ADSL 2/2+ VPN Firewall Router
Contents
1. 6 Select the TCP IP protocol for your network card 7 Click on the Properties button You should then see a screen like the following TCP IP Properties el E Bindings Advanced NetBlos ONS Configuration Gateway WINS Configuration IF Address An IF address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type itin the space below C Specify an iP address Figure 17 IP Address Win 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting Using this is recommended By default the ADE 4300 ADW 4300 will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the ADE 4300 ADW 4300 Using Specify an IP Address If your PC is already configured check with your network administrator before making the following changes 28 PC Configuration e Onthe Gateway tab enter the ADE 4300 ADW 4300 s IP address in the New Gateway field and click Add as shown below Your LAN administrator can advise you of the IP Address they assigned to the ADE 4300 ADW 4300 TCP IP Properties Px Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IPAddress The first gateway in the Installed Gateway list willbe the default2. Advanced IP Addressing Ei Ei Adapter PCI Fast Ethernet Adapter ty TCP IF Gateway Address El Ed Gateway Address nen UBT avar Remove Enable Security Eaonigue Figure 22 Windows NT4 0 Add Gateway 2 The DNS should be set to the address provided by your ISP as follows e Click the DNS tab e Onthe DNS screen shown below click the Add button under DNS Service Search Order and enter the DNS provided by your ISP Microsoft TCP IP Properties El Ei IP Address DNS WINS Address DHCP Relay Routing Domain Name System DNS Host Name Domain DAS Serice Search Order PETIT TEEPE ee eT E Upi iain Remove TCP IP ONS Server El Ed DHS Server l i Cancel coed sso Figure 23 Windows NT4 0 DNS PC Configuration Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties You should see a screen like the following Local Area Connection Properties El Ea General Connect using BY PC Fast Ethernet Adapter Components checked are used by this connection m Client for Microsoft Networks amp File and Printer Sharing for Microsoft Networks EE Internet Protocol TCP YIP Install Uninstall Properties Description Transmission Control Protocollnternet Protocol The default Wide
3. Overview This chapter covers some common problems that may be encountered while using the ADE 4300 ADW 4300 and some possible solutions to them If you follow the suggested steps and the ADE 4300 ADW 4300 still does not function properly con tact your dealer for further advice General Problems Problem 1 Can t connect to the ADE 4300 ADW 4300 to configure it Solution 1 Check the following e The ADE 4300 ADW 4300 is properly installed LAN connections are OK and it is powered ON e Ensure that your PC and the ADE 4300 ADW 4300 are on the same network segment If you don t have a router this must be the case e lf your PC is set to Obtain an IP Address automatically DHCP client restart it e lf your PC uses a Fixed Static IP address ensure that it is using an IP Address within the range 192 168 0 2 to 192 168 0 254 and thus compatible with the ADE 4300 ADW 4300 s default IP Ad dress of 192 168 0 1 Also the Network Mask should be set to 255 255 255 0 to match the ADE 4300 ADW 4300 In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol Internet Access Problem 1 When lI enter a URL or IP address I get a time out error Solution 1 A number of things could be causing this Try the following trouble shooting steps e Check if other PCs work If they do ensure that your PCs IP settings are correct If using a Fixed Static IP Add
4. ADSL 2 2 VPN Firewall Router ADE 4300A B ADW 4300A B User s Manual Copyright Copyright 2005 by PLANET Technology Corp All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language or computer language in any form or by any means electronic mechanical magnetic optical chemical manual or otherwise without the prior written permission of PLANET PLANET makes no representations or warranties either expressed or implied with respect to the contents hereof and specifically disclaims any warranties merchant ability or fitness for any particular purpose Any software described in this manual is sold or licensed as is Should the programs prove defective following their pur chase the buyer and not this company its distributor or its dealer assumes the entire cost of all necessary servicing repair and any incidental or consequential damages resulting from any defect in the software Further this company reserves the right to revise this publication and to make changes from time to time in the con tents hereof without obligation to notify any person of such revision or changes All brand and product names mentioned in this manual are trademarks and or regis tered trademarks of their respective holders Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits
5. Figure 66 Microsoft VPN Screen 88 Advanced Features Data Microsoft VPN Screen PPTP Server Enable Auto disconnect Idle Time out Remote Users Login Name Login Password Verify Password Buttons VPN Server Status Delete Delete All Add User Clear Form Use this checkbox to enable or disable this feature as required To allow connection by remote Windows clients you must enable this feature and enter the client details on the Clients screen to allow them to login to this Server Use this checkbox to enable or disable this feature as required To disconnect PPTP connection automatically when the login time reach the idle time Enter the login name The remote user must provide this name when they connect The name must not contain spaces punc tuation or special characters Enter the login password The remote user must provide this password when they connect Re enter the password above Click this button to open a sub window and view the details of each current PPTP connection Use this to delete the selected user if required Use this to delete whole users Use this to save the data in the Properties area as a new entry If a user is selected in the Existing User list the selec tion is ignored Use this to prepare the form for a new entry Any existing data will be cleared 89 ADE 4300 ADW 4300 User Guide VPN Server Status Screen This screen is displayed when
6. e 64 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 64 Bit Encryption the key size is 10 chars in HEX 0 9 and A F e 128 Bit data is encrypted using the default key before being transmitted You must enter at least the default key For 128 Bit Encryption the key size is 26 chars in HEX 0 9 and A F Normally this should be left at the default value of Automatic If changed to Open System or Shared Key ensure that your Wireless Stations use the same setting Authentication Type Default Key Select the key you wish to be the default Transmitted data is ALWAYS encrypted using the Default Key the other Keys are for decryption only 21 ADE 4300 ADW 4300 User Guide You must enter a Key Value for the Default Key Key Value Enter the key value or values you wish to use The Default Key is required the other keys are optional Other stations must have the same key Passphrase If desired you can generate a key from a phrase instead of entering the key value directly Enter the desired phrase and click the Generate Keys button WPA PSK Wireless Security Security System WPA PSK v PSK Ab33kejhIk54De8IEjly30vw Encryption TKIP Figure 11 WPA PSK Data WPA PSK Screen Security WPA PSK System Like WEP data is encrypted before transmission WPA is more secure than WEP and should be used if possible WP
7. FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interfer ence to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures e Reorient or relocate the receiving antenna e Increase the separation between the equipment and receiver e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help To assure continued compliance any changes or modifications not expressly ap proved by the party responsible for compliance could void the user s authority to operate this equipment Example use only shielded interface cables when connect ing to computer or peripheral devices FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits s
8. Networking Security Dialing Redial settings Try to connect 10 times walt 5 seconds between attempts W Disconnect when connection may not be needed Cancel Figure 70 Windows ME VPN Dialing Properties To establish a connection WN Windows 2000 Ensure you are connected to the Internet Select Start Settings Dial up Networking Double click the new VPN entry in Dial up Networking Enter your User name and Password as recorded in the Client database on ADE 4300 ADW 4300 Click the Connect button Ensure you have logged on with Administrator rights before attempting this procedure 1 Open Network Connections and start the New Connection Wizard 2 Select the VPN option Connect to a private network through the Internet as Network Connection Wizard You can choose the type of network connection you want to create based on A your network configuration and your networking needs Network Connection Type shown below and click Next Dial up to private network Connect using my phone line modem or ISON Dial up to the Internet Connect to the Internet using my phone line modern or ISDN Connect to a private network through the Internet Create a Virtual Private Network MPH connection or tunnel through the Internet Accept incoming connections Let other computers connect to mine by phone line the Interet or direct cable Connect directly to
9. rather than an IP address This technology works even if your ISP allocates dy 76 Advanced Features namic IP addresses IP address is allocated upon connection so it may change each time you connect Servers FTP E Mail POP3 E Mail SMTP DNS v Save changes before selecting another Server Properties Enable PC Server Selecta PC v Figure 61 Virtual Servers Screen Data Virtual Servers Screen Servers Servers This lists a number of common Server types If the desired Server type is not listed you can create a Firewall Rule to achieve the same effect as the Virtual Server function Properties Enable Use this to Enable or Disable support for this Server as required If Enabled you must select the PC to which this traffic will be sent PC Server Select the PC for this Server The PC must be running the appropriate Server software For each entry the PC must be running the appropri ate Server software Note If the desired Server type is not listed you can define your own Servers using the Firewall Rules Connecting to the Virtual Servers Once configured anyone on the Internet can connect to your Virtual Servers They must use the Internet IP Address the IP Address allocated to you by your ISP e g http 203 70 212 52 ftp 203 70 212 52 It is more convenient if you are using a Fixed IP Address from your ISP rather than Dynamic However you can use the Dynamic DN
10. 166 5 1 Subnet Mask 255 bitidi Address IP address ff l Subnet Mask L SPI Incoming Hex 3 Characters SPI Outgoing Hex 3 Characters Encryption Key jo O ESP Configuration DES 8 chars 3DES 24 chars Authentication Keyi MDS 16 chars SHA 1 20 chars Figure 64 VPN Manual Policy Screen Data VPN Manual Policy Screen General Policy Name Enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies Remote VPN Select the desired option IP address or Domain Name and Endpoint enter the address of the remote VPN endpoint you wish to connect to Note The remote VPN endpoint must have this VPN Gate way s address entered as its Remote VPN Endpoint 84 Advanced Features NETBIOS Enable Local LAN Local LAN Remote LAN Remote LAN ESP Configuration SPI Encryption Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel The NETBIOS protocol is used by Microsoft Networking This identifies which PCs on your LAN are covered by this policy For each selection data must be provided as follows e Single address Enter an IP address in the IP address field Typically this setting is used when you wish to make a single Server on your LAN available to remote users e Subnet address Enter an IP address in the IP address field and the de
11. Key For 64 Bit encryption the Key value must match For 128 Bit encryption the Key value must match WEP Authentication Open System or Shared Key WPA PSK is another standard for encrypting data before it is transmitted This is a later standard than WEP Wired Equivalent Privacy and provides greater security for your data Data is encrypted using a 256Bit key which is automatically generated and changed often If all your Wireless stations support WPA PSK you should use this instead of WEP If WPA PSK is used the Wireless Stations and the Access Point must have the same settings for each of the following WPA PSK Enter the same value on every station and the AP Pre shared Key The PSK must be from 8 to 63 characters in length The 256Bit key used for the actual encryption is de rived from this key 126 Appendix B About Wireless LANs Encryption The same encryption method must be used The most common encryption method is TKIP Another widely supported method is AES Wireless LAN Configuration To allow Wireless Stations to use the Access Point the Wireless Stations and the Access Point must use the same settings as follows Mode On client Wireless Stations the mode must be set to Infrastruc ture The Access Point is always in Infrastructure mode SSID ESSID Wireless Stations should use the same SSID ESSID as the Access Point they wish to connect to Alternatively the SSID can be set t
12. VPN endpoint Client PC to VPN Gateway Figure 97 Client PC to VPN Server In this situation the PC must run appropriate VPN client software in order to connect via the Internet to the ADE 4300 ADW 4300 or other VPN Gateway Once connected the client PC has the same access to LAN resources as PCs on the local LAN unless restricted by the network administrator e IPsec is not the only protocol which can be used in this situation but the ADE 4300 ADW 4300 supports IPsec ONLY e Windows 2000 and Windows XP include an IPsec VPN client program However configuration of this client program for use with the ADE 4300 ADW 4300 is very complex and beyond the scope of this document 130 Appendix C VPNs Connecting 2 LANs via VPN Ll Ll VPN Gateway a 192 168 0 xx E HTT 192 168 1 xx Figure 98 Connecting 2 VPN Gateways This allows two 2 LANs to be connected PCs on each endpoint gain secure access to the remote LAN e The 2 LANs MUST use different IP address ranges e The VPN Policies at each end determine when a VPN tunnel will be established and what systems on the remote LAN can be accessed once the VPN connection is established Itis possible to have simultaneous VPN connections to many remote sites VPN Example In this example 2 LANs are connected via VPN Each end has a ADE 4300 ADW 4300 WAN TER 202 11 13 211 Pad VPN Gateway LAN A LAN B 192 168 0
13. connections are allowed IPSec has 2 possibilities Main Mode and Aggressive Mode Currently only Main Mode is supported Ensure the remote VPN endpoint is set to use Main Mode The Diffie Hellman algorithm is used when exchanging keys The DH Group setting determines the number of bit size used in the exchange This value must match the value used on the remote VPN Gateway Select the desired option to match the Remote Identity Type setting on the remote VPN endpoint e WAN IP Address your Internet IP address e Fully Qualified Domain Name your domain name e Fully Qualified User Name your name E mail address or other ID Select the desired option to match the Local Identity Type setting on the remote VPN endpoint e P Address The Internet IP address of the remote VPN endpoint e Fully Qualified Domain Name the Domain name of the remote VPN endpoint e Fully Qualified User Name the name E mail address or other ID of the remote VPN endpoint Enter the data for the selection above If IP Address is selected no input is required Encryption Algorithm used for both IKE and IPSec This setting must match the setting used on the remote VPN Gateway Authentication Algorithm used for both IKE and IPSec This setting must match the setting used on the remote VPN Gateway The key must be entered both here and on the remote VPN Gateway This method does not require using a CA Certifi ca
14. sired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Remote addresses This identifies which PCs on the remote LAN are covered by this policy For each selection data must be provided as follows e Single PC no subnet Select this option if there is no LAN only a single PC at the remote endpoint If this option is selected no additional data is required e Single address Enter an IP address in the IP address field This must be an address on the remote LAN Typically this setting is used when you wish to access a server on the remote LAN e Subnet address Enter an IP address in the IP address field and the de sired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Local addresses Enter the required SPls Each policy must have unique SPIs These settings must match the remote VPN endpoint Note that the in setting here must match the out setting on the remote VPN endpoint and the out setting here must match the in setting on the remote VPN endpoint Select the desired Encryption Algorithm and enter the key in the field provided e For DES the key should be 8 ASCII characters 16 Hex characters e For 3DES the key should be 24 ASCII characters 48 Hex characters ADE 4300 ADW 4300 User Guide Authentication Select the desired Authentication Algorithm and enter t
15. 1x authentication for this network e Click the Connect button If this fails click the Advanced button to see a screen like the following 41 ADE 4300 ADW 4300 User Guide 11b Wireless Network Connection Properties aT See O General Wireless Networks Advanced l i Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure i tony 614v i abet v Preferred networks Automatically connect to available networks in the order listed below Leam about setting up wireless network confiquration Figure 32 Advanced Wireless Networks Select the SSID for the ADW 4300 and click Configure to see a screen like the following Wireless network properties Association Authentication i Network name SSID wireless network key This network requires a key for the following Network Authentication Data encryption WEP T fF Network key Confirm network kep Kep index advanced C The key iz provided for me automatically UNCHECK these options thes P This is a computer to computer ad hoc network wireless access points are not used Figure 33 Wireless Network Properties WEP Configure this screen as follows e Set Network Authentication to match theADW 4300 If the setting on the ADW 4300 is Auto then either Open or Shared can be us
16. Data Outbound Rules Screen Outbound Services Service Action Select the desired Service or application to be covered by this rule If the desired service or application does not appear in the list you must define it using the Services menu option Select the desired action for packets covered by this rule BLOCK always BLOCK by schedule otherwise Allow ALLOW always 69 ADE 4300 ADW 4300 User Guide LAN Users WAN Users Log e ALLOW by schedule otherwise Block Note e Any outbound traffic which is not blocked by rules you create will be allowed by the Default rule e ALLOW rules are only useful if the traffic is already covered by a BLOCK rule That is you wish to allow a subset of traffic which is currently blocked by another rule e To define the Schedule used in these selections use the Schedule screen Select the desired option to determine which PCs are covered by this rule e Any All PCs are covered by this rule e Single PC Only the selected PC is covered by this rule If selected you must select the PC PC If using Single PC above select the PC or Server on your LAN which will be covered by this rule These settings determine which packets are covered by the rule based on their source WAN IP address Select the desired option e Any All IP addresses are covered by this rule e Address range If this option is selected you must enter the Start and Finish fields e S
17. IP Addresses to some devices while using DHCP provided that the Fixed IP Addresses Neate are NOT within the range used by the DHCP Server Using another DHCP Server You can only use one 1 DHCP Server per LAN segment If you wish to use another DHCP Server rather than the ADE 4300 ADW 4300 s the following procedure is required e Disable the DHCP Server feature in the ADE 4300 ADW 4300 This setting is on the LAN screen e Configure the DHCP Server to provide the ADE 4300 ADW 4300 s IP Address as the Default Gateway To Configure your PCs to use DHCP This is the default setting for TCP IP for all non Server versions of Windows See Chapter 4 Client Configuration for the procedure to check these settings 17 ADE 4300 ADW 4300 User Guide Wireless Screen ADW 4300 only The ADW 4300 s settings must match the other Wireless stations Note that the ADW 4300 will automatically accept both 802 11b and 802 11g connec tions and no configuration is required for this feature To change the ADW 4300 s default settings for the Wireless Access Point feature use the Wireless link on the main menu to reach the Wireless screen An example screen is shown below Identification Region Europe v Station Name ADV W4S00 4 SSID Service Set Identifier Wireless TER 20211 Mode 802 114 amp 80211b 7 Channel Mo 11 Eroadcast SSID Ee iia Current Setting Disabled Access Point Enable Wireless Access Point Allow acce
18. IP address se subnet Mask se e Direction Responder only Exchange Mode Diffie Hellman DH Group Auto Local Identity Type Lata n a Remote Identity Type Data nia EE ncn tion Authentication Auto Fre shared Key Pe SA Life Time Seconds O Enable PFs Perfect Forward Security Figure 63 VPN Auto Policy Screen 80 Advanced Features Data VPN Auto Policy Screen General Policy Name Remote VPN Endpoint NetBIOS Enable Local LAN Local LAN Remote LAN Remote LAN Enter a unique name to identify this policy This name is not supplied to the remote VPN endpoint It is used only to help you manage the policies If the remote endpoint has a dynamic IP address select Dynamic IP address No Address Data input is required Otherwise select the desired option IP address or Domain Name and enter the address of the remote VPN endpoint you wish to connect to Note The remote VPN endpoint must have this VPN Gate way s address entered as its Remote VPN Endpoint Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel The NETBIOS protocol is used by Microsoft Networking This identifies which PCs on your LAN are covered by this policy For each selection data must be provided as follows e Single address Enter an IP address in the IP address field Typically this setting is used when you wish to make a single Server on your LAN av
19. Jan 2005 Part No EM ADE4300_ADW4300v4 Table of Contents CHAPTER 1 INTRODUCTION cccceceecsesseceecneeeeseueeuseuseuseuseuseuseuecuseuseuseuseuseussaesaes 1 ADE 4300 ADW 4300 Features cccccccsccsecsecseceeseeseeseuseuseuseuseuseueeueeueeeseueseeseeeas 1 PACK AGG Contents inss e a al ce saath ire sl oeenr eb aco ated 5 PYSIGAh Detalls cnica caves duccuhudeadecsatuoniiengavenncsudicdunrauntnuendocges 6 CHAPTER 2 INSTALLAT ION biicecsaiic vase sceeccrce ctacete wi ceewaadaceanahebeswarwde Sia eeaddesvenacseeteendinds 8 FRO CE OI SNS atria dircarcnc ns trance E E A EERE ven 8 FOC CCUM C ciirus a 8 CHAPTER 3 SE UP E E E E E E ES A E E E A E E 10 OV ORV OW scares sie a ee ee ee er aes 10 CONTIGUTATION Progra Meane A 12 SEUD WIZI ic an E secede ne senunssseedee 13 Home SCroe Maea a a E 15 LAN Scree raaa a a a E 16 Wireless Screen ADW 4300 Only cccccesseeeesseeeeseeneeeseeneeeseasneeeseeneessoaeeess 18 Wireless Security ADW 4300 Only cccssseeeeseseeeeeeseeeseeseeeseeneesseeneesseeeeeess 21 Trusted Wireless Stations ADW 4300 only cccesseeeeesseeeeseneeeeeeeeeseaeeees 23 Password SCree Niaiccesccactiestccvnccanccotuncucearsicaserceteateqeummantecuasiusrecnctbanceuetpecezeeeheneenws 25 IGGE SCHEC p E eee ctl ea cate cence bat act eae A cael cane E E eee wae 26 CHAPTER 4 PC CONFIGURATION QL cc cccccecceccsecsesseeseseuseuseuseuseusauseuseuseuseuseussuseaess 27 VOI Wino ara acdc seat
20. PC Database Config File Logging E mail Diagnostics Remote Admin Routing Upgrade Firmware 11 ADE 4300 ADW 4300 User Guide Configuration Program The ADE 4300 ADW 4300 contains an HTTP server This enables you to connect to it and configure it using your Web Browser Your Browser must support JavaScript The configuration program has been tested on the following browsers e Netscape V4 08 or later e Netscape 7 e Internet Explorer V5 01 or later Preparation Before attempting to configure the ADE 4300 ADW 4300 please ensure that e Your PC can establish a physical connection to the ADE 4300 ADW 4300 The PC and the ADE 4300 ADW 4300 must be directly connected using the Hub ports on the ADE 4300 ADW 4300 or on the same LAN segment e The ADE 4300 ADW 4300 must be installed and powered ON e If the ADE 4300 ADW 4300 s default IP Address 192 168 0 1 is already used by another device the other device must be turned OFF until the ADE 4300 ADW 4300 is allocated a new IP Address during configuration Using your Web Browser To establish a connection from your PC to the ADE 4300 ADW 4300 1 After installing the ADE 4300 ADW 4300 in your LAN start your PC If your PC is already running restart it 2 Start your WEB browser 3 Inthe Address box enter HTTP and the IP Address of the ADE 4300 ADW 4300 as in this example which uses the ADE 4300 ADW 4300 s default IP Ad dress HTP lt 7 192 165 07
21. See the following section for further details e The Start IP Address and Finish IP Address fields set the values used by the DHCP server when allocating IP Ad dresses to DHCP clients This range also determines the number of DHCP clients supported See the following section for further details on using DHCP DHCP What DHCP Does A DHCP Dynamic Host Configuration Protocol Server allocates a valid IP address to a DHCP Client PC or device upon request e The client request is made when the client device starts up boots 16 Setup e The DHCP Server provides the Gateway and DNS addresses to the client as well as allocating an IP Address e The ADE 4300 ADW 4300 can act as a DHCP server e Windows 95 98 ME and other non Server versions of Windows will act as a DHCP client This is the default Windows setting for the TCP IP network protocol How ever Windows uses the term Obtain an IP Address automatically instead of DHCP Client e You must NOT have two 2 or more DHCP Servers on the same LAN segment If your LAN does not have other Routers this means there must only be one 1 DHCP Server on your LAN Using the ADE 4300 ADW 4300 s DHCP Server This is the default setting The DHCP Server settings are on the LAN screen On this screen you can e Enable or Disable the ADE 4300 ADW 4300 s DHCP Server function e Set the range of IP Addresses allocated to PCs by the DHCP Server function You can assign Fixed
22. Status VC 3 Status VC 4 Status ADSL Details LAN IP Address Network Mask MAC Address For each VC Virtual Circuit the current status is dis played This will be either Enabled or Disabled Click this button to open a sub window and view the details of each VC Virtual Circuit The IP Address of the ADE 4300 ADW 4300 The Network Mask Subnet Mask for the IP Address above This shows the MAC Address for the ADE 4300 ADW 4300 as seen on the LAN interface Wireless ADW 4300 only Name SSID Region Channel Wireless AP Broadcast Name Associated Devices Buttons ADSL Details Associated Devices Refresh Screen If using an ESS Extended Service Set with multiple ac cess points this ID is called an ESSID Extended Service Set Identifier The current region as set on the Wireless screen This shows the Channel currently used as set on the Wireless screen This indicates whether or not the Wireless Access Point feature is enabled This indicates whether or not the SSID is Broadcast This setting is on the Wireless screen Clicking this will generate a list of all devices currently using the Access Point View the details of each VC Virtual Circuit Clicking this will generate a list of all devices currently using the Access Point Update the data displayed on screen 121 Appendix A Troubleshooting This Appendix covers the most likely problems and their solutions
23. Use this to Enable or Disable auto refresh for this screen If enabled the screen will be updated every few seconds The status bar on the bottom on the screen will indicate if auto refresh is enabled or disabled VPN Log Click this button to switch to the VPN log screen The VPN log shows details of each connection as it is created 8 ADE 4300 ADW 4300 User Guide Microsoft VPN Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows This feature can be used to provide remote access to your LAN by individ ual PCs This method provides an alternative to using IPSec VPN which is described in the previous chapter Using Microsoft VPN provides easier setup than using IPSec VPN Microsoft VPN Screen ADE 4300 ADW 4300 incorporates a PPTP Peer to Peer Tunneling Protocol server which is compatible with the VPN Adapter provided with recent versions of Microsoft Windows Remote Windows clients are able to connect to this Server Once connected they can access the LAN as if they connected locally This screen is displayed when you select Microsoft VPN on the Advanced menu HAGAE This Serveris compatible with the VPN Adapter provided with recent versions of Microsoft Windows O Enable PPTP VPN Server O Auto disconnect Idle Time Out 30 min YPN Server Status Remote Users Existing Users Add New User Login Name Login Password Verify Password
24. WAN IP address or addresses covered by this rule Indicates whether or not connections covered by this rule should be logged Use the Add button to create a new rule The other buttons Edit Move or Delete require that a rule be selected first Use the radio buttons in the left column to select the desired rule 67 ADE 4300 ADW 4300 User Guide Incoming Rules Inbound Services This screen is displayed when the Add or Edit button for Incoming Rules is clicked Service AnyvlALOT CRYUDP 1 65535 Action ALLOW always v send to LAN Server Selecta PC v WAN Users Any y Single Start Finish Figure 54 Inbound Services Screen Data Incoming Rules Screen Inbound Services Service Action Send to LAN Server WAN Users Select the desired Service This determines which packets are covered by this rule If necessary you can define a new Service on the Services screen by defining the protocols and port num bers used by the Service Select the desired action for packets covered by this rule e ALLOW always e ALLOW by schedule otherwise Block e BLOCK always e BLOCK by schedule otherwise Allow Note e Any inbound traffic which is not allowed by rules you create will be blocked by the Default rule e BLOCK rules are only useful if the traffic is already covered by an ALLOW rule That is you wish to block a sub set of traffic which is currently allowed by another ru
25. and powered On e MAC address is Enter the MAC address on the PC The MAC address is also called the Hardware Address Physi cal Address or Network Adapter Address The ADE 4300 ADW 4300 uses this to provide a unique identifier for each PC Because of this the MAC address can NOT be left blank Add a new PC to the list using the data in the Properties box If Automatic discovery for MAC address is selected the PC will be sent a ping to determine its hardware address This will fail unless the PC is connected to the LAN and powered on Update modify the selected PC using the data in the Proper ties box Clear the Properties box ready for entering data for a new PC Update the data on screen Display a read only list showing full details of all entries in the PC database Click this to view the standard PC Database screen 103 ADE 4300 ADW 4300 User Guide Config File This feature allows you to download the current settings from the ADE 4300 ADW 4300 and save them to a file on your PC You can restore a previously downloaded configuration file to the ADE 4300 ADW 4300 by uploading it to the ADE 4300 ADW 4300 This screen also allows you to set the ADE 4300 ADW 4300 back to its factory default configuration Any existing settings will be deleted An example Config File screen is shown below sE E Relies Save a Copy of Current Settings MUP Restore Saved Settings from a File BHi Reve
26. antenna detachable less ADW 4300 only 1 RJ 11 10 100Base TX Auto Negotiation LED Indicators PWR STATUS WLAN ADW 4300 only ADSL 100 LNK ACT 10 LNK ACT for each LAN port utton 1 for reset factory reset oftware IP NAT ARP ICMP DHCP PPPoE PPPoA IPoA RIP 1 2 SNMPv1 Security Native NAT firewall Enhanced policy based SPI firewall URL Filter Blocking log Virtual Server DMZ Access Control VPN termination IPSec tunnel 8 simultaneous tunnels Main Mode Throughput 1 5Mbps DES 3DES encryption IKE support with pre shared key IP address or FQDN identification MD5 SHA 1 Authentication PPTP Server Microsoft VPN support 135 ADE 4300 ADW 4300 User Guide Management Environment Specification imension W x D x H ower ower Consumption Temperature O 40 degree C operating 10 70 degree C storage Humidity 5 95 non condensing mission FCC CE Wireless Interface ADW 4300 only Standards IEEE802 11b IEEE802 11g WLAN 802 11G plus Texas Instruments proprietary enhanced mode Frequency 2 4 to 2 4835GHz Industrial Scientific Medical Band Channels Maximum 14 Channels depending on regulatory authorities Modulation CCK DQPSK DBPSK OFDM CCK Data Rate Up to 54 Mbps 802 119 64 Mps TI 802 11G plus Security WEP 64Bit 128Bit WPA PSK MAC address checking Output Power 13dBm typical Receiver Sensitivity 80dBm Min 136 Appendix D Specifications Regulatory Approvals
27. area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected Figure 24 Network Configuration Win 2000 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol TCP IP Properties General You can gel IF settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IF settings i Obtain an IP address automatically Use the following IP address IP address Subnet mask Default gateway f Obtain ONS server address automatically Use the following DNS server addresses Pretered DHS server Alternate OHS server Figure 25 TCP IP Properties Win 2000 ADE 4300 ADW 4300 User Guide 5 Ensure your TCP IP settings are correct as described below Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting Using this is recommended By default the ADE 4300 ADW 4300 will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the ADE 4300 ADW 4300 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes e Enter the ADE 4300 ADW 4300 s
28. as set in the Setup Wizard This indicates the current status of the Internet Connection e Active Connection exists 50 Operation and Status Internet IP Address LAN IP Address Network Mask DHCP Server MAC Address e Idle No current connection but no error has been detected This condition normally arises when an idle connection is automatically terminated e Failed The connection was terminated abnormally This could be caused by Modem failure or the loss of the connection to the ISP s server If there is an error you can click the Connection Details button to find out more information This IP Address is allocated by the ISP Internet Service Provider If using a dynamic IP address and no connection currently exists this information is unavailable The IP Address of the ADE 4300 ADW 4300 The Network Mask Subnet Mask for the IP Address above This shows the status of the DHCP Server function The value will be Enabled or Disabled This shows the MAC Address for the ADE 4300 ADW 4300 as seen on the LAN interface Wireless ADW 4300 only Name SSID Region Channel Wireless AP Broadcast Name System Device Name Firmware Version Buttons ADSL Details Connection Details Attached Devices Refresh Screen If using an ESS Extended Service Set with multiple ac cess points this ID is called an ESSID Extended Service Set Identifier The current region as s
29. e Set your Default Gateway to the IP Address of the ADE 4300 ADW 4300 e Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of Linux and X windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called ethO Click the Edit button set the protocol to DHCP and save this data To apply your changes ot a e Use the Deactivate and Activate buttons if available e OR restart your system Other Unix Systems To access the Internet via the ADE 4300 ADW 4300 e Ensure the Gateway field for your network card is set to the IP Address of the ADE 4300 ADW 4300 e Ensure your DNS Name Server settings are correct PC Configuration Wireless Station Configuration ADW 4300 only This section applies to all Wireless stations wishing to use the ADW 4300 s Access Point regardless of the operating system which is used on the client To use the Wireless Access Point in the ADW 4300 each Wireless Station must have compatible settings as follows Mode The mode must be set to Infrastructure rather than Ad hoc Access points only operate in Infrastructure mode SSID ESSID This must match the value used on the ADW 4300 The default value is Wireless Note The SSID is case sensitive Wireless By default Wireless sec
30. if they have the correct SSID and security but they must obtain an IP address from the DHCP Server on your LAN e The modem will act like any other ADSL modem No routing will be performed and no client login will be done If a client login is required it must be performed by your Router Gateway or by software on your PC 119 ADE 4300 ADW 4300 User Guide In Modem mode the Status screen looks like the example below OSES Koderm Status Connecting Downstream Connection Speed 0 kbps Upstream Connection speed 0 kbps YC 1 Status Enabled Vil 2 Status Disabled Vil 3 Status Disabled VC 4 Status Disabled IPF Address 192 168 0 1 Network Wask Piste iE MAC Address OO 30 4F 22 44 D6 MOSER Name SSID Wireless Region Europe Channel 11 Wireless AF enable Broadcast Name enable Device Name ADV 4S 004 Firmware Version 4 10 04 Attached Devices Figure 95 Status Screen Bridge Mode Data Status Screen Bridge Mode System Device Name The current name of the Router This name is also the hostname for users with an Home type connection Firmware Version The version of the current firmware installed ADSL Modem Status This indicates the status of the ADSL modem component DownStream Displays the speed for the DownStream Connection Connection Speed UpStream If connected displays the speed for the Up Stream upload Connection Speed ADSL Connection 120 Advanced Administration VC 1 Status VC 2
31. on your LAN you should enter details of each such device into the PC database using the PC Database screen PC Database Screen An example PC Database screen is shown below DHCP Clients are automatically added and updated If not listed try restarting the PC PCs using a Fixed IP address can be added and deleted below o Known PCS 3 Secada 192 168 0 3 LAN 00 30 4F 30 D2 B7 DHCP Name Add IP Address Del Figure 83 PC Database e PCs which are DHCP Clients are automatically added to the database and updated as required e By default non Server versions of Windows act as DHCP Clients this setting is called Obtain an IP Address automatically e The ADE 4300 ADW 4300 uses the Hardware Address to identify each PC not the name or IP address The Hardware Address can only change if you change the PC s network card or adapter e This system means you do NOT need to use Fixed static IP addresses on your LAN However you can add PCs using Fixed static IP Addresses to the PC da tabase if required 100 Advanced Features Data PC Database Screen Known PCs Name IP Address Buttons Add Delete Refresh Generate Report Advanced Administration This lists all current entries Data displayed is name IP Address type The type indicates whether the PC is connected to the LAN If adding a new PC to the list enter its name here It is best if this matches the
32. only e This Modem AP ADW 4300 only must be a valid device on your LAN to allow management connections You must assign a fixed IP address which is within the address range used on your LAN but not within the address range used by your DHCP server When you connect in future just connect normally using the IP address you assigned 1 Start your WEB browser 6 Inthe Address box enter HTTP and the current IP Address of the ADE 4300 ADW 4300 as in this example which uses the ADE 4300 ADW 4300 s de fault IP Address RTIP 7 192 060 0 1 7 When prompted for the User name and Password enter admin for the user name and the current password as set on the password screen The password is the same regardless of the mode 117 ADE 4300 ADW 4300 User Guide Home Screen If in Modem mode the home screen will look like the example below PLANET ADW 4300A ADW 4300A Wireless SSID Wireless Security Disabled IP Address 192 168 0 1 Figure 93 Home Screen Modem Mode Note that the menu has changed many of the options in Router mode are not avail able The screens available are e Mode change back to Router mode if desired e LAN set IP address mask and gateway This is the same as in Router mode except that the DHCP server is not available while in Modem mode e Wireless ADW 4300 only this screen and related sub screens is the same as in Router mode e Password this scree
33. or not the connection is currently established e f the connection does not exist the Connect button can be used to establish a connection e If the connection currently exists the Disconnect button can be used to break the connection Negotiation This indicates the status of the PPPoE Server login IP Address The IP Address of this device as seen by Internet users This address is allocated by your ISP Internet Service Provider Network Mask The Network Mask associated with the IP Address above Buttons Connect If not connected establish a connection to your ISP Disconnect If connected to your ISP hang up the connection Close Close this window 53 ADE 4300 ADW 4300 User Guide Connection Details Dynamic IP Address lf your access method is Direct no login with a Dynamic IP address a screen like the following example will be displayed when the Connection Details button is clicked Dynamic IP Address IF Address 172 312 2205 Subnet Mask 209 205 299 0 Default Gateway 172 31 2 253 DNS Server 172 312 254 DHCP Server 172 312 205 Lease Obtained 2002 09 08 12 06 02 Lease Expires 2002 09 11 12 02 52 Release Renew Figure 45 Connection Details Fixed Dynamic IP Address Data Dynamic IP address Internet IP Address The current IP Address of this device as seen by Internet users This address is allocated by your ISP Internet Service Provider Network Mask The Network Mask as
34. point provided they have the correct SSID and secu rity settings e Trusted Wireless stations only Only wireless stations you designate as Trusted can use the Access Point even if they have the correct SSID and security settings This feature uses the MAC address to identify Wireless sta tions The MAC address is a low level network identifier which is unique to each PC or network device To define the trusted wireless stations use the Set Stations button Click this button to manage the trusted PC database 20 Setup Wireless Security ADW 4300 only This screen is accessed by clicking the Configure button on the Wireless screen There are 3 options for Wireless security e Disabled no data encryption is used e WEP data is encrypted using the WEP standard e WPA PSK data is encrypted using the WPA PSK standard This is a later stan dard than WEP and provides much better security than WEP If all your Wireless stations support WPA PSK you should use WPA PSK rather than WEP WEP Wireless Security Security System WEP x Authentication Type Automatic WEP Data Encryption 128 bit 26 Hex chars Key 1 87BF8014F2395A3497D7339495 Key 2 O Key 2 O Key4t oj Passphrase Save Cancel Figure 10 WEP Data WEP Screen WEP Data Encryption WEP Data Encryption Select the desired option and ensure the Wireless Stations use the same setting
35. specific Syslog server Use this if your Syslog Server does not have a fixed IP address Syslog If your Syslog server has a fixed IP address select this option and enter the IP address of your Syslog server 106 Advanced Features This screen allows you to E mail Logs and Alerts A sample screen is shown below SCR Turn E mail Notification On Send to this E mail Address Outgoing SMTP MailServer O My SMTP Mail Server requires authentication User Name 4 Password SEU WER Send E Mail alerts immediately fa DoS attack is detected fa Port Scan is detected If someone attempts to access a blocked site ULEIEI Send Logs According to this Schedule Hourly Day Sunday Time 1 00 Figure 87 E mail Screen Data E mail Screen E Mail Notification Turn E mail Notification on Send to this E mail address Outgoing SMTP Mail Server My SMTP Mail Server requires authentication User Name Password Check this box to enable this feature If enabled the E mail address information below must be provided Enter the E mail address the Log is to be sent to The E mail will also show this address as the Sender s address Enter the address or IP address of the SMTP Simple Mail Transport Protocol Server you use for outgoing E mail To stop spanners many SMTP mail servers require you to log in to send mail In this case enable
36. the Wireless clients using this Access Point ADW 4300 e All traffic received on either the Wireless ADW 4300 or LAN interface will be sent over the ADSL connection Notes e Generally you should NOT use modem mode Only select this mode if you are sure this is what you want e After changing the mode this device will restart which will take a few seconds The menu will also change depending on the mode you are in e The Wireless Access Point ADW 4300 only can function in either Router or Modem mode But generally it is not a good idea to combine a Modem with an Access Point because all data received from the wireless stations will be sent over the modem connection Since the modem is transparent it does not exam ine the traffic to determine whether the traffic is for the LAN or the WAN e For details on using Modem Mode see Chapter 8 26 Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local Inter nal LAN Overview For each PC the following may need to be configured e TCP IP network settings e Internet Access configuration e Wireless configuration ADW 4300 only Windows Clients This section describes how to configure Windows clients for Internet access via the ADE 4300 ADW 4300 The first step is to check the PC s TCP IP settings The ADE 4300 ADW 4300 uses the TCP IP network protocol for all functions so it is essential that the TCP IP prot
37. this checkbox and enter the login information User name and Password in the fields below If you have enabled My SMTP Mail Server requires authenti cation above enter the User Name required to login to your SMTP Server If you have enabled My SMTP Mail Server requires authenti cation above enter the password required to login to your SMTP Server 107 ADE 4300 ADW 4300 User Guide E mail Alerts Send E mail You can choose to have alerts E mailed to you by checking alerts immedi the desired checkboxes The ADE 4300 ADW 4300 can send ately an immediate alert when it detects a significant security inci dent such as e A known hacker attack is directed at your IP address e Acomputer on the Internet scans your IP address for open ports e Someone on your LAN Local Area Network tries to visit a blocked site E mail Logs Send Logs Select the desired option for sending the log by E mail e Never default This feature is disabled Logs are not sent e When log is full The time is not fixed The log will be sent when the log is full which will depend on the volume of traffic e Hourly Daily Weekly The log is sent on the interval specified e f Daily is selected the log is sent at the time specified Select the time of day you wish the E mail to be sent e If Weekly is selected the log is sent once per week on the specified day at the specified time Select the day and the time of day you wish th
38. wish to connect to Click Next to continue New Connection Wizard PH Server Selection What iz the name or address of the VPN server Type the host name or Internet Protocol IF address of the computer to which you are connecting Host name or IF address for example microsoft com or 157 54 0 1 123 45 6 74 Figure 80 Windows XP VPN Server 96 Advanced Features 8 Choose whether to allow this connection for everyone or only for yourself as required Click Next to continue New Connection Wizard Connection Availability You can make the new connection available to any user or only to yourself A connection that it created for your use only is saved in Your user account and is not available unless you are logged on Create this connection for Anyone s use Figure 81 Windows XP Connection Availability On the final screen click Finish to save and exit Setup is now complete To establish a connection 1 2 Right click the connection in Network Connections and select Connect You will then be prompted for the username and password Enter the username and password assigned to you as recorded in the VPN client database on ADE 4300 ADW 4300 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in ADE 4300 ADW 4300 is designed to work with the de fault Win
39. you click the VPN Server Status button on the Micro soft VPN screen PPTP VPN Server Connections UserName Remote IP LocallP Start Time Action Auta Retresh Clase Figure 67 Microsoft VPN Status Screen Data Microsoft VPN Status Screen Connection This table contains the following data about each current con Table nection e User Name The login name e Remote IP The IP address of the remote client e Local IP ADE 4300 ADW 4300 will allocate a local IP address to remote client when user login e Start Time This displays the start time when remote client login to the ADE 4300 ADW 4300 e Action This column will contain a button which allows you to break terminate the PPTP connection Server Log Auto Refresh Use this to Enable or Disable auto refresh for this screen If enabled the screen will be updated every few seconds The status bar on the bottom on the screen will indicate if auto refresh is enabled or disabled View Log This displays details of each connection or connection attempt You can use the Clear Log button to re start the log making new messages easier to read Windows Client Setup To connect to the PPTP VPN Server in the VPN Broadband Gateway e The Microsoft VPN feature in the VPN Broadband Gateway must be enabled and configured as described in the previous section e Each user must have a login username and password on the VPN client data base on the VPN Broad
40. 1 Step through the Wizard until finished You need the data supplied by your ISP Most connection methods require some data input The common connection types are explained in the following table On the final screen of the Wizard run the test and check that an Internet connec tion can be established If the connection test fails Check all connections and the front panel LEDs Check that you have entered all data correctly 13 ADE 4300 ADW 4300 User Guide Common Connection Types Dynamic Your IP Address is allocated a ADSL parameters VPI and IP Address automatically when you con VCI may be required if they nect to you ISP cannot be detected automati cally b Some ISP s may require you to use a particular Host name or Domain name or MAC physical address Static Fixed Your ISP allocates a perma a ADSL parameters VPI and IP Address nent IP Address to you VCI may be required if they Usually the connection is cannot be detected automati Always on cally b IP Address allocated to you and related information such as Network Mask Gateway IP address and DNS address PPPoE PPPoA You connect to the ISP only a ADSL parameters VPI and when required The IP address VCI may be required if they is usually allocated automati cannot be detected automati cally cally b User name and password are always required c If using a Static Fixed IP address you need the IP address a
41. 1 4 When prompted for the User name and Password enter default user name admin and leave the password field blank no password 12 Setup If you can t connect If the ADE 4300 ADW 4300 does not respond check the following The ADE 4300 ADW 4300 is properly installed LAN connection is OK and it is powered ON You can test the connection by using the Ping command Open the MS DOS window or command prompt window Enter the command Ping 192 102 0 1 If no response is received either the connection is not working or your PC s IP address is not compatible with the ADE 4300 ADW 4300 s IP Address See next item If your PC is using a fixed IP Address its IP Address must be within the range 192 168 0 2 to 192 168 0 254 to be compatible with the ADE 4300 ADW 4300 s default IP Address of 192 168 0 1 Also the Network Mask must be set to 255 255 255 0 See Chapter 4 PC Configuration for details on checking your PC s TCP IP settings Ensure that your PC and the ADE 4300 ADW 4300 are on the same network segment If you don t have a router this must be the case Ensure you are using the wired LAN interface The Wireless interface can only be used if its configuration matches your PC s wireless set tings ADW 4300 only Setup Wizard The first time you connect to the ADE 4300 ADW 4300 the Setup Wizard will run automatically The Setup Wizard will also run if the ADE 4300 ADW 4300 s default settings are restored
42. 5 ADE 4300 ADW 4300 User Guide performance This capability is called Roaming Access Points do not have or require Roaming capabilities The Wireless Channel sets the radio frequency used for communication e Access Points use a fixed Channel You can select the Channel used This allows you to choose a Channel which provides the least interference and best perform ance In the USA and Canada 11 channel are available If using multiple Access Points it is better if adjacent Access Points use different Channels to reduce inter ference e In Infrastructure mode Wireless Stations normally scan all Channels looking for an Access Point If more than one Access Point can be used the one with the strongest signal is used This can only happen within an ESS e f using Ad hoc mode no Access Point all Wireless stations should be set to use the same Channel However most Wireless stations will still scan all Chan nels to see if there is an existing Ad hoc group they can join WEP Wired Equivalent Privacy is a standard for encrypting data before it is transmit ted This is desirable because it is impossible to prevent snoopers from receiving any data which is transmitted by your Wireless Stations But if the data is encrypted then it is meaningless unless the receiver can decrypt it If WEP is used the Wireless Stations and the Access Point must have the same settings for each of the following Off 64 Bit 128 Bit
43. A PSK is the version of WPA which does NOT require a Radius Server on your LAN PSK Enter the PSK network key Data is encrypted using a key derived from the network key Other Wireless Stations must use the same network key The PSK must be from 8 to 63 characters in length WPA Encryption The WPA PSK standard allows different encryption methods to be used Wireless Stations must use the same encryption method 22 Setup Trusted Wireless Stations ADW 4300 only This feature can be used to prevent unknown Wireless stations from using the Access Point This list has no effect unless the setting Allow access by trusted stations only is enabled To change the list of trusted wireless stations use the Modify List button on the Ac cess Control screen You will see a screen like the sample below Trusted Wireless Stations Other Wireless Stations Name Address PhysicalMAC address Figure 12 Trusted Wireless Stations Data Trusted Wireless Stations Trusted Wireless This lists any Wireless Stations which you have designated Stations as Trusted Other Wireless This list any Wireless Stations detected by the Access Point Stations which you have not designated as Trusted Name The name assigned to the Trusted Wireless Station Use this when adding or editing a Trusted Station Address The MAC physical address of the Trusted Wireless Station Use this when adding or editing a Trusted Statio
44. D On ADSL connection is available Off No ADSL connection available Flashing Data is being transmitted or received via the ADSL connection Introduction Rear Panel st A oa aah RESET Pipininininirininitinit ann CL el KALALA gt Figure 5 Rear Panel of ADW 4300 RESET Button This button will reset the ADE 4300 ADW 4300 to the factory Reset to De default settings faults To do this press and hold the Reset Button for five 5 sec onds until the Status LED is lit then release the Reset Button and wait the ADE 4300 ADW 4300 to restart using the factory default values POWER port Connect the supplied power adapter here 10 100BaseT Use standard LAN cables RJ45 connectors to connect your LAN connec PCs to these ports tions Note Any LAN port on the ADE 4300 ADW 4300 will automatically function as an Uplink port when required Just connect any port to a normal port on the other hub using a standard LAN cable ADSL port Connect this port to your ADSL line Chapter 2 Installation This Chapter covers the physical installation of the ADE 4300 ADW 4300 Requirements e Network cables Use standard 10 100BaseT network UTP cables with RJ45 connectors e TCP IP protocol must be installed on all PCs e For Internet Access an Internet Access account with an ISP and a DSL connec tion e To use the Wireless Access Point all Wireless devices must
45. DNS when used with the Virtual Servers feature allows users to connect to Servers on your LAN using a Domain Name even if you have a dynamic IP address which changes every time you connect Scheduling Both the URL Filter and Firewall rules can be scheduled to operate only at certain times This provides great flexibility in controlling Internet bound traffic VPN Connectivity Supports up to 8 IPSec VPN with DES 3DES encryption and SHA 1 MD5 authentication the network traffic over public Internet is secured PPTP Server The ADE 4300 ADW 4300 emulates a Microsoft PPTP VPN Server allowing clients to use the Microsoft VPN client provided in Windows VPN Pass through Support PCs with VPN Virtual Private Networking software using PPTP L2TP and IPSec are transparently supported no configura tion is required Wireless Features ADW 4300 only Standards Compliant The ADW 4300 complies with the IEEE802 11g DSSS specifications for Wireless LANs Introduction Supports both 802 11b and 802 11g Wireless Stations The 802 11g standard provides for backward compatibility with the 802 11b standard so both 802 11b and 802 11g Wireless stations can be used simultaneously Speeds to 54Mbps All speeds up to the 802 11g maximum of 54Mbps are supported WEP support Support for WEP Wired Equivalent Privacy is included Key sizes of 64 Bit and 128 Bit are supported WEP encrypts any data before trans mission providing protection a
46. Dos attacks and Port Scans Disable Broadcast on LAN Send to this Syslog Server Figure 86 Logging Screen Data Logging Screen Logs Current Time The current time on the ADE 4300 ADW 4300 is displayed Log Data Current log data is displayed in this panel Buttons There are three 3 buttons e Refresh Update the log data e Clear Log Clear the log and restart it This makes new messages easier to read e Send Log E mail the log immediately This is only functional if the E mail screen has been configured 105 ADE 4300 ADW 4300 User Guide Logs Include Check Use these checkboxes to determine which events are boxes included in the log Checking all options will increase the size of the log so it is good practice to disable any events which are not really required e Attempted access to blocked sites If checked attempted Internet accesses which were blocked are logged e Connections to the Web based interface of this Router If checked this will log connections TO this Router rather than through this Router to the Internet e Router operation If checked other Router operations not covered by the selections above will be logged e Known DoS attacks and Port Scans If checked Denial of Service attacks as well as port scans will be logged Syslog Disable Data is not sent to a Syslog Server Broadcast on LAN The Syslog data is broadcast rather than sent to a
47. IP address in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the ADE 4300 ADW 4300 e Ifthe DNS Server fields are empty select Use the following DNS server ad dresses and enter the DNS address or addresses provided by your ISP then click OK 34 PC Configuration Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose Properties You should see a screen like the following Local Area Connection Properties Gereral Authentication Advanced Conmect using B9 POI Fast Adapter Configure This connection uses the hollowing tens A E Chere for Microsoft Networks ca r and Printer Shanng tor Microsoft Mebworks W J oS Packa Scheduler i we lrternet Protocol TEPA FI Deccan Transmis ion Conkol Probocolimemet Protocol The default wide aiea nebeark protocol that orovdes communication across dvere mierconnected nelak s C Show icon in notiication area when connected Figure 26 Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following 35 ADE 4300 ADW 4300 User Guide Internet Protocol TCP IP Properties General Alternate Configuration You can get IF settings assigned automatically if your network supports this
48. NS Service TZO com uses your E mail address Enter your current password for the DDNS Service TZO com calls this a key Enter the domain name allocated to you by the DDNS Service If you have more than one name enter the name you wish to use e This message is returned by the DDNS Server e Normally this message should be Update successful e Ifthe message indicates some problem you need to connect to the DDNS Service provider and correct this problem 65 ADE 4300 ADW 4300 User Guide AVETE AT CX The Firewall Rules screen allows you to define Firewall Rules which can allow or prevent certain traffic Traffic means incoming connection attempts not packets By default e All Outgoing traffic is permitted e All Incoming traffic is denied Because of this default behavior any Outgoing rules will generally Block traffic and Incoming rules will generally Allow traffic Firewall Rules Screen An example screen is shown below Incoming Rules 4 A ao Enable Service Name Action P adress WAN Users Log Default Yes BLOCK always Match Defaut Yes Any BLOCK always Any Match Outgoing Rules Enable Service Name Action LAN Users WAN Servers Log Default Yes Ary ALLOW always AY Ary Never Figure 53 Firewall Screen Data Firewall Rules Incoming Rules For the default rule this will display Default For rules which you create this will display a radio button which all
49. PC s hostname Enter the IP Address of the PC The PC will be sent a ping to determine its hardware address If the PC is not available not connected or not powered On you will not be able to add it This will add the new PC to the list The PC will be sent a ping to determine its hardware address If the PC is not available not connected or not powered On you will not be able to add it Delete the selected PC from the list This should be done in 2 situations e The PC has been removed from your LAN e The entry is incorrect Update the data on screen Display a read only list showing full details of all entries in the PC database View the Advanced version of the PC database screen PC Database Admin See below for details 101 ADE 4300 ADW 4300 User Guide PC Database Advanced This screen is displayed if the Advanced Administration button on the PC Database is clicked It provides more control than the standard PC Database screen Any PC may be added edited or deleted If adding a FE which is not connected and On you must provide the MAC hardware address Known PCs kang chang 192 168 0 2 LAN 00 01 29 F1 18 A6 DHCP PC Properties Name IP Address Automatic DHCP Client DHCP Client reserved IP address Fixed IF address set on PC MAC Address Automatic discovery PC must be available on LAN MAC address is Add as New E
50. S feature to allow users to connect to your Virtual Servers using a URL rather than an IP Address ES From the Internet ALL Virtual Servers have the IP Address allocated by your ISP Note T ADE 4300 ADW 4300 User Guide VPN IPSec The VPN Virtual Private Network feature in the ADE 4300 ADW 4300 allows you to create a VPN connection between 2 ADE 4300 ADW 4300s or a remote PC to estab lish a VPN connection to the ADE 4300 ADW 4300 To establish a VPN connection from a remote PC to the ADE 4300 ADW 4300 you need suitable IPSec VPN client software on your PC For more information about VPNs please refer to Appendix C About VPNs VPN Policies A VPN Policy contains all the configuration data for a particular VPN connection Generally you will have to create one policy for each site you wish to connect to The remote VPN Gateway or client needs to have matching configuration e Traffic covered by an enabled policy will automatically be sent via a VPN tunnel If the VPN tunnel does not exist it will be created e The VPN tunnel is created according to the parameters in the SA Security Asso ciation e The remote VPN Endpoint must have a matching SA or it will refuse the connec tion There are 2 types of VPN Policies e Manual All settings including the keys for the VPN tunnel are manually input at each end both VPN Endpoints e Auto Some parameters for the VPN tunnel are generated automatically T
51. The address order in the list will be the order in which these machines are used New gateway 192 166 0 1 Installed gateways Figure 18 Gateway Tab Win 95 98 e On the DNS Configuration tab ensure Enable DNS is selected If the DNS Server Search Order list is empty enter the DNS address provided by your ISP in the fields beside the Add button then click Add TCP IP Properties FEE Gateway WINS Configuration IF Address Bindings Advanced NetBios DNS Configuration C Disable ONS Enable ONS Hast Domain DNS Server Search Order Add Baue Figure 19 DNS Tab Win 95 98 29 ADE 4300 ADW 4300 User Guide Checking TCP IP Settings Windows NT4 0 1 Select Control Panel Network and on the Protocols tab select the TCP IP protocol as shown below Hetwork El Ei Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NWLink IFSP Compatible Transport Y NWLink NetBIOS Eg TCPAIP Frotocol Add Remove Properties Update Description Transport Control Protocol lntemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Figure 20 Windows NT4 0 TCP IP 2 Click the Properties button to see a screen like the one below 30 PC Configuration Microsoft TCP IP Properties EAE IP Address DNS WINS Address DHCP Relay R
52. Wizard Connection Availability You may make the new connection available to all users or just yoursell You may make this connection available to all users or keep it only for your own use 4 connection stored in your profile will not be available unless you are logged on Create this connection i For all users f Only for myself Figure 74 Windows 2000 Connection Availability 6 Enter a suitable name and click Finish to save and exit Network Connection Wizard Completing the Network Connection Yizard Type the name vou want to use for this connection Company Name To create this connection and save it in the Network and Dial up Connections folder click Finish To edt this connection in the Network and Dial up Connections folder select it click File and then click Properties 7 Add a shortcut to my desktop Cancel Figure 75 Windows 2000 Finish Wizard Setup is now complete To establish a connection 1 Right click the connection in Network Connections and select Connect 2 You will then be prompted for the username and password Enter the username and password assigned to you as recorded in the VPN client database on ADE 4300 ADW 4300 3 You can choose to have Windows remember the password if desired so you do not have to enter it again Changing the connection settings The PPTP VPN Server in ADE 4300 ADW 4300 is designed to work with the de fault Windows s
53. a name in any string to be the System Location 98 Chapter 7 Advanced Administration This Chapter explains the settings available via the Administration section of the menu Overview Normally it is not necessary to use these screens or change any settings These screens and settings are provided to deal with non standard situations or to provide additional options for advanced users The available settings and features are PC Database Config File Logging amp Email Diagnostics Remote Admin Routing Upgrade Firmware This is the list of PCs shown when you select the DMZ PC or a Virtual Server This database is maintained automati cally but you can add and delete entries for PCs which use a Fixed Static IP Address Backup or restore the configuration file for the ADE 4300 ADW 4300 This file contains all the configuration data View or clear all logs set E Mailing of log files and alerts Perform a Ping or DNS Lookup Allow settings to be changed from the Internet Only required if your LAN has other Routers or Gateways Upgrade the Firmware software installed in your ADE 4300 ADW 4300 99 ADE 4300 ADW 4300 User Guide PC Database The PC Database is used whenever you need to select a PC e g for the DMZ PC e t eliminates the need to enter IP addresses e Also you do not need to use fixed IP addresses on your LAN However if you do use a fixed IP address on some devices
54. aA aa eve ect ene 71 ODUONS orai T 73 loaer S EA AE E S EEA E S E E E A st 74 Mitua SERVES rotar aN Eai 76 VPN IPSEC ain E A E 75 Microsoft VPN lj a a a aa EE S A an 84 SNMP oe ea aa E E ee 98 CHAPTER 7 ADVANCED ADMINISTRATION cccseccecseeseseeseesseseeseuseuseuseeseaees 99 COVOTV OW E ee aa tebe eee E EE E ET hi eck nse s a bot sek E ea 99 PG Data bas A EE E inci cc caed swe S weadawenaucc cues aun E T S 100 COTO etl oer paneer seen cana a setae A E A NS 104 BOC UN aE Bea ce eee esac nares gues eaac eee aean ee eas merece 105 SIVAN orne a a E a 107 DIAGIOSUICS oaea aer e e oasutet ta tpe dieses 109 Remote Administration scsccasiceeieeeisaacee oie iceeedeeisi ones aise ea 110 RUG Ch sete ats eee cate a a nh aatetae noes a e 112 Upgrade FIFIMWAN EC sisare a a a a E e Aa a aAa Ea nE EAER 116 CHAPTER 8 MODEM MODE cccccceceececcecceeeeeeecueeuseueuseuseseuseuseueueeuseusenenseuseunens 117 BAB A RRP ee A ee ae ee eee 117 Management Connections cccsccececssseeeeeseeeeeesneeeeeeneeeeenseeseneneeeseeneessnenneess 117 FIOMIG SCION sic usi A EEE rade E neo E E E EEE A EAE 118 Mode Screen ccccccceceececceceeceecueueeueuseuseuseueuseueuseueeuseueueeueeuseueueeuseuseseueeueeuseseuees 119 ODE FANON sasona EE 119 Ssa Loe e aoo i AREE E EEEE PE O A EE T D EEA AE OEE 120 APPENDIX A TROUBLESHOOTING 2 ccccceceececcecseseeceeceseueeecuseuseeeuseuseeeuseuseneueees 122 BIRT ea EE A E oe a E E E E E 122 General P
55. ackward compatible with the 802 11b standard Channel No Select the Channel you wish to use on your Wireless LAN e f you experience interference shown by lost connections and or slow data transfers you may need to experiment with different channels to see which is the best e f using multiple Access Points adjacent Access Points should use different Channels to reduce interference Broadcast If enabled the ADW 4300 will broadcast its SSID This allows SSID PCs and other wireless stations to detect this Access Point and use the correct SSID If disabled PC users will have to manually enter the SSID and other details of the wireless interface before they can connect to this Access Point Wireless Security Current Setting he current Wireless security is displayed The default value is Disabled Configure Click this button to access the Wireless security sub screen and Button view or change the settings See the following section for details Access Point Enable Wire less Enable this if you want to use Wireless Access Point function If disabled no Wireless stations can use the Access Point Access Point function and all connections must be made via the wired LAN 19 ADE 4300 ADW 4300 User Guide Allow access by Set Stations Button Use this feature to determine which Wireless stations can use the Access Point The options are e All Wireless Stations All wireless stations can use the access
56. ailable to remote users e Subnet address Enter an IP address in the IP address field and the de sired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Remote addresses This identifies which PCs on the remote LAN are covered by this policy For each selection data must be provided as follows e Single PC no subnet Select this option if there is no LAN only a single PC at the remote endpoint If this option is selected no addi tional data is required e Single address Enter an IP address in the IP address field This must be an address on the remote LAN Typically this setting is used when you wish to access a server on the remote LAN e Subnet address Enter an IP address in the IP address field and the de sired network mask in the Subnet Mask field The remote VPN endpoint must have these IP addresses entered as its Local addresses 81 ADE 4300 ADW 4300 User Guide IKE Direction Exchange Mode Diffie Hellman DH Group Local Identity Type Remote Identity Type Remote Identity Data SA Parameters Encryption Authentication Pre shared Key SA Life Time This setting is used when determining if the IKE policy matches the current traffic Select the desired option e Responder only Incoming connections are allowed but outgoing connections will be blocked e Initiator and Responder Both incoming and outgoing
57. another computer Connect using my serial parallel or infrared port lt Back Cancel Figure 71 Windows 2000 Network Connection 92 Advanced Features 3 On the screen below e Select Do not dial the initial connection if Internet access is via the LAN e fusing a PPPoE software client select Automatically dial this initial connec tion and select the PPPoE connection e Click Next to continue Network Connection Wizard Public Network Windows can make sure the public network is connected first Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection f Do not dial the initial connection Automatically dial this initial connection lt Back Cancel Figure 72 Windows 2000 Public Network 4 On the screen below enter the Domain Name or Internet IP address of ADE 4300 ADW 4300 you wish to connect to Click Next to continue Network Connection Wizard F f Destination Address What is the name or address of the destination Type the host name or IP address of the computer or network to which you are connecting Host name or IF address such as microsoft com or 1723 45 68 78 123 45 6 75 Figure 73 Windows 2000 VPN Host 5 Choose whether to allow this connection for everyone or only for yourself as required Click Next to continue 93 ADE 4300 ADW 4300 User Guide Network Connection
58. apabilities Congratulations on the purchase of your new ADE 4300 ADW 4300 The ADE 4300 ADW 4300 is a multi function device providing the following services e ADSL 2 2 Modem e Shared Broadband Internet Access for all LAN users e Wireless Access Point for 802 11b and 802 11g Wireless Stations ADW 4300 only e VPN Gateway to allow secure VPN connections over the Internet e 4 Port Switching Hub for 10BaseT or 100BaseT connections Wireless LAN ee Internet ADE 4300 ADW 4300 Windows Mac Unix Fast Ethernet Figure 1 ADE 4300 ADW 4300 ADE 4300 ADW 4300 Features The ADE 4300 ADW 4300 incorporates many advanced features carefully designed to provide sophisticated functions while being easy to use Internet Access Features e Shared Internet Access All users on the LAN or WLAN can access the Internet through the ADE 4300 ADW 4300 using only a single external IP Ad dress The local invalid IP Addresses are hidden from external sources This process is called NAT Network Address Translation e Built in ADSL 2 2 Modem The ADE 4300 ADW 4300 has a built in ADSL 2 2 modem supporting all common ADSL 2 2 connections ADE 4300 ADW 4300 User Guide IPoA PPPoE PPPoA Direct Connection Support The ADE 4300 ADW 4300 supports all common connection methods Auto detection of Internet Connection Method In most situations the ADE 4300 ADW 4300 can test your ADSL and Internet connection to determine the connec
59. band Gateway e The remote client PC must be configured as described in the following sections e lt is assumed that remote users have a Broadband not dial up connection to the Internet 90 Advanced Features Windows 98 ME 1 Click Start Settings Dial up Networking 2 Select Make New Connection 3 Type a name for this connection and ensure that Microsoft VPN Adapter is selected Click Next to continue Make New Connection Type a name for the computer vou are dialing VPN to Office Select a device ontigure lt Back Cancel Figure 68 Windows ME VPN Adapter 4 Enter the Internet IP address or domain name of this device If you don t have a fixed IP address you can use a Dynamic DNS service to obtain a domain name Click Next to continue Make New Connection Type the name or address of the PN server Host name or IF Address 0 202 126 61 Back Cancel Figure 69 Windows ME VPN Remote Host 5 Click Finish to exit the Wizard The new entry will now be listed in Dial up Networking If necessary you can change the settings for this connection by right clicking on it and selecting Properties To force all outgoing traffic to be sent via VPN enable the setting This is the default Internet connection on the Dialing tab Do NOT enable this setting if using Dial up or PPPoE client software 91 ADE 4300 ADW 4300 User Guide on My Connection General
60. be compliant with the IEEE 802 11g or IEEE 802 11b specifications ADW 4300 only Procedure To ADSL Line To PC Hub Figure 6 Installation Diagram Antenna for ADW 4300 only 1 Choose an Installation Site Select a suitable place on the network to install the ADE 4300 ADW 4300 BS For best Wireless reception and performance the ADW 4300 should be positioned in a central location with minimum Note obstructions between the ADW 4300 and the PCs Also if using multiple Access Points adjacent Access Points should use different Channels Installation 2 Connect LAN Cables A Use standard LAN cables to connect PCs to the Switching Hub ports on the ADE 4300 ADW 4300 Both 10BaseT and 100BaseT connections can be used simulta neously If required connect any port to a normal port on another Hub using a standard LAN cable Any LAN port on the ADE 4300 ADW 4300 will automatically function as an Uplink port when required Connect ADSL Cable Connect the supplied ADSL cable from to the WAN port on the ADE 4300 ADW 4300 the RJ11 connector to the ADSL terminator provided by your phone com pany Power Up Connect the supplied power adapter to the ADE 4300 ADW 4300 Use only the power adapter provided Using a different one may cause hardware damage Power it up by pressing the rear mounted power switch 5 Check the LEDs The Power LED should be ON The Status LED should flash then turn Off If it s
61. capability Othenwise pou need to ask your network administrator for the appropriate IF settings Obtain ONS server address automatically Use the following ONS server addresses aaa aaa Figure 27 TCP IP Properties Windows XP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows setting Using this is recommended By default the ADE 4300 ADW 4300 will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the ADE 4300 ADW 4300 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes In the Default gateway field enter the ADE 4300 ADW 4300 s IP address and click OK Your LAN administrator can advise you of the IP Address they assigned to the ADE 4300 ADW 4300 If the DNS Server fields are empty select Use the following DNS server ad dresses and enter the DNS address or addresses provided by your ISP then 36 PC Configuration Internet Access To configure your PCs to use the ADE 4300 ADW 4300 for Internet access e Ensure that the DSL modem Cable modem or other permanent connection is functional e Use the following procedure to configure your Browser to access the Internet via the LAN rather than by a Dial up connection For Windows 9x ME 2000 1 Select Start Men
62. ccess If the address or part of the address is included in the block site list access will be denied On the Advanced Internet screen select the desired setting e Disable disable this feature e Block By Schedule block according to the settings on the Schedule page e Block Always allow blocking all of the time independent of the Schedule page e Allow Trusted PCs to Visit Blocked Sites Enable this to allow specified com puter s to have unrestricted access to the Internet For this these PC s the URL filter will be ignored To change the list of trusted PCs click the Set Trusted PCs button on the Access Control screen See Figure 46 Data Trusted PCs Trusted PCs Trusted PCs This lists any PCs which you have designated as Trusted Other PCs This list any PCs detected by the router which you have not designated as Trusted Buttons lt lt Add a Trusted PC to the list move from the Other PCs list e Select an entry or entries in the Other PCs list and click the lt lt button gt gt Delete a Trusted PC from the list move to the Other PCs list e Select an entry or entries in the Trusted PCs list e Click the gt gt button Click the URL Filter List button to open the URL Filter screen allowing you to create or modify the filter strings which determine which sites will be blocked The URL Filter List screen is displayed when the URL Filter List button on the Advanced In
63. cked by the firewall in this device The Virtual Server feature solves these problems and allows Internet users to con nect to your servers as illustrated below 192 168 0 1 WEB Server dake Y LAN IP Address FIP Server 192 168 0 10 192 168 0 20 ADE 4300 40 4300 192 168 0 1 203 70 212 52 Internet IF Address Internet Remote PC Remote PC Using Web Server Using FTP Server http i 203 70 212 52 ftp 203 70 212 52 Figure 60 Virtual Servers IP Address seen by Internet Users Note that in this illustration both Internet users are connecting to the same IP Ad dress but using different protocols To Internet users all virtual Servers on your LAN have the same IP Address This IP Address is allocated by your ISP This address should be static rather than dynamic to make it easier for Internet users to connect to your Servers However you can use the DDNS Dynamic DNS feature to allow users to connect to your Virtual Servers using a URL instead of an IP Address Virtual Servers Screen e The Virtual Servers feature allows Internet Users to access PCs on your LAN e The PCs must be running the appropriate Server Software e For Internet Users ALL of your Servers have the same IP address This IP ad dress is allocated by your ISP e To make it easier for Internet users to connect to your Servers you can use the DDNS feature This allows Internet users to connect to your Servers with a URL
64. cols for outgoing and incoming data Start Enter the beginning of the range of port numbers used by the application server for data you receive If the application uses a single port number enter it in both the Start and Finish fields Finish Enter the end of the range of port numbers used by the application server for data you receive Type Select the protocol TCP or UDP used when you send data to the remote system or service Start Enter the beginning of the range of port numbers used by the application server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields Finish Enter the end of the range of port numbers used by the application server for data you send to it If the application uses a single port number enter it in both the Start and Finish fields 61 ADE 4300 ADW 4300 User Guide Using a Special Application e Configure the Special Applications screen as required e On your PC use the application normally Remember that only one 1 PC can use each Special application at any time Also when 1 PC is finished using a par ticular Special Application there may need to be a Time out before another PC can use the same Special Application The Time out period may be up to 3 min utes URL Filter If you want to limit access to certain sites on the Internet you can use this feature The URL filter will check each Web site a
65. completed Any connections to or through the ADE 4300 ADW 4300 will be lost 116 Chapter 8 Modem Mode This Chapter explains configuration and operation when in Modem or Bridge mode Overview There are two modes available on the Mode screen e Router Both the ADSL Modem and the Router features are operational In this mode this device can provide shared Internet Access to all your LAN users Also by default it acts a DHCP Server providing an IP address and related information to all Wireless ADW 4300 only and LAN users e Modem Only the ADSL Modem component is operational All Router features are disabled This device is transparent it does not perform any operations or make any changes to the network traffic passing through it You need to have a DHCP Server on your LAN to provide IP addresses to the Wireless clients using this Access Point ADW 4300 only This Chapter describes operation while in Modem Mode also called Bridge Mode Management Connections When this device restarts in Modem mode the IP address does not change but the DHCP server is disabled However your PC will usually retain the IP address pro vided by the DHCP Server so the connection will be automatically re established You then need to ensure that the IP address of this modem is suitable for your LAN e You need to have a DHCP Server on your LAN to provide IP addresses to the Wireless clients using this Access Point ADW 4300
66. d 2 this Device must accept any interference received including interference that may cause undesired operation Federal Communication Commission FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure set forth for an uncontrolled environment In order to avoid the possibility of exceeding the FCC radio frequency exposure limits human proximity to the antenna shall not be less than 20 cm 8 inches during normal operation R amp TTE Compliance Statement This equipment complies with all the requirements of DIRECTIVE 1999 5 CE OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity R amp TTE The R amp TTE Directive repeals and replaces in the directive 98 13 EEC Telecom munications Terminal Equipment and Satellite Earth Station Equipment As of April 8 2000 Safety This equipment is designed with the utmost care for the safety of those who install and use it However special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment Revision User s Manual for PLANET ADSL 2 2 VPN Firewall Router 802 11g Wireless PLANET ADSL 2 2 VPN Firewall Router Model ADE 4300A B ADW 4300A B Rev 1 0
67. d Refer to Chapter 6 Advanced Features for further details Use the Status link on the main menu to view this screen ADE 4300 ADW 4300 User Guide Modem Status Connected DownStream Connection Speed 1024 kbps UpStream Connection Speed 64 kbps VC 1 Status Enabled VC 2 Status Disabled VC 3 Status Disabled VC 4 Status Disabled ADSL Details Wiel Connection Method PPPoE VC 1 Connection Status Active Internet IP Address 203 73 80 95 Connection Details IP Address 192 168 0 1 Network Mask 255 255 255 0 DHCP Server On MAC Address 00 30 4F 22 44 D6 PEE Name SSID Wireless Region Europe Channel 11 Wireless AP enable Broadcast Name enable SAGE Device Name ADW 4300A Data Status Screen ADSL Modem Status DownStream Connection Speed UpStream Connection Speed VC 1 Status VC 2 Status VC 3 Status VC 4 Status Internet VC1 Connection Method Connection Status Firmware Version 4 10 09 Attached Devices Refresh Screen Figure 43 Status Screen This indicates the status of the ADSL modem component Displays the speed for the DownStream Connection lf connected displays the speed for the Up Stream upload ADSL Connection For each VC Virtual Circuit the current status is dis played This will be either Enabled or Disabled Note VC 1 is a standard Routed Internet connection VC 2 VC 3 and VC 4 are Bridge mode connections Displays the current connection method
68. dows settings If necessary you can change the Windows settings by right clicking the VPN connection in Network Connections and selecting Properties The Properties dialog has a Networking tab with a Type of VPN setting If you have trouble connecting you can change this setting from Automatic to PPTP VPN 97 ADE 4300 ADW 4300 User Guide Simple Network Management Protocol SNMP is the protocol which enable adminis trator to monitor network and bandwidth usage as well as various other network parameters like system information and port usages providing system administrators with live readings and periodical usage trends to optimize the network efficiency SNMP Screen Select Advanced on the main menu then SNMP to see a screen like the following See Enable SNMP support SNMP Simple Network Management Protecell software must be installed on your PC SNMP Data Community Name public SysContact syshame SysLocation Figure 82 SNMP Screen Data SNMP Screen SNMP Service Enable SNMP Enable or disable the SNMP feature as required support SNMP Data Community Enter the Community Name as the Read Community which Name SNMP Software will use it to access ADE 4300 ADW 4300 Once the string name is matched user will be able to view the SNMP data SysContact Specify a name in any string to be the System Contact SysName Specify a name in any string to be the System Name SysLocation Specify
69. dpoints Each IPsec VPN has two SAs one in each direction If IKE Internet Key Exchange is used to generate and exchange keys there are also SA s for the IKE connection as well as the IPsec connection There are two security modes possible with IPSec e Transport Mode the payload data part of the packet is encapsulated through encryption but the IP header remains in the clear unchanged The ADE 4300 ADW 4300 does NOT support Transport Mode e Tunnel Mode everything is encapsulated including the original IP header and a new IP header is generated Only the new header in the clear i e not protected This system provides enhanced security The ADE 4300 ADW 4300 always uses Tunnel Mode IKE IKE Internet Key Exchange is an optional but widely used component of IPsec IKE provides a method of negotiating and generating the keys and IDs required by IPSec If using IKE only a single key is required to be provided during configuration Also IKE supports using Certificates provided by CAs Certification Authorities to authenticate the identify of the remote user or gateway If IKE is NOT used then all keys and IDs SPIs must be entered manually and Certificates can NOT be used This is called a Manual Key Exchange When using IKE there are 2 phases to creating the VPN tunnel e Phase is the negotiation and establishment up of the IKE connection e Phase Il is the negotiation and establishment up of the IPsec co
70. e sensitive so be sure to match the case not just the spelling e Set Network Authentication and Data Encryption to match the ADW 4300 47 ADE 4300 ADW 4300 User Guide e f using data encryption WEP or WPA PSK enter the key used on the ADW 4300 See the preceding sections for details of WEP and WPA PSK e Uncheck the options The key is provided for me automatically and This is a com puter to computer ad hoc network e Click OK to save and exit 4 This wireless network will then be listed in Preferred Networks on the screen below 11b Wireless Network Connection Properties Jx p p General Wireless Networks Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure i ton leva i Prefered networks Automatically connect to available networks in the order listed below Leam about setting up wireless network configuration Figure 42 Preferred Networks 5 Click OK to establish a connection to the ADW 4300 48 Chapter 5 Operation and Status This Chapter details the operation of the ADE 4300 ADW 4300 and the status screens For Details of operation in Bridge Modem mode see Chapter 8 Modem Mode Operation Router Mode Once both the ADE 4300 ADW 4300 and the PCs are configured operation is automatic However there are some situations where additional Internet configuration may be require
71. e ADE 4300 ADW 4300 to perform a Ping or DNS lookup Security Features Password protected Configuration Password protection is provided to prevent unauthorized users from modifying the configuration data and settings Wireless LAN Security ADW 4300 only WPA PSK WEP and Wireless access control by MAC address are all supported The MAC level access control feature can be used to prevent unknown wireless stations from accessing your LAN NAT Protection An intrinsic side effect of NAT Network Address Translation technology is that by allowing all LAN users to share a single IP address the loca tion and even the existence of each PC is hidden From the external viewpoint there is no network only a single device the ADE 4300 ADW 4300 ADE 4300 ADW 4300 User Guide e Firewall All incoming data packets are monitored and all incoming server requests are filtered thus protecting your network from malicious attacks from ex ternal sources e Protection against DoS attacks DoS Denial of Service attacks can flood your Internet connection with invalid packets and connection requests using so much bandwidth and so many resources that Internet access becomes unavail able The ADE 4300 ADW 4300 incorporates protection against DoS attacks Introduction Package Contents The following items should be included If any of these items are damaged or missing please contact your dealer immediately e The ADE 4300 ADW 4300 Unit e Q
72. e E mail to be sent Note If the log is full before the time specified to send it it will be sent regardless of the day and time specified 108 Advanced Features This screen allows you to perform a Ping or a DNS lookup These activities can be useful in solving network problems An example Network Diagnostics screen is shown below DNS Lookup MULE IP Address Internet Name IP address DNS Server BCLs Display the Routing Table Figure 88 Network Diagnostics Screen Data Network Diagnostics Screen Ping Ping this IP Address Ping Button DNS Lookup Internet name Lookup Button Routing Display Enter the IP address you wish to ping The IP address can be on your LAN or on the Internet Note that if the address is on the Internet and no connection currently exists you could get a Timeout error In that case wait a few seconds and try again After entering the IP address click this button to start the Ping procedure The results will be displayed in the Ping Results pane Enter the Domain name or URL for which you want a DNS Domain Name Server lookup Note that if the address in on the Internet and no connection currently exists you could get a Timeout error In that case wait a few seconds and try again After entering the Domain name URL click this button to start the DNS Lookup procedure Click this button to display the inte
73. e Everyone allow access by everyone on the Internet e Only This Computer allow access by only one IP ad dress Enter the desired IP address e IP Address Range allow access from a range of IP addresses on the Internet Enter a beginning and ending IP address to define the allowed range For security you should restrict access to as few external IP addresses as practical 110 Advanced Features To connect from a remote PC via the Internet 1 Ensure your Internet connection is established and start your Web Browser 2 Inthe Address bar enter HTTP followed by the Internet IP Address of the ADE 4300 ADW 4300 If the port number is not 80 the port number is also re quired After the IP Address enter followed by the port number e g HIPS 6 1232 123123 I 38e e060 This example assumes the WAN IP Address is 123 123 123 123 and the port number is 8080 3 You will then be prompted for the login name and password for this device 111 ADE 4300 ADW 4300 User Guide Overview e If you don t have other Routers or Gateways on your LAN you can ignore the Routing page completely e If the ADE 4300 ADW 4300 is only acting as a Gateway for the local LAN seg ment ignore the Routing page even if your LAN has other Routers e If your LAN has a standard Router e g Cisco on your LAN and the ADE 4300 ADW 4300 is to act as a Gateway for all LAN segments enable RIP Rout ing Information Protocol and igno
74. e any changes you may have made You must Save before changing screens or your data will be ignored On each screen clicking the Help button will display help for that screen Note 15 ADE 4300 ADW 4300 User Guide LAN Screen Use the LAN link on the main menu to reach the LAN screen An example screen is shown below IP Address 192 j16e8 o i SubnetMask 255 255 255 o DHCP Server Start IP Address L 192 68 jo Jj2 3 Finish IP Address 192 168 o 254 Figure 8 LAN Screen Data LAN Screen TCP IP IP Address IP address for the ADE 4300 ADW 4300 as seen from the local LAN Use the default value unless the address is already in use or your LAN is using a different IP address range In the latter case enter an unused IP Address from within the range used by your LAN The default value 255 255 255 0 is standard for small class C networks For other networks use the Subnet Mask for the LAN segment to which the ADE 4300 ADW 4300 is attached the same value as the PCs on that LAN segment e f Enabled the ADE 4300 ADW 4300 will allocate IP Ad dresses to PCs DHCP clients on your LAN when they start up The default and recommended value is Enabled Subnet Mask DHCP Server e fyou are already using a DHCP Server this setting must be Disabled and the existing DHCP server must be re configured to treat the ADE 4300 ADW 4300 as the default Gateway
75. ed e For Data Encryption select WEP PC Configuration e For the Network key and Confirm network key enter the default key value used on the ADW 4300 Windows will determine if 64bit or 128bit encryption is used e The Key index must match the default key index on the ADW 4300 The default value is 1 e Ensure the options The key is provided for me automatically and This is a com puter to computer ad hoc network are unchecked e Click OK to save and close this dialog e This wireless network will now be listed in Preferred Networks on the screen below l 11b Wireless Network Connection Properties Jx E General Wireless Networks Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure i tony leva Prefered networks Automatically connect to available networke in the order listed below Leam about setting up wireless network configuration Figure 34 Preferred Networks Click OK to establish a connection to the ADW 4300 43 ADE 4300 ADW 4300 User Guide If using WPA PSK Data Encryption If WPA PSK data encryption has been enabled on the ADW 4300 it does not matter which network is selected on the screen below Just click the Advanced button 11b Wireless Network Connection The following wireless networks are available To access a wireless network select it from the list and then click Connect Ava
76. ed Features ild RIP Direction None RIP Version RIP4 static Routing Static Routing Table Entries Figure 90 Routing Screen Data Routing Screen RIP RIP Direction Select the desired RIP Direction RIP Version Choose the RIP Version for the Server Static Routing Static Routing Table Entries This list shows all entries in the Routing Table e This area shows details of the selected item in the list e Change any the properties as required then click the Edit button to save the changes to the selected entry Buttons Add Add a new entry to the Static Routing table using the data shown in the Properties area on screen The entry selected in the list is ignored and has no effect Edit Update the current Static Routing Table entry using the data shown in the table area on screen Delete Delete the current Static Routing Table entry Save Save the RIP setting This has no effect on the Static Routing Table Configuring Other Routers on your LAN It is essential that all IP packets for devices not on the local LAN be passed to the ADE 4300 ADW 4300 so that they can be forwarded to the external LAN WAN or Internet To achieve this the local LAN must be configured to use the ADE 4300 ADW 4300 as the Default Route or Default Gateway Local Router The local router is the Router installed on the same LAN segment as the ADE 4300 ADW 4300 This router req
77. ed nce see each a aoe tae E vied acne nade E 27 Windows Clients oicoeisctecarcciceaeaddscencvecvebasvecatdedvecdcdeeiededes acdadessuccteaewedeeteen veateneaees 27 Macintosh CIOS seciesececscesccszercancoaceccqudecmisteartecenedactacsteereneseenenutnedoehecnetezeecausacake 38 ETE AE E a A e a E E E E E E E E E EEE NE E E E 38 Other UNDC SYS MS sinp E A A a 38 Wireless Station Configuration ADW 4300 only ccccessseeeeeeeeeeeeeeeneees 39 Wireless Configuration on Windows XP ADW 4300 only cseseeeees 39 CHAPTER 5 OPERATION AND STATUS 0 cc cceceessesseseesseseeseuseeseeseuseuseuseusseeeaees 49 Operation Router Mode icici eee 49 SlAtUS SCECH onna a a ee we nats dene ee N 49 Connection Status PPPOE amp PPPOA Q cccccccsessesseseeseesseseesseeeeeeueeaesausausaees 53 Connection Details Dynamic IP Address ccsccccsseseeeeeeeeeeeseeseeeseaeneeseanes 54 Connection Details Fixed IP Address ccccsesseesesseseesseseuseeeeuseeeseeeuseuesaees 56 CHAPTER 6 ADVANCED FEATURES ccccccceceecsecesceecsessescuccuccccceseessuscucceuceeccess 57 COVER VIG W casona a a a 57 Access Control ananananannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnm nnmnnn nnmnnn nnne 57 nterne tanen aeea EE oaan irea 59 Dynamic DNS Domain Name Server cccsceeeessseeeeeeeeeeeseseneeseeeneseeeneensees 64 Firewall RUIS aiii a a a aa a a a a E aa 66 Firewall SOrviCeS aa aa aa aA a raaa A
78. een Data Schedule Screen Schedule Day Session 1 Session 2 Start Time Finish Time Local Time Time Zone Adjust for Day light Savings Time Each day of the week can scheduled independently Two 2 separate sessions or periods can be defined Session 2 can be left blank if not required Enter the start using a 24 hr clock Enter the finish time using a 24 hr clock In order to display your local time correctly you must select your Time Zone from the list If your region uses Daylight Savings Time you must manually check Adjust for Daylight Savings Time at the beginning of the adjustment period and uncheck it at the end of the Day light Savings period 74 Advanced Features Use this NTP Server Current Time If you prefer to use a particular NTP server as the primary NTP server check the checkbox Use this NTP Server and enter the Server s IP address in the fields provided If this setting is not enabled the default NTP Servers are used This displays the current time on the ADE 4300 ADW 4300 at the time the page is loaded 19 ADE 4300 ADW 4300 User Guide Virtual Servers This feature sometimes called Port Forwarding allows you to make Servers on your LAN accessible to Internet users Normally Internet users would not be able to ac cess a server on your LAN because e Your Server does not have a valid external IP Address e Attempts to connect to devices on your LAN are blo
79. een where you can add a new service Edit To modify a service select it and then click this button Delete Use this button to delete the selected service You can delete any services you have defined 71 ADE 4300 ADW 4300 User Guide Add Edit Service This screen is displayed when the Add or Edit button on the Services screen is clicked Name Type TCP ial Start Port Finish Port Figure 57 Add Edit Service Data Add Edit Service Services Name If editing this shows the current name of the Service If adding a new service this will be blank and you should enter a suitable name Type Select the protocol used by the Service Start Port Enter the beginning of the port range used by the Service Finish Port Enter the end of the port range used by the Service 72 Advanced Features This screen allows advanced users to enter or change a number of settings For normal operation there is no need to use this screen or change any settings An example Options screen is shown below ats O Respond to Ping on Internet WAN Port MTU Size 1492 Bytes 1 1500 Uuli m Enable UPnP Advertisement Period 30 Minutes 1 1440 Advertisement Time to Live 4 Hops 1 255 Figure 58 Options Screen Data Options Screen Internet Respond to e f checked the Wireless Router will respond to Ping ICMP Ping packets received from the Internet e f not checked Ping ICMP packets from the I
80. et Mask 255 255 255 o Direction Initiator and Responder w Exchange Made Diffie Hellman DH Group Group 2 1024 Bit Local Identity Type WAN IP Address 4 Remote Identity Type IP Address v Data SA Parameters Encryption Authentication MDS Pre shared Key SA Life Time Seconds O Enable PFS Perfect Forward Security Figure 101 Gateway B Configuration Settings Setting LAN A Gateway LAN B Gateway Notes Policy Name Example Example Name does not affect operation Select a meaningful name Remote VPN Fixed IP Address Fixed IP Address Other endpoint s WAN Endpoint 205 17 11 43 202 11 13 211 Internet IP address 133 ADE 4300 ADW 4300 User Guide NetBIOS Disable if not required Local LAN 192 168 0 1 192 168 1 1 Local Address subnet IP address 255 255 255 0 255 255 255 0 Use a more restrictive Mask definition if possible Remote LAN 192 168 1 1 192 168 0 1 Remote Address IP address 255 255 255 0 255 255 255 0 subnet Mask Use a more restrictive definition if possible IKE Direction Initiator amp re Initiator amp re Does not have to sponder sponder match Either endpoint can block 1 direction DH Group Group 2 1024 Group 2 1024 bit Must match bit Local Identity IP address IP address IP address is the most common ID method Remote Identity WAN IP address WAN IP address IP address is the most common ID method SA Parameters Encryption 3DES 3DES M
81. et forth for an uncon trolled environment This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body This device complies with Part 15 of the FCC Rules Operation is subject to the follow ing two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation This transmitter must not be co located or operating in conjunction with any other antenna or transmitter CE Approval CE Standards This product complies with the 99 5 EEC directives including the following safety and EMC standards e EN300328 2 e EN301489 1 17 e EN60950 CE Marking Warning This is a Class B product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures 137
82. et on the Wireless screen This shows the Channel currently used as set on the Wireless screen This indicates whether or not the Wireless Access Point feature is enabled This indicates whether or not the SSID is Broadcast This setting is on the Wireless screen The current name of the Router This name is also the hostname for users with an Home type connection The version of the current firmware installed Click this button to open a sub window and view the details of each VC Virtual Circuit Click this button to open a sub window and view a detailed description of the current connection Depending on the type of connection a log may also be available This will open a sub window showing all LAN and Wireless devices currently on the network Update the data displayed on screen 51 ADE 4300 ADW 4300 User Guide 92 Operation and Status Connection Status PPPoE amp PPPoA If using PPPoE PPP over Ethernet or PPPoA PPP over ATM a screen like the following example will be displayed when the Connection Details button is clicked PPPoE I PPPoA Connection Time 00 18 04 Connection to Server Connected Negotiation SUCCESS Authentication Success IP Address 203 73 80 95 Network Mask Pon Poor eee oo Figure 44 PPPoE Status Screen Data PPPoE PPPoA Screen Connection Time This indicates how long the current connection has been established PPPoE Link Status This indicates whether
83. etting for each policy Edit modify the selected policy Select a policy by clicking on the radio button Delete the selected policy Select a policy by clicking on the radio button Change to the input screen for an Auto policy See the following section for details When the new policy is saved it will appear in the bottom row of the Policy Table Change to the input screen for an Manual policy See the following section for details When the new policy is saved it will appear in the bottom row of the Policy Table 19 ADE 4300 ADW 4300 User Guide VPN Status View details of each current VPN Tunnel connection in a sub window You also have the option of viewing the VPN Log VPN Auto Policy Screen This screen is displayed when you click the Add Auto Policy button on the VPN Poli cies screen or when you edit an existing Auto Policy It allows you to define or edit an Auto VPN policy An Auto VPN policy uses the IKE Internet Key Protocol to exchange and negotiate parameters for the IPsec SA Security Association Because of this negotiation it is not necessary for all settings on this VPN Gateway to match the settings on the re mote VPN endpoint Where settings must match this is indicated piia PolicyName ooo Remote VPN Endpoint Address Type Dynamic Ie address F Address Daas NetBIOS Enable ETEN 1 Across Simeun E IP address at Subnet Mask 255 _ J255 AGENT P Aadress
84. ettings e If necessary you can change the Windows settings by right clicking the VPN connection in Network Connections and selecting Properties 94 Advanced Features e The Properties dialog has a Networking tab with a Type of VPN setting If you have trouble connecting you can change this setting from Automatic to PPTP VPN Windows XP Ensure you have logged on with Administrator rights before attempting this procedure 1 Open Network Connections Start Settings Network Connections and start the New Connection Wizard 2 Select the option Connect to the network at my workplace as shown below and click Next New Connection Wizard Network Connection Type What do you want to do C Connect to the Internet Connect to the Internet so you can browse the Web and read email Connect to the network at my workplace Connect to a business network using dial up or YPN 20 you can work from home a field office or another location Set up a home or small office network Connect to an existing home or small office network or set up a new one Set up an advanced connection Connect directly to another computer using your serial parallel or infrared port or set up thi computer so that other computers can connect to t Figure 76 Windows XP Network Connection Type 3 On the next screen shown below select the Virtual Private Network connection option Click Next to continue New Connecti
85. for a Class B digital device pursuant to Part 15 of FCC Rules These limits are designed to pro vide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interfer ence to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures 1 Reorient or relocate the receiving antenna 2 Increase the separation between the equipment and receiver 3 Connect the equipment into an outlet on a circuit different from that to which the receiver is connected 4 Consult the dealer or an experienced radio technician for help FCC Caution To assure continued compliance example use only shielded interface cables when connecting to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This device complies with Part 15 of the FCC Rules Operation is subject to the Fol lowing two conditions 1 This device may not cause harmful interference an
86. gainst snoopers WPA PSK support Like WEP WPA PSK encrypts any data before transmis sion providing protection against snoopers The WPA PSK is a later standard than WEP and provides both easier configuration and greater security than WEP Wireless MAC Access Control The Wireless Access Control feature can check the MAC address hardware address of Wireless stations to ensure that only trusted Wireless Stations can access your LAN Simple Configuration f the default settings are unsuitable they can be changed quickly and easily LAN Features 4 Port Switching Hub The ADE 4300 ADW 4300 incorporates a 4 port 10 100BaseT switching hub making it easy to create or extend your LAN DHCP Server Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The ADE 4300 ADW 4300 can act as a DHCP Server for devices on your local LAN and WLAN Configuration amp Management Easy Setup Use your WEB browser from anywhere on the LAN or WLAN for configuration Configuration File Upload Download Save download the configuration data from the ADE 4300 ADW 4300 to your PC and restore upload a previ ously saved configuration file to the ADE 4300 ADW 4300 Remote Management The ADE 4300 ADW 4300 can be managed from any PC on your LAN or Wireless LAN And if the Internet connection exists it can also optionally be configured via the Internet Network Diagnostics You can use th
87. gure 39 Wireless Networks Windows XP In this situation you need to obtain the SSID from your network administrator then follow this procedure 1 Click the Advanced button to see a screen like the example below 46 PC Configuration 11b Wireless Network Connection Properties EE General Wireless Networks Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure boy albert_1 Preferred networks Automatically connect to available networks in the order listed below Add Button Learn about setting up wireless network contiquration Figure 40 Unlisted Wireless Network 2 Click the Add button You will see a screen like the example below Wireless network properties Association Authentication Network name S510 Enter SSID Wireless network key This network requires a key for the following Network Authentication Open s S Set to match l Access Point Network key Confirm network key Key index advanced The key iz provided for me automatically UNCHECK these options ae P C This is a computer to computer ad hoc network wireless access points are not used Figure 41 Add Wireless Network 3 Configure this screen as follows e Enter the correct SSID as used on the ADW 4300 Remember the SSID is cas
88. gure 47 Access Control Screen Data Access Control Screen Internet Access Access control Select the desired options for Internet access control e Disable Nothing is blocked e Block all Internet access All traffic via the WAN port is blocked e Block selected Services You can select which Ser vices are to block Hold CTRL key on MAC SHIFT to select multiple items Schedule The administrator can choose Default Schedule to apply the blocking only during scheduled times If access is not blocked no Scheduling is possible and this setting has no effect e None Schedule is disabled e Default Use the schedule which is defined in Schedule of Advanced Features Trusted PCs Set Trusted PCs Restrictions do not apply to Trusted PCs Trusted PCs This Trusted PC list has no effect unless the Internet Access feature is enabled The list on the Trusted PCs will be bypassed from blockade of Internet access To change the list of trusted PCs click the Set Trusted PCs button on the Access Control screen You will see a screen like the sample below 58 Advanced Features Trusted PCs n Other PCs ENM MICK 00 40 95 30 6F F3 Figure 48 Trusted PCs Data Trusted PCs Trusted PCs Trusted PCs This lists any PCs which you have designated as Trusted Other PCs This list any PCs detected by the router which you have not designated as Trusted Buttons lt lt Add a Trusted PC to the list move fro
89. he key in the field provided For MD5 the key should be 16 ASCII characters 32 Hex characters For SHA 1 the key should be 20 ASCII 40 Hex charac ters 86 Advanced Features VPN Status Screen This screen is displayed when you click the VPN Log button on the VPN Policies screen or on the Status screen This screen allows you to view details of each current VPN Tunnel connection If there are no current connections the status table will be empty Current VPN Tunnels SAs Policy Name Remote Endpoint SPitIn SPi Out Action Figure 65 VPN Status Screen Data VPN Status Screen Tunnel Table This table contains the following data about each current connec tion e Policy Name The name of the policy When a policy is created it must be given a unique name to identify it e Remote Endpoint The address of the remote VPN end point e SPI In This is a unique index number to identify the incom ing connection For Auto policies the SPI is automatically generated For Manual policies the SPI must be entered when the policy is configured e SPI Out This is a unique index number to identify the outgoing connection For Auto policies the SPI is automati cally generated For Manual policies the SPI must be entered when the policy is configured e Action This column will contain a button which allows you to break terminate the current the VPN connection Buttons Auto Refresh
90. his requires using the IKE Internet Key Exchange protocol to perform negotiations between the 2 VPN Endpoints 78 Advanced Features VPN Policies Screen This screen is displayed when you select VPN on the Advanced menu It allows you to create modify and manage your VPN Policies If you have not created any policies the Policy Table will be empty Enable Name Endpoint Type Local LAN Remote LAN ESP Add Auto Policy Add Manual Policy VPN Status Figure 62 VPN Policies Screen Data VPN Policies Screen Policy Table Buttons Save Edit Delete Add Auto Policy Add Manual Pol icy The Policy Table contains the following data e Enable Use this checkbox to Enable or Disable a Policy as required Click Save after making any changes e Name Each policy is given a unique name to identify it This name is not Known to the remote VPN endpoint it is used only to assist managing your policies e Endpoint The address of the remote VPN endpoint e Type The Type is Auto or Manual as explained above e Local LAN IP address or subnet on your local LAN Traffic must be from or to these addresses to be cov ered by this policy e Remote LAN IP address or subnet on the remote LAN Traffic must be to or from these addresses to be cov ered by this policy e ESP ESP Encapsulating Security Payload encryption protocol used for the VPN data Save any changes to the Enable s
91. ilable wireless networks i tory_ol4yv3 This wireless network requires the use of a network key WEF To access this network type the key then click Connect Enable IEEE 802 1 authentication for this network If You are having difficulty connecting to a network click Advanced Figure 35 Wireless Networks Windows XP You will then see a screen like the example below 11b Wireless Network Connection Properties Jx General Wireless Networks Advanced Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure A albert_1 Prefered networks Automatically connect to available networks in the order listed below Leam about setting up wireless network configuration Figure 36 Advanced Wireless Networks Select the SSID for the ADW 4300 and click Configure to see a screen like the following 44 PC Configuration Wireless network properties Association Authentication Network name SSID Wireless network key This network requires a key for the following Network Authentication WPA PSK Data encryption TKIP Network key Confirm network key C This ig a computer to computer ad hoc network wireless access points are not used Figure 37 Wireless Network Properties WPA PSK Configure this screen as follows Set Network Authentication to WPA PSK For Data Enc
92. ingle address Enter the required address in the Sin gle Start fields This determines whether packets covered by this rule are logged Select the desired action e Always always log traffic considered by this rule whether it matches or not This is useful when debugging your rules e Never never log traffic considered by this rule whether it matches or not e Match Log traffic only it matches this rule The action is determined by this rule e Not Match Log traffic which is considered by this rule but does not match The action is NOT determined by this rule 70 Advanced Features Firewall Services Services are used when creating Firewall Rules If you wish to create a firewall rule but the required service is not listed in the Ser vice list you can use this feature to define the required service or services Once created these services will be listed in the Service list and can be used when creating Firewall Rules Service List Existing Services Figure 56 Add Services Screen Data Firewall Services Services Existing Ser This lists any Services you have defined If you have not vices defined any Services this list will be empty Once you define some services they will be listed here and also shown in the Service list used to create Firewall rules Firewall services are at the end of the list after the pre defined services Add Use this to open a sub scr
93. ireless station should also have WEP disabled e If WEP is enabled on the ADW 4300 your PC must have WEP enabled and the key must match e If the ADW 4300 s Wireless screen is set to Allow Trusted PCs only then each of your Wireless stations must have been desig nated as Trusted or the Wireless station will be blocked e To see if radio interference is causing a problem see if connec tion is possible when close to the ADW 4300 Remember that the connection range can be as little as 100 feet in poor environments Problem 2 Wireless connection speed is very slow Solution 2 The wireless system will connect at the highest possible speed depending on the distance and the environment To obtain the high est possible connection speed you can experiment with the following e ADW 4300 location Try adjusting the location and orientation of the ADW 4300 e Wireless Channel If interference is the problem changing to another channel may show a marked improvement e Radio Interference Other devices may be causing interference You can experiment by switching other devices Off and see if this helps Any noisy 123 ADE 4300 ADW 4300 User Guide devices should be shielded or relocated e RF Shielding Your environment may tend to block transmission between the wireless stations This will mean high access speed is only pos sible when close to the ADW 4300 124 Appendix B About Wireless LAWN Sanw 4300 oniy This Ap
94. le e To define the Schedule used in these selections use the Schedule screen Select the PC or Server on your LAN which will receive the in bound traffic covered by this rule These settings determine which packets are covered by the rule based on their source WAN IP address Select the desired option e Any All IP addresses are covered by this rule e Address range If this option is selected you must enter the 68 Advanced Features Log desired values in the Single Start and Finish fields to de termine the address range Single address Enter the required address in the Sin gle Start fields This determines whether packets covered by this rule are logged Select the desired action Always always log traffic considered by this rule whether it matches or not This is useful when debugging your rules Never never log traffic considered by this rule whether it matches or not Match Log traffic only it matches this rule The action is determined by this rule Not Match Log traffic which is considered by this rule but does not match The action is NOT determined by this rule Outgoing Rules Outbound Services This screen is displayed when the Add or Edit button for Outgoing Rules is clicked Service Action BLOCK always wa LAN Users Any v Pc seega M WAN Users Any v single Start OOOO IOO JDO Finis OO JEO JEO Figure 55 Outbound Services Screen
95. m the Other PCs list e Select an entry or entries in the Other PCs list and click the lt lt button gt gt Delete a Trusted PC from the list move to the Other PCs list e Select an entry or entries in the Trusted PCs list e Click the gt gt button Note It is necessary to click the Save button in the Access Control page for activation of Trusted PCs if you add delete any entry of Trusted PCs page This screen provides access to the DMZ Special Applications and URL Filter features 59 ADE 4300 ADW 4300 User Guide Bra O Enable DMZ using Select a PC M My PC is not listed SLE fan application does not work you can define it as a Special Special Applications Ube Annlication ee O Disable Block Always Block By Schedule O Allow Trusted PCs to Visit Blocked Sites Set Trusted PGs URL Filter List Figure 49 Internet Screen DMZ This feature if enabled allows the DMZ computer on your LAN to be exposed to all users on the Internet e This allows almost any application to be used on the DMZ PC e The DMZ PC will receive all Unknown connections and data e Ifthe DMZ feature is enabled you must select the PC to be used as the DMZ PC ES The DMZ PC is effectively outside the Firewall mak ing it more vulnerable to attacks For this reason you Note should only enable the DMZ feature when required Special Applications If you use Internet applications
96. n Buttons lt lt Add a Trusted Wireless Station to the list move from the Other Stations list e Select an entry or entries in the Other Stations list and click the lt lt button e Enter the Address MAC or physical address of the wireless station and click the Add button gt gt Delete a Trusted Wireless Station from the list move to the Other Stations list e Select an entry or entries in the Trusted Stations list e Click the gt gt button 23 ADE 4300 ADW 4300 User Guide Edit Add Update Clear Use this to change an existing entry in the Trusted Stations list 1 Select the Station in the Trusted Station list 2 Click the Edit button The address will be copied to the Address field and the Add button will change to Up date 3 Edit the address MAC or physical address as required 4 Click Update to save your changes To add a Trusted Station which is not in the Other Wireless Stations list enter the required data and click this button When editing an existing Wireless Station this button will change from Add to Update Clear the Name and Address fields 24 Setup Password Screen The password screen allows you to assign a password to the ADE 4300 ADW 4300 EE ie The password protects the configuration data Once set recommended you will be prompted for the password when you connect Old Password New password Verity passw
97. n is the same as in Router mode e Upgrade Firmware this screen is the same as in Router mode e Status displays current settings and status See the following section for details 118 Advanced Administration Mode Screen This screen is change back to Router mode if desired PR Device Name Device Mode Modem Modem only Figure 94 Mode Screen Data Mode Screen Device This field displays the current name of this device Name Device Select the desired device mode for the router Mode e Router Both the ADSL Modem and the Router features are operational In this mode this device can provide shared Inter net Access to all your LAN users Also by default it acts a DHCP Server providing an IP address and related information to all Wireless ADW 4300 only and LAN users e Modem Only the ADSL Modem component is operational All Router features are disabled This device is transparent it does not perform any operations or make any changes to the network traffic passing through it You need to have a DHCP Server on your LAN to provide IP addresses to the Wireless cli ents using this Access Point ADW 4300 only This mode is also called Bridge Mode After changing the mode this device will restart which will take a few seconds The menu will also change depending on the mode you are in Operation is automatic and transparent e Wireless clients can connect to the Access Point ADW 4300 only
98. nd related informa tion Network Mask Gateway IP address and DNS address IPoA Normally the connection is a ADSL parameters VPI and IP over ATM Always on VCI may be required if they cannot be detected automati cally b IP Address allocated to you and related information such as Network Mask Gateway IP address and DNS address 14 Setup Home Screen After finishing the Setup Wizard you will see the Home screen When you connect in future you will see this screen when you connect An example screen is shown below a D PLANET f ADW 4300A ADW 4300A Internet IP Address 203 73 80 95 Connection Method PPPoE Wireless SSID Wireless Security Disabled Y Advanced IP Address 192 168 0 1 DHCP Server On Y Administration Figure 7 Home Screen Main Menu The main menu on the left contains links to the most commonly used screen To see the links to the other available screens click Advanced or Administration The main menu also contains two 2 buttons e Log Out When finished you should click this button to logout e Restart Use this if you wish to restart the ADE 4300 ADW 4300 Note that restarting the Router will break any existing connections to or through the Router Navigation amp Data Input e Use the menu bar on the left of the screen and the Back button on your Browser for navigation e Changing to another screen without clicking Save does NOT sav
99. ng connections from a remote client where the client s IP address is not known in advance Local amp Remote This determines which outgoing traffic will cause a VPN connec LAN definition tion to be established and which incoming traffic will be accepted Each endpoint must be configured to pass and ac cept the desired traffic from the remote endpoint If connecting 2 LANs this requires that e Each endpoint must be aware of the IP addresses used on the other endpoint e The 2 LANs MUST use different IP address ranges IKE parameters If using IKE recommended the IKE parameters must match except for the SA lifetime which can be different IPsec parame The IPsec parameters at each endpoint must match ters 129 ADE 4300 ADW 4300 User Guide Common VPN Situations VPN Pass through me I EES Bay P Ema E cay fe ee eee Lull Router Gateway p PCs with VPN Software VPN Server Figure 96 VPN Pass through Here a PC on the LAN behind the Router Gateway is using VPN software but the Router Gateway is NOT acting as a VPN endpoint It is only allowing the VPN connec tion e The PC software can use any VPN protocol supported by the remote VPN e The remote VPN Server must support client PCs which are behind a NAT router and so have an IP address which is not valid on the Internet e The Router Gateway requires no VPN configuration since it is not acting as a
100. nnection 128 Appendix C VPNs Because the IKE and IPsec connections are separate they have different SAs Secu rity associations Policies VPN configuration settings are stored in Policies Note that different vendors use different terms Generally the terms VPN Policy IPSec Policy and IPSec Proposal have the same meaning However some ven dors separate IKE Policies Phase 1 parameters from IPSec Policies Phase 2 parameters For the ADE 4300 ADW 4300 each VPN policy contains both Phase 1 and Phase 2 parameters if IKE is used Each policy defines e The address of the remote VPN endpoint e The traffic which is allowed to use the VPN connection e The parameters settings for the IPsec SA Security Association e If IKE is used the parameters settings for the IKE SA Security Association Generally you will need at least one 1 VPN Policy for each remote site for which you wish to establish VPN connections It is possible and sometimes necessary to have multiple Policies for the same remote site However you should only Enable one 1 policy at a time VPN Configuration The general rule is that each endpoint must have matching Policies as follows VPN Endpoint Each VPN endpoint must be configured to initiate or accept address connections to the remote VPN client or Gateway Usually this requires having a fixed Internet IP address How ever it is possible fora VPN Gateway to accept incomi
101. nternet will be ignored Disabling this option provides a slight increase in security MTU Size Enter a value between 1 and 1500 Note MTU Maximum Transmission Unit size should only be changed if advised to do so by Technical Support UPnP UPnP e UPnP Universal Plug and Play allows automatic discovery and configuration of equipment attached to your LAN UPnP is by supported Windows ME XP or later e If Enabled this device will be visible via UPnP e f Disabled this device will not be visible via UPnP Advertisement Enter the desired value in minutes The valid range is from 1 to Period 1440 Advertisement Enter the desired value in hops The valid range is from 1 to Time to Live 255 T3 ADE 4300 ADW 4300 User Guide This Schedule can be used for the Firewall Rules and the URL filter Schedule Use 24 hour clock On all day 00 00 to 24 00 Off all day All fields blank session 1 session 2 Start Finish aa Finish poloo 12 00 Tuesday 0o o0 72 00 Am G Wednesday oa oo 324 00 22 00 Thursday 0g 00 12 00 Friday oo oo 12 f00 12 09 J Saturday poloo 124 00 E200 2a o0 Sunday oo foo 12 00 221 o0 akon Day Monday KAL Time Zone GMT Greenwich Mean Time Edinburgh London _ O Adjust for Daylight savings Time OUse this NTP Server f Curent Time 2005 06 01 08 28 37 Figure 59 Schedule Scr
102. ntry Update Selected PE Ratresh Standard Sorear Figure 84 PC Database Admin Data Advanced PC Database Known PCs This lists all current entries Data displayed is name IP Address type The type indicates whether the PC is connected to the LAN PC Properties Name If adding a new PC to the list enter its name here It is best if this matches the PC s hostname 102 Advanced Features IP Address MAC Address Buttons Add as New Entry Update Se lected PC Clear Form Refresh Generate Report Standard Screen Select the appropriate option e Automatic The PC is set to be a DHCP client Windows Obtain an IP address automatically The ADE 4300 ADW 4300 will allocate an IP address to this PC when requested to do so The IP address could change but normally won t e DCHP Client Reserved IP Address Select this if the PC is set to be a DCHP client and you wish to guarantee that the ADE 4300 ADW 4300 will always allocate the same IP Address to this PC Enter the required IP address e Fixed IP Address Select this if the PC is using a Fixed Static IP address Enter the IP address allocated to the PC The PC itself must be configured to use this IP ad dress Select the appropriate option e Automatic discovery Select this to have the ADE 4300 ADW 4300 contact the PC and find its MAC address This is only possible if the PC is connected to the LAN
103. o any or null blank to allow connection to any Access Point The Wireless Stations and the Access Point must use the same settings for Wireless security None WEP WPA PSK WEP If WEP is used the Key size 64Bit 128Bit Key value and Authentication settings must be the same on the Wireless Stations and the Access Point WPA PSK If WPA PSK is used all Wireless Stations must be set to use WPA PSK and have the same Pre shared Key and encryption system Wireless Security For Ad hoc networks no Access Point all Wireless stations must use the same security settings 127 Appendix C About VPNs Overview A VPN Virtual Private Network provides a secure connection between 2 points over an insecure network typically the Internet This secure connection is called a VPN Tunnel There are many standards and protocols for VPNs The standard implemented in the ADE 4300 ADW 4300 is IPSec IPSec IPSec is a near ubiquitous VPN security standard designed for use with TCP IP networks It works at the packet level and authenticates and encrypts all packets traveling over the VPN Tunnel Thus it does not matter what applications are used on your PC Any application can use the VPN like any other network connection IPsec VPNs exchange information through logical connections called SAs Security Associations An SA is simply a definition of the protocols algorithms and keys used between the two VPN devices en
104. ocol be installed and configured on each PC TCP IP Settings Overview If using the default ADE 4300 ADW 4300 s settings and the default Win dows TCP IP settings no changes need to be made e By default the ADE 4300 ADW 4300 will act as a DHCP Server automatically providing a suitable IP Address and related information to each PC when the PC boots e For all non Server versions of Windows the default TCP IP setting is to actas a DHCP client If using a Fixed specified IP address the following changes are re quired e The Gateway must be set to the IP address of the ADE 4300 ADW 4300 e The DNS should be set to the address provided by your ISP BS If your LAN has a Router the LAN Administrator must re configure the Router itself Refer to Chapter 8 Ad Note vanced Setup for details ADE 4300 ADW 4300 User Guide Checking TCP IP Settings Windows 9x ME 5 Select Control Panel Network You should see a screen like the following Network El ES Configuration Identification Access Control The following network components are installed 4 MeBEUI gt PCI Fast Ethernet Adapter F MetBEUI gt Dial Up Adapter NetBEUI gt Dial Up Adapter 2 WPN Supporti x TCP IP gt PCI Fast Ethernet Adapter TCP IP gt Dial Up Adapter TCP IP gt Dial Up Adapter 2 VPN Support Ca File and printer sharing for NetWare Networks 4 Add Remove Properties Figure 16 Network Configuration
105. on Wizard Network Connection How do you want to connect to the network at your workplace Create the following connection O Dial up connection Connect using 4 modem and a regular phone line or an Integrated Services Digital Network SDM phone line Virtual Private Network connection Connect to the network using a virtual private network YPM connection over the Internet Figure 77 Windows XP Network Connection 4 Enter a suitable name for this connection Click Next to continue 95 ADE 4300 ADW 4300 User Guide New Connection Wizard Connection Name Specify a name for this connection to your workplace Type a name for this connection in the following box Company Name Company Name For example you could type the name of your workplace or the name of a server you will connect to Cancel Figure 78 Windows XP Connection Name 5 On the screen below select Do not dial the initial connection Click Next to continue New Connection Wizard Public Network Windows can make sure the public network i connected first Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection Do not dial the mitial connection Automatically dial this initial connection Figure 79 Windows XP Public Network 6 On the screen below enter the Domain Name or Internet IP address of ADE 4300 ADW 4300 you
106. ord Figure 13 Password Screen Old Password Enter the existing password in this field New password Enter the new password here Verify pass Re enter the new password here word You will be prompted for the password when you connect as shown below Enter Network Password gt Please type your user name and password Site 192 168 0 1 Realm NeedPassword User Name Password l Save this password in your password list Cancel Figure 14 Password Dialog The User Name is always admin Enter the password for the ADE 4300 ADW 4300 as set on the Password screen above The default password is blank 25 ADE 4300 ADW 4300 User Guide Mode Screen Use this screen to change the mode between Router mode and Modem Bridge mode Pee Device Name Figure 15 Mode Screen Select the desired option and click Save Router Both the ADSL Modem and the Router features are operational In this mode this device can provide shared Internet Access to all your LAN users Also by default it acts a DHCP Server providing an IP address and related information to all Wireless ADW 4300 only and LAN users Modem Only the ADSL Modem component is operational e All Router features are disabled This device is transparent it does not perform any operations or make any changes to the network traffic passing through it e You need to have a DHCP Server on your LAN to provide IP addresses to
107. outing An F address can be automatically assigned to this network card by a DHCP server IF your network does not hawe a DHCP server ask your network administrator for an address and then type it in the space below Adapter PC Fast Ethernet Adapter ki f Obtain an IP address from a DHCP server C Specify an IF address E ddess Subnet hlask Default matewa OK Cancel Apply Figure 21 Windows NT4 0 IP Address 3 Select the network card for your LAN 4 Select the appropriate radio button Obtain an IP address from a DHCP Server or Specify an IP Address as explained below Obtain an IP address from a DHCP Server This is the default Windows setting Using this is recommended By default the ADE 4300 ADW 4300 will act as a DHCP Server Restart your PC to ensure it obtains an IP Address from the ADE 4300 ADW 4300 Specify an IP Address If your PC is already configured check with your network administrator before making the following changes 1 The Default Gateway must be set to the IP address of the ADE 4300 ADW 4300 To set this e Click the Advanced button on the screen above e On the following screen click the Add button in the Gateways panel and enter the ADE 4300 ADW 4300 s IP address as shown in Figure 22 below e If necessary use the Up button to make the ADE 4300 ADW 4300 the first entry in the Gateways list 31 ADE 4300 ADW 4300 User Guide
108. ows you to select the rule Enable Indicates whether or not the rule is currently enabled For rules you have added this column will contain a checkbox allowing you to easily enable or disable the rule Click Save after making any changes Service Name The Service covered by this rule Action The action performed on connections which are covered by this rule LAN Server The PC or Server on your LAN to which traffic covered by this rule will be sent 66 Advanced Features WAN Users Log Buttons Outgoing Rules Enable Service Name Action LAN Users WAN Servers Log Buttons The WAN IP address or addresses covered by this rule Indicates whether or not connections covered by this rule should be logged Use the Add button to create a new rule The other buttons Edit Move or Delete require that a rule be selected first Use the radio buttons in the left column to select the desired rule For the default rule this will display Default For rules which you create this will display a radio button which allows you to select the rule Indicates whether or not the rule is currently enabled For rules you have added this column will contain a checkbox allowing you to easily enable or disable the rule Click Save after making any changes The Service covered by this rule The action performed on connections which are covered by this rule The LAN PC or PCs covered by this rule The
109. pendix provides some background information about using Wireless LANs WLANs Wireless LANs can work in either of two 2 modes e Ad hoc e Infrastructure Ad hoc Mode Ad hoc mode does not require an Access Point or a wired Ethernet LAN Wire less Stations e g notebook PCs with wireless cards communicate directly with each other Infrastructure Mode In Infrastructure Mode one or more Access Points are used to connect Wireless Stations e g Notebook PCs with wireless cards to a wired Ethernet LAN The Wireless Stations can then access all LAN resources Access Points can only function in Infrastructure mode and can communicate only with Wireless Stations which are Note set to Infrastructure mode BSS ESS BSS A group of Wireless Stations and a single Access Point all using the same ID SSID form a Basic Service Set BSS Using the same SSID is essential Devices with different SSIDs are unable to com municate with each other ESS A group of Wireless Stations and multiple Access Points all using the same ID ESSID form an Extended Service Set ESS Different Access Points within an ESS can use different Channels In fact to reduce interference it is recommended that adjacent Access Points SHOULD use different channels As Wireless Stations are physically moved through the area covered by an ESS they will automatically change to the Access Point which has the least interference or best 12
110. re the Static Routing table e If your LAN has other Gateways and Routers and you wish to control which LAN segments use each Gateway do NOT enable RIP Routing Information Protocol Configure the Static Routing table instead You also need to configure the other Routers e lf using Windows 2000 Data center Server as a software Router enable RIP on the ADE 4300 ADW 4300 and ensure the following Windows 2000 settings are correct e Open Routing and Remote Access e Inthe console tree select Routing and Remote Access server name IP Routing RIP e Inthe Details pane right click the interface you want to configure for RIP ver sion 2 and then click Properties e On the General tab set Outgoing packet protocol to RIP version 2 broadcast and Incoming packet protocol to RIP version 1 and 2 Routing Screen The routing table is accessed by the Routing link on the Administration menu Using this Screen Generally you will use either RIP Routing Information Protocol OR the Static Rout ing Table as explained above although is it possible to use both methods simultaneously Static Routing Table e If RIP is not used an entry in the routing table is required for each LAN segment on your Network other than the segment to which this device is attached e The other Routers must also be configured See Configuring Other Routers on your LAN later in this chapter for further details and an example 112 Advanc
111. res 2 entries as follows Entry 1 Segment 1 Destination IP Address 192 168 1 0 Network Mask 255 255 255 0 Standard Class C Gateway IP Address 1 92 A 68 0 1 00 ADE 4300 ADW 4300 s 114 Advanced Features Metric Entry 2 Segment 2 Destination IP Address Network Mask Gateway IP Address Metric For Router A s Default Route Destination IP Address Network Mask Gateway IP Address For Router B s Default Route Destination IP Address Network Mask Gateway IP Address local Router 2 192 168 2 0 255 255 255 0 Standard Class C 192 168 0 100 3 0 0 0 0 0 0 0 0 192 168 0 1 ADE 4300 ADW 4300 s IP Address 0 0 0 0 0 0 0 0 192 168 1 80 ADE 4300 ADW 4300 s local router 115 ADE 4300 ADW 4300 User Guide Upgrade Firmware The firmware software in the ADE 4300 ADW 4300 can be upgraded using your Web Browser You must first download the upgrade file then select Upgrade Firmware on the Ad ministration menu You will see a screen like the following Locate and Select the Upaqrade File fram your Hard Disk Figure 92 Router Upgrade Screen To perform the Firmware Upgrade 1 Click the Browse button and navigate to the location of the upgrade file 4 Select the upgrade file Its name will appear in the Upgrade File field 5 Click the Upload button to commence the firmware upgrade ES The ADE 4300 ADW 4300 is unavailable during the upgrade process and must restart when the up Note grade is
112. ress check the Network Mask Default gateway and DNS as well as the IP Address e Ifthe PCs are configured correctly but still not working check the ADE 4300 ADW 4300 Ensure that it is connected and ON Connect to it and check its settings If you can t connect to it check the LAN and power connections 122 Appendix A Troubleshooting e Check the ADE 4300 ADW 4300 s status screen to see if it is working correctly Problem 2 Some applications do not run properly when using the ADE 4300 ADW 4300 Solution 2 The ADE 4300 ADW 4300 processes the data passing through it so it is not transparent For incoming connections you must use the Virtual Server or Fire wall Rules to specify the PC which will receive the incoming traffic You can also use the DMZ function This should work with almost every application but e tis a security risk since the firewall is disabled e Only one 1 PC can use this feature Wireless Access ADW 4300 only Problem 1 My PC can t locate the Wireless Access Point Solution 1 Check the following e Your PC is set to Infrastructure Mode Access Points are always in Infrastructure Mode e The SSID on your PC and the Wireless Access Point are the same Remember that the SSID is case sensitive So for example Workgroup does NOT match workgroup e Both your PC and the ADW 4300 must have the same setting for WEP The default setting for the ADW 4300 is disabled so your w
113. rnal routing table This information can be used by Technical Support and other staff who understand Routing Tables 109 ADE 4300 ADW 4300 User Guide Remote Administration If enabled this feature allows you to manage the ADE 4300 ADW 4300 via the Inter net BER O Enable Remote Management Administration Current P Address Fort Number 8080 Bids ER Allow Remote Access By Permission Everyone Only This Computer IP Address Range From l To dO IL Figure 89 Remote Administration Screen Data Remote Administration Screen Remote Administration Enable Remote Check to allow administration management via the Internet Management To connect see below If Disabled this device will ignore Administration connection attempts from the Internet Current This is the current address you will use when accessing this IP Address device from the Internet To connect see details and an ex ample below Port Number Enter a port number between 1 and 65535 The default for HTTP Web connections is port 80 but using port 80 will prevent the use of a Web Virtual Server on your LAN So using a different port number is recommended The default value is 8080 The port number must be specified in your Browser when you connect See the following section for details Access Permission Allow Remote Select the desired option Access
114. roblemS ccccecsececsecseccececcusceceecuscusceceecuceecususeesessuseuseusessuseuseenusees 122 interne ACCESS iacente ara Oana 122 Wireless Access ADW 4300 only cccccsceeesseeeeeeeeeeeneeeeeneeseenseeeneeseenenees 123 APPENDIX B ABOUT WIRELESS LANS ADW 4300 ONLY cccecesseeeeeeeeees 125 Modes aeiiaaie aa nasuunnednarkuceeeenudensbenstancheacdeacaaekauacauseummncnasudeuchesye 125 BSS ESS POA E E EE A E E S E E E E S EEE EE E 125 CRANES E EE O E O O E OA EE ET EE S T tat et abo eat nas 126 WEEP E E A EA E E A S E E EEE E ETE A e O 126 A a a E Ee p EREE es Aes ee Ae Ae ee ee 126 Wireless LAN Configuration ccccccccsseeeesseeeceeeeeeeeeeseeeesaeeeesaneeseaneeseenenees 127 APPENDDCC ABOUT VEN S vs cciccecensteceencetoneetateedectncenereuncspdoethutaedesecenctebaesnecaeubateutert 128 COVEN VIC W E eesti a esl ha vcin E eet AREAS TE E AE OAA 128 Common VPN SIUations eaaa a a aa aE EEEN 130 VPN EXaMplE nnen A A walantaeaeuanrunareL 131 APPENDIX D SPECIFICATIONS 0 0 0 cc ccececcecceceececceseeseueeseuseusaseuseueeseuseuseneeeeuseuees 135 ADSL 2 2 VPN Firewall Router c cccccccecseeeeceeceeceseeeeseuseuseeeuseeeeeeueeuseeeuees 135 Wireless Interface ADW 4300 Only cccceseseeeeeeeeeeeeeeneeesneneeseensenseaeneess 136 Regulatory ADDIOVANS ipii eaaa dues eevee iad EES 137 Chapter 1 Introduction This Chapter provides an overview of the ADE 4300 ADW 4300 s fea tures and c
115. rt to Factory Default Settings Figure 85 Config File Screen Data Config File Screen Backup Config Restore Config Default Config Use this to download a copy of the current configuration and store the file on your PC Click Download to start the download This allows you to restore a previously saved configuration file back to the ADE 4300 ADW 4300 Click Browse to select the configuration file then click Restore to upload the configuration file WARNING Uploading a configuration file will destroy overwrite ALL of the existing settings Clicking the Factory Defaults button will reset the ADE 4300 ADW 4300 to its factory default settings WARNING This will delete ALL of the existing settings 104 Advanced Features Logging The Logs record various types of activity on the ADE 4300 ADW 4300 This data is useful for troubleshooting but enabling all logs will generate a large amount of data and adversely affect performance Since only a limited amount of log data can be stored in the ADE 4300 ADW 4300 log data can also be E mailed to your PC Use the E mail screen to configure this feature EES Curent time 2002 09 08 145519 oun 2002 09 05 12 05 31 Administrator logi Sun 2002 09 06 12 00 00 Router start up Clear Log sendLog Include in Log Attempted access to blocked sites Connections to the Web based interface of this Router Router operation start up get time etc Known
116. ryption select TKIP For the Network key and Confirm network key enter the network key PSK used on the ADW 4300 Ensure the option This is a computer to computer ad hoc network is unchecked Click OK to save and close this dialog This wireless network will now be listed in Preferred Networks on the screen below 45 ADE 4300 ADW 4300 User Guide 11b Wireless Network Connection Properties General Wireless Networks Aee Use Windows to configure my wireless network settings Available networks To connect to an available network click Configure Preferred networks Automatically connect to available networks in the order listed below Leam about setting up wireless network configuration Figure 38 Preferred Networks Click OK to establish a connection to the ADW 4300 If the SSID is not listed If the Broadcast SSID setting on the ADW 4300 has been disabled its SSID will NOT be listed on the screen below 11b Wireless Network Connection The following wireless network s are available To access a wireless network select it from the list and then click Connect Available wireless networks A tory ol 4yv3 This wireless network requires the use of a network key WEF To access this network type the key then click Connect Enable IEEE 802 1 authentication for this network If ou are having difficulty connecting to a network click Advanced Fi
117. s This address is allocated by your ISP Internet Service Provider Network Mask The Network Mask associated with the IP Address above Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above DNS Server The IP Address of the Domain Name Server which is currently used 56 Chapter 6 Advanced Features This Chapter explains when and how to use the ADE 4300 ADW 4300 s Advanced Features Overview The following advanced features are provided e Access Control e Internet Access e Trusted PCs e Internet e DMZ e Special Applications e URL filter e Dynamic DNS e Firewall Rules e Firewall Services e Schedule e Virtual Servers e VPN e SNMP Access Control The Access Control feature allows administrators to restrict the Internet Access avail able to PCs on your LAN by MAC address With the default settings everyone has unrestricted Internet access Access Control Screen To view this screen select the Access Control link on the Advanced menu 57 ADE 4300 ADW 4300 User Guide Wee A ce Control Disable Blocked Services Any ALLTCR UDP 1 65535 AnyiTCPiTCP 1 65535 Any JDPYUDP 1 65535 AIMITCP 5 190 BGPITCP 179 BOOTP_CUENT UDP 65 BOOTP SERVWER UDP 6 CU SEEME MCP UDP 7648 24032 Hold CTRL key fon MAC SHIFT to select multiple items Schedule None eerie Restrictions do not apply to Trusted PCs Set Trusted PCs Fi
118. s follows 1 You must register for the service at one of the listed DDNS Service providers 2 After registration use the Service provider s normal procedure to obtain your desired Domain name 3 Enter your DDNS data on the ADE 4300 ADW 4300 s DDNS screen and enable the DDNS feature 4 The ADE 4300 ADW 4300 will then automatically ensure that your current IP Address is recorded at the DDNS service provider s Domain Name Server 5 From the Internet users will be able to connect to your Virtual Servers or DMZ PC using your Domain name as shown on this screen Dynamic DNS Screen Select Advanced on the main menu then Dynamic DNS to see a screen like the following PER m Use a Dynamic DNS Service BB EEEIEE Sorice Provider www DynDNS org w Host Hame User Name Passord DONS Status Figure 52 DDNS Screen Data Dynamic DNS Screen DDNS Service Use a Dynamic Use this to enable or disable the DDNS feature as required DNS Service Service Provider Select the desired DDNS Service provider Web Site Click this button to open a new window and connect to the Web site of the selected DDNS service provider 64 Advanced Features DDNS Data Host Name User Name Password Domain Name DDNS Status Enter the domain name allocated to you by the DDNS Service If you have more than one name enter the name you wish to use Enter your Username for the DD
119. sociated with the IP Address above Default Gateway The IP address of the remote Gateway or Router associated with the IP Address above DHCP Server The IP address of your ISP s DHCP Server DNS Server The IP address of the Domain Name Server which is currently used Lease Obtained This indicates when the current IP address was obtained and Lease Expires how long before this IP address allocation the DCHP lease expires Buttons Release If an IP Address has been allocated to the ADE 4300 ADW 4300 by the ISP s DHCP Server clicking the Release button will break the connection and release the IP Address Renew If the ISP s DHCP Server has NOT allocated an IP Address for the ADE 4300 ADW 4300 clicking the Renew button will attempt to re establish the connection and obtain an IP Ad dress from the ISP s DHCP Server Close Close this window 54 Operation and Status 55 ADE 4300 ADW 4300 User Guide Connection Details Fixed IP Address If your access method is Direct no login with a fixed IP address a screen like the following example will be displayed when the Connection Details button is clicked SS Fixed IP Address IP Address 172 312 205 Subnet Mask 2002 J 2000 Default Gateway ITa Mes DNS Server 172 31 2 254 Close Help Figure 46 Connection Details Fixed Dynamic IP Address Data Fixed IP address Screen Internet IP Address The IP Address of this device as seen by Internet user
120. ss by ALL Wireless stations Trusted Wireless stations only Set Stations Figure 9 Wireless Screen Data Wireless Screen Identification Region Select the correct domain for your location It is your responsibil ity to ensure e That the ADW 4300 is only used in domains for which is licensed e That you select the correct domain so that only the legal channels for that domain can be selected Station name This is the same as the Device Name for the ADW 4300 SSID This is also called the Network Name e f using an ESS Extended Service Set with multiple access points this ID is called an ESSID Extended Service Set Identifier e To communicate all Wireless stations should use the same SSID ESSID 18 Setup Options Mode Select the desired mode e 802 11G plus TI This allows clients to use any of the following modes e Standard 802 11b e 802 11B Texas Instruments proprietary enhanced mode e Standard 802 11g e 802 11G plus Texas Instruments proprietary enhanced mode This mode can increase throughput by up to 50 but will only work between compatible TI wireless stations e 802 11g amp 802 11b Both 802 11 g and 802 11b Wireless stations will be able to use the ADW 4300 e 802 11g only Only 802 11g Wireless stations can use the ADW 4300 e 802 11b only Only 802 11b connections are available 802 11g Wireless Stations will only be able to use the ADW 4300 if they are fully b
121. tays on or blinking after 60 sec onds there is a hardware error For each LAN PC connection one of the LAN LEDs should be ON provided the PC is also ON The WLAN LED should be ON ADW 4300 only The WAN LED should be ON if ADSL line is connected The Internet LED may be OFF After configuration it should come ON For more information refer to Front mounted LEDs in Chapter 1 Chapter 3 Setup This Chapter provides Setup details of the ADE 4300 ADW 4300 Overview This chapter describes the setup procedure for e Internet Access e LAN configuration e Wireless setup ADW 4300 only e Assigning a Password to protect the configuration data PCs on your local LAN may also require configuration For details see Chapter 4 PC Configuration Other configuration may also be required depending on which features and functions of the ADE 4300 ADW 4300 you wish to use Use the table below to locate detailed instructions for the required functions Configure PCs on your LAN Chapter 4 PC Configuration Check ADE 4300 ADW 4300 operation and Status Chapter 5 Operation and Status Use any of the following Advanced features Chapter 6 Internet DMZ Special Applications URL Filter Advanced Features Dynamic DNS Firewall Rules Firewall Services Schedule Virtual Servers VPN 10 Setup Use any of the following Administration Configuration Chapter 7 settings or features Advanced Administration
122. te Authority This determines the time interval before the SA Security Association expires It will automatically be re established if necessary While using a short time period or data amount increases security it also degrades performance It is com mon to use periods over an hour 3600 seconds for the SA Life Time This setting applies to both IKE and IPSec SAs 82 Advanced Features IPSec PFS Per fect Forward Secrecy If enabled security is enhanced by ensuring that the key is changed at regular intervals Also even if one key is broken subsequent keys are no easier to break Each key has no relationship to the previous key This setting applies to both IKE and IPSec SAs When con figuring the remote endpoint to match this setting you may have to specify the Key Group used For this device the Key Group is the same as the DH Group setting in the IKE section 83 ADE 4300 ADW 4300 User Guide VPN Manual Policy Screen This screen is displayed when you click the Add Manual Policy button on the VPN Policies screen or when you edit an existing Manual Policy It allows you to define or edit a Manual VPN policy An Manual VPN policy requires that you enter all data on both VPN endpoints There is no negotiation between the 2 VPN endpoints General PolicyName Remote VPN Endpoint Address Type Frea PAs M AddressData NETBIOS Enable Local LAN Across Sunetadiess P ad ress 192
123. ternet screen is clicked 62 Advanced Features Note It is necessary to click the Save button in the Access Control page for activation of Trusted PCs if you add delete any entry of Trusted PCs page When enabled a request is blocked if any of these entries occur in the requested URL Current Filter Strings Add Filter String Filter Strings should be as specific as possible Figure 51 URL Filter Screen Data URL Filter Screen Current Filter Strings Current Filter The list contains the current list of items to block Strings e To add to the list use the Add option below e To delete an entry select it and click Delete button e To delete all entries click the Delete All button Add Filter To add to the current list type the word or domain name you String want to block into the field provided then click the Add button Filter strings should be as specific as possible Otherwise you may block access to many more sites than intended 63 ADE 4300 ADW 4300 User Guide Dynamic DNS Domain Name Server This free service is very useful when combined with the Virtual Server feature It allows Internet users to connect to your Virtual Servers using a URL rather than an IP Address This also solves the problem of having a dynamic IP address With a dynamic IP address your IP address may change whenever you connect which makes it difficult to connect to you DDNS Services work a
124. tion method used by your ISP Fixed or Dynamic IP Address On the Internet WAN port connection the ADE 4300 ADW 4300 supports both Dynamic IP Address IP Address is allocated on connection and Fixed IP Address Advanced Internet Functions Application Level Gateways ALGs Applications which use non standard connections or port numbers are normally blocked by the Firewall The ability to define and allow such applications is provided to enable such applications to be used normally Special Applications This feature also called Port Triggering allows you to use Internet applications which normally do not function when used behind a fire wall Virtual Servers This feature allows Internet users to access Internet servers on your LAN The required setup is quick and easy URL Filter Use the URL Filter to block access to undesirable Web sites by LAN users Logs Define what data is recorded in the Logs and optionally send log data to a Syslog Server Log data can also be E mailed to you Access Control Allows administrators to restrict the Internet Access available to PCs on your LAN Firewall As well as the built in firewall to protect your LAN you can define Firewall Rules to determine which incoming and outgoing traffic should be permit ted Universal Plug and Play UPnP UPnP allows automatic discovery and configuration of the Broadband Router UPnP is supported by Windows ME XP or later Dynamic DNS Support D
125. u Settings Control Panel Internet Options 2 Select the Connection tab and click the Setup button 3 Select want to set up my Internet connection manually or want to connect through a local area network LAN and click Next 4 Select connect through a local area network LAN and click Next 5 Ensure all of the boxes on the following Local area network Internet Configuration screen are unchecked 6 Check the No option when prompted Do you want to set up an Internet mail account now 7 Click Finish to close the Internet Connection Wizard Setup is now completed For Windows XP Select Start Menu Control Panel Network and Internet Connections Select Set up or change your Internet Connection Select the Connection tab and click the Setup button Cancel the pop up Location Information screen Click Next on the New Connection Wizard screen Select Connect to the Internet and click Next Select Set up my connection manually and click Next Check Connect using a broadband connection that is always on and click Next Click Finish to close the New Connection Wizard Setup is now completed SO OT OC ae I S Accessing AOL To access AOL America On Line through the ADE 4300 ADW 4300 the AOL for Windows software must be configured to use TCP IP network access rather than a dial up connection The configuration process is as follows e Start the AOL for Windows communication software Ens
126. uick Installation Guide e Users Manual CD e Power Adapter e 1 RJ 45 Cable e 1 RJ 11 ADSL cable ADE 4300 ADW 4300 User Guide Physical Details Front mounted LEDs of ADE 4300 ra a ms ww O O C ADSL 2 2 VPN Firewall Router ADE 4300 pre Y A 9 Q ADSL Figure 2 Front Panel of ADE 4300 Front mounted LEDs of ADW 4300 Q PLANET a WN i 802 11g Wireless fee E TI LALI Cii i WLAN CA 3 a Miter tag LCase aia ADSL 2 2 VPN Firewall Router STATUS C nA O O O D la ADW 4300 12 3 4 Figure 3 Front Panel of ADW 4300 PWR LED On Power on Off No power STATUS Off Normal operation aa Blinking This LED blinks during start up and during a Firmware Upgrade LAN LED For each port there are 2 LEDs to indicate the connection speed 10BaseT or 100BaseT of each port e 100 LNK ACT This will be ON if the LAN connection is using 100BaseT and Blinking if data is being transferred via the cor responding LAN port e 10LNK ACT This will be ON if the LAN connection is using 10BaseT and Blinking if data is being transferred via the corre sponding LAN port e f neither LED is on there is no active connection on the corre sponding LAN port WLAN LED On Wireless enabled ADW 4300 Off No Wireless connections currently exist only Flashing Data is being transmitted or received via the Wireless access point This includes network traffic as well as user data ADSL LE
127. uires that the Default Route is the ADE 4300 ADW 113 ADE 4300 ADW 4300 User Guide 4300 itself Typically routers have a special entry for the Default Route It should be configured as follows Destination IP Address Normally 0 0 0 0 but check your router documenta tion Network Mask Normally 0 0 0 0 but check your router documenta tion Gateway IP Address The IP Address of the ADE 4300 ADW 4300 Metric 1 Other Routers on the Local LAN Other routers on the local LAN must use the ADE 4300 ADW 4300 s Local Router as the Default Route The entries will be the same as the ADE 4300 ADW 4300 s local router with the exception of the Gateway IP Address e Fora router with a direct connection to the ADE 4300 ADW 4300 s local Router the Gateway IP Address is the address of the ADE 4300 ADW 4300 s local router e For routers which must forward packets to another router before reaching the ADE 4300 ADW 4300 s local router the Gateway IP Address is the address of the intermediate router Static Routing Example Segment 0 Router A 192 168 1 80 192 168 0 100 Segment 1 192 168 1 xx ADE 4300 ADVWI 4300 192 168 0 1 Router B 7 i ATN ft 192 168 1 90 192 168 2 70 1 E L 1 o L Segment 2 192 168 2 xx Figure 91 Routing Example For the ADE 4300 ADW 4300 s Routing Table For the LAN shown above with 2 routers and 3 LAN segments the ADE 4300 ADW 4300 requi
128. ure that it is Version 2 5 3 0 or later This procedure will not work with earlier versions e Click the Setup button e Select Create Location and change the location name from New Locality to ADE 4300 ADW 4300 e Click Edit Location Select TCP IP for the Network field Leave the Phone Num ber blank e Click Save then OK Configuration is now complete e Before clicking Sign On always ensure that you are using the ADE 4300 ADW 4300 location 3 ADE 4300 ADW 4300 User Guide Macintosh Clients From your Macintosh you can access the Internet via the ADE 4300 ADW 4300 The procedure is as follows 1 Open the TCP IP Control Panel 2 Select Ethernet from the Connect via pop up menu 3 Select Using DHCP Server from the Configure pop up menu The DHCP Client ID field can be left blank 4 Close the TCP IP panel saving your settings Note If using manually assigned IP addresses instead of DHCP the required changes are e Set the Router Address field to the ADE 4300 ADW 4300 s IP Address e Ensure your DNS settings are correct Linux Clients To access the Internet via the ADE 4300 ADW 4300 it is only necessary to set the ADE 4300 ADW 4300 as the Gateway Ensure you are logged in as root before attempting any changes Fixed IP Address By default most Unix installations use a fixed IP Address If you wish to continue using a fixed IP Address make the following changes to your configuration
129. urity on the ADW 4300 is disabled Security e lf Wireless security remains disabled on the ADW 4300 all stations must have wireless security disabled e If Wireless security is enabled on the Wireless Router either WEP or WPA PSK each station must use the same settings as the ADW 4300 Wireless Configuration on Windows XP ADW 4300 only If using Windows XP to configure the Wireless interface on your PC the configuration procedure is as follows 1 Open the Network Connections folder Start Settings Network Connections s Network Connections File Edit View Favorites Tools Advanced Help ae F JP Search Folders x9 m Address e Network Connections bs Go Name Type Status Device Name Phone or Host Address LAN or High Speed Internet 2k 1394 Connection LAN or High Speed Internet Disabled 1394 Net Adapter 41ib Wireless Network Connection LAN or High Speed Internet Wireless connection unavailable Intel R PRO Wireless lt h 100BaseT Local 4rea Connection Disable Realtek RTL8139 810x iew Available Wireless Networks Wizard New Connection Wizard Bridge Connections lt Create Shortcut Y view the wireless networks that are Rename Properties Figure 28 Network Connections Windows XP 2 Right click the Wireless Network Connection check that it is enabled menu option says Disable rather than Enable and then select Vie
130. ust match Pre shared Key 12345678 12345678 Must match use any string SA Life time 28800 28800 Does not have to match Shorter period will be used PFS Disabled Disabled Must match Note Some VPN Gateways or programs let you specify the following settings separately for IKE and IPSec For this device the same settings are used for both IKE and IPSec e Authentication e Encryption e SA Lifetime Also IPSec allows for AH Authentication using MD5 or SHA 1 For this device AH Authentication is always DISABLED 134 Appendix D Specifications ADSL 2 2 VPN Firewall Router i 2 2 VPN Firewall Router 802 11g Wireless ADSL 2 2 VPN Firewall Router Model ADE 4300A B ADW 4300A B Hardware Standard Multi Mode code support ANSI T1 413 Issue 2 ITU T G 994 1 G hs rev 3 ITU T G 992 1 G dmt Annex A ADSL over POTS for ADW 4300A Annex B ADSL over ISDN for ADW 4300B ITU T G 992 2 G lite ITU T G 992 3 Annex A ADSL2 ITU T G 992 3 Annex A DELT ITU T G 992 3 Annex L READSL2 ITU T G 992 5 Annex A ADSL2 RFC 2364 PPP over ATM LLC VCMUX RFC 2516 PPP over Ethernet LLC VCMUX RFC 1577 Classic IP over ATM LLC VCMUX RFC 1483 Bridged IP over ATM LLC VCMUX RFC 1483 Routed IP over ATM LLC VCMUX AAL and ATM Support Integrated ATM AAL5 support 255 VPI plus 65535 VCI address range Ports LAN 4 10Base T 100Base TX Auto Negotiation Auto MDI MDI X Wire 1 x 802 11g wireless access point
131. uthentication or for data encryption data sent over this network might be subject to unauthorized access Allow me to connect to the selected wireless network even though it is not secure IF pou are having difficulty connecting to a network click Advanced Figure 30 Insecure Wireless Network Windows XP 40 PC Configuration To connect e Check the checkbox Allow me to connect to the selected wireless network even though it is not secure e The Connect button will then be available Click the Connect button and wait a few seconds for the connection to be established If using WEP Data Encryption lf WEP data encryption has been enabled on the ADW 4300 Windows will detect this and show a screen like the following 11b Wireless Network Connection The following wireless network s are available To access a wireless network select it from the list and then click Connect Available wireless networks i tony leva This wireless network requires the use of a network key WEP To access this network type the key then click Connect Enable IEEE 802 1 authentication for this network This setting must be DISABLED IF you are having difficulty connecting to a network click Advanced Figure 31 WEP Windows XP To connect e Enter the WEP key as set on the ADW 4300 in the Network Key field e Re enter the WEP key into the Confirm Network key field e Disable the checkbox Enable IEEE 802
132. w Available Wireless Networks 3 You will then see a list of wireless networks 39 ADE 4300 ADW 4300 User Guide 11b Wireless Network Connection The following wireless network s are available To access a wireless network select it from the list and then click Connect Available wireless networks ko tory _ol4yv3 This wireless network is not secure Because a network key WEF is not uted for authentication or for data encryption data sent over this network might be subject to Unauthorized access Allow me to connect to the selected wireless network even though it is not secure IF you are having difficulty connecting to a network click Advanced Figure 29 Wireless Networks Windows XP BS If the Broadcast SSID setting on the ADW 4300 has been disabled its SSID will NOT be listed Note See the following section If the SSID is not listed for details of dealing with this situation 4 The next step depends on whether or not Wireless security has been enabled on the ADW 4300 If Wireless Security is Disabled If Wireless security on the ADW 4300 is disabled Windows will warn you that the Wireless network is not secure 11b Wireless Network Connection f Eg The following wireless networks are available To access a wireless network select it from the list and then click Connect Available wireless networks This wireless network i not secure Because a network key WEF is not uted for a
133. which use non standard connections or port numbers you may find that they do not function correctly because they are blocked by the ADE 4300 ADW 4300 In this case you can define the application as a Special Applica tion The Special Applications screen can be reached by clicking the Special Applications button on the nternet screen You can then define your Special Applications You will need detailed information about the application this is normally available from the supplier of the application Also note that the terms Incoming and Outgoing on this screen refer to traffic from the client PC viewpoint 60 Advanced Features Enable Em 2E 2o 4 m 5 0 6 0 7o 8 0 9 0 10 0 11 0 12 E Outgoing Forts Incoming Forts Name Type Stat Finish Type Start Finish eeM O eem O em em reg ca TcP E Tce fs ror rer TCR TCR y tcP m TCP TCP v TCP E er Tee TCR Ter Tce E Te W iter E TCP iv Figure 50 Special Applications Screen Data Special Applications Screen Checkbox Name Incoming Ports Outgoing Ports Use this to Enable or Disable this Special Application as required Enter a descriptive name to identify this Special Application Type Select the protocol TCP or UDP used when you receive data from the special application or service Note Some applica tions use different proto
134. xxx Een Aa OL Sn 192 168 1 xxx Figure 99 Connecting 2 ADE 4300 ADW 4300s Note e The LANs MUST use different IP address ranges e Both endpoints have fixed WAN Internet IP addresses e This example uses an Auto policy using IKE 131 ADE 4300 ADW 4300 User Guide Configuration Settings Gateway A Gateway A should be configured as shown below General Local LAN Remote LAN SA Parameters Policy Name Remote YPN Endpoint address Type Fa Aaa Address Data NetBIOS Enable IP Address Subnet address F address 192 168 0 i Subnet Mask 255 255 255 jo P Address P address 192 168 Subnet Mask 255 255 255 o Direction Initiator and Responder Exchange Mode Main Mode Diffie Hellman DH Group Group 2 1024 Bit Local Identity Type WAN IP Address Data Remote Identity Type IPAddess w Lata rita Encryption Authentication MDS Pre shared Key O Enable PFs Perfect Forward Security lt lt Figure 100 Gateway A Configuration 132 Appendix C VPNs Configuration Settings Gateway B Gateway B should be configured as shown below pidigi Policy Name Example Remote YPN Endpoint Address Type Fixed IP Address v Address Data 2021113211 NetBIOS Enable KLEE IP Address Subnet address P address 192 J168 i i Subnet Mask 255 255 255 _ o Remote Lan IP Across P address 192 168 o Subn
Download Pdf Manuals
Related Search