionngciimn Bp Change settings of this connextion G Control Panci imamH VJ Lh Network Pieces E My Documarts LT L Computer Iria Go rites om LAM or Hegh Syeeed a Ligne Sree virtual Private Network 2 2 Connect to network at my workplace New Connec
36. User s Manual Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission Trademarks product company brand names are trademarks or registered trademarks of their respective companies They are used for identification purpose only Specifications are subject to be changed without prior notice FCC Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures are necessary to correct the interference CE Declaration of Conformity This equipment complies with the requirements relating to electromagnetic compatibility EN 55022 A Class The specification is subject to change
37. b Local Subnet 1 92 168 123 0 il Local Netmask 255 255 255 0 b Remote Subnet 1 92168 11 acket Filters b Remote Netmask 255 255 255 258 Doman Filters b Remote Gateway 1 9216811 MAC Control b Preshare Key mypresharedke VPH y Lats qe b IKE Proposal index Select IKE Proposal b IPSec Proposal index Select IPSec Proposal DAVE Undo Help No change VPN Settings Tunnel 1 IKE Tunnel 1 Local Subnet 192 168 123 0 Local Netmask 255 255 255 0 Remote Subnet 192 168 1 1 Remote Netmask 255 255 255 255 Remote Gateway 192 168 1 1 Preshare Key my preshare key 122 Ta Y E qe E eS sa oe i rs TESI bn ee es Whilt Funchonal Broadband HAT Eouter Administrator s Main Menu VPN Settings Tunnel 1 Set IKE Proposal Item Setting b IKE Proposal index li Remove ID Proposal Name DH Group Encrypt algorithm Auth algorithm Life Time Life Time Unit Packet Filters 1 h Group2 3DES 5 1 v 10000 Domain Filters ra MAC Control E VPN Group 1 a DES 10 Grup v 3DES skai v 0 M scellaneous Group 3DES SHAT 10 Grup v 3DES v SHAT Groupi v 3 5 SHA1 Grup v 3DES v SHA Groupi 3DES SHA1 Grup v 3DES v SHA Group if IDES SHA v VPN Settings Tunnel 1 Set IKE Proposal ID 1 Proposal Name 1 DH Gro
38. behind the deleted one will decrease one automatically Schedule Rule can be apply to Virtual server and Packet Filter for example 61 Exanplel Virtual Server Apply 1 ftp time everyday 14 10 to 16 20 Adminisitrator s Main Alenu Virtual Server 1 p Bains np 2 19216812 n 3 192 168 122 4 192 168 122 P 5 6 7 i215 1 P g 1 n 9 LC 192 168 122 10 i92158128 11 19216 amp 122 12 192 168 122 13 1921681051 14 92168122 n 19216 amp 122 Exanple2 Packet Filter Apply Rule 1 ftp time everyday 14 10 to 16 20 Aasinuinistrater s lain Outbound Packet Filter 20 g P Fiter F Enable 8 except those match the following rules C Deng all to pass except those match the following rules 71777113 Schedule Comte p 62 4 8 Toolbox Administrator s Main View Leg Trew The ayatam loge Firmware Upgrade Prompt for a fle and op grade it Mo this davies Backup Setting Save of this device lo a fils Reset ts Default thee of Roig device to values 6 this device Miscellaneous MAC for Wabe on LAN
39. disable it Discard PING from WAH side V hen this feature is enabled hosts on the WAH cannot ping the Device 2 4 6 1 Packet Filter Administrator s Main Menu Outbound Packet Filter ooo bw b Outbound Filter Enable 4 Allow all to pass except those match the following rules C Deny all to pass except those match the following rules Enable o o o D D v D X Source schedule rule CD Always Copy to Save Undo Inbound Filter MAC Level Help Packet Filter enables you to control what packets are allowed to pass the router Outbound filter applies on all outbound packets However Inbound filter applies on packets that destined to Virtual Servers or DMZ host only You can select one of the two filtering policies 1 Allow all to pass except those match the specified rules 2 Deny all to pass except those match the specified rules You can specify 8 rules for each direction inbound or outbound For each rule you can define the following e Source IP address e Source port address Destination IP address e Destination port address e Protocol TCP or UDP or both e Use Rule For source or destination IP address you can define a single IP address 4 3 2 1 or a range of IP addresses 4 3 2 1 4 3 2 254 An empty implies all IP addresses 28 For source or destination port you can defin
40. e Life Time Unit m Group 5 ESP WES 1 Gar 2 None 3DES on 4 c s E fn 3E m L i T 5 4 7 None ESP WES ng Es Mone ESP hoe sj o f None JHE BEEBE AMETE ELE IS ITI aj Us 3 IPSec Proposal indexes A list of selected proposal indexes from the IPSec proposal pool listed below The selecting activity is performed by selecting a proposal ID and clicking add to button in the bottom of the page There are only four indexes can be chosen for the dedicated tunnel Remove button beside the index list can remove selected proposal index before Proposal name It indicates which IPSec proposal to be focused First char of the name with OxOO value stands for the proposal is not available DH group There are three groups be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 But none also can be selected here for IPSec proposal Encapsulation protocol There are two protocols can be selected ESP and AH Encryption algorithm There are two algorithms can be selected 3DES and DES But when the encapsulation protocol is AH encryption algorithm is unnecessarily set Authentication algorithm There are two algorithms can be selected SHA1 and MD5 But none also can be selected here for IPSec proposal 43
41. e a single port 80 or a range of ports 1000 1999 Add prefix T or U to specify TCP or UDP protocol For example T80 U53 U2000 2999 No prefix indicates both TCP and UDP are defined An empty implies all port addresses Packet Filter can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule Each rule can be enabled or disabled individually Inbound Filter To enable Inbound Packet Filter click the check box next to Enable in the Inbound Packet Filter field Suppose you have SMTP Server 25 POP Server 110 Web Server 80 FTP Server 21 and News Server 119 defined in Virtual Server or DMZ Host Example 1 Administrator s Main Nlenu Outbound Packet Filter b Outbound Fiai M Enable C Allow all Io pasa except those match the following rales Deny all te pars except those match the lowing rule 100 Source IP Ports Destination IP Ports Enable 2 f L LL 1 11101197 7 s amp EE 7 e Schedule rule 5 1 2 3 100 1 2 3 149 They are allow to send mail port 25 receive mail port 110 and browse the Internet port 80 1 2 3 10 1 2 3 20 They can do everything block nothing 29 Others are all blocked Example 2
42. ed Protocol IBM 3 IPX SPX compatible Protocol 1 Microsoft Microsoft 32 bit DLC Microsoft DLE NetBEUI Y TCP IP 6 The TCP IP protocol shall be listed in the Network window Click OK to complete the install procedure and restart your PC to enable the TCP IP protocol 84 A 2 Set TCP IP Protocol for Working with NAT Router 1 Click Start button and choose Settings then click Control Panel 2 Double click Network icon Select the TCP IP line that has been associated to your network card in the Configuration tab of the Network window s PCI Fast Ethernet DEC 21140 Based Adapter MetBELI gt Dial Up Adapter 4 MetBEUI gt PCI Fast Ethernet DEC 21140 Based Adapter 4 Dial Up Adapter Y gt PCI Fast Ethernet DEC 21140 Based Adapter File and printer sharing for Microsoft Networks Client for Networks 3 Click Properties button to set the TCP IP protocol for this NAT Router 4 Now you have two setting methods 85 a Select Obtain an IP address automatically in the IP Address tab TCP IP Properties Bindings Advanced ES EMDE 86 c Choose Disable DNS in the DNS Configuration tab Hs Domain rector Waen zr Wamani searen Wraae B Configure IP manually a Select Specify an IP address in the IP Address tab The default IP address of this product is 19
43. er enables you to use the original NAT feature and allows you to setup the one to one mapping of multiple global IP address and local IP address e Global IP Enter the global IP address assigned by your ISP e Local Enter the local IP address of your LAN PC corresponding to the global IP address e Enable Check this item to enable the Virtual Computer feature 20 4 4 2 DHCP Server TEL a s Wain LETT DHCP Server DACP Server Disable Enable b Lease Tire 90 b IP Pool Starting Address hoo b IP Pool Ending Address nmm b Domain Mare b Primary DNS 1192 168 123 254 b Secondary DNS LII b Primary WINS 19216312330 b Secondary WINS 192 168 129 100 b optional Save Undo Clients List Fixed Mapping Help Press More gt gt The settings of a TCP IP environment include host IP Subnet Mask Gateway and DNS configurations It is not easy to manually configure all the computers and devices in your network Fortunately DHCP Server provides a rather simple approach to handle all these settings This product supports the function of DHCP server If you enable this product s DHCP server and configure your computers as automatic IP allocation mode then when your computer is powered on it will automatically load the proper TCP IP settings from this product The settings of DHCP server include the following items 1 DHCP Server
44. er second to indicate that this product is in normal operation Chapter 3 Network Settings and Software Installation To use this product correctly you have to properly configure the network settings of your computers and install the attached setup program into your MS Windows platform Windows 95 98 NT 2000 3 1 Make Correct Network Settings of Your Computer The default IP address of this product is 192 168 123 254 and the default subnet mask is 255 255 255 0 These addresses can be changed on your need but the default values are used in this manual If the TCP IP environment of your computer has not yet been configured you can refer to Appendix A to configure it For example 1 Configure IP as 192 168 123 1 subnet mask as 255 255 255 0 and gateway as 192 168 123 254 or more easier 2 Configure your computers to load TCP IP setting automatically that is via DHCP server of this product After installing the TCP IP communication protocol you can use the ping command to check if your computer has successfully connected to this product The following example shows the ping procedure for Windows 95 platforms First execute the ping command ping 192 168 123 254 If the following messages appear Pinging 192 108 123 254 with 32 bytes of data Reply from 192 168 123 254 bytes 32 time 2ms TTL 64 A communication link between your computer and this product has been successfully established Otherwise if you get the followin
45. ervices ph 2 PPTP Some ISPs require the use of PPTP to connect to their services 4 4 1 1 Static IPAddress WAN IP Address Subnet Mask Gateway Primary and Secondary DNS enter the proper setting provided by your ISP 4 4 1 2 Dynamic IP Address 1 Host Name optional Required by some ISPs for example 2 Home 2 Renew IP Forever this feature enables this product to renew your IP address automatically when the lease time 1s expiring even when the system is idle 4 4 1 3 Dynamic IP Address with Road Runner Session Management e g Telstra BigPond 1 LAN IP Address 15 the IP address of this product It must be the default gateway of your computers 2 WAN Type is Dynamic IP Address If the WAN type is not correct change it 3 Host Name optional Required by some ISPs e g Home 4 Renew IP Forever this feature enable this product renews IP address automatically when the lease time 15 being expired even the system 15 in idle state 4 4 1 4 PPP over Ethernet 1 Account Password the account and password your ISP assigned to you For security this field appears blank If you don t want to change the password leave it empty 2 PPPoE Service Name optional Input the service name if your ISP requires it Otherwise leave it blank 3 Maximum Idle Time the amount of time of inactivity before disconnecting your session 18 Set it to zero or enable Auto reconnect to di
46. f the source and destination Domain Filter Supported Let you prevent users under this device from accessing specific URLs URL Blocking Supported URL Blocking can block hundreds of websites connection by simply a keyword VPN Servers The router has three VPN servers IPSEC Dynamic VPN PPTP and VPN Pass through The router also supports VPN pass through SPI Mode Supported When SPI Mode is enabled the router will check every incoming packet to detect if this packet 15 valid DoS Attack Detection Supported When this feature is enabled the router will detect and log the DoS attack comes from The Internet Advanced functions System time Supported Allow you to synchronize system time with network timeserver E mail Alert Supported The router can send its info by mail Dynamic dns Supported At present the router has 3 ddns dyndns TZO com and dhs org SNMP Supported Because SNMP this function has many versions anyway the router supports V1 and V2c Routing Table Supported Now the router supports static routing and two kinds of dynamic routing and RIP2 Schedule Rule supported Customers can control some functions like virtual server and packet filters when to access or when to block Other functions UPNP Universal Plug and Play Supported The router also supports this function The applications X box Msn Messenger Packing List Broadband router unit Installation CD RO
47. figuration of IKE for the dedicated tunnel basic setup IKE proposal setup and IPSec proposal setup Basic setup includes the setting of following items local subnet local netmask remote subnet remote netmask remote gateway and pre shared key The tunnel name is derived from previous page of VPN setting IKE proposal setup includes the setting of a set of frequent used IKE proposals and the selecting from the set of IKE proposals Similarly IPSec proposal setup includes the setting of a set of frequent used IPSec proposals and the selecting from the set of IPSec proposals Basic setup Local subnet The subnet of LAN site of local VPN gateway It can be a host a partial subnet and the whole subnet of LAN site of local gateway 40 Local netmask Local netmask combined with local subnet to form a subnet domain Remote subnet The subnet of LAN site of remote VPN gateway it can be a host a partial subnet and the whole subnet of LAN site of remote gateway Remote netmask Remote netmask combined with remote subnet to form a subnet domain of remote end Remote gateway The IP address of remote VPN gateway Pre shared key The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways Function of Buttons Select IKE proposal Click the button to setup a set of frequent used IKE proposals and select from the set of IKE proposals for
48. g block nothing Others are all blocked 3 Example 2 Outbound Packet Filter b Outbound Filter Enable amp Allow all to pass except those match the following rules C Deny all to pass except those match the following rules 192 168 123 100 192 168 123 119 0 o de JL 1 al xl ATEM CoO 1 c LA do Oo schedule rule 0 Copy to Save Undo Inbound Filter MAC Level Help 192 168 123 100 192 168 123 119 They can do everything except read net news port 119 and transfer files via FTP port 21 Others are allowed After Outbound Packet Filter setting is configured click the save button 32 4 6 2 Domain Filter Administrator s Alain Domain Filter 2 0 Bed 000 F Daman Filter w Enable F Log DNS Query Enable k Frrnlege Addresses Range Frem 1 To 2 ewmencom 00 F Drop F Log 2 2 PO Drop 7 Leg r 3 o Drop Log r 4 Drop Log 5 C Drop C Leg 6 50 Drap Log r 7 7 Drop Log C Irop 7 Leg 0 Drap M Log r 10 all others C Drop Leg el Domain Filter Let you prevent users under this device from accessing specific URLs Domain Filter Enable Check if you want to enable Domain Filter Log DNS Query Check if you want to log the action when someone accesses the specific URLs Privilege IP Addresses Range Setting a group of hosts a
49. g 15 optional 5 Username and Password To fill some SMTP server s authentication requirement you may need to input Username and Password that offered by your ISP Log type Please select the activities that should be shown on log 52 4 7 3 Dynamic DNS Administrator s Wain hema Dynamic DNS rm Betting o 5 5050 5 b DDHS C Diable Enable P Provider DynDNS b Host Mame lmkdgmngdg tt b Username E mail 59590 04 b Password Eey 2 To host your server on a changing IP address you have to use dynamic domain name service DDNS So that anyone wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS click the check box next to Enable in the DDNS field Next you can enter the appropriate information about your Dynamic DNS Server You have to define Provider Host Name Username E mail 53 Password Key You will get this information when you register an account on a Dynamic DNS server Example Administrator MIain b DDHS b Provider Username E mail frzsus b Password Eey After Dynamic DNS setting is configured c
50. g messages Pinging 192 168 123 254 with 32 bytes of data Request timed out There must be something wrong in your installation procedure You have to check the following items in sequence 1 the Ethernet cable correctly connected between this product and your computer Tip The LAN LED of this product and the link LED of network card on your computer must be lighted 2 Is the TCP IP environment of your computers properly configured Tip If the IP address of this product is 192 168 123 254 the IP address of your computer must be 192 168 123 X and default gateway must be 192 168 123 254 3 2 Install the Software into Your Computers Skip this section if you do not want to use the print server function of this product Notice If you are using Windows 2000 XP please refer to Chapter 5 Printer 5 3 Configuring on Windows 2000 and XP Platforms It is not necessary to setup any program and the print server can work Step 1 Insert the installation CD ROM into the CD ROM drive The following window will be shown automatically If it isn t please run install exe on the CD ROM Step 2 Click on the INSTALL button Wait until the following Welcome dialog to appear and click on the Next button TM creer cM pg 1 pean 1 rari E re eer rnida 21 122 ndce pars liie lix nar i Lac Ser zc p and ho ae p
51. g port PRAT mate All in 1 Add Port Delete Part Print using the following driver Laserlet BL PCL New Driver Capture Printer Port End Capture Timeout settings Mot selected seconds Transmission retry 45 seconds Spool Settings Port Settings Cancel Apply 3 Choose the PRTmate 1 from the list attached at the Print To item Be sure that the Printer Driver item is configured to the correct driver of your server printer 4 Click on the button of Port Settings Printer Position Enter the Product s 192 166 123 254 EE Type in the IP address of this product and then click the OK button 1 Make sure that all settings mentioned above are correct and then click the OK button 70 5 2 Configuring on Windows NT Platforms The configuration procedure for a Windows NT platform is similar to that of Windows 95 98 except the screen of printer Properties Hewlett Packard Lasewet Properties Local Local Fost Local Fot Local Feat Local Local Pest Local Pact Local P t Compared to the procedure in last section the selection of Details is equivalent to the selection of Ports and Port Settings is equivalent to Configure Port 71 5 3 Configuring on Windows 2000 and XP Platforms Windows 2000 and XP have built in LPR client users could utilize th
52. is feature to Print You have to install your Printer Driver on LPT1 or other ports before you preceded the following sequence 1 Open Printers and Faxes Printers and Faxes Edit lew Favorites Tools Help f 5 GR Pech E odes mi Agarass Printers and 110 2200 Series PLL Lal Set un Spe Also AA Treubteshoot pinta Mj Get helo wih pening 72 2 Select Ports page Click Add Port amp HP LaserJet 2200 Series PCL 6 Pro X Generai Shari G Pons T Hvanced Color Management Laserlet 2200 Senes PCL Print to the following portis Documents will print to the first free checked port Fort Description Printer HP asse SoU SEHE Pee Printer Fort Printer Port CO Senal Port CO Senal Port CO Senal Port L Fort M Enable bidirectional support Enable printer pooling 3 Select Standard TCP IP Port and then click New Port Printer Ports Available port types PUT Standard TCP IP Port 73 4 Click Next and then provide the following information Type address of server providing LPD that is our NAT device 192 168 123 254 Add Standard TCP IP Printer Port Wizard X Add Port For which device do you want to add a port Enter the Printer Mame or IF address and a port name Far the desired device Printer Mame or IP
53. is files disableipsec zip to enable 1 http support iglou com fom serve cache 473 html Then we will see L2tp IPSEC VPN and choose it 130 roperties m Internet Frotocal i File and Printer Sharing for Microsoft Networks Client for Microsoft Networks Briss Then the steps refer to pptp settings 131 Appendix D FAQ and Troubleshooting Reset to factory Default There are 3 methods to reset to default Restore with console mode Please notice that this method requires a null modem cable and terminal program e g HyperTerminal for MS Windows First configure the setting of your terminal program as 19200 N 8 1 And then power off and on the router When prompt is appeared press ENTER once to show the console mode commands Just type RR command to restore the factory setting Please refer to User Manual for the details 2 Restore with RESET button First turn off the router and press the RESET button in And then power on the router and hold the RESET button down until the M1 and or M2 LED or Status LED start flashing then move away the hand If LED flashes about 8 times the RESTORE process is completed However if LED flashes 2 times repeat 3 Restore directly when the router power on First hold the RESET button about 5 seconds M1 will start flashing about 5 times move away the hand The RESTORE process is completed 132
54. k OK button Then click OK button on the Filter List page 97 F Edit Rule Properties Connection Type Filter Action Authentication Methods Tunnel Setting Filter List The selected filter action specifies whether this rule negotiates for secure network traffic and how it will secure the traffic Filter Actions Mame Description 0 Permit Permit unsecured IP packets to Request Security Optional Accepts unsecured communicat Require Security Accepts unsecured communicat Add Edit Remove Use Add wizard Select Filter Action select Require Security then click Edit button 98 Reguire Security Properties Security Methods General t Permit Black Negotiate security Secunty method preference order Integrity ESP Confidential Mone DES lt gt 3D ES Mone 3D ES Mone DES lt gt DES Move dawn Accept unsecured communication but always respond using IPSec Allow unsecured communication with non IPSec aware computer Session key perfect forward secrecy PFS cancel Select Negotiate security Select Session key Perfect Forward Secrecy PFS Click Edit button 99 Mew Security Method Select Custom button 100 m Custom Security Method Settings Specify the settings For this custom security method Data and address integrity without encry
55. lel host to connect to USB parallel printer for printer sharing WAN type supported The router supports some WAN types Static Dynamic PPPOE PPTP and Dynamic IP with Road Runner Firewall All unwanted packets from outside intruders are blocked to protect your Intranet DHCP server supported All of the networked computers can retrieve TCP IP settings automatically from this product Web based configuring Configurable through any networked computer s web browser using Netscape or Internet Explorer Virtual Server supported Enables you to expose WWW FTP and other services on your LAN to be accessible to Internet users User Definable Application Sensing Tunnel User can define the attributes to support the special applications requiring multiple connections like Internet gaming video conferencing Internet telephony and so on then this product can sense the application type and open multi port tunnel for it DMZ Host supported Lets a networked computer be fully exposed to the Internet this function is used when 3 special application sensing tunnel feature is insufficient to allow an application to function correctly Statistics of WAN Supported Enables you to monitor inbound and outbound packets Security functions Packet filter supported Packet Filter allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address o
56. lick the save button 54 4 7 4 SNMP Setting ET UL Hn rus E Setting k Enable 3HMP F Local Remote b Get Cormunity oe b Set Community piae 2 PI 44 kTE 3 4 b SNMP Version OV Vac umo In brief SNMP the Simple Network Management Protocol is a protocol designed to give user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events Enable SNMP You must check either Local or Remote or both to enable SNMP function If Local 1s checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device will response Set Community Setting the community of SetRequest your device will accept IP LIP 2 IP 3 IP 4 Input your SNMP Management PC s IP here User has to configure to where this device should send SNMP Trap message SNMP Version Please select proper SNMP Version that your SNMP Management software supports 55 Example s Wai Tera SNMP Setting P Enable SHMP P Loca Remote b Cet Community ue 7 b Set Community 72 TT 44 50 TT bk SHMP Versen CM Y ee us 1 This device will response to SNMP client which s get community is set as public This device will response to SNMP clien
57. n filter and URL Blocking is Domain filter require user to input suffix like com or org etc while URL Blocking require user to input a keyword only In other words Domain filter can block specific website while URL Blocking can block hundreds of websites by simply a keyword URL Blocking Enable Checked if you want to enable URL Blocking URL If any part of the Website s URL matches the pre defined word the connection will be blocked For example you can use pre defined word sex to block all websites if their URLs contain pre defined word sex Enable Checked to enable each rule 35 Au Lire l6 MU ET Menn URL Blocking EE P ol 1 L a 1 y 5 y 3 4 y 2 6 r 7 8 r 10 r In this example URL include msn will be blocked and the action will be record in log file 2 URL include sina will be blocked but the action will be record in log file 3 URL include cnnsi will not be blocked but the action will be record in log file 4 URL include will be blocked but the action will be record in log file 36 4 6 4 MAC Address Control Administrator s ETE Address Control E HAC Addrecs Contre Enable C onnectron control Clients with C checked can connect to this device and alow 2 addresses to connect 19
58. nd privilege these hosts to access network without restriction Domain Suffix A suffix of URL to be restricted For example com Action When someone is accessing the URL met the domain suffix what kind of action you want Check drop to block the access Check log to log these accesses Enable Check to enable each rule 33 Example Administrator s Wain ETT Domain Filter 2 0 Sh 5 5 F Domain Filter Enable b Lop DHS Query b Prilegr Addresses Range Fram fi bo www men com F Drop F Log W Bina com C Drep Log 3 www google com F Drop Log p 2 Log L Lag 2 Drop Log r 1 22 Drop C Low 8 C Drep E Lag 9 56 Drop Log r 10 all others C Drop F Log eal ilada l In this example 1 URL include www msn com will be blocked and the action will be record in log file 2 URL include www sina com will not be blocked but the action will be record in log file 3 URL include www google com will be blocked but the action will not be record in log file 4 IP address X X X 1 20 can access network without restriction 34 4 6 3 URL Blocking Administrator s Miena URL Blocking b TEL Blocking Enable URL Blocking will block LAN computers to connect to pre defined Websites The major difference between Domai
59. nnect PP TP Username Save this username and password tor the following users ee only Amane wio This computer Help 128 7 Select the type of VPN FTT Di IC ONE VPN LTP IPSec VPN Internet Protocol TCRAP Iv mi File and Printer Sharing for Microsoft Networks ies Client for Microsoft Networks Lan teen 129 However you should add the Authentication Protocol in advanced Custom setting of Security option like below t o support pap chap and mschap If successfully we will see This time the client in the Internet can ping any pcs in the LAN 192 168 123 x cx CAWINDOWSSystem32Wwmd exe Connection specific DNS Suffix fiddress a 172 168 122 137 Subnet Mask 255 255 255 Default Gateway 172 168 122 25H Connection specific Suffix Address Subnet Mask a a Default Gateway 192 168 122 139 255 255 2550 192 168 122 258 PPP adapter 192 168 122 16 Connection specific IP Address Subnet Mask a Default Gateway 2 255 255 255 255 R5 i C gt Documents ETT REI ER E gt L2TP However the router is the also vpn I2tp server and supports three Authentication Protocols PAP CHAP and MSCPAP And the settings are similar with PPTP But MS operating systems like WinXP Win2000 will not find the type of VPN L2tp We can use th
60. on NAT Router Destination SubnetMask Gateway Hop Enabled 192 168 1 0 255 255 255 0 192 168 123 216 1 192 168 0 0 255 255 255 0 192 168 123 103 1 So if for example the client3 wanted to send an IP data gram to 192 168 0 2 it would use the above table to determine that it had to go via 192 168 123 103 a gateway And if it sends Packets to 192 168 1 11 will go via 192 168 123 216 Each rule can be enabled or disabled individually After routing table setting is configured click the save button 58 4 7 6 Schedule Rule EIE EU s Aleimma Save Aid New Rule Help You can set the schedule time to decide which service will be turned on or off Select the enable item Press Add New Rule 59 You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configure ftp time as everyday 14 10 to 16 20 CET a Ylermi Schedule Rule Setting b Hame cf Rule 1 Sunday Monday Tuesday Wednesday Thursday Friday saturday Every Day ER E 60 After configure Rule 1 Administrator s Nenu Schedule Enable Schedule Rule Ei Coble Swe Add New Rule Hal Selected if you want to Enable the Scheduler Edit To edit the schedule rule Delete To delete the schedule rule and the rule of the rules
61. pearance from that picture 2 2 Procedure for Hardware Installation 1 Decide where to place your Broadband Router You can place your Broadband Router on a desk or other flat surface or you can mount it on a wall For optimal performance place your Broadband Router in the center of your office or your home in a location that is away from any potential source of interference such as a metal wall or microwave oven This location must be close to power and network connection 2 Setup LAN connection a Wired LAN connection connects an Ethernet cable from your computer s Ethernet port to one of the LAN ports of this product Existing Connection Modem To Printer Figure 2 3 Setup of LAN and WAN connections for this product 3 Setup WAN connection Prepare an Ethernet cable for connecting this product to your cable xDSL modem or Ethernet backbone Figure 2 3 illustrates the WAN connection 4 Connecting this product with your printer optional Use the printer cable to connect your printer to the printer port of this product Optional 5 Power on Connecting the power cord to power inlet and turning the power switch on this product will automatically enter the self test phase When it is in the self test phase the indicators M1 will be lighted ON for about 10 seconds and then will be flashed 3 times to indicate that the self test operation has finished Finally the M1 will be continuously flashed once p
62. pg x2 viz diaconus oy lt yens a nce rar fprxyxcecdE zccp gis and rns 1 175 see albis cunei F Pods 55 2 mnslpeneHzz 5c val hpmzer d7cec tr If Step 3 Select the destination folder and click on the Next button Then the setup program will begin to install the programs into the destination folder Step 4 When the following window is 10 displayed click on the Finish button Select the item to restart the computer and then click the OK button to reboot your computer To broadband router workable far vou please remember rebootingyour computer Step 4 After rebooting your computer the software installation procedure is finished Now you can configure the NAT Router refer to Chapter 4 and setup the Print Server refer to Chapter 5 11 Chapter 4 Configuring Broadband Router This product provides Web based configuration scheme that is configuring by your Web browser such as Netscape Communicator or Internet Explorer This approach can be adopted in any MS Windows Macintosh or UNIX based platforms Internet 12 4 1 Start up and Log in ET 5 B E TE NT aera ia System Status Eemanmng Lease Tire 00 00 00 Renew IF Address 0 0 0 0 subnet Mask 0 0 0 0 Galeway 0 0 0 0 Doman Hame Server 0000 Printer Not ready ctete
63. ption 2 DAS teret pense E IT F EL B I Data integrity and encryption ESP Integrity algorithm Encryption algorithm M Session key settings Generate new key every Generate a new key every Kbytes D seconds Cancel Select Data integrity and encryption ESP Configure Integrity algorithm MD5 Configure Encryption algorithm DES Configure Generate a new key every 10000 seconds Click OK button 101 F Edit Rule Properties IF Filter List Filter Action Tunnel Setting Connection Type Authentication Methods Authentication methods specify how trust is established between computers These authentication methods are offered and accepted when negotiating security with another computer Authentication method preference order Detals Preshared mypresharedk eu k a ve d 8 ml Select Authentication Methods page click Add button 102 Edit Authentication Method Properties Authentication Method The authentication method specifies how trust is established between the computers Active Directory default Kerberos V5 protocol Use a certificate from this certification authority Use this string preshared key mypresharedkey Cancel Select Use this string to protect the key exchange preshared key and ente
64. r your preshared key string such as mypresharedkey Click OK button Click OK button on Authentication Methods page Select Tunnel Setting 103 F Edit Rule Properties IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type The tunnel endpoint is the tunneling computer closest to the IP traffic destination as specified by the associated IP filter list E takes two rules to describe an IPSec tunnel t This rule does not specify an IPSec tunnel The tunnel endpoint is specified by this IP address 192 168 1 254 Configure The tunnel endpoint is specified by this IP address 192 168 1 254 Select Connection Type 104 F Edit Rule Properties IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type This rule only applies to network traffic over connections of the elected type All network connections 7 Local area network LAN C Remote access Cancel Select All network connections Tunnel 2 router gt XP In the new policy s properties page dis select Use Add Wizard check box and then click Add button to create a new rule 105 Edit Rule Properties Tunnel Setting Connection Type Authentication Methods Filter Action Filter List The selected filter list specifies which network traffic will be affected by this rule Filter Lists Description
65. sable this feature 4 Maximum Transmission Unit MTU Most ISP offers MTU value to users The most common MTU value is 1492 4 4 1 5 PPTP 1 My IP Address and My Subnet Mask the private IP address subnet mask your ISP assigned to you 2 Server IP Address the IP address of the PPTP server 3 PPTP Account and Password the account and password your ISP assigned to you If you don t want to change the password keep it empty 3 Connection ID optional Input the connection ID if your ISP requires it 4 Maximum Idle Time the time of no activity to disconnect your PPTP session Set it to zero or enable Auto reconnect to disable this feature If Auto reconnect is enabled this product will automatically connect to ISP after system 15 restarted or connection is dropped Administrator s Main Menu Primary Setup 3 Address 192 18812232540 PWAN Typ PPTP Change b My Address b Subnet Mask ss 0 b Server IP Address Account 50 b PPTP Password b Connection ID optional b Manum Idle Time oo seconds Auto reronneri Saved The change doesn t take efective until rebooting 19 4 4 1 6 Virtual Computers Auhministrater s Virtual Computers 192 152 12 3 122168123 192168123 2 168123 f 192 168 123 b qag Virtual Comput
66. security methods Methods Internet Key Exchange IKE for windows Jaintly developed by Microsoft and Cisca Systems Inc Enable Master key perfect forward security PFS Configure Authenticate and generate a new key after every 10000 seconds Click Methods F Key Exchange Security Methods Protect identities during authentication with these security methods Encryption Add 3DES 3DES Edit DES L L Remove DES gt Move down Click Add button 119 F IKE Security Algorithms 2 Integrity algorithm Encryption algorithm 3DES Dutfie Hellrman group Configure Integrity algorithm SHA1 Configure Encryption algorithm 3DES Configure Diffie Helman group Medium 2 Settings on VPN router VPN Router Wan IP address 192 168 1 254 LAN IP address 192 168 123 254 PC 192 168 123 123 120 Administrator s Menu VPN settings Item VEL Enable b Maz number of tunnels E Au Tunnel Name Packet Filters Domain Filters MAC Control Miscellaneous Save Undo Help VPN Settings VPN Enable Max Number of tunnels 2 ID 1 Tunnel Name 1 Method IKE Press 3 121 ed an re en Tat p zh b rec nl MIulti Functional Broadband H Administrator s Main Menu VPN Settings Tunnel 1 IKE b Tunnel Name 1
67. t which s set community is set as private This device will response request from both LAN and WAN This device will send SNMP Trap message to 192 168 123 33 Use SNMP Version V2c W N 56 4 7 5 Routing Table Administrator s Routing Table ET b Dynamic Routing C Disable RIPv1 RIPv2 b Static Routing Disable C Enable Routing Tables allow you to determine which physical interface address to use for outgoing IP data grams If you have more than one routers and subnets you will need to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other Routing Table settings are settings used to setup the functions of static and dynamic routing Dynamic Routing Routing Information Protocol RIP will exchange information about destinations for computing routes throughout the network Please select RIPv2 only if you have different subnet in your network Otherwise please select if you need this protocol Static Routing For static routing you can specify up to 8 routing rules You can enter the destination IP address subnet mask and gateway hop for each routing rule and then enable or disable the rule by checking or unchecking the Enable checkbox 57 Example Router Router Client 182 169 123 2 0 197 168 123 103 18 18 02 Client 18 15 12 Configuration
68. tion Wizard Network Connection Type What do you want to do 126 3 Choose Virtual Private Network New Connection Wizard Metwork Connection How do you wantto connect to the network at your workplace Create the following connection C Dial up connection Connect using a modem and a regular phone line or an Integrated Services Digital Network ISDN phone lina quruisiinannaagag e FTETEn e gag essere Connect to the network using a virtual private network YPN connection over the Internet lt Back C 7 Cancel 4 Do not dial to initial connection New Connection Wizard Fublic Network Windows can make sure the public network is connected first Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection Do not dial the initial connection C Automatically cial this initial connection Tal lt Back Next gt gt Cancel 127 5 Input the router wan ip address New Connection Wizard YPN Server Selection What is the name ar address ofthe VPN server Type the host name or Internet Protocol address of the computer to which you are connecting Hostname or IP address for example microsoft com or 157 54 0 1 Server IP Address Cancel 6 Then ok please input username and password as you setup in the router Co
69. unneling Protocol is a tunneling Auhministrater s Alain VPN Settings PPTP Server tm e 0 0 0 0 F FFIF Server V Enable b Virtual IP o FEIF Server 10 n b Autbeahcabon Protocol EPAF E T S protocol for connecting clients and servers PPTP can be used to create a Virtual Private Network VPN between the remote user and the corporate LAN User can build up to five PPTP tunnels for PPTP clients Each tunnel can accept more than one client User is required to configure Virtual IP of PPTP Server Authentication Protocol PPTP Tunnel Name and User Account Password Virtual IP of PPTP Server PPTP server s virtual IP User must assign a virtual IP for PPTP Server Authentication Protocol Protocols that Clients can use to authenticate to Server PPTP Tunnel Name Username and Password Each tunnel defined a username and password that clients can use to connect to PPTP Server 46 4 6 6 Miscellaneous Items Administrator s Wain Menu Miscellaneous Items b Remote Administrator Host f Fort 0 0 0 B6 F Admrastrator Time out b seconds Orto disable F Decard FNG from WAM side b SPT mode b Tos Attack Detection b VEN PPT Pass Through b VEH IPSec Pass Through xI 1 1 1 Remote Administrator Host Port In general only Intranet
70. up Group2 Encrypt Algorithm 3DES Auth Algorithm SHAI Life Time 10000 Life Time Unit Sec 123 I Ve E ee part DRE Les e s MMulti Functonal Broadband E outer Administrator s Main Menu VPN Settings Tunnel 1 Set IPSec Proposal Item Setting b IPSec Proposal index n Remove Encap Encrypt Lie LifeTime protocol algorithm algorithm Unit 1 Grup2 ESP Des MDs 10000 Packet Filters Name 19604 DH Group Domain Filters MAC Centrol VEN Miscellaneous pcs None ESPy 3DES v None v jo Sec None ESP 30 5 None D Sec Non esee 30 8 None v 0 Sec None 30 5 None v D Sec Mone 3DES None jo Sec Nom ESP 3DES None Sec Mone ESP v 3DES v None Sec uc D 1 do 2 None 3DES v None jo Mone 3DES None jo Sec m VPN Settings Tunnel 1 Set IPSec Proposal ID 1 Proposal Name proposall DH Group Group2 Encap Protocol ESP Encrypt Algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec 124 Ta 2 Tae T caen h ener a Broadband Router ETIN System Log Main Menu zum WAR
71. vice 48 4 7 Advanced Settings LS X System Tist Allow you lo set device ime manually ar consuli neturmek time from HTF server System Log Send system log to dedbealed host of emal to specifir receptis Dende DNS To host your server on a chengone IF address you have use dimamic domam name serice CONS SNMP res a user ihe capability lo remotely manage Computer nebrork by poling ened geting terminal values and network events Routing FP you have than ome roulers nnd subnets yau want to routing table allow packets to find proper path and allow different sukels to commumoate with each iher Schedule Rule S amp phesluls Rule Apply schedule rules Packed Filters and Virbaal Server 40 4 7 1 System Time TIT EIU ELE System Time Get Date and Time by NTF Protocol Synt New Tire Server tire nast goa lime Zone SMT O6 00 Time US Canada b C Set Date and Time uaine Ps Date and Tare PC Date and Time 00310 ME 03 47 32 b C Set Date and Time manually Late Yeu 2003 Month Day Hew 0 22 Minute 0 28 Second 00 52 Get Date and Time by NTP Protocol Selected if you want to Get Date and Time by NTP Protocol Time Server Select a NTP timeserver to consult UTC time
72. vice say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the target device immediately Domain Name or IP address for Ping Test Allow you to configure an IP and ping the device You can ping a specific IP to test whether it is alive 67 Chapter 5 Print Server This product provides the function of network print server for MS Windows 95 98 NT 2000 and Unix based platforms If the product you purchased doesn t have printer port please skip this chapter 5 1 Configuring on Windows 95 98 Platforms After you finished the software installation procedure described in Chapter 3 your computer has possessed the network printing facility provided by this product For convenience we call the printer connected to the printer port of this product as server printer On a Windows 95 98 platform open the Printers window in the My Computer menu Printers File Edt View Help 4 abject s 72 Now yon can configure the print server of this product 68 Find out the corresponding icon of your server printer for example the HP LaserJet 6L Click the mouse s right button on that icon and then select the Properties Item HP Laserdet 6L PCL Properties 69 2 Click the Details item HP LaserJet PCL Properties Ei General Details Sharing Faper Print Quality Fonts Device Options X le E HP Laserlet EL FEL Print to the followin
Download Pdf Manuals
Related Search