Content - RCC ITALY
Contents
1. i p e gll e el DIN a Dynamic Routing Protocol Local Tunnel Address IP Address of virtual tunnel interface RIP Local Tunnel Netmask Unchangeable always 255 255 255 252 VPN Settings Tunnel Source IP address of tunnel source Routing Tunnel Destination IP address of tunnel destination Period Valid values 3 60 Retries Valid values 1 10 GRE Copyright amp 2008 Geneko All rights reserved http www genekors Figure 55 GRE configuration page e Configure GRE Route Click Routing on Settings Tab Parameters for this example are Destination Network 10 2 2 0 Netmask 255 255 255 0 3 cenexo 75 USER MANUAL GWR Series Router eneKo GWR ROUTER CONFIGURATION CONSOLE HARDWARE Routing Status ork Information Routing Table Settings WAN Information Settings Current static routes gt osasse 25255255 o iomo fjes o fiesso sss SREL ER IP Filtering DynDNS Apply the following static routes to the routing table SS Enable DestNetwork Nemaek Interface Action aintenance Device Ident 0 0 0 0 0 0 0 0 Rem 10 2 2 0 255 255 255 0 Rem pot E Forwarding Routing Dynamic Routing Protocol RIP VPN Settings GRE Enable Network Address Translation NAT Forward protocol connections from external networks to the following inte2. Local Syslog Syslog file size Event log Cl Enable syslog saver Save log every 1024 v KB AI vi hours System Log Figure 44 Syslog configuration page The GWR Router supports this protocol and can send its activity logs to an external server abel Disable Remote syslog Remote Syslog Service Serve IP Service Port GENEKO HARDWARE Syslog Settings D escription Mark this option in order to disable Syslog feature Mark this option in order to enable logging on remote machine Start logging facility locally Description The GWR Router can send a detailed log to an external Syslog server The Router s Syslog captures all log activities and includes this information about all data transmissions every connection source and destination IP address IP service and number of bytes transferred Enter the Syslog server name or IP address Sets the port on which Syslog data has been sent The default is 514 You can specify port by marking on user defined and specify port you want Syslog data to be sent 65 USER MANUAL GWR Series Router U ser defined Set manually port number Default Use standard port number for this service 514 ocal syslog Description Syslog filesize Set log size on one of the six predefined values 10 20 50 100 200 500 kb Choose which events to be stored You can store System psec events or both of them Enable syslog saver Save l
3. 10 0 0 1 10 0 0 2 Forward protocol connections from external networks to the following internal devices Forward TCP UDP connections from external networks to the following internal devices Enable Protocol Destination IP Destination Netmask Destination Port Forward to IP Forward to port Interface Action a A PG Merke eil ad Figure 52 Routing configuration page for GWR Router 2 e Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic e Onthe device connected on GWR router 2 setup default gateway 192 168 2 1 12 USER MANUAL GWR Series Router GRE Tunnel configuration between GWR Router and third party router GRE tunnel is a type of a VPN tunnels but it isn t a secure tunneling method However you can encrypt GRE packets with an encryption protocol such as IPSec to form a secure VPN On the diagram below Figure 53 is illustrated simple network with two sites Idea is to create GRE tunnel for LAN to LAN site to site connectivity Ethernet GSM UMTS Network Static WAN 172 29 8 5 a ei Private APN pda WAN 172 29 8 4 r ur i q Cisco GSM UMTS Router LAN Network Figure 53 GRE tunnel between Cisco router and GWR Router GRE tunnel is created between Cisco router with GRE functionality on the HQ Site and the GWR Router on the Remote N etwork
4. If this option is given pppd will presume the peer to be dead if n LCP echo requests are sent without receiving a valid LCP echo reply If this happens pppd LCP Echo Failure will terminate the connection This option can be used to enable pppd to terminate after the physical connection has been broken e g the modem has hung up in situations where no hardware modem control lines are available If this option is given pppd will send an LCP echo request frame to the peer every n seconds Normally the peer should respond to the echo request by sending an echo reply This option can be used with the Icp echo failure option to detect that the peer is no longer connected Use Peer DNS With this option enabled router resolves addresses using ISP s DNS servers M odem Initialization ZE String This field provides an option to directly specify AT commands Roaming M ode By enabling this option router will be able to connect to roaming network Table 6 Advanced WAN Settings LCP Echo Interval Settings Routing The static routing function determines the path that data follows over your network before and after it passes through the GWR Router You can use static routing to allow different IP domain users to access the Internet through the GWR Router Static routing is a powerful feature that should be used by advanced users only In many cases it is better to use dynamic routing because it enables the GWR Router to automatically
5. ge en E Se Public Static WAN 147 150 160 170 1 GWR sp ei ee KE Cisco 1841 VPN terminator LAN 192 168 10 1 LAWN 10 10 10 1 LAN 192 168 10 x LAN 10 10 10 x Gateway 192 168 10 1 Gateway 10 10 10 1 Figure 69 IPSec tunnel between GWR Router and Cisco Router The GWR Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPN s The GWR Router configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes eene 84 USER MANUAL GWR Series Router GWR ROUTER CONFIGURATION CONSOLE Network Network Settings Server Use the following IP address WAN Settings IP Address 192 168 10 1 Ro ut Ir 9 r Dynamic Routing Protocol Subnet Mask 255 255 255 0 E Local DNS EC Caution Changes to IP Address
6. Forward to port Specify TCP UDP port on which the traffic is going to be forwarded Interface Click Add to insert add new item in table to the GWR Router Remove Click Remove to delete selected item from table eload Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR Router After pressing Save button it make take more than 10 seconds for router to save parameters and become operational again Table 7 Routing parameters Port translation For incoming data the GWR Router forwards IP traffic destined for a specific port port range or GRE Ipsec protocol from the cellular interface to a private IP address on the Ethernet side of the GWR Router 3 senexo 26 USER MANUAL GWR Series Router Settings Dynamic Routing Protocol Dynamic routing performs the same function as static routing except it is more robust Static routing allows routing tables in specific routers to be set up In a static manner so network routes for packets are set If a router on the route goes down the destination may become unreachable Dynamic routing allows routing tables in routers to change as the possible routes change Routing Information Protocol RIP The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks As such it is classified as an interior gateway protocol IGP using the distance vector routing algorithm
7. e ACT yellow on Network traffic detected off when no traffic detected e Network Link green LED on Ethernet activity or access point engaged LAA ETHERNET RS 232 RST e 12V DC Figure 2 GWR Route front panel The Reset button can be used for a warm reset or a reset to factory defaults Warm reset If the GWR Router is having problem connecting to the Internet press and hold in the Reset button for a second using the tip of a pen Reset to Factory D efaults To restore the default settings of the GWR Router hold the RESET button pressed for a few seconds Restoration of the default configuration will be signaled by blinks of the first and last signal strength LED on the top panel This will restore the factory defaults and clear all custom settings of the GWR Router You can also reset the GWR Router to factory defaults using the M aintenance gt Default Settings screen Back panel On the back panel of device Figure 3 and Figure 4 the following connectors are located e slotfor SIM cards e SMA connector for connection of the GSM UMTS antenna ANTENNA SIM CARD 1 SIM CARD 2 Je8 p As Figure 3 GWR Router back panel GPRS and EDGE CG senero 8 USER MANUAL GWR Series Router MAIN ANTENA AUX ANTENA SIM CARD 1 SIM CARD 2 LL Jepp 149 Figure 4 GWR Router back panel 3G Top Panel There is a sequence of 8 LED indicators on the top of this device by which the indication of the system curr
8. List of Figures FOU TeV ROUL EE 6 Figure 2 GWR Router front Pane eenssnrvrrannnnnrvrnnrnnnnnnvevennnnnnenennrnnnvennnsnnnnnnnenennnnnnnesnnnnnnnesennnnnennenennnnnnneennnnnnnene 10 Figure 3 GWR Router back panel GPRS and EDGE EN ENNEN 10 Figure 4 GWR Router back panel 3G rrerrnnnnrvvrrnnnnnvrrnnnnrrnnnvevennnnnvenennnnnnnernnnnnnnnnnenennsnnvevennnnnnnesnnnnnnnnnenssnnnnnnee 11 Figure 5 GWR Router top panel E Le TC 11 Figure 6 Declaration of Comfort ENEE 13 Figure 7 User authenti catiON EE cdujiaadeuucttadivastaddvsigunatenas 14 Figure 8 General router information anrrvrnnannvvvvennnnvvvrnvennrnnnnevessnnnvenennnnnnevennennnnnnnensnnnnnnensnnnnnnnnsnnnennnnnnnesnnnnnene 16 Figure 9 Network lite uge 17 Foure TO WAN Onna OM DE 17 Figure 11 Network parameters configuration Page ENEE ENEE 18 Figure 12 DHCP Server configuration page REENEN NENNEN An 20 Figure 13 WAN Settings configuration Doae ENNEN 21 Figure 14 ROUTING configuration e 25 Fig re 15 RIP conig rat on page E 27 Figure 16 GRE tunnel parameters configuration Date 31 Figure 17 IPSec SUIMM Ewe CC NEE 32 gle der knes oe lee EE NE EE 34 Figure 19 OPENVPN RE ul el EEN 38 Figure 20 OPENVPN configuration PAGE ENEE 40 Figure 21 IP Filtering configuration PAGE ENEE 42 Figure 22 IP Filtering configuration amp ample rrrrarvevrrnrvnnvvrnnrnnnnnnvvrsnnnnnvvrsnnnnnnnennrnnnnannevennsnnnnesnnnnnnnesennnnnennene 43 FE SPRETT 43 PZ DyYND
9. NAT Rules o Keep Alive o Max Fragment Size 1300 bytes On some GSM UMTS networks recommended time for Keepalive Ping Interval is grater than 10 seconds Local Remote Group Setup Remote Host or IP Adress L Redirect Gateway o manual configuration Tunnel Interface Configuration Local Interface IP Address Remote Interface IP Address Copyright amp 2008 Geneko All rights reserved http zua qenekors Figure 20 OpenVPN configuration page 40 USER MANUAL GWR Series Router Settings IP Filtering IP filtering is simply a mechanism that decides which types of IP datagram s will be processed normally and which will be discarded By discarded we mean that the datagram is deleted and completely ignored as if it had never been received You can apply many different sorts of criteria to determine which datagram s you wish to filter some examples of these are e Protocol type TCP UDP ICMP etc e Socket number for TCP UPD e Datagram type SYN ACK data ICMP Echo Request etc e Datagram source address where it came from e Datagram destination address where It is going to It is important to understand at this point that IP filtering is a network layer facility This means it doesn t understand anything about the application using the network connections only about the connections themselves The IP filtering rule set is made up of many combinations of the criteria listed previousl
10. Remote Management Copyright 2008 Geneko All rights reserved http Awww qenekors Figure 54 Network configuration page e UseSIM card with a dynamic static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All 3 cenexo 74 USER MANUAL GWR Series Router parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt GRE Tunneling to configure new VPN tunnel parameters Enable yes Local Tunnel Address 10 1 1 1 Local Tunnel N etmask 255 255 255 252 Unchangeable always 255 255 255 252 Tunnel Source 172 29 8 5 Tunnel Destination 172 29 8 4 KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into VPN table Press Save to accept the changes GWR ROUTER CONFIGURATION CONSOLE Status VPN Settings GRE G al Network Information Generic Routing Encapsulation GRE Tunneling WAN Information Enable Local Tunnel Address Local Tunnel Netmask KeepAlive Enable Period Retries Action Settings
11. The Routing Information Protocol provides great network stability guaranteeing that if one network connection goes down the network can quickly adapt to send packets through another connection Click RIP Tab to open the Routing Information Protocol screen Use this screen to configure the GWR Router RIP parameters Figure 15 GWR ROUTER CONFIGURATION GONSGLE Routing Information Protocol k Information Routing Manager nformation Hostname Router Password zebra Enable log O Routing Dynamic Routing Protocol Port to bind at RIP VPN Settings GRE O User defined Default 2601 RIPD DynDNS Serial Port Maintenance Password zebra Jevi ity 5 Port to bind at Hostname ripd O User defined Default 2602 Management Routing Information Protocol Status Command Line Interface en Status stopped Copyright 2008 Geneko All rights reserved http www geneko ra Figure 15 RIP configuration page 3 cenexo 27 USER MANUAL GWR Series Router RIP Settings D escription R outing M anager rompt name that will be displayed on telnet console assword ogin password nable log nable log file ort to bind at ocal port the service will listen to Prompt name that will be displayed on telnet console of the Routing Information Protocol M anager assword Login password Port to bind at Local port the service will listen to R outing Inf
12. USER MANUAL Preshared Key 1234567890 Failover EnablelKE Failover false Enable PPP After IKE SA Retry Exceeds Specified Limit false Enable Tunnel Failover false Advanced Compress Support IP Payload Compression Protocol IPComp false Dead Peer Detection DPD false NAT Traversal true Send Initial Contact N otification true Press Save to accept the changes Device 2 Device Tunnel Add New Tunnel Tunnel Number 1 Tunnel Name test Enable Local Group Setup Local Security Gateway Type SIMCard C Custom Peer ID IP Address From SIM1 EI Local Security Group Type Subnet IP Address IP Address 192 168 10 0 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only IP Address 150 160 170 1 CI Custom Peer ID Remote Security Group Type Subnet Mask Subnet vi 10 10 10 1 255 255 255 0 Figure 71 IPSEC configuration page I for GWR Router IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH Group Groupe Phase 1 Encryption 3DES v Phase 1 Authentication SHA Phase 1 SA Life Time 28800 sec Perfect Forward Secrecy Phase 2 DH Group Group e Phase 2 Encryption IDES iv Phase 2 Authentication SHAI Phase 2 SA Life Time 3600 sec 1234567890 Preshared Key Figure 72 IPSec
13. no ip route cache no ip mroute cache duplex auto speed auto crypto map GWR l interface FastEthernet0 1 description LAN INTERFACE 3 cenexo 88 USER MANUAL GWR Series Router ip address 10 10 10 1 255 255 255 0 ip nat inside no ip route cache no ip mroute cache duplex auto speed auto ip route 4 0 0 0 0000 1850 160 110 2 ip http server no ip http secure server ip nat inside source list nat_list interface FastEthernet0 0 overload l ip access list extended nat_list deny ip 10 10 10 0 0 0 0 255 192 168 10 0 0 0 0 255 permit ip 10 10 10 0 0 0 0 255 any access list 23 permit any l line con 0 line aux 0 line vty 0 4 access class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access class 23 in privilege level 15 login local transport input telnet ssh l end Use this section to confirm that your configuration works properly Debug commands that run on the Cisco router can confirm that the correct parameters are matched for the remote connections show ip interface Displays the IP address assignment to the spoke router show crypto isakmp sa detail Displays the IKE SAS which have been set up between the IPsec initiators show crypto ipsec sa Displays the IPsec SAs which have been set up between the IPsec initiators debug crypto isakmp Displays messages about Internet Key Exchange IKE events debug crypto ipsec Displays IPsec events debug crypto engi
14. performed when power supply is not connected Q senero be USER MANUAL GWR Series Router Declaration of conformity RE General Ekonomik HARDWARE SG 0OFTWMARE ENGINEERING DECLARATION OF CONFORMITY We hereby declare that following product COMMUNICATION EQUIPMENT WIRELESS ROUTER Type Prod uct name Technical apecfie arm GWR201 GWR201 B GWR202 GENEKO GWR ROUTER Input G1T2V 7 1A GWR202B GWR251 GWR251B GWR252 GWR252B GWR301 GWRI02 are in conformity with standards harmonised with directives LVD EN 60950 1 2001 1st Ed andor EN 60950 1 2001 EMC DIRECTIVE 2004 108 EC EN 301 489 1 V1 5 1 2005 09 EN 301 489 7 V1 3 1 2005 11 R amp TTE DIRECTIVE 1999 5 EC ETSIEN 301 511 V902 ETSI EN 301 511 V9 03 EN 301 908 1 amp EN 301 908 2 V2 2 1 RoHS DIRECTIVE 2002 05 EC EU COMMISION DECISION 2005 818 EC 20057 17 60 2005 747 EC 2006 3 10 EC 2006 690 EC 2006 69 1 6C and 2006 692 EC CE 1304 I 1 U i I Gan AN UA Year of affixing of CE mark 2008 Director Place and date Borisav j Belgrade October 1 2008 RB GeneralEkonomik Bul Despota Sefana 558 11000 Bebgrade Serbia tel 381 11 3940 591 3340 1789 fan 381 11 3224 4327 office genekn CO re svwvoeneko cons Figure 6 Declaration of conformity 3 cenexo 13 USER MANUAL GWR Series Router Device Configuration There are two methods which can be used to configure t
15. 9 Status WAN Information WAN Information Tab provides information about GPRS EDGE UMTS HSDPA HSUPA connection and GPRS traffic statistics WAN information menu has three submenus which provide information about GPRS EDGE UMTS HSDPA HSUPA mobile module manufacturer and model Mobile operator and signal quality Mobile traffic statistics Screenshot of WAN Router information is shown in Figure 10 3 cenexo 16 USER MANUAL Status General rk Information nformation Dynamic Routing Protocol RIP VPN Settings IP Filtering DynDNS Serial Port Lo go ut GENEKO HARDWARE Status General rk Information WAN Information Settings ie WAN Settings Routing i Dynamic Routing Protocol RIP VPN Settings Lo go ut Geneko HARDWARE GWR ROUTER GCONFIGURATION CONSOLE Network Information Network Statistics Network Technology IP Address 192 168 1 1 Netmask Data Received RX Error Packets Data Transmitted TX Error Packets DHCP Server status MAC Address MTU Size Broadcast RX Packets RX Dropped Packets TX Packets TX Dropped Packets GWR Series Router 00 1e 5c 00 0b ed 500 192 168 1 255 694 Copyright 2008 Geneko All rights reserved http Awww qenekors Figure 9 Network Information GWR ROUTER GONFIGURATION GONSOLE Mobile Information Modern Manufacturer Modem Model Modem Serial Number Revision Mobile Connection Operator Cell ID Ph
16. Automatically allow access from all devices on the local subnet Default Se Reboot Management Command Line Interface ent pO TI Late ziele aa Caution Carefully review settings before applying changes Incorrect settings can make the GWR Router inaccessible from the network Logout Demilitarized Zone Host Settings DMZ private IP address Figure 23 IP Filtering settings 3 cenexo 43 USER MANUAL GWR Series Router Settings DynDNS Dynamic DNS is a domain name service allowing to link dynamic IP addresses to static hostname To start using this feature firstly you should register to DDNS service provider Section of the web interface where you can setup DynDN S parameters is shown in figure 24 Geneko GWR ROUTER CONFIGURATION CONSOLE HARDWARE Status Dynamic DNS General Network Information DynDNS Settings Ve nformation Enable DynDNS Cilent Service dyndns e WAN Settings Hostname geneko dyndns work com Routing Dynamic Routing Protocol Username geneko317 RIP Password esgeee VPN Settings Ge g GRE Maximum interval 86400 sec deer Number of tries 10 IP Filtering Timeout 120 i sec DynDNS i Serial Port Period 3 SEG Maintenance De s Status started Copyright 2008 Geneko All rights reserved http www geneko rs Figure 2
17. IPComp CI Dead Peer Detection DPD sec C NAT Traversal C Send Initial Contact http Awww Ooeneko rt Figure 18 IPSec Settings VPN Settings IPSec Settings abel Description Tunnel Number This number will be generated automatically and it reoresents the tunnel number Enter aname for the IPSec tunnel This allows you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel Check this box to enable the IPSec tunnel Select the type you want to use IP Only Only a specific IP address will be able to establish a tunnel SIM Card Router automatically uses IP address on WAN interface NOTE The Local Security Gateway Type you select should match the Remote Security Gateway Type selected on the IP Sec device at the other end of thetunnel The WAN or Internet IP address of the Router automatically appears If the IP Address Router is not yet connected to the GSM UMTS network this field is without IP address Custom Peer ID How the of the participant should be identified for authentication Can be an IP address or a fully qualified domain name preceded by Select the local LAN user s behind the Router that can use this IPSec tunnel Local Security Group Select the type you want to use IP or Subnet NOTE The Local Security Group Type you select should match the Remote Security Group Type selected on the IP Sec device at the other end of the tunna GeneKO 34 HA
18. Only on client side Either raw or telnet Raw enables the port and transfers all data like between the Type of socket port and the log Telnet enables the port and runs the telnet protocol on the port to set up telnet parameters D Enable connection checking i Set keepalive idle time in seconds Set time period between checking EE Log level Set importance level of log messages Ge A CH 3 Ol V oJ 2 2 3 191158 OI OI R 5 5 Q a Q cr D D A a VO 3 5 U0 Oli o CH 2 2 o lt ct 5 al e 2 3 3 el wil D R z v er J 5 K Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR Router and activate deactivate serial to Ethernet converter Table 15 Ser2IP parameters Click Serial Port Tab to open the Serial Port Configuration screen Use this screen to configure the GWR Router serial port parameters Figure 26 Q senexo USER MANUAL Geneko HARDWARE Status General Network Informatior WAN Information Settings Network DHCP Server WAN Settings Routing Dynamic Routing Protoco RIP VPN Settings GRE IP Filtering Maintenance Device Identity Sett Date Time Settings Diagnostics Update Firmware Settings Backup Reboot Default Settings Management Serial Port SNMP GENEKO HARDWARE GWR Series Router GWR ROUTER SGONHGURATION CONSOLE Serial Port Serial Port
19. Receive Unit bytes VJ Connection ID Compression USER MANUAL GWR Series Router D eflate Compression Disable or enable Deflate compression Disable CCP Compression Control Protocol negotiation This option should Compression Control Protocol negotiation only be required if the peer is buggy and gets confused by requests from pppd for CCP negotiation M agic Number Disable magic number negotiation With this option pppd cannot detect a negotiation looped back line This option should only be needed if the peer is buggy Enables the passive option in the LCP With this option pppd will attempt to Passive M ode initiate a connection if no reply is received from the peer pppd will then just wait passively for a valid LCP packet from the peer instead of exiting as it would without this option With this option pppd will not transmit LCP packets to initiate a connection Silent M ode until a valid LCP packet is received from the peer as for the passive option with ancient versions of pppd Append domain name Append thedomain named to the local host name for authentication purposes Show PAP password When logging the contents of PAP packets this option causes pppd to show the inlo password string in the log message Time to wait before re Specifies how many seconds to wait before re initiating the link after it terminates The holdoff period is not applied if the link was terminated because it
20. SNMP agent click this option to unmark Create the name for a group or community of administrators who can view SN MP data The default is public It supports up to 64 alphanumeric characters Sets the port on which SNMP data has been sent The default is 161 You can specify port by marking on user defined and specify port you want SN MP data to be sent Table 23 SNMP parameters S cenexo 64 USER MANUAL Management Logs GWR Series Router Syslog is a standard for forwarding log messages in an IP network The term syslog is often used for both the actual syslog protocol as well as the application or library sending syslog messages Syslog is a client server protocol the syslog sender sends a small less than 1K B textual message to the syslog receiver Syslog Is typically used for computer system management and security auditing While it has a number of shortcomings syslog is supported by a wide variety of devices and receivers across multiple platforms Because of this syslog can be used to integrate log data from many different types of systems into a central repository ere Status Ro Dynamic Routing Protocol RIP VPN Settings GWR ROUTER GONFIGURATION CONSOLE System Logger Syslog Status Disable O Remote syslog Local syslo Status H started Remote Syslog Service server Service port User defined P SE Default P 1192 168 23 108 514
21. WAN address for tunnel source and tunnel destination address e Source tunnel address should have static WAN IP address e Destination tunnel address should have static WAN IP address GSM UMTS APN Type For GSM UMTS networks GWR Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPN s The GWR Router 1 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP Address 192 168 4 1 Subnet Mask 255 255 255 0 Press Save to accept the changes eene 68 USER MANUAL GWR Series Router GWR ROUTER CONFIGURATION CONSOLE Network Network Settings Use the following IP address IP Address 192 168 4 1 Subnet Mask 255 255 255 0 Local DNS Caution Changes to IP Address subnet mask and local DNS require a reboot to take effect Reload Save Copyright 200 neko Al rights reserved 18 Genek http Ayvww geneko rs Figure 47 Network configuration page for GWR Router 1 e UseSIM card with a static IP address obtained from Mobile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s net
22. adjust to physical changes in the network s layout The GWR Router is a fully functional router with static routing capability Figure 14 shows screenshot of Routing page GENEKO HARDWARE USER MANUAL GWR Series Router GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Routing Status General Netwark Information Routing Table Settings WAN Information Current static routes Enable Dest Network ee a a 255 255 255 252 1255 2552550 0 0 0 0 Ro uting Dynamic Routing Protocol RIP VPN Settings Apply the following static routes to the routing table EE EEG NE er a m 0000 0 000 Gm ee x KE a ECH Forwarding Enable Network Address Translation NAT Forward protocol connections from external networks to the following internal devices Enable Tunneling Protocol Forward TCP UDP connections from external networks to the Gees internal devices Pk Destination IF Destination Notmaskl Desinalon Pont Forward to IP KC Wem Jemming ES Copyright amp 2008 Geneko All rights reserved http nau geneko rs Figure 14 Routing configuration page Use this menu to setup all routing parameters Administrator can perform following operations e Create Edit Remove routes including default route e RerouteGRE and IPSEC packet to dedicated destination inside the network e Porttranslation Reroute TCP and UPD packets to desired destination in
23. automatically or Set the local time manually Date and time setting on the GWR Router are done through window Date Time Settings Geneko GWR ROUTER CONFIGURATION CONSOLE HARDWARE Status Date Time Settings General Network Information Current Date and Time WAN Information sie Date 2011 07 16 Time 11 33 45 Date and Time Setup Dynamic Routing Protocol ZS I RIP VPN Settings Update router date and time GR O Manually SRE From time server lana al hein ESP Date D jel Time HER 4 Time protocol NTP RFC 1305 v Time server address 7 105 37 0 Time zone GMT 1 00 hours CET Central Europe Time Belgrade Copenhagen Madrid Paris vi Cl Automatically synchronize NTP Update time every E min Copyright 2008 Geneko All rights reserved http Laun geneko rs Figure 30 Datei Time Settings configuration page 3 senexo 53 USER MANUAL GWR Series Router Date Time Settings abel D escription Manually Sets date and time manually as you specify It rom time server Sets the local time using the N etwork Time Protocol NTP automatically This field species Date and Time information You can change date and time by changing parameters ync Clock With Client Date and time setting on the basis of PC calendar ime Protocol Choose the time protocol ime Server Address Time server IP address ime Zone Select your time zone Automatically
24. button on Internet Protocol Security page to initiate IPSEC tunnel When you click Start button you can choose one of two modes of IPSec tunnel Connect or Wait One router has to be in Connect mode while router on the opposite side is in Wait mode WAN IP address of the router in Wait mode has to be reachable from the other router Hereyou can define log level of IPSec process from the dropdown menu on the right side GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Status Internet Protocol Security General Information Summary Information Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level none ene Routing Protocol RIP Enabled Status Enc Auth Grp Local Group p Remote Gateway i VPN Settings IPSec Open VPN emitting IP Filtering Reducing the MTU size on the client side can help eliminate some connectivity problems occurring at the protocol level Sto control P DynDNS S Recommended MTU size on client side is 1300 lifecycle ek 8 Po z Tunnel status description klips SEN ort started ipsec is running dns Maintenance stopped ipsec is not running ortunnel is not enabled debug oppo Device e Identity connecting ipsec is trying to establish connection private z waiting for connection ipsec is waiting for other end to connect established tunnel is up Rebar SCH Management Comr mand Line EES H Logout Figure 62 IPSec start stop page for GWR Router 1 Summ
25. interface and ppp0 represents GSM UMTS mobile interface of the GWR Router VPN Traffic redirection This check box allows you to activate deactivate this static Protocol translation Encapsulated Security Payload ESP protects the IP packet data from third party interference by encrypting the contents using symmetric cryptography algorithms Unlike AH the IP packet header is not protected by ESP ESP operates directly on top of IP using IP protocol number 50 Generic Routing Encapsulation GRE is a tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets The original packet is the payload for the final packet GRE creates a virtual point to point link with routers at remote points on an IP Internet work GRE uses IP protocol number 47 This field specifies IP address of the VPN server on local area network VPN tunnel ends at this VPN server You must use VPN tunnel option when configuring VPN connection because of NAT TCP U DP Traffic forwarding This check box allows you to activate deactivate this static port translation rotocol estination IP Choose between TCP and UDP protocol This field specifies IP address of the incoming traffic Destination Netmask This field specifies netmask for the previous address Destination Port This is the TCP UDP port of application Forward to IP This filed specifies IP address where packets should be forwarded
26. it is lost or forgotten If the password is lost or forgotten you have to reset the Router to its factory default settings this will remove all of your configuration changes Geneko GWR ROUTER CONFIGURATION CONSOLE HARDWARE Administrator Password Password WAN Information Settings Enable Password Authentication User Name admin Old Password Routing Dynamic Routing Protocol New Password RIP VPN Settings GRE IPSec Confirm Password Copyright 2008 Geneko All rights reserved http Awww genekors Figure 29 Administrator Password configuration page 3 cenexo 52 USER MANUAL GWR Series Router Administrator Password abel D escription By this check box you can activate or deactivate function for authentication when you access to web console application This field specifies Username for user administrator login purpose Enter the old password The default is admin when you first power up the GWR Router Enter anew password for GWR Router Your password must have 20 or fewer characters and cannot contain any space Re enter the new password to confirm it Click Save button to save your changes back to the GWR Router eload Click Reload to discard any changes and reload previous settings Table 19 Administrator password Maintenance Date Time Settings To set the local time select Date Time Settings using the N etwork Time Protocol NTP
27. on setup CD that goes with the router to guide you step by step through the process of device detection on the network and setup of the PC to device communication Thanks to this utility user can simply connect the router to the local network without previous setup of the router Connection Wizard will detect the device and allow you to configure some basic functions of the router Connection M anager is enabled by default on the router and if you do not want to use it you can simply disable it Figure 38 GWR ROUTER GONFIGURATION GONSGLE Connection Manager Connec tion Manager Enable Connection Manager Connection Manager Status WA ings Routing i Status started Dynamic Routing Protocol RIP Figure 38 Connection M anager Getting started with the Connection Wizard Connection Wizard is installed through few very simple steps and it is available immediately upon the installation After starting the wizard you can choose between two available options for configuration e GWR Router s Ethernet port With this option you can define LAN interface IP address and subnet mask e GWR router s Ethernet port and GPRS EDGE HSDPA HSUPA network connection Selecting this option you can configure parameters for LAN and WAN interface 3 senexo 61 USER MANUAL GWR Series Router Geneko Wireless Router Connection Wizard Configure GWR Router s Ethernet port O Configure GWR Router Ethernet port and GPRS ED
28. subnet mask and local DNS require a reboot to take effect Reload Save VPN Settings GRE Copyright amp 2008 Geneko All rights reserved http iww geneko rs Figure 70 Network configuration page for GWR Router e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel Tunnel Name test Enable true e Local Group Setup Local Security Gateway Type SIM card IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 192 168 10 0 Subnet Mask 255 255 255 0 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 150 160 170 1 Remote Security Group Type Subnet IP Address 10 10 10 0 Subnet Mask 255 255 255 0 e IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication SHA Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption 3DES Phase 2 Authentication SHA1 Phase 2 SA Life Time 3600 eene
29. to activate new firmware version it is necessary that the user performs system reset 4 Clear browser cache after firmware update Dynamic Routing Protocol RIP Current firmware version 2 1 9 30 352 test 2 VPN Settings GRE Select firmware Browse Sec Upload Copyright amp 2008 Geneko All rights reserved http www geneko rs Figure 32 Update Firmware page In order to activate new firmware version It is necessary that the user performs system reset In the process of firmware version change all configuration parameters are lost and after that the system continues to operate with default values Maintenance Settings Backup This feature allows you to make a backup file of your preferences file for the GWR Router To save the backup file you need to export the configuration file To use the backup preferences file you need to import the configuration file that you previously exported Import Configuration File To import a configuration file first soecify where your backup configuration file is located Click Browse and then select the appropriate configuration file After you select the file click Import This process may take up to a minute Restart the Router in order to changes will take effect Export Configuration File To export the Router s current configuration file click Export 3 cenexo 56 USER MANUAL GWR Series Router Opening confFile bkg You have chosen to open al con
30. up Figure 74 IPSec start stop page for GWR Router e Onthe device connected on GWR router setup default gateway 192 168 10 1 3 cenexo 87 USER MANUAL GWR Series Router The Cisco Router configuration version 12 4 service timestamps debug datetime msec service timestamps log datetime msec no service password encryption hostname Cisco Router boot start marker boot end marker username admin password I e E e Een l enable secret 5 KIKKKKKKKKKKKKKKKKKKKK f no aaa new model no ip domain lookup l ege thal E pre shared kar crypto keyring remote pre shared key address 0 0 0 0 0 0 0 0 key 1234567890 TSAKMP policy crypto isakmp policy 10 encr 3des authentication pre share group 2 lifetime 28800 Profile for LAN to LAN connection that references the wildcard pre shared key and a wildcard identity crypto isakmp profile L2L description LAN to LAN vpn connection keyring remote match identity address 0 0 0 0 d crypto ipsec transform set testGWR esp 3des esp sha hmac Instances of the dynamic crypto map reference previous IPsec profile crypto dynamic map dynGWR 5 set transform set testGWR set isakmp profile L2L Crypto map only references instances of the previous dynamic crypto map crypto map GWR 10 ipsec isakmp dynamic dynGWR interface FastEthernet0 0 description WAN INTERFACE ip address 150 160170 1 255 255 295 232 ip nat outside
31. 0g Table 1 Technical parameters USER MANUAL GWR Series Router GWR Router features N etwork Routing Static DHCP Server e Static lease reservation DHCP Server support e Address exclusions RIP The Routing Information Protocol is a dynamic routing protocol used in local and wide area networks IP forwarding IP TCP UDP packets from WAN to LAN DMZ or De Militarized Zone is a physical or logical DMZ support subnetwork that contains and exposes an organization s external services to alarger untrusted network usually the Internet Simple N twork Management Protocol is used in network management systems to monitor network attached SN M Pv1 2c a WW devices for conditions that warrant administrative attention NTP RFC 1305 TheN etwork Time Protocol is a protocol for synchronizing the clocks of router Dynamic DNS DDNS is a domain name service allowing DynDNS to link dynamic IP addresses to static hostname To start using this feature firstly you should register to DDNS service provider Firewall ee IP address Network filtering e IP filtering Ser2net Serial to Ethernet converter M odbus RTU to TCP gateway Modbus to Ethernet converter VPN Generic Routing Encapsulation is a tunneling protocol GRE that can encapsulate a wide variety of network layer protocol packet types inside IP tunnels GRE Keepalive K eepalive for GRE tunnels IPSec pass through ESP tunnels Internet Pr
32. 4 DynDNS settings DynDNS abel Description EnableDynDNS Cilent Enable DynDNS Client The type of service that you are using try one of dhs pgpow dyndns dyndns static dyndns custom ods easydns dyns justlinux and zoneedit Hostname String to send as host parameter GeneKo 44 HARDWARE USER MANUAL GWR Series Router Period Time between update retry attempts default value is 1800 Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR Router Table 14 DynDNS parameters Settings Serial Port Using the router s serial port it is possible to perform serial to ethernet conversion Serial port over TCP UDP and ModbusRTU to TCP conversion Modbus gateway Initial Serial Port Settings page is shown in figure bellow By default above described features are disabled Selecting one of two possible applications of Serial port opens up additional options available for configuration r GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Serial Port General Network Information Serial Port Settings WAN Information Disable all Serial port over TCP UDP settings EEE settings Status stopped neko All rights reserved Copyright amp 2008 Gene http www genekors Figure 25 Serial Port Settings initial menu Serial port over TCP UDP settings The GWR Router provides a way for a user to connect from a network co
33. CP clients DN S address is manually configured by user Enable DHCP Server This field specifies IP addresses that will be dedicated to specific DHCP Client based on MAC address DHCP server will always assign same IP address to appropriate client Click Save to save your changes back to the GWR Router Click Reload to discard any changes and reload previous settings Table 4 DHCP Server parameters J D Q 2 I L O HARDWARE USER MANUAL GENEKO RDWARE Status eneral Ne k Information V Information Settings Network DHC Routing Dynamic Routing Protocol RIP VPN Settings GRE ynDNS rial Port Maintenance Lo go ut Geneko HARDWARE GWR Series Router GWR ROUTER GONFIGURATION CONSOLE DHCP Server DHCP Server Settings Cl Enable DHCP server IP Address range Lease Duration From To Primary DNS Secondary DNS None None Used by ISP _ Used by ISP User Defined UserDefined Static Lease Reservations IP addresses that will be dedicated to specific DHCP Client based on MAC address Enable IP Address MAC Address __ Action Address Exclusions Exclude these address from the DHCP IP address pool Enable Start Address End Address Action Add MAC Address format ee The IP address pool must specify addresses that are in the subnetwork of the GWR Router The DHCP server will not operate if this configuration does not meet this requi
34. CPU vendor Up Time since last reboot hardware resources utilization and MAC address of LAN port Screenshot of General Router information is shown at Figure 8 Data in Status menu are read only and cannot be changed by user If you want to refresh screen data press Refresh button SIM Card detection is performed only at time booting the system and you can see the status of SIM slot by checking the Enable SIM Card Detection option Q senero USER MANUAL GWR Series Router GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE General Information irk Information Router Information Information Model GWR252_test Firmware Version 2 1 9 30 252 test 2 GAR gt Kernel Version 2 6 21 5 geneko v1 Dynamic Routing Protocol CPU Vendor CirrusLogic ARMY EP9302 200Mhz da UP Time 00 11 55 GRE Total Memory 29656K Used Memory 24476K Free Memory 5180K MAC Address 00 1e 5c 00 0b ed SIM Card Detection CI Enable SIM Card Detection SIM Card detection is performed only at time of booting the system lf SIM Card detection is disabled router boot up process will be faster Copyright amp 2008 Geneko All rights reserved http Awww geneko rs Figure 8 General router information Status Network Information Network Information Tab provides information about Ethernet port and Ethernet traffic statistics Screenshot of Network Router information is shown in Figure
35. Figure 16 you can see screenshot of GRE Tab configuration menu VPN Settings GRE Tunneling Parameters abel Description This check box allows you to activate deactivate VPN GRE traffic This field specifies IP address of virtual tunnel interface This field specifies the IP netmask address of virtual tunnel This field unchangeable always 255 255 255 252 unnel Source This field specifies IP address or hostname of tunnel source unnel Destination This field specifies IP address or hostname of tunnel destination ocal Tunnel Address nterface This field specifies GRE interface This field gets from the GWR Router eepAlive Enable Check for keepalive enable Defines the time interval in seconds between transmitted keepalive packets Enter a number from 3 to 60 seconds Defines the number of times retry after failed keepalives before determining that the tunnel endpoint is down Enter a number from 1 to 10 times CG senero R Period Local Tunnel Netmask USER MANUAL GWR Series Router Add Click Add to insert add new item in table to the GWR Router Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR Router Table 9 GRE parameters GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Status VPN Settings GRE General Generic Routing Encapsulation GRE Tunneling Enable Local Tunnel Address Local Tunnel Netmask Tunnel Desti
36. GE 3G HSDPA network connection G GeneKo Figure 39 Connection Wizard Initial Step Select one of the options and click Next On the next screen after Connection Wizard inspects the network whole broadcast domain you ll see a list of routers present in the network with following information Serial number Mode Ethernet IP Firmware version Pingable if Ethernet IP address of the router is in the same IP subnet as PC interface then this field will be marked i e you can access router over web interface Geneko Wireless Router Connection Wizard Serial No Ethernet IP Firmware version Pingable 192 168 1 1 C Reset device to default settings 3 cenexo Figure 40 Connection Wizard Router Detection 3 cenexo 62 USER MANUAL GWR Series Router When you select one of the routers from the list and click N ext you will get to the following screen Geneko Wireless Router Connection Wizard IP address 192 1 68 1 1 Subnet mask 255 255 255 0 3 eene Figure 41 Connection Wizard LAN Settings If you selected to configure LAN and WAN interface click upon entering LAN information click N ext and you will be able to setup WAN interface Geneko Wireless Router Connection Wizard WAN Settings Enabled Provider VIP Authentication PAP CHAP Username vipmobile Password vipmobile Dial string ATD 99 1 Initial string at cadcont 1 A IPA A vipmobile Number of re
37. In this example it is necessary for both routers to create tunnel interface virtual interface This new tunnel interface is its own network To each of the routers it appears that it has two paths to the remote physical interface and the tunnel interface running through the tunnel This tunnel could then transmit unroutable traffic such as NetBIOS or AppleTalk The GWR Router uses Network Address Translation NAT where only the mobile IP address is visible to the outside All outgoing traffic uses the GWR Router WAN VPN mobile IP address HQ Cisco router acts like gateway to renote network for user in corporate LAN It also performs function of GRE server for termination of GRE tunnel The GWR Router act like default gateway for Remote Network and GRE server for tunnel 1 HQ router requirements e HQ route require static IP WAN address e Router or VPN appliance have to support GRE protocol e Tunnel peer address will be the GWR Router WAN s mobile IP address For this reason a static mobile IP address is preferred on the GWR Router WAN GPRS side e Remote Subnet is remote LAN network address and Remote Subnet Mask is subnet of remote LAN 2 TheGWR Router requirements e Static IP WAN address e Peer Tunnel Address will be the HQ route WAN IP address static IP address e Remote Subnet is HQ LAN IP address and Remote Subnet Mask is subnet mask of HQ LAN eene 73 USER MANUAL GWR Series Router GSM UMTS APN Type For GSM UMTS networ
38. N S ug Le 44 Figure 25 Serial Port Settings initial MENU sssannvernnrnnnverennnnnvvvevernnnnnnvenennnnnnnesnnnnnevennennnnnnnenennnnnnnnennnnnnnesnnnennnnnene 45 Figure 26 Serial Port configuration Dace EN ENEE 47 Figure 27 Modbus gateway configuration Date 50 Figure 28 Device Identity Settings configuration Date ENEE 51 Figure 29 Administrator Password configuration Date 52 Figure 30 Datei Time Settings configuration Date EEN 53 FE P SC p AGS caresses anaysaeeecnzesssceaiasetosanacteatangectecentdavt SS 55 PIQUE 32 U pd ate Firmware DAG EE 56 FOURS E GOW MN OS E 57 Figure 34 Default Settings page rvrrnnnnrvvrnnnnnnvvrrnnnarnnnvenennsannnnennnnnnvesnnnnnnnnenennnnnnenennrnnnnennnnnnnnnnnnrsnnnnnnnesnnnnnnenenn 57 Figure 35 System Reboot e e EEN 58 Figure 36 Command tive wt e 59 Figure 37 Remote EI e CC VUE 60 Figure 38 Connection Manager W 61 Figure 39 Connection Wizard il LEI EE 62 Figure 40 Connection Wizard Router Deechon EEN EEN 62 Figure 41 Connection Wizard LAN Geng ENEE 63 Figure 42 Connection Wizard WAN Gettnge EEN 63 Figure 43 SNMP configuration ele 64 Figure 44 Syslog configuration Date 65 Figure 45 GWR Router as Internet route WEE 67 Figure 46 GRE tunnel between two GWR Routere ENEE EEN 68 Figure 47 Network configuration page for GWR Router 1 ENEE En 69 Figure 48 GRE configuration page for GWR Router 1 ENNEN 70 Figure 49 Routing configuration page for GWR Route
39. RDWARE USER MANUAL GWR Series Router Select the remote LAN user s behind the Router at the other end that can use thi Remote Security IPSec tunnel Select the type you want to use IP or Subnet Gateway Type NOTE The Remote Security Group Type you select should match the Local Security Group Type selected on the IP Sec device at the other end of the tunna How the of the participant should be identified for authentication Can be an IP address or a fully qualified domain name preceded by Select the renote LAN user s behind the Router at the other end that can use thi Remote Security Group IPSec tunnel Select the type you want to use IP or Subnet NOTE The Remote Security Group Type you select should match the Local Security Group Type selected on the IP Sec device at the other end of the tunna IP Address Only the computer with a specific IP address will be able to access the tunnel Subnet Mask Enter the subnet mask In order to establish an encrypted tunnel the two ends of an IPSec tunnel must agree on the methods of encryption decryption and authentication This is done by sharing a key to the encryption code For key management the Router uses only IKE with Preshared Key mode IKE with Preshared K ey IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association SA IKE uses the Preshared Key to authenticate the remote IKE peer Both ends of IPSec tunnel must use the same mode of ke
40. Settings O Enable configuration console Enable serial ethernet converter Bits per second 57600 v Data bits Parity Stop bits Flow control Bind to port Type of socket Port Valid values 1 65535 Copyright 2008 Geneko All rights reserved http Lena geneko co rs Figure 26 Serial Port configuration page 47 USER MANUAL GWR Series Router Serial Port Settings Enable router configuration console Default serial port parameters are Serial port parameters baud rate 57600 data bits 8 parity none stop bits 1 flow control none Enable serial Ethernet Enable serial to Ethernet converter This provides a way for a user to connect converter from a network connection to a serial port The unit and attached serial device Such as a modem must agree on a speed or Bits per second baud rate to use for the serial connection Valid baud rates are 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Data bits Indicates the number of bits in a transmitted data package Checks for the parity bit None is the default The stop bit follows the data and parity bits in serial communication It indicates the end of transmission The default is 1 owca Flow control manages data flow between devices in a network to ensure it is Enable configuration console processed efficiently Too much data arriving before a device is prepared to manage it causes lost or retransmitted data N one is the de
41. UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parameters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel Tunnel Name test Enable true e Local Group Setup Local Security Gateway Type SIM card IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type IP IP Address 192 168 10 1 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 4 Remote Security Group Type Subnet IP Address 10 0 10 1 Subnet 255 255 255 0 eene g USER MANUAL e IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication M D5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption DES Phase 2 Authentication M D5 Phase 2 SA Life Time 3600 Preshared Key 1234567890 e Failover Enable IKE Failover false Enable PPP After IKE SA Retry Exceeds Specified Limit false Enable Tunnel Failover false e Advanced GWR Series Router Compress Support IP Payload Compression Protocol IPComp false Dead Peer Detection DPD false NAT Traversal true Send Initial Contact true Press Save to accept the changes Device 2 Device Tunnel Add New Tunnel Tunnel Nu
42. USER MANUAL GWR Series Router Content LIST OF FIGURES rnecettoaestaata tatu u s aesculus tern aestn sia tennis 14a AEAEE 3 TN 5 DESCRIPTION OF THE GPRS EDGE HSDPA ROUTER i munanunnrnnnnvnnevnnnnernnvennennnennnnnernnnennnenunenernnnensenunennsnne 6 Examples of POSSDIE ANNEN vrien 6 FAM NE 7 GWR Router features NNN ENNER 8 POOU OVT VCN vvrvrvrvrv4r44vrrr ciate N 10 FEON D eege 10 Ee gt EE S 10 PN 11 Sie ale IE OP ODEA O EE 12 Declaration or OT ONE GE 13 DEVICE CONFIGURATION WEE 14 DEVICE CONFIGURATION USING WEB APPLICATION 0cccesccceeeceeceeececeecneeuececeeeeeueeeeeeeeueeaneeaeeeeneeseeeneetens 14 MOTE 4444 15 Add Remove Update manipulation in tables ENNEN 15 SME e Ee fe 2 e 15 ENN 15 SE IS SISTA EE 15 Status Network Information ENNEN ENNEN ENNEN 16 TE VNR 16 SENGS NSE WV OF RR E EE E Eni 18 SNE DACP SA Ev 19 SNE NN 21 NE RUN 24 Port translation EEE EEEREN EEEE 26 Settings Dynamic Routing Protocol ENNEN EEN 27 RNa Ino man on Procol RIP EE 27 RIP routing engine for the GWR ROUE EE 28 MENS VPN SENGE enan E oeeoaetusennnancnnannegeite 30 Generic Routing Encapsulation GRE NEE 30 o UE 31 Meane gege ee Secu gt EE PE E 32 NN 38 PES e elt e EE 41 IP Filtering configuration examen 43 SE DN en 44 Sjel nl gt 0 REE diel O torn 45 Serial port over TCP UDP egttnges AANER 45 M odbus Gateway SAN EE 49 Maintenance Device Identity Settings rrmnrnnrvvrannanverranennrnnnvevennnnnvenennrnnvevennnensnnnvnvsnn
43. aintenance Device Identity Settings Within Device Identity Settings Tab there is an option to define name location of device and description of device function These data are kept in device permanent memory Device Identity Settings window is shown on Figure 28 D evice Identity Settings abel Description This field specifies name of the GWR Router This field specifies description of the GWR Router Only for information purpose This field specifies location of the GWR Router Only for information purpose Click Save button to save your changes back to the GWR Router Click Reload to discard any changes and reload previous settings Table 18 Device Identity parameters GWR ROUTER CONFIGURATION CONSOLE Device Identity Settings Settings Name Test241 o ret Description TestNewFW MAN 195 i Routing Location PPLab Dynamic Routing Protocol VPN Settings GRE Copyright 2008 neko All rights reserved 008 Geneko g http iwy geneko rs Figure 28 Device Identity Settings configuration page 3 ceneo 51 USER MANUAL GWR Series Router Maintenance Administrator Password By Administrator Password Tab it is possible to activate and deactivates device access system through Username and Password mechanism Within this menu change of authorization data Username Password is also done Administer Password Tab window is shown on Figure 29 NOTE The password cannot be recovered if
44. antenna cable away from interferers AC wiring Antenna Options Once optimum placement is achieved if signal strength is still not desirable you can experiment with different antenna options Assuming you havetried a standard antenna next consider e Check your antenna connection to ensure it Is properly attached e High gain antenna which has higher dBm gain and longer antenna Many cabled antennas require a metal ground plane for maximum performance The ground plane typically should have a diameter roughly twice the length of the antenna NOTE Another way of optimizing throughput is by sending non encrypted data through the device Application layer encryption or VPN puta heavy toll on bandwidth utilization For example IPsec ESP headers and trailers can add 20 30 or more overhead CG senero R
45. ard for a desired operator by specifying PLMN id of the operator This option is very useful in border areas since you can avoid roaming expenses Enable Failover Enable network locking GeneKO 21 HARDWARE USER MANUAL GWR Series Router Keep connection alive after Do not exit after a connection is terminated Instead try to reopen the connection Reboot a ou Reboot after n consecutive failed connection attempts connections Enable SIM 1 SIM 2 Make some traffic periodically in order to maintain connection active You can keepalive set keepalive interval value in minutes This field specifies the target IP address for periodical traffic generated using Ping target E ewe ping in order to maintain the connection active Ping interval This field specifies ping interval for keepalive option Are ping This field specifies the time interval of advanced ping proofing Advanced ping wait SE f This field specifies the timeout for advanced ping proofing or a response Maximum number of This field specifies maximum number of failed packets in percent before failed packets keepalive action is performed This menu provides a choice between two possible keepalive actions in case maximum number of failed packets is exceeded If Switch SIM option is selected Keepalive action router will try to establish the connection using the other SIM card after the maximum number of failed packets is exceeded If Current SIM option is selected rou
46. ary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level none v Enabled Status Enc Auth Grp Local Group Se ee eee a ae waiting for Phi SDES MDS 2 10 0 10 1 fife ve ene ESN ww By met moss Figure 63 Default connection mode Is Wait 3 cenexo 80 USER MANUAL GWR Series Router e Onthe device connected on GWR router 1 setup default gateway 10 0 10 1 The GWR Router 2 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes GWR ROUTER CONFIGURATION CONSOLE Network Network Settings Use the following IP address IP Address 1192 168 10 1 Routing DAAE Routing Protocol Subnet Mask 255 255 255 0 d Local DNS EE VPN Settings GRE Caution Changes to IP Address subnet mask and local DNS require a reboot to take effect Sec Reload Save Open Ph Copyright eko All rights reserved yrig 2008 Geneko o http www geneko rs Figure 64 Network configuration page for GWR Router 2 e UseSIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM
47. ber of tunnels This is the number of IPSec tunnels being defined This is the maximum number of tunnels which can be defined This filed indicates the number of the IPSec tunnel Field shows the Tunnel Name that you gave to the IPSec tunnel This field shows if tunnel is enabled or disabled After clicking on Start button only enabled tunnels will be started Field indicates status of the IPSec tunnel Click on Refresh button to see current status of defined IPSec tunnels This field shows both Phase 1 and Phase 2 details Encryption method DES 3DES AES Authentication method MD5 SHA1 and DH Group number 1 2 5 that you have defined in the IPSec Setup section first letters of enabled options Enc Auth Grp ocal Group emote Group Enabled G en 32 USER MANUAL GWR Series Router R emote G atew ay Field shows the IP address of the Remote Device Click on this link to delete the tunnel and all settings for that particular tunnel This link opens screen where you can change the tunnel s settings Router initiates the IPSec connection Router waits for IPSec connection Set IPSEC log level Click on this button to add a new Device to Device IPSec tunnel After you have added the tunnel you will see it listed in the Summary table This button starts the IPSec negotiations between all defined and enabled tunnels If the IPSec is already started Start button is replaced with Restart button Thi
48. boot after failed connections SN SA Clenable SIM 1 keepalive Lo Clenable SIM 2 keepalive Logout Connection type Auto v Mobile status Mobile device type Mobile communication Mobile provider Juric dV es Current SIM card SIM 1 Current WAN address 10 85 96 234 Connection up time 00 48 57 Connection status 0 conne cted Figure 13 WAN Settings configuration page This field specifies name of GSM UMTS ISP You can setup any name fo Provider provider This field specifies password authentication protocol Select the appropriate protocol from drop down list PAP CHAP PAP CHAP This field specifies Username for client authentication at GSM UMTS network Mobile provider will assign you specific username for each SIM card This field specifies Password for client authentication at GSM UMTS network Password l ae Mobile provider will assign you specific password for each SIM card APN Thisfiea specifies APN visting fn field specifies Dial String for GSM UMTS modem connection initialization Authentication In most cases you have to change only APN field based on parameters obtained from Mobile Provider This field cannot be altered Check this field in order to enable failover feature This feature is used when both SIM are enabled You specify the amount of time after which Failove feature brings down current WAN connection SIM2 and brings up previous WAN connection SIM 1 Option that allows a user to lock a SIM c
49. c H ost Configuration Protocol allows individual clients workstations to obtain TCP IP configuration at startup from a server When configured as a server the GWR Router provides TCP IP configuration for the clients To activate DH CP server click check box Enable DHCP Server To setup DHCP server fill in the IP Starting Address and IP Ending Address fields Uncheck Enable DHCP Server check box to stop the GWR Router from acting as a DHCP server When Unchecked you must have another DHCP server on your LAN or else the computers must be manually configured p d ng Address This field specifies the first of the contiguous addresses in the IP address pool IP Ending Address To This field specifies last of the contiguous addresses in the IP address pool Lease Duration This field specifies DH CP session duration time This field specifies IP addresses of DNS server that will be assigned to systems that support DHCP client capability Select None to stop the DH CP Server from assigning DNS server IP address When you select None computers must be manually configured with proper DNS IP address Select Used by ISP to have the GWR Router assign DNS IP address to DHCP clients DNS address is provided by ISP automatically obtained from WAN side This option is available only if GSM connection is active Please establish GSM connection first and then choose this option Select U sed D efined to have the GWR Router assign DNS IP address to DH
50. cket of a data stream Click VPN Settings Tab to open the VPN configuration screen At the Figure 17 you can see IPSec Summary screen This screen gathers information about settings of all defined IPSec tunnels You can define up to 5 Device to Device tunnels GWR ROUTER CONFIGURATION CONSOLE Status General Network Information WAN Information Settings erver ttings Routing Dynamic Routing Protocol RIP VPN Settings GRE Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level lifecycle E No Name Enc Auth Grp Local Group Remote Group Remote Gateway Action Connection mode Ph1 3DES SHAP2 192 168 1 0 100 100 ret ipe GET Ee Peete Connec wai IP Fil Reducing the MTU size on the clientside can help eliminate some connectivity problems occurring at the protocol level Start Stop Refresh Recommended MTU size on client side is 1300 Ser Tunnel status description eu i started ipsec is running Maintenance dw stopped ipsec is not running or tunnel is not enabled evic entity 5 connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Logout Copyright 2008 Geneko All rights reserved http lAvwvyw genekors Figure 17 IPSec Summary screen VPN Settings IPSec Summary abel D escription unnels U sed Maximum num
51. col Local Tunnel Address IP Address of virtual tunnel interface RIP Local Tunnel Netmask Unchangeable always 255 255 255 252 Tunnel Source IP address of tunnel source Tunnel Destination IP address of tunnel destination Period Valid values 3 60 Retries Valid values 1 10 Serial Port Maintenance Device Identity Rebo Management Command Line Interface Lo gout Copyright 2008 Geneko All rights reserved http Awww geneko ra Figure 48 GRE configuration page for GWR Router 1 e Click Routing on Settings Tab to configure GRE Route Parameters for this example are Destination Network 192 168 2 0 Netmask 255 255 255 0 Interface gre x GWR ROUTER GONFIGURATION GCONSGLE Status Routing 7 Help eneral ork Information Routing Table Settings Current static routes Dest Network Netmask Gateway Metric Interface Routing Dynamic Routing Protocol RIP VPN Settings 192 168 2 0 255 255 255 0 0 0 0 0 0 0 0 0 IP Filtering DynDNS Serial Port Maintenance Dest Network Netmask_ Action 0 0 0 0 0 0 0 0 0 sl Rem 192 168 2 0 255 255 255 0 Rem Co o al Forwarding Enable Network Address Translation NAT Management Command Line Interface Forward protocol connections from external networks to the following internal devices Remote Mana
52. configuration page I for GWR Router ENNEN 86 Figure 72 IPSec configuration page II for GWR Router NENNEN 86 Figure 73 IPSec configuration page III for GWR Router ENNEN 87 Figure 74 IPSec start stop page for GWR Router EEN 87 USER MANUAL GWR Series Router List of Tables Ee LAN elle eu CR 7 Table 2 GWR Router Te EE 9 E Tei ee EE le e EN KC 18 Table 4 DHCP Server PANNE KE 19 Table 5 WAN paranneta eg E ENa SE Ea Oaia a aE E ra aR aaa 22 Table 6 Advanced WAN Gettmge kk KENNEN ENEE 24 Table 7 Routing Daramegdere ek 26 TAR RIEP e MA KE 28 TE GRE Damia tencetiren tines O R a 31 Ee Ta Pee UN ci ste E a A uaattsoadduceastad 33 FELE 37 Table 12 OpenVPN Bal ug Suuaussmsmmmmnssannaannsnns dn ud dsdansikneidkvunindadaravidinksidnide 39 Table 13 P filtering parametar Seins iaa RE EEE Sa ENa EE NE Te 42 Table 14 DynDNS Parma S viitnias aissscindcnnasevaunaceianscandeh pithtendvavivanedsislinadhvacnihinibiadunddsyiakbiuninhanhianwithnianiandcaxeuendciis 45 Ed ATP Na 46 Table 16 gt Serial port PANNE Seaman NE aan aAA EEEE EEEn aiat 48 Table 17 Modbus gateway parameerS rvrmnrvvvvvrnrvnrvvrnnrnnrnnrvrrrnnnnvvnrsnnnnnnvennnnnnnnnnenennrnnnenennnnnnnnennnnnnnnnersnnnnnne 49 Table 18 Device Identity Datrarmedee kA 51 Table 19 Administrator password EE 53 Table 20 Date timeparameaerS rrvrmnvvvvernrvrvvvrnnnornnnvevrsnnnnvevennrnnnnvsnnnnnnnnnenrsnnnnnenennnnnnnennnnnnnnnnnnrsnnnnnnnesnnnnnnenenn 54 Table 21 Command Lmmelnte
53. configuration page II for GWR Router GWR Series Router 86 USER MANUAL GWR Series Router Failover CI Enable IKE Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit CI Enable Tunnel Failover Ping IP Ping Interval sec Packet Size Advanced Ping Interval sec Advanced Ping Want For A Response sec Maximum Number Of Failed Packets Advanced C Compress Support IP Payload Compression Protocol IPComp C Dead Peer Detection DPD sec NAT Traversal Send Initial Contact Figure 73 IPSec configuration page I II for GWR Router Click Start button on Internet Protocol Security page to initiate IPSEC tunnel Click Connect button choose mode where router initiate connection Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level none v Enabled Status _ Enc Auth Grp Local Group Pht 3DES SHA Z 192 168 10 0 10 10 10 1 Reducing the MTU size on the client side can help eliminate some connectivity problems occurring at the protocol level Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running ortunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is
54. cret key certificates or username password When used in a multiclient server configuration it allows the server to release an authentication certificate for every client using signature and Certificate authority It uses the OpenSSL encryption library extensively as well as the SSLv3 TLSv1 protocol and contains many security and control features The server and client have almost the same configuration The difference in the client configuration is the remote endpoint IP or hostname field Also the client can set up the keepalive settings For successful tunnel creation a static key must be generated on one side and the same key must be uploaded on the opposite side Remote Endpoint IP XXX XXX XXX XXX Intemet ge gen SEE Client Tunnel IP 10 0 0 1 Tunnel IP 10 0 0 2 Network IP Network IP 192 168 0 0 24 192 168 1 0 24 192 168 0 2 LAN 192 168 1 2 Figure 19 OpenVPN example OpenVPN Description IP Filtering Tunnel N umber Automatically assigned number of the tunnel Tunnel Name This field specifies tunnel name Enable Check this setting in order to enable OpenVPN tunnel Allow access from the follow ing devices Choose one of the following options none Select this option if you do not want to use any kind of authentication pre shared secret Select this option If you want to use PSK as a authentication method username password Select this option if you want to username password along
55. dit is too low the GWR Router will performed periodically connect disconnect actions 3 cenexo 22 USER MANUAL GWR Series Router WAN Settings advanced abel This field specifies if Advanced WAN settings is enabled at the GWR Router Accept Local IP With this option pppd will accept the peer s idea of our local IP address even if Address the local IP address was specified in an option Accept Remote IP With this option pppd will accept the peer s idea of its remote IP address even Address if the remote IP address was specified in an option Idle time before Specifies that pppd should disconnect if the link is idlefor n seconds The link is disconnect sec idle when no data packets are being sent or received Refuse PAP With this option pppd will not agree to authenticate itself to the peer using PAP Require PAP Requi re the peer to authenticate using PAP Password A uthentication Protocol authentication Refuse CHAP With this option pppd will not agree to authenticate itself to the peer using CHAP Require the peer to authenticate using CHAP Challenge H andshake KUE AE Authentication Protocol authentication Mate GA Challenge Set the maximum number of CHAP challenge transmissions to n default 10 transmissions CHAP restart interval Set the CHAP restart interval retransmission timeout for challenges to n Sec seconds default 3 Refuse MS CHAP With this option pppd will not agree to authenticat
56. e Local Security Group Type Subnet EK IP Address 110 0 10 1 Subnet Mask 255 255 255 0 Remote Group Setup Remote Security Gateway Type IP Only vi IP Address 172 2985 gi CI Custom Peer ID Remote Security Group Type IP ei IP Address 192 168 10 1 Figure 59 IPSEC configuration page I for GWR Router 1 K IPSec Setup Keying Mode Phase 1 DH Group Phase 1 Encryption Phase 1 Authentication Phase 1 SA Life Time Perfect Forward Secrecy Phase 2 DH Group Phase 2 Encryption Phase 2 Authentication Phase 2 SA Life Time Preshared Key IKE with Preshared key Groupe 3DES v MD5 26600 sec Group DES v MD5 v 3600 sec 1234567890 Figure 60 IPSec configuration page II for GWR Router 1 19 USER MANUAL GWR Series Router Failover CI Enable IKE Failover IKE SA Retry O Restart PPP After IKE SA Retry Exceeds Specified Limit CI Enable Tunnel Failover Ping IP Ping Interval sec Packet Size Advanced Ping Interval sec Advanced Ping Want For A Response sec Maximum Number Of Failed Packets Advanced CO Compress Support IP Payload Compression Protocol IPComp Dead Peer Detection DPD sec wi Send Initial Contact Figure 61 IPSec configuration page III for GWR Router 1 Click Start
57. e itself to the peer using MS CHAP Refuse MS CHAPv2 ek e option pppd will not agree to authenticate itself to the peer using M S With this option pppd will not agree to authenticate itself to the peer using EAP Enables connection debugging facilities If this option is selected pppd will log O J S S Ww R D er m gt 5 7 Q E Q S 5 Q Set the MTU Maximum Transmit Unit value to n Unless the peer requests a Maximum Transmit smaller value via MRU negotiation pppd will request that the kernel networking Unit bytes code send data packets of no more than n bytes through the PPP network interface Set the M RU Maximum Receive Unit valueto n Popd will ask the peer to send packets of no more than n bytes The value of n must be between 128 and 16384 the default is 1500 VJ Compression Disable Van Jacobson style TCP IP header compression in both directions Disable the connection ID compression option in Van Jacobson style TCP IP header compression With this option pppd will not omit the connection ID byte from Van Jacobson compressed TCP IP headers EES Disable protocol field compression negotiation in both directions Compression Address Control Disable Address Control compression in both directions Compression de or Disable or enable accept or agree to Predictor 1 compression ompression BSD Compression Disable or enable BSD Compress compression GeneKo 23 HARDWARE Maximum
58. e response time is 1 8ms Copyright pyright 2008 Genek ll rights reserved http wa KO C 3 qeneko rs Figure 31 Diagnostic page Maintenance Update Firmware You can use this feature to upgrade the GWR Router firmware to the latest version If you need to download the latest version of the GWR Router firmware please visit Geneko support site Follow the on screen instructions to access the download page for the GWR Router If you have already downloaded the firmware onto your computer click Browse button on U pdate firmware Tab to look for the firmware file After selection of new firmware version through Browse button mechanism the process of data transfer from firmware to device itself should be started This is done by Upload button The process of firmware transfer to the GWR device takes a few minutes and when it is finished the user is informed about transfer process SUCCESS NOTE The Router will take a few minutes to upgrade its firmware During this process do not power off the Router or press the Reset button 3 senexo 55 USER MANUAL GWR Series Router GWR ROUTER CONFIGURATION CONSOLE Status Update Firmware General Network Information Update WAN Information Caution 1 Upgrading firmware will take a few minutes please wait and do not turn off the power or press the reset button 2 Please dont close the window or disconnect the link during the upgrade process 3 In order
59. ent state device power supply and presence of GSM UMTS network as well as signal level is performed eeneg SIGNAL B po I Ere Figure 5 GWR Router top panel side LED Indicator Description 1 Reset red LED on the GWR Router reset state 2 Power status green LED on Power supply Power status LED will blink when the GWR Router is in initializing state 3 Link red LED will blink when connection is active 4 Signal strength LED indicator eene 1 USER MANUAL GWR Series Router 107 or less dBm Unacceptable 1 LED 107 to 98 dBm Weak 2 LED 98 to 87 dBm Moderate 3LED 87 to 76 dBm Good 4 LED 76 or better dBm Excellent 5 LED Ois not known or not detectable running LED Signal strength LED will blink when GPRS EDGE UMTS HSDPA HSUPA connection IS not active When GPRS EDGE connection is active Signal strength LED is on Reset condition will be indicated by blinks of the first and last Signal strength LED When signal quality Is not known or not detectable there will be running LED indication Putting Into Operation Before putting the GWR Router in operation it is necessary to connect all components needed for the operation e GSM antenna e Ethernet cable and e SIM card must be inserted And finally device should have power supply by power supply connector and the attached adaptor SIM card must not be changed installed or taken out while device operates This procedure is
60. erial connection Valid baud rates are 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Indicates the number of bits in a transmitted data package Valid data bits are 8 and 7 Checks for the parity bit Valid parity are none even and odd None is the default The stop bit follows the data and parity bits in serial communication It indicates the end of transmission Valid stop bits are 1 and 2 The default is 1 Flow control manages data flow between devices in a network to ensure It is processed efficiently Too much data arriving before a device Is prepared to manage it causes lost or retransmitted data N one is the default This field determines the TCP port number that the serial server will listen for connections on The value entered should bea valid TCP port number The default Modbus TCP port number is 502 When this field is set to a value greater than 0 the serial server will close Connection timeout connections that have had no network receive activity for longer than the specified period Transmission mode Select RTU based on the M odbus slave equipment attached to the port This is the timeout in milliseconds to wait for a response from a serial slave Response timeout device before retrying the request or returning an error to the M odbus master Should no valid response be received from a Modbus slave the value in this field determines the number of times the serial server will retransmit request be
61. ering DynDNS Serial Port Allow access from the following networks Enable IP Address SubnetMask Service Protocol Port Action Maintenance De Ac PO J IATa top 165535 as Caution Carefully review settings before applying changes Incorrect settings can make the GWR Router inaccessible from the network Demilitarized Zone Host Settings DMZ private IP address Copyright 2008 Geneko All rights reserved http www geneko rs Figure 21 IP Filtering configuration page 3 cenexo 42 USER MANUAL GWR Series Router IP Filtering configuration example This example configuration demonstrates how to secure a network with a combination of routers and a GWR Router 192 168 4 1 Figure 22 IP Filtering configuration example GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE IP Filtering Status General Settings WAN Information Setting O Disable all Network Enable firewall WA O Enable DMZ Routing Dynamic Routing Protocol Firewall Settings RIP VPN Settings GRE IPS OpenVPN Allow access from the following devices IP Filtering DynDNS IP Address Service Protocol Port _ Action Maintenance s r 192 168 2 1 All Traffic TCP UDP 1 65535 Rem Al Traffic zs TOPAUDP 1 65535 Add Allow access from the following networks Enable IPAddress SubnetMask Service Protocol Port Action Cl
62. ew key material for IP traffic encryption and authentication so hackers using brute force to break encryption keys will not be able to obtain future IPSec keys Both ends of the I PSec tunnel must enable this option in order to use the function If the Perfect Forward Secrecy feature is disabled then no new keys will be generated so you do not need to set the Phase 2 DH Group There are three groups of different prime key lengths Group 1 is 768 bits Group 2 is 1024 bits and Group 5 is 1536 bits long If network speed is preferred select Group 1 If network security is preferred select Group 5 You do not have to use the same DH Group that you used for Phase 1 but both ends of the IPSec tunnel must use the same Phase 2 DH Group Phase 2 Encryption Phase 2 is used to create one or more IPSec SAS which are then used to key IPSec Perfect Forward Secrecy GeneKo 35 USER MANUAL GWR Series Router sessions Select a method of encryption NULL DES 56 bit 3DES 168 bit or AES 128 128 bit It determines the length of the key used to encrypt or decrypt ESP packets AES 128 is recommended because it is the most secure Both ends of the IPSec tunnel must use the same Phase 2 Encryption setting NOTE If you select a NU LL method of encryption the next P hase 2 Authentication method cannot beN U LL and vice versa Select a method of authentication NULL MD5 or SHA1 The authentication method determines how the ESP packets are valida
63. f virtual tunnel interface RIP Local Tunnel Netmask Unchangeable always 255 255 255 252 VPN Settings Tunnel Source IP address of tunnel source GRE Tunnel Destination IP address of tunnel destination ei Period Valid values 3 60 S Retries Valid values 1 10 Open P IP Filtering DynDNS Serial Port Maintenance Device Identi Reboot Management Command Line Interface Lo go ut Copyright amp 2008 Geneko All rights reserved http Awww qenekors Figure 51 GRE configuration page for GWR Router 2 e Configure GRE Route Click Routing on Settings Tab Parameters for this example are Destination Network 192 168 4 0 Netmask 255 255 255 0 GENEKO HARDWARE GWR ROUTER GONFIGURATION GONSOLE Status Seneral ork Information Information Routing Table Settings Settings Netw Current static routes Dest Network Dynamic Routing Protocol RIP VPN Settings GRE ig DynDNS Serial Port Maintenance Reb oot Management Command Line In Logout 10 64 64 64 255 255 255 255 10 10 10 0 192 168 3 0 192 168 2 0 255 255 255 252 255 255 255 0 255 255 255 0 0 0 0 0 Dest Network 0 0 0 0 192 168 4 0 Netmask 0 0 0 0 255 255 255 0 Action am ES Forwarding Enable Network Address Ti Enable Tunneling Protocol ranslation NAT ole
64. fFile bkg which is a BEG File from http f 10 0 10 150 What should Firefox do with this File Open with Notepad default Ke C FlashGot O Save File Do this automatically for Files like this from now on Figure 33 File download Click Export and then select the location where you want to store your backup configuration file By default this file will be called confFile bkg but you may rename It if you wish This process may take up to a minute Maintenance Default Settings Use this feature to clear all of your configuration information and restore the GWR Router to its factory default settings Only use this feature if you wish to discard all the settings and preferences that you have configured Click Default Setting to have the GWR Router with default parameters Keep network settings check box allows user to keep all network settings after factory default reset System will be reset after pressing Restore button GENEKO HARDWARE GWRROUTERE GONHFGURATION CONSOLE Default Settings etwork WAN Information Settings Ve Settings Be carefull when restoring factory default settings The factory settings will clear all current settings and reboot the system CI Keep network settings Dynamic Routing Protocol VPN E GRE IPSec Copyright 2008 Geneko All rights reserved http Awww geneko rs Figure 34 Default Settings page 57 USER MANUAL GWR Series Router Maintenance Sy
65. fault Bind to port Number of the TCP IP port to accept connections from for this device Either raw brawl or telnet raw enables the port and transfers all data as is between the port and the long rawlp enables the port and transfers all input Type of socket data to device device Is open without any termios setting It allows using printers connected to them tdnet enables the port and runs the telnet protocol on the port to set up telnet parameters This is most useful for using telnet Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR Router and activate deactivate serial to Ethernet converter Table 16 Serial port parameters Q senero a USER MANUAL GWR Series Router Modbus Gateway settings The serial server will perform conversion from M odbus TCP to Modbus RTU allowing polling by a Modbus TCP master The Modbus IPSerial Gateway carries out translation between Modbus TCP and Modbus RTU This means that Modbus serial slaves can be directly attached to the unit s serial ports without any external protocol converters Click Serial Port Tab to open the Modbus Gateway configuration screen Choose Modbus Gateway options to configure M odbus At the Figure 27 you can see screenshot of Modbus Gateway configuration menu M odbus G ateway Parameters The unit and attached serial device such as amodem must agree on a speed or baud rate to use for the s
66. fore giving up WH EG Log level Set importance level of log messages Maximum number of retries Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR Router and activate deacti vate serial to Ethernet converter Table 17 Modbus gateway parameters Q senero a USER MANUAL Status Ge lt Information Information Settings Netw DHC Routing Dynamic Routing Protocol RIP VPN Settings GRE Serial Port Maintenance Diagnos Upc Default Reboot Management Command Line Interface ote Managerment Connection Manager du P Lo gout Geneko HARDWARE Serial Port Serial Port Settings General Settings O Disable all O Serial port over TCP UDP settings Modbus gateway settings Serial Port Settings Bits per second Data bits Parity Stop bits Flow control lt co CAAA Modbus Gateway Settings TCP accept port Connection timeout Modbus Serial Settings Transmission mode lt 3 D Response timeout Maximum number of retries Log Settings Log level lt Status Figure 27 Modbus gateway configuration page GWR Series Router 7 Help 50 USER MANUAL GWR Series Router Maintenance The GWR Router provides administration utilities via web interface Administrator can setup basic router s parameters perform network diagnostic update software or restore factory default settings M
67. gement ection Manager Tunneling Protocol Sendto GRE 10 0 0 1 ESP 10 0 0 2 Logout Forward TCP UDP connections from external networks to the following internal devices Enable Protocol Destination IP Destination Netmask Destination Port ForwardtolP Forward to port Interface Action D Is DB PP leo ad Figure 49 Routing configuration page for GWR Router 1 e Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic e Onthe device connected on GWR router 1 setup default gateway 192 168 4 1 The GWR Router 2 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask GeneKo 70 HARDWARE USER MANUAL GWR Series Router IP Address 192 168 2 1 Subnet M ask 255 255 255 0 Press Save to accept the changes GWR ROUTER CONFIGURATION CONSOLE Network Network Settings Use the following IP address IP Address 192 168 2 1 Subnet Mask 255 255 255 0 Local DNS Changes to IP Address subnet mask and local DNS require a reboot to take effect Reload Save Copyright 200 neko All rights reserved 18 Geneko http www genekors Figure 50 Network configuration page for GWR Router 2 Use SIM card with a static IP address obtained from Mobile Operato
68. he GWR Router Click Remove to delete selected item from table Allow access from the follow ing netw orks Enable is check box allows forbidden host to access to the GWR Router IP address This field specifies IP address of the host allow access to the GWR Router Subnet mask W field specifies network mask of the network to allow access to the GWR Router Remove USER MANUAL GWR Series Router Service This field specifies service of the host allow access to the GWR Router Protocol This field specifies protocol of the host allow access to the GWR Router This field specifies port of the host allow access to the GWR Router Click Add to insert add new item in table to the GWR Router Click Remove to delete selected item from table D emilitarized Zone H ost Settings Fu vataat This check box allows forbidden host to access to the GWR Router Click Reload to discard any changes and reload previous settings Save Click Save to save your changes back to the GWR Router Table 13 IP filtering parameters GEeNEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE IP Filtering Status General Settings Disable all O Enable firewall W O Enable DMZ Ro Dynamic Routing Protocol Firewall Settings RIP VPN Settings GRE Automatically allow access from all devices on the local subnet IPSec Allow access from the following devices Enable IPAddress Service Protocol Port Action IP Filt
69. he GWR Router Administrator can use following methods to access router e Web browser e Command line interface Default access method is by web interface This method gives administrator full set of privileges for configuring and monitoring Configuration administration and monitoring of the GWR Router can be performed through the web interface The default IP address of the router is 192 168 1 1 Another method is by command line interface This method has limited options for configuring the GWR Router but still represents avery powerful tool when it comes to router setup and monitoring Device configuration using web application The GWR Router s web based utility allows you to set up the Router and perform advanced configuration and troubleshooting This chapter will explain all of the functions in this utility For local access to the GWR Router s web based utility launch your web browser and enter the Router s default IP address 192 168 1 1 in the address field A login screen prompts you for your User name and Password Default administration credentials are admin admin If you want to use web interface for router administration please enter IP address of router into web browser Please disable Proxy server in web browser before proceed Cenek GWR ROUTER CONFIGURATION CONSOLE HARDWARE Username Password Copyright 2008 Geneko All rights reserved http fs geneko co rs Figure 7 U
70. hentication method i Specify the CA Certificate Specify the username Password Specify the password ifi Specify the local certificate Specify the local private key Choose the DH Group from the following 786 bits 1024 bits 1536 bits 2 bits o o gt 7 23 N a O au S 3 O 2 gt lt P Q oO Tv v o 1132 ole 2 1 Q E H 0 9 oO q 3 Sis en CH un oi A et G DIS 5 o ech A et et oe D CA ol lt lt N 5 o OD Address Specify server IP address or hostname R edirect G atew ay This option allows usage of OpenVPN tunnel as a default route Tunnel Interface Configuration Local Interface IP Address Remote Interface IP Address Pull tunnel interface configuration from server side Specify the IP address of the local VPN tunnel endpoint Specify the IP address of the remote VPN tunnel endpoint JJ D 3 ct L O un et Oo 0 Table 12 OpenVPN parameters Q senero RB USER MANUAL GENEKO HARDWARE Status Seneral Information Information Settings Dynamic Routing Protocol RIP VPN Settings GRE Reboot Management E Line Interface Logout GENEKO HARDWARE GWR Series Router GWR ROUTER CONFIGURATION GONSOLE OpenVPN 7 Help Add New Tunnel Tunnel Number Tunnel Name Enable E Lo Eh G OpenVPN Setup Authenticate Mode none v Protocol LZO Compression OD
71. in 13 G GeneKO Establish connection Finish Cancel Figure 42 Connection Wizard WAN Settings After entering the configuration parameters if you mark option Establish connection router will start with connection establishment immediately when you press Finish button If not you have to start connection establishment manually on the router s web interface 3 senexo 63 USER MANUAL GWR Series Router Management Simple Management Protocol SNMP SNMP or Simple Network Management Protocol is a network protocol that provides network administrators with the ability to monitor the status of the Router and receive notification of any critical events as they occur on the network The Router supports SNMP v1 v2c and all relevant Management Information Base II MIBII groups The appliance replies to SNMP Get commands for MIBII via any interface and supports a custom M IB for generating trap messages GWR ROUTER CONFIGURATION CONSOLE Status Simple Network Management Protocol General Network Information SNMP Settings VV formation Enable SNMP Get Community public Routing Dynamic Routing Protocol i RIP User Defined Service Port VPN Settings Default 161 Serice Access All vi SNMP Status Status started Copyright amp 2008 Geneko All rights reserved http Awww geneko rs Figure 43 SNMP configuration page SNMP is enabled by default To disable the
72. ks GWR Router connections may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPN s Cisco router sample Configuration Interface FastEthernet 0 1 ip address 10 2 21 255 255 25540 description LAN interface interface FastEthernet 0 0 ip address 172 29 8 4 255 255 255 0 description WAN interface interface Tunnel ip address 10 11 1441 255 255 255 0 tunnel source FastEthernet0 0 tunnel destination 172 29 8 5 ip route 10 1 1 0 255 255 255 0 tunneld The GWR Router Sample Configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP Address 10 111 Subnet Mask 255 255 255 0 Press Save to accept the changes GEenNEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Network 7 Help Network Settings Status General Network Infi orm Use the following IP address IP Address 10 1 1 1 Routine Dynamic Routing Protocol Subnet Mask 255 255 255 0 RIP Local DNS VPN Settings GRE Caution Changes to IP Address subnet mask and local DNS require a reboot to take effect IPSec Reload Save Open PN IP Filtering DynDNS Serial Port Maintenance BENT Management Command Line Interface
73. l failover to other tunnel in casethat selected one fails to established connection IP address on other side of tunnel which will be pinged in order to determine Enable tunnel failover pang ie current state Ping interval Specify time period in seconds between two ping Packet size Specify packet size for ping message Advanced Ping Interval Time interval between advanced ping packets Advanced Ping Wait For A Response Maximum numbers of failed packets Advanced ping proofing timeout Set percentage of failed packets until failover action is performed IP Payload Compression is a protocol that reduces the size of IP datagram Select this option if you want the Router to propose compression when it initiates a connection Compress IP Payload Compression Protocol IP Comp When DPD is enabled the Router will send periodic HELLO ACK messages to check the status of the IPSec tunnel this feature can be used only when both peer Dead Peer Detection or IPSec devices of the IPSec tunnel use the DPD mechanism Once a dead peer DPD has been detected the Router will disconnect the tunnel so the connection can be re established Specify the interval between HELLO ACK messages how often you want the messages to be sent The default interval is 20 seconds CG senero USER MANUAL GWR Series Router Both the IPSec initiator and responder must support the mechanism for detecting the NAT rou
74. l Contact Figure 67 IPSec configuration page III for GWR Router 2 Click Start button on Internet Protocol Security page to initiate IPSEC tunnel If on the previous router default mode Wait is selected here you choose Connect mode Internet Protocol Security Summary Tunnels used 1 Maximum number of tunnels 5 Add New Tunnel Log level none 5 No Name Enabled Status Enc Auth Grp Advanced Local Group Remote Group Remote Gateway Action Connection mode a es ee Di Reducing the MTU size on the client side can help eliminate some connectivity problems occurring at the protocol level Start Stop Refresh Recommended MTU size on client side is 1300 Tunnel status description started ipsec is running stopped ipsec is not running or tunnel is not enabled connecting ipsec is trying to establish connection waiting for connection ipsec is waiting for other end to connect established tunnel is up Figure 68 IPSec start stop page for GWR Router 2 e Onthe device connected on GWR router 2 setup default gateway 192 168 10 1 3 senexo 83 USER MANUAL GWR Series Router IPSec Tunnel configuration between GWR Router and Cisco Router IPSec tunnel is a type of a VPN tunnels with a secure tunneling method On the diagram below Figure 69 is illustrated simple network with GWR Router and Cisco Router Idea is to create IPSec tunnel for LAN to LAN site to site connectivity
75. ll commands you can use to configure the router and monitor routers performance Management Remote Management Remote Management Utility is a standalone Windows application with many useful options for configuration and monitoring of GWR routers More information about this utility can be found in other document Remote _ M anagement pdf In order to use this utility user has to enable Remote Management on the router Figure 37 7 SGENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Remote Management Remote Management Settings WAN Information Settings Enable Remote Management nede Protocol Geneko Bind to ep ei Dynamic Routing Protocol TCP port ka RIP VPN Settings GRE Password IPSec Open PN IP Filtering DynDNS Username Remote Management Status Status requesting status eko All rights reserved Copyright 2008 Genek Q http ca geneko rs Figure 37 Remote M anagement Enable or disable Remote M anagement Choose between Geneko and Sarian protocol Specify the interface Specify the TCP port Specify the username Specify the password Click Save to save your changes back to the GWR Router Click Reload to discard any changes and reload previous setings Table 22 Remote M anagement parameters 3 ceneo 60 USER MANUAL GWR Series Router Management Connection Manager Enabling Connection Manager will allow Connection Wizard located
76. mber KEN Tunnel Name test Enable Local Group Setup Local Security Gateway Type SIM Card vi C Custom Peer ID P IP Address From SIM 1 vi Local Security Group Type IP P IP Address 192 168 10 1 Remote Group Setup Remote Security Gateway Type IP Only E IP Address 1172 29 8 4 o Custom Peer ID Remote Security Group Type Subnet v IP Address 10 0 10 1 Subnet Mask 255 255 255 0 Figure 65 IPSEC configuration page I for GWR Router 2 Phase 2 SA Life Time Preshared Key GENEKO HARDWARE IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH Group Group Phase 1 Encryption 3DES v Phase 1 Authentication MD5 Phase 1 SA Life Time 26800 sec Perfect Forward Secrecy Phase 2 DH Group Group2 vi Phase 2 Encryption DES vi Phase 2 Authentication MDS v 3600 sec 1234567890 Figure 66 IPSec configuration page II for GWR Router 2 82 USER MANUAL GWR Series Router Failover CI Enable IKE Failover IKE SA Retry Restart PPP After IKE SA Retry Exceeds Specified Limit CI Enable Tunnel Failover Ping IP Ping Interval sec Packet Size Advanced Ping Interval sec Advanced Ping Wat For A Response sec Maximum Number Of Failed Packets Advanced C Compress Support IP Payload Compression Protocol IPComp C Dead Peer Detection DPD sec NAT Traversal Send Initia
77. nation KeepAlive Enable Period Retries Action f oe 1 VU 195 Local Tunnel Address IP Address of virtual tunnel interface Dynamic Routing Protocol Local Tunnel Netmask Unchangeable always 255 255 255 252 Tunnel Source IP address of tunnel source RIP Tunnel Destination IP address of tunnel destination VPN Settings Period Valid values 3 60 GRE Retries Valid values 1 10 Command Line Interface Re ent Copyright amp 2008 Geneko All rights reserved http www geneko rs Figure 16 GRE tunnel parameters configuration page GRE Keepalive GRE tunnels can use periodic status messages known as keepalives to verify the integrity of the tunnel from end to end By default GRE tunnel keepalives are disabled Use the keepalive check box to enable this feature Keepalives do not have to be configured on both ends of the tunnel in order to work a tunnel is not aware of incoming keepalive packets You should define the time interval in seconds between transmitted keepalive packets Enter a number from 1 to 60 seconds and the number of times to retry after failed keepalives before determining that the tunnel endpoint is down Enter anumber from 1 to 10 times 3 cenexo 31 USER MANUAL GWR Series Router Internet Protocol Security IPSec Internet Protocol Security IPSec is a protocol suite for securing Internet Protocol communication by authenticating and encrypting each IP pa
78. nd or EN 60950 1 2001 Complies with Directive 1999 05 EC standards R amp TTE ETSI EN 301 511 V9 0 2 EN 301 908 1 amp EN 301 908 2 v2 2 1 Directive 2002 95 EC RoHS EU Commission 2005 618 EC 2005 717 EC 2005 747 EC 2006 310 EC 2006 690 EC 2006 691 EC and 2006 692 EC Connector RJ 45 Standard IEEE 802 3 Physical layer 10 100Base T Ethernet interface Speed 10 100M bps Mode full or half duplex 1xUA Other interfaces ly H oct Tri band 900 1800 1900 GWR202 GPRS GPRS multi slot class 10 mobile station class B GPRS DL 85 6K bps UL 42 8K bps Quad band GSM 850 900 1800 1900M Hz GWR252 GPRS GPRS EDGE multi slot class 12 mobile station class B EDGE EDGE DL 236 8K bps UL 236 8K bps GPRS DL 85 6K bps UL 85 6K bps RF characteristics UMTS HSDPA HSUPA Quad band 850 900 1900 2100M Hz GSM GPRS EDGE Quad band 850 900 1800 1900M H z GWR352 GPRS EDGE multi slot class 12 mobile station class B HSUPA DL 7 2M bps HSDPA UL 5 76M bps UMTS DL 384K bps UL 384K bps EDGE DL 236 8K bps UL 236 8K bps GPRS DL 85 6K bps UL 85 6K bps RF Connector SMA 50Q Ethernet activity network traffic Power on SUSLER GSM link activity Signal quality Power supply 9 12VDC 1000mA Tengerre mance Operation 5 C to 50 C H g Storage 20 C to 85 C Physical Width x Length x Height 95 x 135 x 35 mm characteristics Weight 38
79. ne Displays crypto engine events 3 cenexo 89 USER MANUAL GWR Series Router Apendix A How to Achieve Maximum Signal Strength with GWR Router The best throughput comes from placing the device in an area with the greatest Received Signal Strength Indicator RSSI RSSI is a measurement of the Radio Frequency RF signal strength between the base station and the mobile device expressed in dBm The better the signal strength the less data retransmission and therefore better throughput RSSI information is available from several sources e TheLEDson the device givea general indication e ViatheGWR Router local user interface Signal strength LED indicator e 101 or less dBm Unacceptable running LED e 100to 91 dBm Weak 1 LED e 90 to 81 dBm Moderate 2 LED e 80to 75 dBm Good 3 LED e 4or bette dBm Excellent 4LED e QOisnot known or not detectable running LED Antenna placement Placement can drastically increase the signal strength of a cellular connection Often times just moving the router closer to an exterior window or to another location within the facility can result in optimum reception Another way of increasing throughput is by physically placing the device on the roof of the building in an environmentally safe enclosure with proper moisture and lightning protection e Simply install the GWR Router outside the building and run an RJ 45 Ethernet cable to your switch located in the building e Keep
80. nnection to a serial port It provides all the serial port setup a configuration file to configure the ports a control login for modifying port parameters monitoring ports and controlling ports The GWR Router supports RFC 2217 remote control of serial port parameters GeneKo 49 HARDWARE USER MANUAL GWR Series Router Serial Port over TCP UDP Settings pe The unit and attached serial device such as a modem must agree on a speed or baud rate to use for the serial connection Valid baud rates are 300 1200 2400 4800 9600 19200 38400 57600 or 115200 Data bits Indicates the number of bits in a transmitted data package Parity Checks for the parity bit None is the default The stop bit follows the data and parity bits in serial communication indicates the end of transmission The default is 1 Flow control manages data flow between devices in a network to ensure It processed efficiently Too much data arriving before a device is prepared to manage it causes lost or retransmitted data N one is the default LO et du x OD Q Protocol Choose which protocol to use TCP UDP Select server mode in order to listen for incoming connection or client mode to establish one Number of the TCP UDP port to accept connections for this device Only on server side Specify server IP address Only on client side Number of the TCP UDP port to accept connections from this device
81. nnnenssnnnnnn 51 Maintenance Administrator Password NNN 52 Maintenance Date Time Settings EEN NENNEN 53 Maintenance DNT 55 Maintenance Update FIrmWare m rrurrnnrvvrerssnrvvrvvrsnrnnnvevensnnnvevennsnnnenennnnnnnnnensssnnnnenesnsnnnenennnennnne 55 W lle nie ER d le CR Lg Ee DEE 56 Import Configuration File 56 Export Configuration REE huudthenstidsnianccotesrtinyishadavbonsth ikcaatdanitninnatsndiubansnnel 56 Maintenance Default SettingS rrrrrnnrnnrrvvvrrrnsannrrrnnvnvnrrsnnrrnnrnnnresssrsnnnnernensssssrnnnnnnnrsssnrrnnnnnsssnrssssnn 57 Maintenance System Reboot rrrvrrrnrsanrrvvvrrrrrrnnrrranrvnnrrsssrsnrrnnssssssrsnnnnnnnnnsssssrnssrnnnssssnrnsnnnnnesvesssnsnn 58 Management Command Line Interface 59 Management Remote Management vrsrrrrsrrrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnssnvnnnnnnnnnnnnnnnnnnnnssensee 60 Management Connection Manager ENNEN ENNEN ol USER MANUAL GWR Series Router Management Simple Management Protocol NM ENEE 64 HAN Nede 65 EES EIERE 67 GVVR Roller SS internet FOU avismann 6 7 GRE Tunnel configuration between two GWR Routere ENNEN 68 GRE Tunnel configuration between GWR Router and third party router rrrrrrssrvrrsrrnnrvrrenn 73 IPSec Tunnel configuration between two GWR Routers ENN 77 IPSec Tunnel configuration between GWR Router and Cisco Router ue 34 A How to Achieve Maximum Signal Strength with GWR Router un 90 UE 90 EES 90 USER MANUAL GWR Series Router
82. obile Operator Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be provided by your mobile operator Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button Check Routing Tab to see if there is default route should be there by default Router will automatically adds default route via ppp0 interface Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic Configure the GWR Router LAN address 10 1 1 1 as a default gateway address on your PCs Configure valid DNS address on your PCs GeneKo 67 USER MANUAL GWR Series Router GRE Tunnel configuration between two GWR Routers GRE tunnel is a type of a VPN tunnel but it isn t a secure tunneling method Simple network with two GWR Routers is illustrated on the diagram below Figure 46 Idea is to create GRE tunnel for LAN to LAN site to site connectivity Static WAN Static WAN 10 251 49 2 10 251 49 3 fn LAN 192 168 2 1 GWR 1 GWR 2 LAN 192 168 4 1 gt LAN 192 168 2 x Gateway arate 192 168 4 1 ateway 192 168 2 1 Figure 46 GRE tunnel between two GWR Routers The GWR Routers requirements e Static IP
83. ogs periodically on filesystem Save log every Set time duration between two saves Reload Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR Router and enable disable Syslog Table 24 Syslog parameters Logout The Logout tab is located on the down left hand corner of the screen Click this tab to exit the web based utility If you ex it the web based utility you will need to reenter your User Name and Password to log in and then manage the Router Q senero ag USER MANUAL GWR Series Router Configuration Examples GWR Router as Internet Router The GWR Routers can be used as Internet router for a single user or for a group of users entire LAN NAT function is enabled by default on the GWR Router The GWR Router uses Network Address Translation NAT where only the mobile IP address is visible to the outside world All outgoing traffic uses the GWR Router mobile IP address Ethernet GSM UMTS Network APN LAN Network Figure 45 GWR Router as Internet router Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP address 10 1 1 1 Netmask 255 255 255 0 Press Save to accept the changes Use SIM card with a dynamic static IP address obtained from M
84. one Number Signal Strength uawel M770 35703002551 2662 11 126 10 81 00 73dBm WAN Information Mobile Statistics Protocol Point Point Protocol Activity Time WAN Address 10 85 98 239 PPP Address Primary DNS Address 195 78 6 36 Second DNS Address Data Received RX Packets RX Error Packets Data Transmitted 498 TX Packets TX Error Packets Copyright 2008 Geneko All rights reserved http Awww geneko rs Figure 10 WAN Information p p 00 01 30 10 64 64 64 bo p RX Dropped Packets TX Dropped Packets 17 USER MANUAL GWR Series Router Settings Network Click Network Tab to open the LAN network screen Use this screen to configure LAN TCP IP settings Network Tab Parameters aba Use the following IP Choose this option if you want to manually configure TCP IP parameters of address Ethernet port IP Address Type the IP address of your GWR Router in dotted decimal notation 192 168 1 1 is the factory default IP address The subnet mask specifies the network number portion of an IP address The GWR Router support sub netting You must specified subnet mask for your LAN TCP IP settings Local DNS TypethelP address of your local DNS server Click Reload to discard any changes and reload previous settings Click Save button to save your changes back to the GWR Router Whether you make changes or not router will reboot every time you click Save Table 3 Network pa
85. ons may require a Custom APN A Custom APN allows for various IP addressing options particularly static IP addresses which are needed for most VPN connections A custom APN should also support mobile terminated data that may be required in most site to site VPNs The GWR Router 1 configuration e Click Network Tab to open the LAN NETWORK screen Use this screen to configure LAN TCP IP settings Configure IP address and N etmask IP Address 10 0 10 1 Subnet Mask 255 255 255 0 Press Save to accept the changes eene 77 USER MANUAL GWR Series Router GWR ROUTER CONFIGURATION CONSOLE Network Network Settings Use the following IP address IP Address 10 0 101 DE Subnet Mask 255 255 255 0 RP Local DNS i VPN Settings GRE Caution Changes to IP Address subnet mask and local DNS require a reboot to take effect Sec Reload Save Open Pr Copyright 2008 Geneko All rights reserved http Awww geneko rs Figure 58 Network configuration page for GWR Router 1 e UseSIM card with a static IP address obtained from Mobile Operator e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt IPSEC to configure IPSEC tunnel parame
86. ormation Protocol Status Start RIP Stop RIP Restart RIP Click Save to save your changes back to the GWR Router Click Reload to discard any changes and reload previous settings Table 8 RIP parameters RIP routing engine for the GWR Router Use telnet to enter in global configuration mode telnet 192 168 1 1 2602 telnetto ethO at TCP port 2602 To enable RIP use the following commands beginning in global configuration mode router router rip To associates a network with a RIP routing process use following commans router network A B C D Mask By default the GWR Router receives RIP version 1 and version 2 packets You can configure the GWR Router to receive an send only version 1 Alternatively tou can configure the GWR Router to receive and send only version 2 packets To configure GWR Router to send and receive packets from only one version use the following command router rip version 1 2 Same as other router Disable route redistribution router no redistribute kernel router no redistribute static router no redistribute connected Q senero e USER MANUAL GWR Series Router Disable RIP update optional router passive interface ethO0 router no passive interface eth0 Routing protocols use several timer that determine such variables as the frequency of routing updates the length of time before a route becomes invalid an other parameters You can adjust these timer to tune routing pro
87. otocol Security is a suite of protocols for IPsec securing IP communications by authenticating and encrypting each IP packet of a data stream OpenVPN site to site graphical user interface GUI implementation allows connecting two remote networks OpenVPN via point to point encrypted tunnel OpenVPN implementation offers a cost effective simply configurable alternative to other VPN technologies Feature that allows a user to specify number of IPSec IKE failover unsuccessful retries to establish PPP connection before routers switches to another SIM IPSec tunnel failover Quality control mechanism of IPSec tunnel Configuration WEB Application HTTP based Remote configuration Access to web interface over mobile network Configuration via serial console basic functionality USER MANUAL GWR Series Router full functionality D efault reset external taster and configuration application File Management Upload firmware WEB CLI Backup configuration WEB CLI Table 2 GWR Router features USER MANUAL GWR Series Router Product Overview Front panel On the front panel Figure 2 the following connectors are located one RJ 45 connector Ethernet port for connection into local computer network one RJ 45 connector for RS232 serial communication reset button one USB connector for connection of additional device Power supply connector Ethernet connector LED
88. r Note the default gateway may show or change to an address such as 10 0 0 1 this is normal as it is the GSM UMTS provider s network default gateway Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button Click VPN Settings gt GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 2 Local Tunnel N etmask 255 255 255 252 Unchangeable always 255 255 255 252 Tunnel Source 10 251 49 3 select HOST from drop down menu if you want to use host name as peer identifier Tunnel Destination 10 251 49 2 select HOST from drop down menu if you want to use host name as peer identifier KeepA live enable no Period none Retries none Press ADD to put GRE tunnel rule into GRE table Press Save to accept the changes 71 USER MANUAL GWR Series Router GENEKO HARDWARE GWRROUTERE GONHFGURATION GONSGLE VPN Settings GRE Help Generic Routing Encapsulation GRE Tunneling Local Tunnel Netmask KeepAlive Enable Period Retries Action Status k Information d Information Local Tunnel Address Enable Routing Dynamic Routing Protocol Local Tunnel Address IP Address o
89. r 1 70 Figure 50 Network configuration page for GWR Router A ENNEN En 71 Figure 51 GRE configuration page for GWR Router 2 ENNEN L Figure 52 Routing configuration page for GWR Router A L Figure 53 GRE tunnel between Cisco router and GWR Route ENEE 73 GeNneKo HARDWARE USER MANUAL GWR Series Router Figure 54 Network configuration Date ENNEN En 74 Figure 55 GRE configuration en nennen 75 NlsifiCkcZelftldefseiulslftcCglside E v EE 76 Figure 57 IPSec tunnel between two GWR Routers NENNEN ENEE TI Figure 58 Network configuration page for GWR Router 1 En 78 Figure 59 IPSEC configuration page I for GWR Router 1 79 Figure 60 IPSec configuration page II for GWR Router L cccccccssccssssseeeeseeessseeeeesesseeeeessseeeeeseesesssetessseaes 79 Figure 61 IPSec configuration page III for GWR Router 1 ENNEN 80 Figure 62 IPSec start stop page for GWR Router 1 EEN ENEE 80 Figure 63 Default connection mode is Wat ENNEN E 80 Figure 64 Network configuration page for GWR Router A ENNEN En 81 Figure 65 IPSEC configuration page I for GWR Router A ENEE 82 Figure 66 IPSec configuration page II for GWR Router 2 82 Figure 67 IPSec configuration page III for GWR Router ZENNER EEN 83 Figure 68 IPSec start stop page for GWR Router 2 ENEE ENEE SE Figure 69 IPSec tunnel between GWR Router and Cisco Route ENNEN E 84 Figure 70 Network configuration page for GWR Router ENEE 85 Figure 71 IPSEC
90. rameters In the Figure 11 you can see screenshot of Network Tab configuration menu GWR ROUTER GONFIGURATION CONSOLE Network Status seneral Network Information Network Settings WAN Information Use the following IP address IP Address 192 168 1 1 Subnet Mask 255 255 255 0 4 RIP Local DNS 1195 78 6 36 VPN Settings GRE Caution Ch t IP Add subnet mask and I DNS i boot to take effect S KE auton anges to fess subnet mask an oca require reboot to take effe Open VPN IP Filtering DynDNS Serial Port Copyright pyright amp 2008 Genek Il rights reserved http vs KO C genekors Figure 11 Network parameters configuration page 3 senexo 18 USER MANUAL GWR Series Router Settings DHCP Server The GWR Router can be used as a DHCP Dynamic Host Configuration Protocol server on your network A DHCP server automatically assigns available IP addresses to computers on your network If you choose to enable the DHCP server option all of the computers on your LAN must be set to obtain an IP address automatically from a DHCP server By default Windows computers are set to obtain an IP automatically To use the GWR Router as your network s DHCP server click DHCP Server Tab for DHCP Server setup The GWR Router has built in DHCP server capability that assigns IP addresses and DNS servers to systems that support DHCP client capability DHCP Server Parameters DHCP Dynami
91. rement Reload Save A reservation IP address must not be the same as the IP address of the DHCP server itself It must be a valid IP address in the subnetwork of the DHCP server The DHCP server will ignore a reservation that does not meet these requirements An IP address exclusion range must specify valid IP addresses in the subnetwork of the DHCP server The DHCP server will ignore an exclusion that does not meet this requirement Copyright 2008 Geneko All rights reserved http Awww qeneko rs Figure 12 DHCP Server configuration page 20 USER MANUAL GWR Series Router Settings WAN Setting Click WAN Settings Tab to open the Wireless screen Use this screen to configure the GWR Router GPRS EDGE UMTS HSDPA HSUPA parameters Figure 13 GWR ROUTER SCONFIGURATION CONSOLE WAN Settings Informat SIM 1 SIM 2 VA atio gd Menabled enabled DH r Provider VIP Provider DTAC 93 Authentication PAP CHAP w Authentication Dyn uting Prot Username vipmobile Username 1d72 edcpp com PN Setting Password vipmobile Password password GRE APN ipmobil APN edc pp IPSec L d Wd Dial string Dial string e mg Number of retry 3 Number of retry 13 Bena or pin enabled PIN enabled Mart D etting Clenable network locking Enable network locking samord Enable failover after 150 mins EI 195 Dia Advanced Up De ings Connection settings M Ml Persistent connection mma nterface c mote ment re
92. rnal devices Enable Tunneling Protocol Sendto Forward TCP UDP connections from external networks to the following internal devices Enable Protocol Destination IP Destination Netmask Destination Port Forward to IP Forward to port Interface Action Logout Des eo wj ad Figure 56 Routing configuration page e Optionally configure IP Filtering and TCP service port settings to block any unwanted incoming traffic User from remote LAN should be able to communicate with HQ LAN 76 USER MANUAL GWR Series Router IPSec Tunnel configuration between two GWR Routers IPSec tunnel is a type of a VPN tunnels with a secure tunneling method Simple network with two GWR Routers is illustrated on the diagram below Figure 57 Idea is to create IPSec tunnel for LAN to LAN site to site connectivity Static WAN Static WAN 172 29 8 4 172 29 8 5 ee LAN 10 0 10 1 LAN 192 168 10 1 GWR 2 ie Ce LAN 192 168 10 100 Gateway 10 0 10 1 Gateway 192 168 10 1 Figure 57 IPSec tunnel between two GWR Routers The GWR Routers requirements e Static IP WAN address for tunnel source and tunnel destination address e Dynamic IP WAN address must be mapped to hostname with DynDNS service for synchronization with DynDNS server SIM card must have internet access GSM UMTS APN Type For GSM UMTS networks GWR Router connecti
93. rtaceparareee EE ENEE ENEE 59 Table 22 Remote Management parameters ENEE 60 Table 23 S5NMP PAUS EE 64 Table 24 Syslog PArAIMELELS cccesessscccceesesssneeesneeeeeesesssneeeeeesessenneeeeaeeneesessssenseseesesssenseeseeseseesesssnueesesessssseneeeeees 66 USER MANUAL GWR Series Router Description of the GPRS EDGE HSDPA Router Thank you for choosing Geneko GWR Router The GWR Router is a compact electronic device based on different kind of GSM UMTS modules which enables data transfers using GPRS EDGE HSDPA HSUPA technologies Primarily the GWR Router expands the capabilities of GSM UMTS module by the option of connecting entire LAN through the built in Ethernet interface The GWR Router provides automatic establishment and maintenance of GPRS EDGE HSDPA HSUPA connection Integrated DHCP server provides the users simple installation procedure and fast Internet access Built in VPN server provides VPN capabilities like GRE server client VPN IPSec GRE pass through and VPN IPSec Serial to IP and ModbusRTU to TCP conversions provide a wide variety of possible industry applications Figure 1 GWR Router Examples of Possible Application mobile office fleet management security system telemetric remote monitoring vending and dispatcher machines USER MANUAL GWR Series Router Technical Parameters Directive 2004 108 EC EN 301 489 1 V 1 6 1 2005 09 EN 301 489 7 V1 3 1 2005 11 EN 60950 1 2001 1st Ed a
94. s button will stop all IPSec started negotiations Click on this button to refresh the Status field in the Summary table Table 10 IPSec Summary To create a tunnel click Add New Tunnel button Depending on your selection the Local Group Setup and Remote Group Setup settings will differ Proceed to the appropriate instructions for your selection Add New Tunnel Tunnel Number 1 Tunnel Name Enable OD Local Group Setup Local Security Gateway Type IP Only vi IP Address C Custom Peer ID Local Security Group Type IP B IP Address Remote Group Setup Remote Security Gateway Type IF Only vi IP Address C Custom Peer ID Remote Security Group Type P ooo IP Address l Q senero H USER MANUAL GWR Series Router IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH Group Group2 Phase 1 Encryption 3DES vw Phase 1 Authentication MD5 Phase 1 SA Life Time 28800 sec Perfect Forward Secrecy Fi Phase 2 Encryption DES i J Phase 2 Authentication MD5 Phase 2 SA Life Time 3600 sec Preshared Key Failover C Enable IKE Failover IKE SA Retry C Restart PPP After IKE SA Retry Exceeds Specified Limit CI Enable Tunnel Failover Ping IP Ping Interval sec Packet Size Advanced Ping Interval et sec Advanced Ping Wait For A Response Maximum Number Of Failed Packets sec Advanced C Compress Support IP Payload Compression Protocol
95. screen Use this screen to configure CLI parameters Figure 36 Command Line Interface CLI Settings nable or disable CLI E Telnet SSH Serial Login name for View mode Password for View mode C onfirm password for View mode Inactivity timeout for View mode in seconds After timeout user will be put in Main mode Inactivity timeout for Edit mode in seconds N ote that Username and Password Edit M ode Timeout for Edit mode are the same as Web interface login parameters After timeout user will be put in Main mode Console Type Windows other Click Save to save your changes back to the GWR Router Click Reload to discard any changes and reload previous settings Table 21 Command Line Interface parameters GWR ROUTER GONFIGURATION CONSOLE Status Command Line Interface General Network I CLI Settings WYA d fo aE Op Enable CLI on Telnet E 3 View Mode Username admin Dynamic Routing Protocol RIP View Mode Password 00000 VPN Settings GRE Confirm Password View Mode Timeout 180 ser Edit Mode Timeout 1 80 sec Console Type other v Copyright amp 2008 Geneko All rights reserved http DEE geneko rsi Figure 36 Command Line Interface GeneKO 59 HARDWARE USER MANUAL GWR Series Router Detailed instructions related to CLI are located in other document Command Line Interface pdf file on CD that goes with the router You will find detailed specifications of a
96. ser authentication After successfully finished process of authentication of Username Password you can access Main Configuration M enu You can set all parameters of the GWR Router using web application All functionalities and parameters are organized within few main tabs windows GeneKo 14 HARDWARE USER MANUAL GWR Series Router NOTE Add Remove Update manipulation in tables To Add anew row new ruleor new parameter in the table please do follow ing e Enter data in fields at the bottom row of the table separated with a line e After entering data in all fidds click Add link To Update the row in the table e Change data directly in fidds you want to change To Remove the row from the table e Click Remove link to remove selected row from the table Save Reload changes To save all the changes in the form press Save button By clicking Save data are checked for validity If they are not valid error message will be displayed To discard changes press the Reload button By clicking Reload previous settings will beloaded in the form Status Information The GWR Router s Status menu provides general information about router as well as real time network information Status information is divided into following categories General Information Network Information LAN WAN Information Status General General Information Tab provides general information about device type device firmware version kernel version
97. side the network Routing Settings Routing Table This check box allows you to activate deactivate this static route This parameter specifies the IP network address of the final destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID This parameter specifies the IP netmask address of the final destination This is the IP address of the gateway The gateway is a router or switch next hope on the same network segment as the device s LAN or WAN port The gateway helps forward packets to their final destinations For every routing rule enter the IP address of the gateway Please notice that ppp0 interface has only one default gateway provided by Mobile operator and because of that that there is no option for gateway when you choose ppp0 interface Dest Network Metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 31S usually a good number 3 senexo 25 USER MANUAL GWR Series Router Interface represents the exit of transmission for routing purposes In this case Interface EthO represents LAN
98. stem Reboot If you need to restart the Router Geneko recommends that you use the Reboot tool on this screen Click Reboot to have the GWR Router reboot This does not affect the router s configuration GenekK GWR ROUTER CONFIGURATION CONSOLE HARDWARE Reboot Status venera Network Information System Reboot V Information g Click reboot button if you want to reboot the system The reboot process need about I minute to complete Routing Dynamic Routing Protocol RIP VPN Settings GRE IPSec Open PN IP Filtering DynDNS Serial Port open Maintenance Copyright 2008 Geneko All rights reserved http www qenekors Figure 35 System Reboot page 3 cenexo 58 USER MANUAL GWR Series Router Management Command Line Interface CLI command line interface is a user text only interface to a computer s operating system or an application in which the user responds to a visual prompt by typing in a command on a specified line and then receives a response back from the system In other words it is a method of instructing a computer to perform a given task by entering a command The system waits for the user to conclude the submitting of the text command by pressing the Enter or Return key A command line interpreter then receives parses and executes the requested user command On router s Web interface in Management menu click on Command Line Interface tab to open the Command Line Interface settings
99. synchronize NTP pdate time every Time interval for automatic synchronization Click Save button to save your changes back to the GWR Router eload Click Reload to discard any changes and reload previous settings Table 20 Date time parameters Time Date Setup automatic synchronization with time server Q senexo USER MANUAL GWR Series Router Maintenance Diagnostics The GWR Router provide built it tool which is used for troubleshooting network problems The ping test bounces a packet of machine on the Internet back to the sender This test shows if the GWR Router is able to connect the remote host If users on the LAN are having problems accessing service on the Internet try to ping the DNS server or other machine on network Click Diagnostic tab to provide basic diagnostic tool for testing network connectivity Insert valid IP address in Hostname box and click Ping Every time you click Ping router sends four ICMP packets to destination address Before using this tool make sure you know the device or host s IP address GGTIGkKOO GWR ROUTER CONFIGURATION CONSOLE HARDWARE Status Diagnostics General Network Information Ping Utility WAN Information Ping the IP address of device in order to communicate with it IP Address 1192 168 1 20 Dynamic Routing Protocol RIP VPN Settings Response GRE Average response time is 2 6ms Average response time is Ims Average response time is 1 2ms Averag
100. ted M D5 is a one way hashing algorithm that produces a 128 bit digest SHA1isaone way hashing Phase 2 Authentication algorithm that produces a 160 bit digest SHA 1 is recommended because it is more secure Both ends of the IPSec tunnel must use the same Phase 2 Authentication setting NOTE If you select aNULL method of authentication the previous Phase 2 Encryption method cannot beN ULL Configure the length of time an IPSec tunnel is active in Phase 2 The default is Phase2 SA LifeTime 3600 seconds Both ends of the IPSec tunnel must use the same Phase 2 SA Life Time setting This specifies the pre shared key used to authenticate the remote IKE peer Enter a key of keyboard and hexadecimal characters e g Ay_ 4222 or 345fa929b8c3e This field allows a maximum of 1023 characters and or hexadecimal values Both ends of the IPSec tunnel must use the same Preshared Key NOTE It Is strongly recommended that you periodically change the Preshared Key to maximize security of the IP Sec tunnels Preshared Key Enable IKE failover option which will try periodically to reestablish security association IKE SA retry Number of IKE retries before failover Restart PPP After IKE SA Retry Exceeds Specified Limit Enable IKE failover The router will restart PPP connection on the same provider after IKE SA retry exceeds specified limit Enable tunnel failover If there is more than one tunnel defined this option wil
101. ter in the path and changing to a new port as defined in RFC 3947 NOTE If you select this mode theA ggressive mode will be automatically selected because NAT Traversal 7 l it is obligatory option for NAT T to work properly NOTE Keep alivefor NAT T function is enabled by default and cannot be disabled The default interval for keep alive packets is 20 seconds The initial contact status message may be used when one side wishes to inform the other that this is the first SA being established with the remote system The receiver of this Notification Message might then elect to delete any existing SA s it has for the sending system under the assumption that the sending system has rebooted and no longer has access to the original SA s and their associated keying material Back Wick Back to return on IPSec Summary screen Click Reload to discard any changes and reload previous settings Send initial contact Click Save to save your changes back to the GWR Router After that router automatically goes back and begin negotiations of the tunnels by clicking on the Start button Table 11 IPSec Parameters Q senero R USER MANUAL GWR Series Router OpenVPN OpenVPN site to site allows connecting two remote networks via point to point encrypted tunnel OpenVPN implementation offers a cost effective simply configurable alternative to other VPN technologies OpenVPN allows peers to authenticate each other using a preshared se
102. ter will only restart the PPP connection Persistent connection Specifies the type of connection router will try to establish There are three available options only GSM only UMTS and AUTO For example if you select Only GSM option router will not try to connect to UMTS instead router will automatically try to connect to GSM By selecting AUTO option router will first try to establish UMTS connection and if it fails router will go for GSM connection Displays data related to mobile connection current WAN address uptime M obile status connection status Reload Click Reload to discard any changes and reload previous settings Click Save to save your changes back to the GWR Router Click Switch SIM try to establish the connection using the other SIM card Click Refresh to see updated mobile network status Connect Click Connect Disconnect to connect or disconnect from mobile network Disconnect Table 5 WAN parameters Figure 13 shows screenshot of GSM UMTS tab configuration menu GSM UMTS menu is divided into two parts e Upper part provides all parameters for configuration GSM UMTS connection These parameters can be obtained from M obile Operator Please use exact parameters given from M obile Operator e Bottom part is used for monitoring status of GSM UMTS connection create maintain destroy GSM UMTS connection Status line show real time status connected disconnected If your SIM Card cre
103. ters Click Add New Tunnel button to create new IPSec tunnel Tunnel parameters are e Add New Tunnel Tunnel Name test Enable true e Local Group Setup Local Security Gateway Type SIM card IP Address From SIM 1 WAN connection is established over SIM 1 Local Security Group Type Subnet IP Address 10 0 10 1 Subnet Mask 255 255 255 0 e Remote Group Setup Remote Security Gateway Type IP Only IP Address 172 29 8 5 Remote Security Group Type IP IP Address 192 168 10 1 e IPSec Setup Keying Mode IKE with Preshared key Phase 1 DH group Group 2 Phase 1 Encryption 3DES Phase 1 Authentication M D5 Phase 1 SA Life Time 28800 Perfect Forward Secrecy true Phase 2 DH group Group 2 Phase 2 Encryption DES Phase 2 Authentication M D5 Phase 2 SA Life Time 3600 G eeneko USER MANUAL GWR Series Router Preshared Key 1234567890 e Failover Enable IKE Failover false Restart PPP After IKE SA Retry Exceeds Specified Limit false Enable Tunnel Failover false e Advanced Compress Support IP Payload Compression Protocol IPComp false Dead Peer Detection DPD false NAT Traversal true Send Initial Contact true Device 2 Device Tunnel Add New Tunnel Tunnel Number i Tunnel Name test Enable Local Group Setup Local Security Gateway Type SIM Card i CI Custom Peer ID l IP Address From SIM 1 d
104. tocol performance to better suit your internetwork needs Use following command to setup RIP timer router timers basic UPDATE INTERVAL INVALID TIMEOUT GARBAGE COLLECT router no timers basic Configure interface for RIP protocol router interface grex router ip rip send version VERSION router ip rip receive version VERSION Disable rip authentication at all interface Router interface no ip rip authentication mode md5 text Debug commands router debug rip router debug rip events router debug rip packet router terminal monitor 3 senexo 29 USER MANUAL GWR Series Router Settings VPN Settings Virtual private network VPN is a communications network tunneled through another network and dedicated to a specific network One common application of VPN is secure communication through the public Internet but a VPN need not have explicit security features such as authentication or content encryption VPNs for example can be used to separate the traffic of different user communities over an underlying network with strong security features A VPN may have best effort performance or may have a defined Service Level Agreement SLA between the VPN customer and the VPN service provider Generally aVPN has a topology more complex than point to point The distinguishing characteristics of VPNs are not security or performance but that they overlay other network s to providea certain functionality that is meaningf
105. ul to a user community Generic Routing Encapsulation GRE Originally developed by Cisco generic routing encapsulation GRE is now a standard defined in RFC 1701 RFC 1702 and RFC 2784 GRE is a tunneling protocol used to transport packets from one network through another network If this sounds like a virtual private network VPN to you that s because it theoretically is Technically a GRE tunnel is a type of a VPN but it isn t a secure tunneling method However you can encrypt GRE with an encryption protocol such as IPSec to form a secure VPN In fact the point to point tunneling protocol PPTP actually uses GRE to create VPN tunnels For example if you configure M icrosoft VPN tunnels by default you use PPTP which uses GRE Solution where you can useGRE protocol e You need to encrypt multicast traffic GRE tunnels can carry multicast packets just like real network interfaces as opposed to using IPSec by itself which can t encrypt multicast traffic Some examples of multicast traffic are OSPF EIGRP Also anumber of video VoIP and streaming music applications use multicast e You havea protocol that isn t routable such as NetBIOS or non IP traffic over an IP network You could use GRE to tunnel IPX AppleTalk through an IP network e You need to connect two similar networks connected by a different network with different IP addressing Click VPN Settings Tab to open the VPN configuration screen In the
106. with CA Certificate as a authentication method X 509 cert client Select this option if you want to use X 509 certificates as a authentication method in client mode X 509 cert Server Select this option if you want to use X 509 certificates as a authentication method in server mode Authenticate M ode CG senero USER MANUAL GWR Series Router O m UO 3 T Q I Q O gt ct D OD O CH cr O I Li D B 5 ct gt OD O 3 O E Li L I CH 3 LO O 3 MD O zech ct gt OD Si O g I Q O D CT O I Li lt O D H Selection between TCP in server or client mode and UDP protocol in connect or Protocol wait mode Depending on the selected protocol port number should be specified Sp lt H v e D rech O 3 Q O 5 h Q 3 O 5 i Check the box to enable fast adaptive LZO compression NAT Rules Enables NAT through the tunnel Keep Alive Check the box if you want to use keepalive This field specifies the targe IP address for periodical traffic generated using ping in order to maintain the connection active Ping Timeout This field specifies ping interval for keepalive option Generate or Paste the Preshared Secret You have an additional option to Export the PSK If you select UDP protocol whether in connect or wait mode you must specify M ax Fragment Size default is 1300 bytes Specify renegotiate interval if username password is selected as aut
107. work default gateway e Click WAN Settings Tab to configure parameters necessary for GSM UMTS connection All parameters necessary for connection configuration should be required from mobile operator e Check the status of GSM UMTS connection WAN Settings Tab If disconnected please click Connect button e Click VPN Settings gt GRE to configure GRE tunnel parameters Enable yes Local Tunnel Address 10 10 10 1 Local Tunnel N etmask 255 255 255 252 Unchangeable always 255 255 255 252 Tunnel Source 10 251 49 2 select HOST from drop down menu if you want to use host name as peer identifier Tunnel Destination 10 251 49 3 select HOST from drop down menu if you want to use host name as peer identifier KeepAlive enable no Period none Retries none Press ADD to put GRE tunnel rule into GRE table Press Save to accept the changes 3 cenexo 69 USER MANUAL GWR Series Router GENEKO GWR ROUTER CONFIGURATION CONSOLE HARDWARE VPN Settings GRE 7 Help Status General york Information Generic Routing Encapsulation GRE Tunneling Enable Local Tunnel Address Local Tunnel Netmask KeepAlive Enable Period Retries Action 10 10 101 255 255 255 252 10 251 49 2 10 259 49 3 gn og 1 Rem WAN Information Settings Routine odo ess e E g Dynamic Routing Proto
108. y Use firewall option to set IP addresses from which is possible remote access on the GWR Router Demilitarized Zone DMZ allows one IP Address to be exposed to the Internet Because some applications require multiple TCP IP ports to be open DMZ provides this function by forwarding all the ports to one computer at the same time In the other words this setting allows one local user to be exposed to the Internet to use a special purpose services such as Internet gaming Video conferencing and etc It is recommended that you set your computer with a static IP if you want to use this function Description IP Filtering m EN 3 G SIS o e 9 g v Sy WN h OD Q N D B h RR S TI g OI all D Q UO N z Q YW all x CD o N OU CH y ct D CD G II Router This field specifies if Firewall is enabled at the GWR Router This field specifies if DM Z settings is enabled at the GWR Router Allow access from the following devices m 5 D GC UO N This check box allows forbidden host to access to the GWR Router This field specifies IP address of the host allow access to the GWR Router This field specifies service of the host allow access to the GWR Router This field specifies protocol of the host allow access to the GWR Router v ou Q Q R 0 v eh This field specifies port of the host allow access to the GWR Router Click Add to insert add new item in table to t
109. y management Phase 1 is used to create the SA DH Diffie Hellman is a key exchange protocol used during Phase 1 of the authentication process to establish pre shared keys Phase 1 DH Group There are three groups of different prime key lengths Group 1 is 768 bits Group 2 is 1024 bits and Group 5 is 1536 bits long If network speed is preferred select Group 1 If network security is preferred select Group 5 Select a method of encryption DES 56 bit 3DES 168 bit or AES 128 128 bit The method determines the length of the key used to encrypt or decrypt ESP packets AES 128 is recommended because it is the most secure Make sure both ends of the IPSec tunnel use the same encryption method Select a method of authentication M D5 or SHA 1 The authentication method IPSec Setup Keying Mode Phase 1 Encryption determines how the ESP packets are validated MD5 is a one way hashing Phase 1 Authentication algorithm that produces a 128 bit digest SHA 1 is a one way hashing algorithm that produces a 160 bit digest SHA 1 is recommended because it is more secure M ake sure both ends of the IPSec tunnel use the same authentication method Configure the length of time IPSec tunnel is active in Phase 1 The default value is Phase 1 SA Life Time 28800 seconds Both ends of the IPSec tunnel must use the same Phase 1 SA Life Time setting If the Perfect Forward Secrecy PFS feature is enabled IKE Phase 2 negotiation will generate n
Download Pdf Manuals
Related Search