NEGER VPN Pro 3G Router Advanced User Guide
Contents
1. 4 i 4 w Ei E E fa fa fo ae a mn a Il IL Low Undo Provide different priority to different users or data flows or guarantee a certain level of performance 1 QoS Packet Filter This Item enables QoS function or not 2 Upstream Bandwidth Set the limitation of upstream speed 3 Downstream Bandwidth Set the limitation of downstream speed 4 Local IP Define the Local IP address of packets here 5 Local Ports Define the Local port of the packets in this field 6 Remote IP Define the Remote IP address of packets here 7 Remote Ports Define the Remote port of the packets in this field 69 NEGER Telecom 8 QoS Priority This defines the priority level of the current Policy Configuration Packets associated with this policy will be serviced based upon the priority level set For critical applications High or Normal levels are recommended For non critical applications select a Low level 1 Enable Check to enable each rule Click on Save to store what you just select or Undo to give up 70 3 2 4 4 NEGER SNMP Roteador 3G VPN Pro NEGER R1 01a2_0112 BASIC SETTING FORWARDING RULES s SECURITY SETTING ADVANCED SETTING TOOLBOX SystemLog Dynamic DNS System Time gt IP 1 Scheduling gt IP Performance Enable SNMP Get Community Set Community IP3 IP 42. Click on the Apply Settings button Step 12 eyelet is applying System is applying the settings Please wait a moment Start gt Password gt WAN gt Wiretess gt VPN gt Summary gt Finish Click Next button to back the Status Page 21 3 2 Administrator s Main Menu 3 21 Basic Setting NEGER Primary Setup Configure LAN IP and select WAN type DHCP Server The settings include Host IP Subnet Mask Gateway DNS and WINS configurations Wireless Wireless settings allow you to configure the wireless configuration items Change Password Allow you to change system password 22 NEGER Telecom 3 2 1 1 Primary Setup WAN Type Virtual Computers NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom gt i BASIC SETTING FORWARDING RULES si SECURITY SETTING ADVANCED SETTING si TOOLBOX j f j i C Enable checking wired WAN alive Auto Backup intemethost 0 WAN Type ISP assigns you a static IP address Dynamic IP Address Obtain an IP address from ISP automatically Dynamic IP Address with Road Dynamic IP Address with Road Runner Session Runner Session Management Management is a WAN connection used in Australia eg Telstra BigPond PPP over Ethernet Some ISPs require the use of PPPoE to connect to their services OL2TP Some ISPs require the use of L2TP to connect to their services
3. In brief SNMP the Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events L Enable SNMP You must check Local Remote or both to enable SNMP function If Local is checked this device will response request from LAN If Remote is checked this device will response request from WAN Get Community Setting the community of GetRequest your device will response Set Community Setting the community of SetRequest your device will accept IP 1 IP 2 IP 3 IP 4 Input your SNMP Management PC s IP here User has to configure to where this device should send SNMP Trap message SNMP Version Please select proper SNMP Version that your SNMP Management software supports Click on Save to store what you just select or Undo to give up 71 3 2 4 5 Routing Roteador 3G VPN Pro NEGER R1 01a2_0112 System Log a Boulig Table EN i sp Item Dynamic DNS C Enable RIPyvi RIPy2 ls mm own ew we em ESTES nr ESTES ESTES SEIE JO L 8 1 Routing Tables Allow you to determine which physical interface address to use for outgoing IP data grams If you have more than one routers and subnets you will need to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other Routing
4. O PPTP Some ISPs require the use of PPTP to connect to their services O36 3G iBurst iBurst PC card connectivity gt WAN IP Address 0 0 0 0 gt WAN Subnet Mask 255 255 255 0 WAN Gateway 0 0 0 0 Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 NAT disable C Enable Virtual Computers 1 LAN IP Address the local IP address of this device The computers on your network must use the LAN IP address of your product as their Default Gateway You can change it if necessary 2 LAN NetMask LAN Netmask combined with LAN subnet to form a subnet domain 3 WAN s MAC Address The default MAC Address is set to the WAN s physical interface MAC address on the Router 23 NEGER Telecom Clone WAN s MAC Address This feature will copy the MAC address of the Ethernet card and replace the WAN MAC address of the Router with this Ethernet card MAC address It is not recommended that you change the default MAC address unless required by your ISP Auto Backup The WAN type will be change to 3G automatically if the wired WAN is defunct WAN Type WAN connection type of your ISP You can click WAN Type Combo button to choose a correct one from the following options Static IP Address WAN IP Address Subnet Mask Gateway Primary and Secondary DNS enter the proper setting provided by your ISP Dynamic IP Address t Primary ONS D AN Secondary ONS i Host Name optional required by s
5. Disable Enable Performance To host your server on a changing IP address you have to use dynamic domain name service DDNS So that anyone wishing to reach your host only needs to know the name of it Dynamic DNS will map the name of your host to your current IP address which changes each time you connect your Internet service provider Before you enable Dynamic DNS you need to register an account on one of these Dynamic DNS servers that we list in provider field To enable Dynamic DNS click the check box next to Enable in the DDNS field Next you can enter the appropriate information about your Dynamic DNS Server You have to define Provider Host Name Username E mail Password Key You will get this information when you register an account on a Dynamic DNS server Click on Save to store what you just select or Undo to give up 68 3 2 4 3 QOS Roteador 3G VPN Pro NEGER R1 01a2_0112 b Status k Wizard U FORWARDING RULES W SECURITY SETTING ADVANCED SETTING O TOOLBOX ul Pr 7 J Q05 Packet Filter system Log Dynamic DNS ae QoS Packet Filter C Enable same Upstream bandwidth 0 kbps Routing Downstream bandwidth 0 kbps Local IP Ports Remote IP Ports Priority Enable F System Time Scheduling ea Low Performance
6. Miscellaneous t Encapsulation Protocol ima 2 _ g Method t Local SPI t Remote SFI t Encryption Algorithm t Encryption Key t Authentication Algorithm t Authentication Key No change Tunnel name Indicate which tunnel that is focused now Local Subnet The subnet of LAN site of local VPN gateway It can be a host a partial subnet or the whole subnet of LAN site of local gateway Local Netmask Local netmask combined with local subnet to form a subnet domain Remote Subnet The subnet of LAN site of remote VPN gateway it can be a host a partial subnet or the whole subnet of LAN site of remote gateway Remote Netmask Remote netmask combined with remote subnet to form a subnet domain of remote end Remote Gateway The IP address of remote VPN gateway 52 NEGER Telecom Life Time The unit of life time is based on the value of Life Time Unit The value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways lis value ranges from 300 seconds to 172 800 seconds Encapsulation protocol There are two protocols can be selected ESP and AH Local SPI SPI is an important parameter during hashing Local SPI will be included in the outbound packet transmitted from WAN site of local gateway The value of local SPI should be set in hex formatted Remote SPI Remote SPI will be included in the inbound packet transmitted from WAN site of
7. NEGER VPN Pro 3G Router Advanced User Guide NEGER Telecom Copyright The contents of this publication may not be reproduced in any part or as a whole stored transcribed in an information retrieval system translated into any language or transmitted in any form or by any means mechanical magnetic electronic optical photocopying manual or otherwise without the prior written permission Trademarks All products company brand names are trademarks or registered trademarks of their respective companies They are used for identification purpose only Specifications are subject to be changed without prior notice FCC Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against radio interference in a commercial environment This equipment can generate use and radiate radio frequency energy and if not installed and used in accordance with the instructions in this manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures are necessary to correct the interference CE Declaration of Conformity This equipment complies with the requirements relating to electromagnetic compatibility EN 55022 A1
8. WPA WPA2 WPA PSK WPA2 PSK and 802 1x gt WPS Support m Provide 2 I Fs for mobile HSPA network access gt 1 USB 2 0 port gt 1 Type II PC Card slot m Provide 5 10 100 RJ 45 ports gt 4 LAN gt 1 WAN Backup of 3G connection m WAN connection through Ethernet Dynamic IP DHCP Client gt Static IP gt PPPoE gt PPTP gt L2TP PPTP over 3G WAN connection Built in NAT function one IP sharing with PCs Built in firewall to protect your Intranet VPN support gt Initiator and responder of IPSec PPTP and L2TP gt Pass through of IPSec PPTP and L2TP m Easy to upgrade firmware gt Web Ul gt Windows utility gt Quick Recover m Easy to manage gt Web Ul gt SNMP gt UPnP L3 L4 QoS Network Protocols gt UDP TCP IP ARP RARP ICMP gt DHCP PPPoE gt DNS TFTP HTTP m Connects multiple computers to a Broadband either WCDMA or EV DO even HSDPA modem to share the Internet connection NEGER Telecom 2 Configuring NEGER VPN Pro 3G Router 2 1 Installation Considerations The NEGER VPN Pro 3G Router allows you access your network using a wireless connection from virtually anywhere within its operating range Keep in mind however that the number thickness and location of walls ceilings or other objects that the wireless signals must pass through may limit this range Typical ranges vary depending on the types of materials used and background RF radio frequency noise in your home or busine
9. gt APN Pin Code Dialed Number gt Username gt Password Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish Enter the information by your 3G broadband service provider Click on Next button Step 3 2 Select iBurst WAN Type will be used for Internet connection NEGER Telecom Roteador 3G VPN Pro NEGER R1 01a2_0112 gt Stal gt Wizard gt Logou s BASIC SETTING s FORWARDING RULES s SECURITY SETTING ADVANCED SETTING TOOLBOX j a Setup Wizard WAN Settings iBurst EXIT LAN IP Address 4 92 168 123 254 Username gt Password O Primary DNS 0 0 0 0 Secondary DNS 0 0 0 0 Serice Name i optional gt Assigned IP Address 0 0 0 0 7 optional Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish Enter the information by your iBurst broadband service provider Click on Next button Step 3 3 Select Wired WAN Types will be used for Internet connection 16 NEGER Telecom NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom s ADMINISTRATOR S MAIN MENU Status gt Wizard Logout BASIC SETTING FORWARDING RULES si SECURITY SETTING ADVANCED SETTING TOOLBOX J Setup Wizard Select WAN Type EXIT ISP assigns you a static IP address Static IP Address Obtain an IP addre
10. Packet Filters Domain Filters URL Blocking MAC Control VPH IPSEC VPH L2TP Client VPH L2TP Server VPH PPTP Client VPH PPTP Server Miscellaneous Roteador 3G VPN Pro NEGER R1 01a2_0112 s ADVANCED SETTING Tunnel Name Tunnel 1 gt Local Subnet 192 168 123 0 Local Netmask 255 255 255 0 gt Encapsulation Protocol AH v a C Enable gt pfs group NONE v FE w gt Remote ID optional Local ID ln optional Keep Alive C Enable 0 0 0 0 Remote IP 0 dte Time Seconds from 30 240 None O client username password Server EAR I AY US c Um LU Ce n Um Uu UB n ime Set IPSEC Proposal CI Enable Encrypt_Algorithm Auth Algorithm No change There are three parts that are necessary to setup the configuration of IKE for the dedicated tunnel Basic setup IKE proposal setup and IPSec proposal setup Basic setup includes the setting of following items local subnet local netmask remote subnet 49 NEGER Telecom remote netmask remote gateway and pre shared key The tunnel name is derived from previous page of VPN setting IKE proposal setup includes the setting of a set of freguent used IKE proposals and the selecting from the set of IKE proposals Similarly IPSec proposal setup includes the setting of a set of frequent used IPSec proposals and the selecting from the set of IPSec proposals Basic set
11. VPN Remote Gateway Setting s BASIC SETTING FORWARDING RULES J SECURITY SETTING ADVANCED SETTING TOOLBOX 3 Setup Wizard VPN Setting EXIT 192 168 100 201 gt Remote Gateway Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish Enter the IP address of remote VPN gateway Step 10 VPN Preshare Key s BASIC SETTING FORWARDING RULES J Setup Wizard VPN Setting EXIT Preshare Key 1234567890 Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish 1 This is a first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways 2 The maximal length is 32 20 NEGER Telecom Step 11 Y i BASIC SETTING l FORWARDING RULES SECURITY SETTING amp ADVANCED SETTING kJ TOOLBOX Setup Wizard Summary Please confirm the information below WAN Setting WAN Type Dynamic IP Address Host Name ROUTER WAN s MAC Address 00 50 18 41 1E 19 Wireless Setting Wireless Enable SSID default Channel 11 Security WEP 64 Bits VPN Setting Tunnel Name Tunnel 3 Remote Subnet 192 168 0 0 Remote Netmask 255 255 255 0 Remote Gateway 192 168 100 200 Preshare Key 1234567890 CJ Do you want to proceed the network testing Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish Apply Settings
12. You can specify rules for each direction inbound or outbound For each rule you can define the following Source IP address Source port Destination IP address Destination port Protocol TCP or UDP or both Use Rule For source or destination IP address you can define a single IP address 4 3 2 1 or a range of IP addresses 41 NEGER Telecom 4 3 2 1 4 3 2 254 An empty implies all IP addresses For source or destination port you can define a single port 80 or a range of ports 1000 1999 Add prefix T or U to specify TCP or UDP protocol For example T80 U53 U2000 2999 No prefix indicates both TCP and UDP are defined An empty implies all port addresses Packet Filter can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule Each rule can be enabled or disabled individually Click on Save to store what you just select or Undo to give up 42 3 2 3 2 Domain Filters Roteador 3G VPN Pro NEGER R1 01a2_0112 23 ADMINISTRATOR s MAIN MENU Status gt Wizard BASIC SETTING FORWARDING RULES 4 SECURITY SETTING ADVANCED SETTING TOOLBOX Packet Filters Daman A I HELP Hem Domain Fitters Domain Filter C Enable URL Blocking t Log DNS Query C Enable MAC Control gt VPILIPSEC Privilege IP Addresses Range 192 168 230 0 Action Drop U Log Drap U Log Drap U Log ClDrop O Log EJDio
13. Blocking LJ Enable VPH IPSEC VPH L 2TP Client VPH L2TP Server VPH PPTP Client VPH FPTP Server Miscellaneous URL Blocking will block LAN computers to connect to pre define Websites The major difference between Domain filter and URL Blocking is Domain filter reguire user to input suffix like com or org etc while URL Blocking reguire user to input a keyword only In other words Domain filter can block specific website while URL Blocking can block hundreds of websites by simply a keyword 1 URL Blocking Enable Check if you want to enable URL Blocking 2 URL If any part of the Website s URL matches the pre defined word the connection will be blocked For example you can use pre defined word sex to block all websites if their URLs contain pre defined word sex 3 Enable Check to enable each rule Click on Save to store what you just select or Undo to give up 45 3 2 3 4 MAC Address Control Roteador 3G VPN Pro NEGER R1 01a2_0112 z ADMINISTRATOR s MAIN MENU Status gt Wizard BASIC SETTING Packet Filters Domain Filters URL Blocking MAC Control VPH IPSEC VPH L2TP Client VPH L2TP Server VPH PPTP Client VPH PPTP Server Miscellaneous i FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX 3 MAC Address Control HELP mm mm gt MAC Address Control C Enable C Connection control Wireless and wired clients with C chec
14. ISP assigned to you I you don t want to change the password keep it empty Route Which connection will use the PPTP section Connect There are 3 modes to select Y a No On demand The device will link up with ISP when the clients send outgoing packets Auto The device will link with ISP until the connection is established Manually The device will not make the link until someone clicks the connect button in the Status page Option MPPE The MPPE encryption supports 61 NEGER Telecom NAT The Nat Traversal supports Click on Save to store what you just select or Undo to give up 62 3 2 3 8 NEGER Telecom VPN PPTP Server NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom ADMINISTRATOR S MAIN MENU Status gt Wizard gt Logout BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX Packet Filters Domain Filters URL Blocking MAC Control VPH IPSEC VPH L2TP Client gt Server virtual IP VPH L2TP Server IP range VPH PPTP Client Authentication Protocol PAP CHAP MMS CHAP M MS_CHAPv2 VPH PPTP Server gt MPPE Encryption Mode C Enable Miscellaneous Encryption Length C 40 bit 56 bit 128 bit 3 Connection Status Virtual IP Peer Call ID No connection from remote The VPN
15. Key4 O 5 or 13 ascii characters eg passd or thisisapasswd 10 or 26 hexadecimal characters eg 0123456789 or 01234567890123456789012345 Wireless gt VPI 18 NEGER Telecom 1 Select WEP Security type and enter the WEP key 2 Click on Next to continue Step 7 Configure the VPN settings Roteador 3G VPN Pro NEGER R1 01a2_0112 Status gt Wizard s BASIC SETTING W FORWARDING RULES SECURITY SETTING s ADVANCED SETTING TOOLBOX 2 Setup Wizard VPN Setting EXIT Is there a trusted subnet LAN for remote gateway ves ONo Apply Settings The subnet of LAN site of remote VPN gateway it can be a host a partial subnet or the whole subnet of LAN site of remote gateway Skip the Step 9 Remote Subnet settings if you don t have remote subnet Step 8 VPN Remote Subnet settings Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR S MAIN MENU Status Wizard BASIC SETTING s FORWARDING RULES SECURITY SETTING ADVANCED SETTING si TOOLBOX i i i Setup Wizard VPN Setting EXIT gt Remote Subnet 192468 0 0 gt Remote Netmask 255 255 255 0 Remote Subnet The subnet of LAN site of remote VPN gateway it can be a host a partial subnet and the whole subnet of LAN site of remote gateway Remote Netmask Remote Netmask combined with remote subnet to form a subnet domain of remote end 19 NEGER Telecom Step 9
16. MSCHAP v1 4 MPPE Encryption Mode Check this checkbox to enable MPPE encryption Please note that MPPE needs to work with MSCHAP authentication method 59 NEGER Telecom User Account Setting Users can input five different user accounts for L2TP server Tunnel Name Input the name for tunnel User Name Input a user name that is allowed to establish L2TP connection with VPN gateway Password Input the password for the user Click on Save to store what you just select or Undo to give up 60 3 2 3 7 VPN PPTP Client NEGER Telecom 2 ADMINISTRATOR S MENU gt Status gt Wizard gt Logout Roteador 3G VPN Pro NEGER R1 01a2_0112 i BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING si TOOLBOX 3 PPTP Client HELP Domain Fitters URL Blocking VPN PPTP C Enable VPH IPSEC On demand O Auto O Manual VPH L2TP Client VPH L2TP Server On demand O Auto O Manual VPH PPTP Client VPH PPTP Server On demand Auto Manual Miscellaneous On demand O Auto Manual On demand Auto O Manual ConnectionStatus Status Locale IP Remote IP VPN PPTP Enables or Disables the PPTP client Enable Check to enable each rule Name The name of Item Peer IP Domain The IP Domain of PPTP server is PPTP Account and Password the account and password your
17. Paulo Indaiatuba Vinhedo and Itupeva integrating a Least Cost Routing Service using 800 MHz digital CDMA technology Internet Service Providing in a corporate network in Sao Paulo State Claro Mobile Telecommunication Operator RF repeater plan project and implementation in Brazilian main cities Sao Paulo Campinas Santos Sao Jos dos Campos Ribeir o Preto for 800 MHz TDMA cellular network and 1800 MHz GSM cellular network Applications for indoor airports shopping malls corporate customers etc and outdoor delimited areas Site survey system optimization and benchmarking for 800 MHz TDMA and 1800 MHz GSM networks Non ionizing antenna radiation study and regulatory consulting for Radio Base Stations installed in Manaus and Sao Jos do Rio Preto Analysis of international standards and RF limits for labor and general population health in order to fulfill all compliances and laws 85 NEGER Telecom TIM Mobile Telecommunication Operator 12 channels of Fixed Cellular Stations installed in Sao Paulo state integrating a Least Cost Routing Service using 1800 MHz digital GSM TIM technologies Non ionizing antenna radiation study and regulatory consulting for Radio Base Stations installed in the Brazilian South Region Analysis of international standards and RF limits for labor and general population health in order to fulfill all compliances and laws Ericsson Telecommunications Industry and Services More
18. RJ 45 Ports Receptor for Automatically sense the types of WAN Power adapter and LAN when connecting to Ethernet The Front View USB Port PC Card for 3G Modem for 3G Modem PC card ey a o g pa KJ a E D T a WPS IIG HSPA VPN Broadband Gateway E Reset Button WPS Button Note Contains a reset button to restore the setting back to original factory defaulted setting as if your convenience of forgetting your applicable setting Reset Status HSPA 1 4 LEDs the Front View LANI LAN4 WAN LEDs epg JE 3G WLAN Status WPS LED Green in flash device status is normal Green in fast flash device is in WPS PBC mode The LED blinks 3 times per second approximately 280 340ms WAN LED Green Ethernet connection is established Green in flash data packet transferred via Ethernet LAN1 LAN4 LEDs Green Ethernet connection is established Green in flash data packet transferred via Ethernet WLAN LED Green WLAN is active and available Green in flash data packet transferred via WLAN 3G LED Green 3G connection is established Green in flash data packet transferred via 2G 2 5G PC card E zs SB IIG HSPA VPN Broadband Gateway Status WPS LED NEGER Telecom NEGER Telecom 1 5 Features m IEEE 802 11b g compliant gt Backward compatible to IEEE 802 11b standards gt Max physical rate up to 54Mbps in 802 119 mode gt _ Security Supports WEP 64 128 bits
19. RULES i SECURITY SETTING ADVANCED SETTING TOOLBOX SysietnUau J System Log HELP Dynamic DNS QoS IP Address for Syslog SHMP E mail Alert Routing SMTP Server IP and Port System Time Send E mail alertto Scheduling Performance E mail Subject This page support two methods to export system logs to specific destination by means of syslog UDP and SMTP TCP The items you have to setup including 1 IP Address for Syslog Host IP of destination where syslog will be sent to Check Enable to enable this function 2 E mail Alert Enable Check if you want to enable Email alert send syslog via email 3 SMTP Server IP and Port Input the SMTP server IP and port which are concatenated with If you do not specify port number the default value is 25 For example mail your_url com or 192 168 1 100 26 4 Send E mail alert to The recipients who will receive these logs you can assign more than I recipient using or separate these email addresses 5 E mail Subject The subject of email alert this setting is optional to Click on Save to store what you just select or Undo to give up 67 3 2 4 2 Dynamic DNS Roteador 3G VPN Pro NEGER R1 01a2_0112 gt Status Wizard BASIC SETTING si FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX B i i a System Lou J Dynamic DNS HELP DDNS amp
20. Table settings are settings used to setup the functions of static and dynamic routing 2 Dynamic Routing Routing Information Protocol RIP will exchange information about destinations for computing routes throughout the network Please select RIPv2 only if you have different subnet in your network Otherwise please select RIPv1 if you need this protocol 3 Static Routing For static routing you can specify up to 8 routing rules You can enter the destination IP address subnet mask gateway hop for each routing rule and then enable or disable the rule by checking or un checking the Enable checkbox Click on Save to store what you just select or Undo to give up 72 3 2 4 6 System Time Roteador 3G VPN Pro NEGER R1 01a2_0112 s BASIC SETTING FORWARDING RULES s SECURITY SETTING 3J ADVANCED SETTING s TOOLBOX i System Log Dynamic DNS QoS System Time Set Date and Time using PC s Date and Time Scheduling Mn and 200938238 01 13 14 Performance O Set Date and Time manually Date Year 2002 Month Jan Time Hour 0 0 23 Minute 0 0 59 Daylight Saving O Enable Disable Jan v 1 Get Date and Time by NTP Protocol Select if you want to Get Date and Time by NTP Protocol 1 Syne Now Synchronize system time with network time server 2 _ Time Server Select a NTP time server to consult UTC time 3 Time Zone Select a time zone where thi
21. The available client IP range is 192 168 123 2 through 192 168 123 254 1 LAN IP Address The IP address of the LAN interface The default IP address Is 17 NEGER Telecom 192 168 123 254 2 Host Name is optional 3 WAN s MAC Address If you click the Clone MAC button you will find the MAC address of your NIC shown in WAN s MAC Address 4 Click on Next to continue Step 5 Configure the wireless settings Roteador 3G VPN Pro NEGER R1 01a2_0112 si TOOLBOX s BASIC SETTING si FORWARDING RULES SECURITY SETTING ADVANCED SETTING J Setup Wizard Wireless settings EXIT gt Wireless Radio Enable Disable gt Network ID SSID default Channel 11 Wireless gt VPI 1 Select Enable or Disable The default setting is Enable 2 Network ID SSID will be defaulted 3 Channel Select Wireless Channel matching to your local area for Wireless connection 4 Click on Next to continue Step 6 Select the Wireless security method of your wireless configuration Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR s MAIN MENU Status Wizard BASIC SETTING FORWARDING RULES I SECURITY SETTING ADVANCED SETTING s TOOLBOX Setup Wizard Wireless Security EXIT Security WEP WEP Encryption GO 64 bit O 128 bit Key 1 M r 0123456789 Key 2 O gt Key3 O vi Al
22. and DES Authentication algorithm There are two algorithms can be selected SHA1 and MD5 Enable Check this checkbox to enable the IKE Proposal with this rule IPSec proposal setup Set IPSec proposal Check this checkbox to enable IPSec proposals The default value will be use if this option is disabled Encryption algorithm There are two algorithms can be selected 3DES and DES But when the encapsulation protocol is AH encryption algorithm is unnecessarily set Authentication algorithm There are two algorithms can be selected SHA1 and MD5 But none also can be selected here for IPSec proposal Enable Check this checkbox to enable extended authentication with this rule Click on Save to store what you just select or Undo to give up 51 VPN Settings Manual key NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom 43 ADMINISTRATOR S MAIN MENU Status Wizard t Logout BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING a TOOLBOX SEO VPN Settings Tunnel 1 Manual key HELP tem Settin Domain Fitters g Cc a n ar URL Blocking Tunnel Name 192 168 123 0 355 255 255 0 192 168 0 0 MAC Control t Local Subnet VPH IPSEC H Local Netmask WPH L2TP Client t Remote Subnet WPH L2TP Server t Remote Netmask 255 255 255 0 WPH PPTP Client Remote Gateway 192 168 100 201 i VWPH PPTFP Server t Life Time second x x
23. empty NEGER Telecom 4 Maximum Idle Time the time of no activity to disconnect your PPTP session Set it to zero or enable Always on to disable this feature If Always on is enabled this product will connect to ISP automatically after system is restarted or connection is dropped 5 Connection mode selection There are 2 modes to select Always on The device will link with ISP until the connection is established Connect on demand The device will link up with ISP when the clients send outgoing packets 3G t APN hm t Username Authentication auto CPAP CHAP Primary ONS 0 0 0 t Secondary DNS s Auto Manual t Auto Connect SF t Max Idle Timej300 seconds Disable Use Ping interval 50 seconds t Keep Alive IF Address O Use LCP Echo Request t cp echo interval fio econds Icp echo failure 3 limes t Bridge two ethernet ports C Enable For 3G WAN Networking The WAN fields may not be necessary for your connection The information on this page will only be used when your service provider requires you to enter a User Name and Password to connect to the 3G network Please refer to your documentation or service provider for additional information 1 APN Enter the APN for your PC card here 2 Pin Code Enter the Pin Code for your SIM card 3 Dial Number This field should not be altered except when required by your service provider 4 User Name Enter the new User Name
24. for extended authentication The VPN server would reject the connect request from VPN clients because of the unknown user even though the pre shared key is correct This function is suitable to remote mobile VPN clients You can not only configure a VPN rule with a pre shared key for all remote users using but you can also designate only someone is permitted to establish VPN connection with VPN server xAuth None Without Extended Authentication xAuth xAuth Server mode Check this checkbox if the device behaves as a VPN server and will verify the legality of user information from VPN client The user information that is provided by VPN client needs to match to user information that is in local user database of VPN server You can press Set local user button to edit local user database Please note that only VPN clients with xAuth can establish VPN connection with the device if you have checked this checkbox IKE proposal setup Set IKE Proposal Check this checkbox to enable IKE proposals The default value will be use if this option is disabled DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 Encryption algorithm There are two algorithms can be selected 3DES and DES Authentication algorithm There are two algorithms can be selected SHA1 and MD5 Enable Check this checkbox to enable the IKE Proposal with this rule IPSec proposal setup Set IPSec proposal Check this c
25. for your PC card here 5 Password Enter the new Password for your PC card here 6 Primary DNS This feature allows you to assign a Primary DNS Server Optional 7 Secondary DNS This feature allows you to assign a Secondary DNS Server Optional 8 Auto Connect There are 2 modes to select Auto The device will link up with ISP when the clients send outgoing packets Manual Manually The device will not make the link until someone clicks the connect button in the Status page 9 Maximum Idle Time The Connection will be broken when the idle time arrives 26 NEGER Telecom 10 Keep Alive There are 3 modes to select Disable Use Ping Use LCP Echo Request 11 Bridge two ethernet ports Bridge the two ports wired WAN and wired LAN So we have 2 LAN ports and don t have wired WAN port iBurst t Username t Password H WAN MTU Primary DNS t Secondary DNS t Maximum Idle Time seconds Auto reconnect t Service Name optional t Assigned IP Address AM optional For iBurst PC card 3G WAN Networking The WAN fields may not be necessary for your connection The information on this page will only be used when your service provider requires you to enter a User Name and Password to connect to the 3G network Please refer to your documentation or service provider for additional information User Name Enter the new User Name for your PC card here Password Enter the new Password for your PC card here Primary DN
26. gateway can behave as a PPTP server and allows remote hosts to access LAN servers after establishing PPTP connection with it The device can support three authentication methods PAP CHAP MSCHAP v1 and MSCHAP v2 Users can also enable MPPE encryption when using MSCHAP 1 2 VPN PPTP Check this checkbox to enable function of PPTP server Server virtual IP The IP address of PPTP server This IP address should be differei from IP address of PPTP server and LAN subnet of VPN gateway IP range The client IP range IPs in this range are given clients trying to connect Authentication Protocol Users can choose authentication protocol as PAP CHAP or MS_CHAP v1 MS_CHAP v2 MPPE Encryption Mode Check this checkbox to enable MPPE encryption Please not that MPPE needs to work with MSCHAP authentication method Encryption Length There are 3 kind of encryption for MPPE 40bits 56bits and 128bits 63 NEGER Telecom User Account Setting Users can input five different user accounts for PPTP server 1 Tunnel Name Input the name for tunnel 2 User Name Input a user name that is allowed to establish PPTP connection with VPN gateway 3 Password Input the password for the user Click on Save to store what you just select or Undo to give up 64 NEGER Telecom 3 2 3 9 Miscellaneous Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR S MAIN MENU t Status t Wizard Logout BASIC SE
27. is consistent with the key value in the RADIUS server 32 WDS Wireless Distribution System Setting WDS operation as defined by the IEEE802 11 standard has been made available Using WDS it is possible to wirelessly connect Access Points and in doing so extend a wired infrastructure to locations where cabling is not possible or inefficient to implement Telecom NEGER Telecom Wireless Bridging Disable Enable ew OSS EE IU ml Y ml es wa _ Scaned AP s MAC Copy to Remote AP MAC am mn wsus we o OI 33 NEGER Telecom WPS Wi Fi Protection Setup WPS is Wi Fi Protection Setup which is similar to WCN NET and offers safe and easy way in Wireless Connection a l 8 y n y Aaa hp plas pty FS NN y PE 3 y p yaa as wa NEGER 5 ta pody P ador 3C V pe NER R4 A 2 0112 aee4tieaeype ms w w gt a gt c Av or Se r Erp 0 Config Method PIN Code 00000000 wes status Nouseb Save Trigger Caneel Wireless Client List The list of wireless client is shows here 4 W alada hiii AAt ge l i ww b r ador 3G V Or gt y p A Ena 192 168 123 50 34 3 2 1 5 Change Password NEGER Telecom Change Password i HE ARY axa mm UF You can change Password here We strongly recommend you to change the system password for security reason Click on Save to store what you just sele
28. remote gateway It will be used to de hash the coming packet and check its integrity The value of remote SPI should be set in hex formatted Encryption algorithm There are two algorithms can be selected 3DES and DES But when the encapsulation protocol is AH encryption algorithm is unnecessarily set Encryption key Encryption key is used by the encryption algorithm Its length is 8 bytes if encryption algorithm is DES or 24 bytes if 3DES The key value should be set in hex formatted Authentication algorithm There are two algorithms can be selected SHA1 and MD5 But none also can be selected here for non hashing operation Authentication key Authentication key is used by the authentication algorithm Its length is 16 bytes if authentication algorithm is MD5 or 20 bytes if SHA1 Certainly its length will be 0 if no authentication algorithm is chosen The key value should be set in hex formatted Click on Save to store what you just select or Undo to give up 53 VPN Settings IPsec XAuth You can edit user information with this configuration page This user information is for XAuth server mode use only NEGER Packet Filters Domain Fitters URL Blocking MAC Control VPH IPSEC VPH L2TP Client VPH L2TP Server VPH PPTP Client VPH PPTP Server Miscellaneous BASIC SETTING Roteador 3G VPN Pro NEGER R1 01a2_0112 MAIN MENL Status Wizard Logout 2 FORWARDING
29. 9 3 2 3 Security Setting NEGER fl lt e 1e com Packet Filters Allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP address ofthe source and destination Domain Filters Let you prevent users under this device from accessing specific Domani names URL Blocking Let you prevent users under this device from accessing specific URL strings MAC Address Control MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address VPN VPN Settings are used to create virtual private tunnels to remote VPN gateways VPN L2TP Client gt n order to create virtual private connection via tunneling to remote VPN L2TP servers VPN L2TP Server Provide virtual private connection via tunneling from remote VPN L2TP clients VPN PPTP Client n order to create virtual private connection via tunneling to remote VPN PPTP servers VPN PPTP Server Provide virtual private connection via tunneling from remote VPN PPTP clients Miscellaneous Remote Administrator Host In general only Intranet user can browse the built in web pages to perform administration task This feature enables you to perform administration task from remote host Administrator Time out The amount of time of inactivity before the device will automatically close th
30. Class B The specification is subject to change without notice NEGER Telecom Table of Contents FCC Interference Statement 0 000 cc ccccsccccesssseeceessseeceeesseeeeeeeseeeeeesaeeeens 2 1 MOGUCU IN NG 4 1 1 Package CornentS ee YF COCO Cd Uo 4 1 2 System Requirements for Configuration uuuuuuuuuuuuu 4 1 3 Interfaces the Rear View rrrnrrnnnrnonnnnrnnrrnonnnnrrnernrnnnnnnnnnnnnnnnnnnnnnn 4 1 4 LEDs the Front View 0 000000 ccc LL LLI LL III LIII LL HFnon 6 1 5 FAG 1 YNN E NF AR NEN 7 2 Configuring NEGER VPN Pro 3G Router rrrrrrrrnnnnnrnrnnnrnrrennnrrnrernnnnnnnnnnnnnne 8 2 1 Installation Considerations srrrrrrronrrrrornnrrrrnronnvrrrrrrnvrrnrnrnnnnnnnnnn 8 2 1 1 Installation Instructions Get Start Networking 8 2 1 2 Establish WiFi Connection rrrrrrrrrnnrnnnonsnnnrnnrernnrnnrnrnnnrnnnennnnnennn 11 3 Using the Configuration Menu eeeeeuuuuuuuu uu err LII III III II IFI 12 3 1 Wizard Seng 13 3 2 Administrator s Main Menu rrrrnrrrnrrrornnnrrrnrrrrennnnrnrrrrrnnnnrnensnnnnnr 22 4 TroubleShooting ccc cccesccccesesceeceeeseeeeessseeeeesesseeeesesseeeeeseesseeeeseeeas 80 5 Technical Specifications uuuuuuuuuuuuusuuu uii uei LL I LIII III III LL 82 6 Company Profil amp euuuuueuuuu uir eL LL LYN sees vunne ov cee cessseecesseeeecns 84 NEGER Tele
31. OX JJ Wireless Settings HELP j EN gt Change Password gt WMM Capable Enable Disable Wireless settings allow you to set the wireless configuration items l Wireless Enable is the default Selecting this option will allow you to set your Wireless Access Point WAP settings WMM Capable Disable is the default WMM Quality of Service is a set of features for Wi Fi networks that improve the user experience for audio video and voice applications by prioritizing data traffic SSID Service Set Identifier SSID is the name designated for a specific wireless local area network WLAN The SSID s factory default setting is default The SSID can be easily changed to establish a new wireless network Note SSID names may contain up to 32 ASCII characters Channel Auto is the default Devices on the network must share the same channel Note Wireless adapters automatically scan and match the wireless settings You may also select the channel you wish to use Security You may select from several security types to use None WEP 802 1X WPA PSK WPA WPA2PSK WPA2 None No Wi Fi security settings are on the device WEP When you enable the 128 or 64 bit WEP key security please select one WEP key to be used and input 26 or 10 hexadecimal 0 1 2 8 9 A B F digits 802 1X Check Box was used to switch the function of the 802 1X When the 802 1X function is enabled the Wireless user must authe
32. RULES 4 SECURITY SETTING 3 ADVANCED SETTING nr a y TOOLBOX IPsec XAUTH Server side setting EC AC A A 1 Ll 1 ee eee wl C Pj JE om sl N EB UD ee HD eee i A aOI a oe ee ee en en es 1 JB No change 54 VPN Settings VPN Dynamic IP Setting Roteador 3G VPN Pro NEGER R1 01a2_0112 s BASIC SETTING s FORWARDING RULES SECURITY SETTING ADVANCED SETTING si TOOLBOX Packet Filters VPN Dynamic IP Setting Domain Filters URL Blocking gt Tunnel Name MAC Control Local Subnet VPH IPSEC gt Local Netmask 255 255 255 0 i VPH L2TP Client gt Life Time second VPH L2TP Server p E lt Encapsulation Protocol VPH PPTP Client pfs VPH PPTP Server gt pfs group Miscellaneous gt Preshare Key gt remote ID optional local ID None Server XAUTH gt Set IKE Proposal C Enable of Ta Tu Ga n Te emcee man aae C oe TwW n 13 n No change Gene Bi VPN gateway can ignore IP information of client when using Dynamic VPN so it is suitable for users to build VPN tunnel with VPN gateway from remote mobile host Tunnel name Indicate which tunnel that is focused now Local subnet The subnet of LAN site of local VPN gateway It can be a host a partial subnet and the whole subnet of LAN site of local ga
33. S This feature allows you to assign a Primary DNS Server Optional Secondary DNS This feature allows you to assign a Secondary DNS Server Optional Maximum Idle Time The Connection will be broken when the idle time arrives Auto reconnect The device will link up with ISP when the clients send outgoing packets AU BONO 3 2 1 2 Virtual Computers Only for Static and dynamic IP address Wan type Virtual Computers T I mel I 0 I ml I n G I wen 0 I mel I n ll 192 168 123 EE Virtual Computer enables you to use the original NAT feature and allows you to setup the one to one mapping of multiple global IP address and local IP address 27 NEGER Telecom Global IP Enter the global IP address assigned by your ISP Local IP Enter the local IP address of your LAN PC corresponding to the global IP address Enable Check this item to enable the Virtual Computer feature 28 NEGER Telecom 3 2 1 3 DHCP Server Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR s MAIN MENU Status H Wizard Logout BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX PS Primary Setup ad DICE SC HELP DHCP Server Setting senn DHCP Server O Disable Enable Change Password t Lease Time 1440 Minutes P Pool Starting Address IP Pool Ending Address t Domain Mame t Primary DNS t Secondary ONS t Primary WINS Serve
34. TTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX J 3 Miscellaneous tems Packet Filters Domain Fitters URL Blocking t Remote Administrator IP Address 0 0 0 0 MAC Control t Remote Administrator Host Mame VPH IPSEC t Remote Administrator Port WPH L2TP Client Administrator Time out A VPH L2TP Server Discard PING from WAN side VPH PPTP Client Disable LlPnP VPH PPTP Server Keep WAN in stealth mode Miscellaneous Save Undo 1 Remote Administrator IP Host Port In general only Intranet user can browse the built in web pages to perform administration task This feature enables you to perform administration task from remote host If this feature is enabled only the specified IP address can perform remote administration If the specified IP address is 0 0 0 0 any host can connect to this product to perform administration task You can use subnet mask bits nn notation to specified a group of trusted IP addresses For example 10 1 2 0 24 NOTE When Remote Administration is enabled the web server port will be shifted to 88 You can change web server port to other port too 2 Administrator Time out The time of no activity to logout automatically you may set it to zero to disable this feature 3 Discard PING from WAN side When this feature is enabled any host on the WAN cannot ping this product 4 Disable UPNP The device can disable UPNP functio
35. an application work try setting your computer as the DMZ host instead 1 Trigger the outbound port number issued by the application 2 Incoming Ports when the trigger packet is detected the inbound packets sent to the specified port numbers are allowed to pass through the firewall This product provides some predefined settings 1 Select your application and 2 Click Copy to to add the predefined setting to your list Note At any given time only one PC can use each Special Application tunnel Click on Save to store what you just select or Undo to give up 38 NEGER Telecom 3 2 2 3 Miscellaneous NEGER Telecom ADMINISTRATOR s MAIN MENU Status gt Wizard gt Logout Roteador 3G VPN Pro NEGER R1 01a2_0112 BASIC SETTING FORWARDING RULES I SECURITY SETTING ADVANCED SETTING si TOOLBOX PPTP Passthrough 1 IP Address of DMZ Host DMZ Demilitarized Zone Host is a host without the protection of firewall It allows a computer to be exposed to unrestricted 2 way communication for Internet games Video conferencing Internet telephony and other special applications 2 IPSec PPTP Passthrough The device also supports IPSec PPTP Pass through Once VPN pass through is enabled multiple VPN connections can be made through the device This is useful when you have many VPN clients on the LAN Click on Save to store what you just select or Undo to give up 3
36. anel of the NEGER VPN Pro 3G Router The step is option if you have inserted 3G modem see Picture 2 3 LANS LANA Picture 2 3 option Note The NEGER VPN Pro 3G Router Wired WAN Port is Auto MDVMMDIX This provides patch Ethernet cable Wired WAN Port access 4 Insert the Ethernet patch cable into LAN Port on the back panel of the NEGER VPN Pro 3G Router and an available Ethernet port on the network adapter in the computer you will use to configure the unit see Picture 2 4 1 y i y WAN LAN4 LAN 2 LAN 3 LANA j Picture 2 4 Note The Wireless WAN Mobile Broadband Router LAN Port is Auto MDVMDIX This provides patch Ethernet cable LAN Port access 5 Connect the power adapter to the receptor on the back panel of your Wireless WAN Mobile Broadband Router Then plug the other end of the power adapter into a wall outlet or power strip Picture 2 5 LAN 1 LAN 2 LAN 3 LAN 4 Picture 2 5 6 The LEDs See Picture 2 0 a The LEDs will turn ON to indicate power has been applied b The Status LED will flash ON and OFF as the NEGER VPN Pro 3G Router performs initialization and Internet connection processes This will take a few minutes 10 2 1 2 NEGER Telecom edy PC card 8 B Eu IIG HSPA VPN Broadband Gateway g Picture 2 6 Establish WiFi Connection If you selected either WEP or WPA PSK encryption ensure these settings match your WiFi adapter settings W
37. anwhile Hosts in both ends of the tunnel must support this mode so as to establish the tunnel properly Pre shared key The first key that supports IKE mechanism of both VPN gateways for negotiating further security keys The pre shared key must be same for both end gateways Remote ID The Type and the Value are must same as the Type and the Value of the Local ID of the remote VPN gateway Local ID The Type and the Value are must same as the Type and the Value of the Remote ID of the remote VPN gateway IKE Keep Alive Ping IP Address Input the IP address of remote host that exist in the opposite side of the VPN tunnel Ex You can input the LAN IP address of remote VPN gateway The device will start to Ping remote host when there is no traffic within the VPN tunnel If the device can t get ICMP response from remote host anymore then it will terminate the VPN tunnel automatically 50 NEGER Telecom Extended Authentication xAuth With xAuth feature the VPN client or initiator needs to provide additional user information to remote VPN server or VPN gateway for extended authentication The VPN server would reject the connect request from VPN clients because of the unknown user even though the pre shared key is correct This function is suitable to remote mobile VPN clients You can not only configure a VPN rule with a pre shared key for all remote users using but you can also designate only someone is permitted to establish VPN co
38. apping A virtual server is defined as a Service Port and all requests to this port will be redirected to the computer specified by the Server IP Virtual Server can work with Scheduling Rules and give user more flexibility on Access control For Detail please refer to Scheduling Rule For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 then you need to specify the following virtual server mapping table 192 168 123 1 192 168 123 2 1723 192 168 123 6 Click on Save to store what you just select or Undo to give up 37 3 2 2 2 Special AP NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom ADMINISTRATOR S MAIN MENU gt Status gt Wizard gt Logout BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX 2 Special Applications HELP Virtual Server p pi gt Special AP Popular applications Copy to ip Trigger Incoming Ports Miscellaneous GELA i le e l il Des C 4 Des mn GN HS ml ht gt Some applications require multiple connections like Internet games Video conferencing Internet telephony etc Because of the firewall function these applications cannot work with a pure NAT router The Special Applications feature allows some of these applications to work with this product If the mechanism of Special Applications fails to make
39. cccceee New Password Reconfirm lt Back Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish You can change Password here It is recommended that you change the system password into the one you prefer to on the basis of security Key in your Old Password if it is the first initiation the admin will be the defaulted one Enter your New Password Enter your Password again for confirmation it must be the same as the New Password Then click on Next to get into next installation i fy Step 2 Select the WAN internet connection 3G card iBurst card or Wired Ethernet port NEGER Telecom Roteador 3G VPN Pro NEGER R1 01a2_0112 N MEN Status gt Wizai gt Logoul s BASIC SETTING FORWARDING RULES SECURITY SETTING ADVAHCED SETTING J TOOLBOX i 2 Setup Wizard Please select the type of WAN connection that you want to use EXIT 36 card O iBurstcard O WAN Ethernet port 15 Step 3 1 Select 3G WAN Type will be used for Internet connection NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom ADAIN be z sm ME y l BASIC SETTING s FORWARDING RULES I SECURITY SETTING ADVANCED SETTING si TOOLBOX l G Setup Wizard WAN Settings 3G Please enter the following information this will have been provided to you by your 3G broadband service provider gt LAN IP Address 192 168 123 254
40. ce in telecommunications NEGER Telecom expertise extends from the conception and development of wireless infrastructure to planning deployment and optimization of wireless systems Diagrama am ioco 19 2 2 2 4 6 6 10 12 14 16 108 20 2 0 2 4 G6 6 10 84 NEGER Telecom NEGER Telecom has rapidly established itself as an innovative company in providing advanced engineering implementations The company s broad focused on wireless telecommunications segments from equipment to turn key applications enables us to efficiently design and implement very efficient solutions NEGER Telecom engineering consulting projects have met with complete success and client satisfaction in many of our implementations in Brazil NEGER Telecom has designed wireless systems in main Brazilian cities for telecommunications operators and large companies Telefonica Fixed and Mobile Telecommunication Operator More than 2 000 Fixed Cellular Stations planned projected and installed since 1993 These stations were implemented using 800 MHz AMPS analog technologies 1993 1999 and 800 MHz CDMA digital platforms 1999 2006 in about 200 cities in Brazil S o Paulo state countryside for a rural fixed telephone service called Ruralcel including operation and maintenance outsourcing British Telecom Fixed and Mobile Telecommunication Operator lt More than 80 channels of Fixed Cellular Stations installed in sites in S o BT
41. com 1 Introduction The NEGER VPN Pro 3G Router is a high performance tool that supports wireless networking at home work or in a public place The NEGER VPN Pro 3G Router supports uses a USB 3G modem card either WCDMA or EVDO and even HSDPA as well and supports wireless data transfers up to 30Mbps and wired data transfers up to 100 Mbps The NEGER VPN Pro 3G Router is compatible with industry security features 1 1 Package Contents Importance Check your product package contents FIRST The NEGER VPN Pro 3G Router package should contain the items listed below If any of the items are missing please contact your reseller items Description Quantity 1 NEGERVPNPro3G Router 1 2 Ru 45Cable UserManual gt E __ 1 4 Me 5 External WiFi Antenna KE a rr i O IAIe O _ Caution Using a power supply with a different voltage rating than the one included with the NEGER VPN Pro 3G Router will cause damage and void the warranty for this product 1 2 System Requirements for Configuration A 3G SIM Card with service Note Subject to services and service terms available from your carrier Computers with Windows Macintosh or Linux based operating systems with an installed Ethernet adapter Internet Explorer version 6 0 or Netscape Navigator version 7 0 and above Wi Fi System Requirements An 802 11b 802 11g or 802 11n Adapter 1 3 Interfaces The Rear View NEGER Telecom Auto MDI MDIX
42. ct or Undo to give up 35 3 2 2 Forwarding Rules NEGER fi Telecom Virtual Server Allows others to access VWNW FTP and other services on your LAN Special Application This configuration allows some applications to connect and work with the NAT router Miscellaneous IP Address of DMZ Host Allows a computer to be exposed to unrestricted 2 way communication Note that this feature should be used only when needed 36 3 2 2 1 Virtual Server Roteador 3G VPN Pro NEGER R1 01a2_0112 Status Wizard BASIC SETTING FORWARDING RULES s SECURITY SETTING i ADVANCED SETTING TOOLBOX Y Virtual Server HELP Special AP Well known services gt select one w Copyto ip Use schedule rule ALYWWAYS ON w o ME O ea oana ML meet JO n 6 el mmm PET mmm JO Ajer 192 168 123 192 168 123 Miscellaneous i l i it A m n n n n n JUEL ajaja i s 192 168 123 192 168 123 JL HH 1321684123 o 192 168 123 o ul 192 168 123 5 192 168 123 pe i _ 192 168 123 i This product s NAT firewall filters out unrecognized packets to protect your Intranet so all hosts behind this product are invisible to the outside world If you wish you can make some of them accessible by enabling the Virtual Server M
43. e 1 255 default 3 z 1 Beacon Interval Beacons are packets sent by an Access Point to synchronize a wireless network Specify a Beacon interval value between 1 and 1000 The default value is set to 100 milliseconds 2 DTIM interval Enter a value between 1 and 65535 for the Delivery Traffic Indication Message DTIM A DTIM is a countdown informing clients of the next window for listening to broadcast and multicast messages When the Access Point has buffered broadcast or multicast messages for associated clients it sends the next DTIM with a DTIM Interval value AP clients hear the beacons and awaken to receive the broadcast and multicast messages The default value for DTIM interval is setto 3 3 Wireless mode Select wireless connection mode for wireless connection 4 TX Rates Select the basic transfer rates based on the speed of wireless adapters on the WLAN wireless local area network 5 SSID Broadcast Choose enable or disable the wireless SSID broadcast By turning off the broadcast of the SSID it is possible to make your wireless network nearly invisible 6 Speed Enhanced Mode This is Tx Burst function for Ralink wireless solution 7 Antenna Transmit Power Select the Transmit Power of the Antenna Click on Save to store what you just select or Undo to give up 76 3 2 5 Tool Box View the system logs Firmware Upgrade Prompt the administrator for a file and upgrade it to this dev
44. e Administrator session Set this to zero to disable it Discard PING from WAN side When this feature is enabled hosts on the WRAN cannot ping the Device 40 3 2 3 1 Packet Filters Roteador 3G VPN Pro NEGER R1 01a2_0112 gt Status gt Wizard BASIC SETTING FORWARDING RULES SECURITY SETTING s ADVANCED SETTING TOOLBOX Packet Filters Domain Filters URL Blocking Outbound Filter C Enable MAC Control Allow all to pass except those match the following rules Deny all to pass except those match the following rules VPH IPSEC Use schedule rule ALWAYS ON Copyto 1D VPH L2TP Client m Server Source IP Ports Destination IP Ports Enable Schedule Rulez VPH PPTP Client o VPILPPTP Server 5 iB wT Miscellaneous Hf j i ih be i Hd ee ET Next page Inbound Filter MAC Level Packet Filter includes both outbound filter and inbound filter And they have same way to setting Packet Filter enables you to control what packets are allowed to pass the router Outbound filter applies on all outbound packets However inbound filter applies on packets that destined to Virtual Servers or DMZ host only You can select one of the two filtering policies 1 Allow all to pass except those match the specified rules 2 Deny all to pass except those match the specified rules
45. hat the settings on your NIC adapter are Enabled and set to accept an IP address from the DHCP If settings appear to be correct ensure that you are not using a crossover Ethernet cable Although the NEGER VPN Pro 3G Router is MDI MDIX compatible not all NICs are Therefore it is recommended that you use a patch cable when possible 5 Technical Specifications 3G Access Standards IEEE 802 11b g IEEE 802 3 IEEE 802 3u Wireless Standard IEEE 802 11 B G 82 NEGER Telecom 54 48 36 24 18 12 9 and 6 Mbps per channel Auto Fall Back 3 4 2 462 GHz CCK OFDM modulation Tx Rx power 18dbm Per Cell Range Coverage indoors approx 35 100 meters outdoors up to 100 300 meters 1 11 for N America FCC 1 11 for Canada DOC of Channels 1 13 Europe Except Spain and France ETSI 1 14 Japan TELEC 64 bit and 128 bit WEP Encryption WPA encryption Detachable Antenna 1 8dBI IP Filtering Firewall NAT Network Address Translation with VPN Pass through MAC Filtering Class C One to Many Max 253 Users Virtual Server DMZ Host DHCP Server and Client Working Environment Switching 12V 2 0A 83 NEGER Telecom 6 Company Profile NEGER Telecom based in Campinas SP Brazil is an important provider of radio frequency RF planning and optimization engineering services to wireless service providers and final users Founded in 1987 by engineers and technicians with extensive field experien
46. heckbox to enable IPSec proposals The default value will be use if this option is disabled 56 NEGER Telecom Encryption algorithm There are two algorithms can be selected 3DES and DES But when the encapsulation protocol is AH encryption algorithm is unnecessarily set Authentication algorithm There are two algorithms can be selected SHA1 and MD5 But none also can be selected here for IPSec proposal Enable Check this checkbox to enable extended authentication with this rule Click on Save to store what you just select or Undo to give up 57 VPN L2TP Client Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR S MAIN MENU t Status t Wizard al BASIC SETTING FORWARDING RULES J SECURITY SETTING ADVANCED SETTING TOOLBOX J rli Packet Filters LATE Client Domain Fitters H WPN L2TP URL Blocking gt MAC Control Max number of tunnels for client VPILIPSEC 1D Tunnel Name Peer IP Domain VPH PPTP Client VPH PPTP Server Miscellaneous oY ee VPN L2TP Enables or Disables the L2TP client Max number of tunnels client Tunnel Name The name of Item Peer IP Domain The IP Domain of L2TP server is L2TP Account and Password the account and password your ISP assigned to you If you don t want to change the password keep it empty Action The status of this tunnel Enable Check to enable each rule Click on Save to store what you just selec
47. iFi and encryption settings must match for access to the NEGER VPN Pro 3G Router Configuration Menu and the Internet Please refer to your WiFi adapter documentation for additional information 11 NEGER Telecom 3 Using the Configuration Menu Once properly configured the NEGER VPN Pro 3G Router will obtain and assign IP address information automatically Configuration settings can be established through the NEGER VPN Pro 3G Router Configuration Menu You can access this interface by performing the steps listed below 1 Open a web browser 2 Type in the IP Address http 192 168 123 254 of the NEGER VPN Pro 3G Router Note If you have changed the default IP Address assigned to the NEGER VPN Pro 3G Router ensure you enter the correct IP Address now 3 Type admin in the Password 12 Roteador 3G VPN Pro NEGER R1 01a2_0112 SER s MAIN MEN Status J System Status HELP eae a sm ee e NI om ee Eu ee omme o gt gt om m me sem ER m ven 2 OO IU ef Bytes Received Network Name eee OT O eI EU mm me Uw gt gt vr 2 O ware G o o 0 0 2 Display time Tue Nov 30 00 12 13 1999 4 Click logon button 3 1 Wizard setting ab Press Wizard button for basic settings with simpler way Please check section 3 1 db Or you may click on Advanced Setup for advanced sett
48. ice Backup Setting Save the settings of this device to a file Reset to Default Reset the settings of this device to the default values Reboot Reboot this device 77 3 2 5 1 System Info NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 t Status k Wizard at BASIC SETTING FORWARDING RULES at SECURITY SETTING ADVANCED SETTING TOOLBOX Backup Setting WAN Type 3G R003 rr Display Time Tue Nov 30 02 16 14 1999 t Log Message System Lag Routing Table Miscellaneous aie J System Log System Info i MU Mov 30 00 00 14 syslogd syslogd started Mov 30 00 00 20 dhepd offer 192 168 123 51 to 0O06 00 94 83 04 42 Moy 30 00 00 36 offer 192 168 123 50 to 00 13 06 9f 0e 07 Moy 30 00 00 39 offer 192 168 123 50 to 00 13 06 9f De 07 Moy 30 00 00 41 offer 192 168 123 50 ta 00 13 06 9f 08 07 Nov 30 00 00 43 offer 192 168 123 50 to 00 13 06 9f De 07 Moy 30 00 00 45 offer 192 168 123 50 to 00 13 06 9f 0e 07 You can view the System Information and System log And clear the System log in this page 78 NEGER Telecom 3 2 5 2 Firmware Upgrade You can upgrade firmware by clicking Upgrade button 3 2 5 3 Backup Setting You can backup your settings by clicking the Backup Setting button and save it as a bin file Once you want to restore these settings please reference the Section 3 2 5 2 Firmware Upgrade 3 2 5 4 Reset to Default You can al
49. ings Please check the section Administrator s Main Menu _ each item from section 3 2 13 db Roteador 3G VPN Pro NEGER R1 01a2_0112 J Please Select the Operations Wizard Advanced Setup This screen reminds you to configure until the Wizard is finished Click on Enter button to get start With wizard setting steps you could configure the router in a very simple way This configuration wizard includes settings of a Login Password b WAN Setup c Wireless Setup d VPN Setup Press Next button to start configuration NEGER Telecom Roteador 3G VPN Pro NEGER R1 01a2_0112 BASIC SETTING s FORWARDING RULES s SECURITY SETTING ADVANCED SETTING si TOOLBOX Setup Wizard EXIT Setup Wizard will guide you through a basic configuration procedure step by step Step 1 Setup Login Password Step 2 WAN Setup Step 3 Wireless Setup gt Step 4 VPN Setup Step 5 Summary Step 6 Finish Start gt Password gt WAN gt Wireless gt VPN gt Summary gt Finish 14 NEGER Telecom Step 1 Allow you to change the system password NEGER Telecom ADMINIS TRE OR WAIN MEN Status gt Wizar gt Logou Roteador 3G VPN Pro NEGER R1 01a2_0112 BASIC SETTING FORWARDING RULES J SECURITY SETTING ADVANCED SETTING TOOLBOX 2 Setup Wizard Setup Login Password EXIT gt Old Password fpoccc
50. ion keep dropping You may try following steps to solve Antenna Orientation 1 Try different antenna orientations for the NEGER VPN Pro 3G Router 2 Try to keep the antenna at least 6 inches away from the wall or other objects e Try changing the channel on the NEGER VPN Pro 3G Router and your Access Point anc Wireless adapter to a different channel to avoid interference Keep your product away at least 3 6 feet from electrical devices that generate RF noise like microwaves monitors electric motors etc 4 Why am unable to achieve a wireless connection Note An Ethernet connection is required to troubleshoot the NEGER VPN Pro 3G Router If you have enabled Encryption on the NEGER VPN Pro 3G Router you must also enable encryption on all wireless clients in order to establish a wireless connection For 802 11g the encryption settings are 64 or 128 bit Ensure that the encryption bit level is the same for both the NEGER VPN Pro 3G Router and your Wireless Client Ensure that the SSID Service Set Identifier on the NEGER VPN Pro 3G Router and the Wireless Client are exactly the same If they are not your wireless connection will not be established Move the NEGER VPN Pro 3G Router and the wireless client into the same room and then test the wireless connection e Disable all security settings such as WEP and MAC Address Control e Turn off the NEGER VPN Pro 3G Router and the client Turn the NEGER VPN Pro 3G Router back
51. ked can connect to this device and allow unspecified MAC addresses to connect LJAssociation control Wireless clients with A checked can associate to the wireless LAN and deny vi unspecified MAC addresses to associate DHCP clients select one v Copyto ip ae anes en PT E mel mwn mm mh 192168123 m o o 192168123 Ger oo wel Ged 0 0 1 VI MAC Address Control allows you to assign different access right for different users and to assign a specific IP address to a certain MAC address MAC Address Control Check Enable to enable the MAC Address Control All of the settings in this page will take effect only when Enable is checked Connection control Check Connection control to enable the controlling of which wired and wireless clients can connect to this device If a client is denied to connect to this device it means the client can t access to the Internet either Choose allow or deny to allow or deny the clients whose MAC addresses are not in the Control table please see below to connect to this device Association control Check Association control to enable the controlling of which wireless client can associate to the wireless LAN If a client is denied to associate to the wireless LAN it means the client can t send or receive any data via this device Choose allow or deny to allow or deny the c
52. lients whose MAC addresses are not in the Control table to associate to the wireless LAN Click on Save to store what you just select or Undo to give up Click on Next Page to go down or Previous page back to last page 46 3 2 3 5 VPN IPSEC Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR s MAIN MENU Status Wizard BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING i TOOLBOX Packet filtere 3J IPSEC Settings HELP inc VPN IPSEC Enable Embedded Passthrough URL Blocking MAC Control VPH IPSEC gt Netbios over IPSEC C Enable VPH L2TP Client VPH L2TP Server R i VPH PPTP Client EU Y O Y VPH PPTP Server Miscellaneous venDmamieleseting More CIA IAR AD YA men mes me o pE we n More e en More New page Undo XAUTH account VPN Settings are settings that are used to create virtual private tunnels to remote VPN gateways The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms VPN IPSEC VPN protects network information from ill network inspectors But it greatly degrades network throughput Enable it when you really need a security tunnel It is disabled for default There are two options E
53. llular stations installed in oil processing centers in remote areas sj of the interior and coast of S o Paulo state Data transmitting and backup communication for the main critical satellite data network using se analog AMPS and digital CDMA technologies 86 NEGER Telecom NET Cable TV Operator More than 60 channels of Fixed Cellular Stations installed in sites in Americana Santo Andr and Manaus integrating a Least Cost Routing O MUNDO DOS NETS Service using 800 MHz digital CDMA 800 MHz digital TDMA and 1800 MHz digital GSM technologies Unicamp State University of Campinas More than 30 channels of Fixed Cellular Stations installed in Funcamp gt administrative center and Hospital area integrating a Least Cost GNICAIAP Routing Service using 800 MHz digital CDMA 800 MHz digital TDMA and 1800 MHz digital GSM technologies S Radio Frequency Engineering Wireless networks never operate well by chance Careful planning and optimizing are critical to ensure that a wireless network performs as well as possible The main objective is providing service that has the highest level of station accessibility and call retainabillity The success of the service provider and manufacturer is based on how satisfied the end user is with the level of service that is received In order to provide an optimum level of service the wireless network must continue to be improved requiring an ever evolving process of implementatio
54. mbedded VPN service or just Passthrough Netbios over IPSEC Computers running Microsoft Windows can communicate with one another using NetBIOS Users can access remote network resources by browsing the Window Network Neighborhood SSDP over IPSEC Computers running Microsoft Windows can communicate with one another using SSDP on the remote IPSEC network Max number of tunnels item Since VPN greatly degrades network throughput the allowable maximum number of tunnels is limited Be careful to set the value for allowing the number of tunnels can be created simultaneously Its value ranges from 1 to 5 AM NEGER Telecom Dynamic VPN settings Enable it when you need remote mobile hosts build security tunnel with the Gateway It is disabled for default Click More button to finish detailer configuration Tunnel name Indicate which tunnel that is focused now Method IPSec VPN supports two kinds of key obtained methods manual key and automatic key exchange Manual key approach indicates that two end VPN gateways setup authenticator and encryption key by system managers manually However IKE approach will perform automatic Internet key exchange System managers of both end gateways only need set the same pre shared key More To setup detailer configuration for manual key or IKE approaches by clicking the More button Click on Save to store what you just select or Undo to give up 48 VPN Settings IKE
55. n If your OS supports UPNP search function and you enable UPNP like Windows XP You can get Device IP by UPNP 5 Keep WAN in stealth mode If the port is not open the device just to ignore incoming connection attempts rather than rejecting them Click on Save to store what you just select or Undo to give up 65 NEGER Telecom 3 2 4 Advanced Setting System Log Send system log to a dedicated host or email to specific receipts Dynamic DNS To host your server on a changing IP address you have to use dynamic domain name service DDNS QoS Gives a user the capability to control network traffic with different priority SNMP Gives a userthe capability to remotely manage a computer network by polling and setting terminal values and monitoring network events Routing Ifyou have more than one routers and subnets you may want to enable routing table to allow packets to find proper routing path and allow different subnets to communicate with each other System Time Letyou set up the system time of this device through NTP PC s timer or manually Scheduling You can setthe scheduling rules here and select the rule number in Virtual Server and Packet Filter the functions will be active with your scheduling rules 66 3 2 4 1 System Log NEGER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom ADMINISTRATOR s MAIN MENU gt Status gt Wizard BASIC SETTING FORWARDING
56. n measurement and analysis That is the NEGER Telecom RF Engineering mission Maximize Network Performance at Minimal Cost shouak OM ANATEL OJ CREA SP nner 87 NEGER Telecom Our Contacts Name area Phone Extension E mail clovis cabreira neger com br eduardo belloti neger com br marco maraccini neger com br Mara Esa Adminisveive 55183254627 rogerio calsavara neger com br solange cavalheri neger com br thomaz albrecht neger com br walter fernandes neger com br wellington souza neger com br wellington souza neger com br 88
57. namic IP Address For example Use Static the private IP address subnet mask and Gateway are your ISP assigned to you 2 Server IP Address the IP address of the L2TP server 3 PPTP Account and Password the account and password your ISP assigned to you If you don t want to change the password keep it empty 4 Maximum Idle Time the time of no activity to disconnect your L2TP session Set it to zero or enable Always on to disable this feature If Always on is enabled this product will connect to ISP automatically after system is restarted or connection is dropped 5 Connect mode selection There are 2 modes to select Always on The device will link with ISP until the connection is established Connect on demand The device will link up with ISP when the clients send outgoing packets PPTP My Tunnel Name H Wy IF Address O Get IP from DHCP Server sy Use Static IP IP 0 0 0 0 j Metmask 255 255 255 0 Gateway 0 000 Maximum Idle Time 300 seconds t Connect mode selection O Always nn Connecton demand de First please check your ISP assigned and Select Static IP Address or Dynamic IP Address For example Use Static the private IP address subnet mask and Gateway are your ISP 25 assigned to you 2 Server IP Address the IP address of the PPTP server 3 PPTP Account and Password the account and password your ISP assigned to you If you don t want to change the password keep it
58. nnection with VPN server xAuth None Without Extended Authentication xAuth xAuth Server mode Check this checkbox if the device behaves as a VPN server and will verify the legality of user information from VPN client The user information that is provided by VPN client needs to match to user information that is in local user database of VPN server You can press Set local user button to edit local user database Please note that only VPN clients with xAuth can establish VPN connection with the device if you have checked this checkbox xAuth Client mode Check this checkbox if the device behaves as a VPN server and will send user information to remote VPN server for extended authentication You need to input correct user name and password to pass authentication Please note that remote VPN server which is without xAuth will reject your connect reguest if you have checkedthis checkbox xAuth User Name Input user name that is provided by remote VPN server This field is for xAUTH client mode use only xAuth Password Input password that is corresponded to the user name above This field is for xAUTH client mode use only IKE proposal setup Set IKE Proposal Check this checkbox to enable IKE proposals The default value will be use if this option is disabled DH group There are three groups can be selected group 1 MODP768 group 2 MODP1024 group 5 MODP1536 Encryption algorithm There are two algorithms can be selected 3DES
59. nsure that the Ethernet LED on the NEGER VPN Pro 3G Router is ON If the LED is NOT ON check to see if the cable for the Ethernet connection is securely inserted Note Ensure that the IP Address is in the same range and subnet as the NEGER VPN Pro 3G Router The IP Address of the NEGER VPN Pro 3G Router is 192 168 123 254 All the computers on the network must have a unique IP Address within the same range e g 192 168 123 x Any computers that have identical IP Addresses will not be visible on the network All computers must also have the same subnet mask e g 255 255 255 0 Do a Ping test to make sure that the NEGER VPN Pro 3G Router is responding Go to Start gt Run 1 Type cmd 2 Press Enter 3 Type ping 192 168 123 254 A successful ping shows four replies Note If you have changed the default IP Address ensure you ping the correct IP Address assigned to the NEGER VPN Pro 3G Router Ensure that your Ethernet Adapter is working properly and that all network drivers are installed properly Note Network adapter names will vary depending on your specific adapter The installation steps listed below are applicable for all network adapters Go to Start gt My Computer gt Properties Select the Hardware Tab Click Device Manager Double click on Network Adapters Right click on Wireless Cardbus Adapter or your specific network adapter Select Properties to ensure that all drivers are installed pr
60. nticate to this router first to use the Network service 1 RADIUS Server IP IP address or the 802 1X server s domain name 2 RADIUS port The default port is 1812 3 RADIUS Shared Key Key value shared by the RADIUS server and this router This key 31 NEGER Telecom value is consistent with the key value in the RADIUS server WPA PSK 1 Select Encryption type TKIP or AES 2 Passphrase The length of pre share key is from 8 to 63 3 Fill in the key Ex 12345678 WPA Check Box was used to switch the function of the WPA When the WPA function is enabled the Wireless user must authenticate to this router first to use the Network service RADIUS Server 1 IP address or the 802 1X server s domain name 2 Select Encryption and key in RADIUS Server IP Port Shared Key 3 Key value shared by the RADIUS server and this router This key value is consistent with the key value in the RADIUS server WPA2 PSK 1 Select Encryption type TKIP or AES 2 Passphrase The length of pre share key is from 8 to 63 3 Fill in the key Ex 12345678 WPA2 Check Box was used to switch the function of the WPA2 When the WPA2 function is enabled the Wireless user must authenticate to this router first to use the Network service RADIUS Server 1 IP address or the 802 1X server s domain name 2 Select Encryption and key in RADIUS Server IP Port Shared Key 3 Key value shared by the RADIUS server and this router This key value
61. ome ISPs for example Home MTU Maximum Transmission Unit Most ISP offers MTU value to users The most common MTU value is 1492 3 Auto reconnect this feature enables this product to renew your IP address automatically when the lease time is expiring even when the system is idle Dynamic IP Address with Road Runner sm E 1 Account and Password the account and password your ISP assigned to you PPP over Ethernet PPPoE Account and Password the account and password your ISP assigned to you For security this field appears blank If you don t want to change the password leave it empty 2 Maximum Transmission Unit MTU Most ISP offers MTU value to users The most common MTU value is 1492 3 Maximum Idle Time the amount of time of inactivity before disconnecting your PPPoE 24 NEGER Telecom session Set it to zero or enable Auto reconnect to disable this feature 4 Auto Reconnect Always on The device will link with ISP until the connection is established 5 PPPoE Service Name optional Input the service name if your ISP requires it Otherwise leave it blank L2TP Server IF Address H WMylP Address Get IP from DHCP Server s gt Use Static IP IP 0000 Metmask 255 255 2550 Gateway o000 t Maximum Idle Time 300 seconds t Connect mode selection Always on Connecton demand 1 First please check your ISP assigned and Select Static IP Address or Dy
62. on again and then turn on the client Ensure that all devices are set to Infrastructure mode Ensure that the LED indicators are indicating normal activity If not ensure that the AC power and Ethernet cables are firmly connected Ensure that the IP Address subnet mask gateway and DNS settings are correctly entered for the network If you are using 2 4GHz cordless phones X 10 eguipment or other home security systems ceiling fans or lights your wireless connection may degrade dramatically or drop altogether To avoid interference change the Channel on the NEGER VPN Pro 3G Router and all devices in your network Keep your product at least 3 6 feet away from electrical devices that generate RF noise Examples include microwaves monitors electric motors and so forth 5 just do not remember my encryption key What should I do 81 NEGER Telecom If you forgot your encryption key the WiFi card will be unable to establish a proper connection If an encryption key setting has been set for the NEGER VPN Pro 3G Router it must also be se for the WiFi card that will connect to the NEGER VPN Pro 3G Router To reset the encryption key s login to the NEGER VPN Pro 3G Router using a wired connection Please refer to Basic gt Wireless Security No Encryption on page 10 for additional information 7 How do I reset my NEGER VPN Pro 3G Router to its factory default settings If other troubleshooting method
63. operly Look under Device Status to see if the device is working properly Click OK CONN NB WN 2 Why my wireless client can NOT access the Internet Note Establish WiFi Connection As long as you select either WEP or WPA PSK encryption ensure encryption settings match your WiFi settings Please refer to your WiFi adapter documentation for additional information Ensure that the wireless client is associated and joined with the correct Access Point To check this connection follow the steps below 1 Right click on the Local Area Connection icon in the taskbar 2 Select View Available Wireless Networks in Wireless Configure The Connect to Wireless Network screen appears Ensure you have selected the correct available network 80 NEGER Telecom Ensure the IP Address assigned to the wireless adapter is within the same subnet as the Access Point and gateway The NEGER VPN Pro 3G Router has an IP Address of 192 168 123 254 Wireless adapters must have an IP Address in the same range e g 192 168 123 x Although the subnet mask must be the same for all the computers on the network no two devices may have the same IP Address Therefore each device must have a unique IP Address To check the IP Address assigned to the wireless adapter follow the steps below 1 Enter ipconfig all in command mode 2 Enter ping 192 168 123 254 to check if you can access the NEGER VPN Pro 3G Router 3 Why does my wireless connect
64. p M tog EJDiop M tog Drop M tog Drop M tog Drop CJLog Ol Crop U Log VPH LATP Client Domain Suffix WPH L2TP Server VPH PPTP Client VPH PFTP Server gt Miscellaneous a Mi al Mad moeth OD Hd Hede OD afl Hd Hede OD o Mad moes OD sg Mad mse OD o Hd Hele OD Hd Bee OD of Mad moes OD o MT Goets OD of gt ene gt Dome gt gt fall others Let you prevent users under this device from accessing specific URLs 1 Domain Filter Enable Check if you want to enable Domain Filter 2 Log DNS Query Check if you want to log the action when someone accesses the specific URLs 3 Privilege IP Address Range Setting a group of hosts and privilege these hosts to access network without restriction 4 Domain Suffix A suffix of URL can be restricted for example com xxx com 5 Action When someone is accessing the URL met the domain suffix what kind of action you want Check drop to block the access Check log to log these access 6 Enable Check to enable each rule 43 NEGER Telecom Click on Save to store what you just select or Undo to give up 44 3 2 3 3 URL Blocking Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR s MAIN MENU H Status H Wizard H Logout BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX Se eee anes 2 Http URL Blocking HELP URL Blocking URL
65. r t Secnndan WINS Server t Gateway MU optional Press More gt gt 1 DHCP Server Choose either Disable or Enable 2 Lease Time DHCP lease time to the DHCP client 3 IP Pool Starting Ending Address Whenever there is a request the DHCP server will automatically allocate an unused IP address from the IP address pool to the requesting computer You must specify the starting ending address of the IP address pool 4 Domain Name Optional this information will be passed to the client 5 Primary DNS Secondary DNS Optional This feature allows you to assign a DNS Servers 6 Primary WINS Secondary WINS Optional this feature allows you to assign a WINS Servers 7 Gateway Optional Gateway Address would be the IP address of an alternate Gateway This function enables you to assign another gateway to your PC when DHCP server offers an IP to your PC Fixed Mapping Reference the page MAC Address Control After you finish your selection then Click on Save to store what you just pick or click Undo to give up 29 DHCP Clients List The list of DHCP clients are show here NEGER Telecom 2 DHCP Clients List MAC Address ana ea 30 3 2 1 4 Wireless Settings N EG ER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom ADMINISTRATOR S MAIN MENU Status gt Wizard Primary Setup BASIC SETTING FORWARDING RULES i SECURITY SETTING ADVANCED SETTING TOOLB
66. s device locates 2 Set Date and Time manually Select if you want to Set Date and Time manually 3 Set Date and Time manually Select if you want to Set Date and Time manually 4 Daylight Saving Set up the daylight saving period Dayj1 M Second 0 0 59 Click on Save to store what you just select or Undo to give up 73 3 2 4 7 Scheduling Roteador 3G VPN Pro NEGER R1 01a2_0112 sl BASIC SETTING FORWARDING RULES si SECURITY SETTING 3 ADVANCED SETTING s TOOLBOX spate tog HELP Er EE C Enable ee Routing Qos System Time You can set the schedule time to decide which service will be turned on or off Select the Enable item Press Add New Rule You can write a rule name and set which day and what time to schedule from Start Time to End Time The following example configure ftp time as everyday 14 10 to 16 20 Click on Save to store what you just select 74 NEGER Telecom Schedule Rule Setting Every Day 75 3 2 4 8 Wireless Performance Settings N EG ER Roteador 3G VPN Pro NEGER R1 01a2_0112 Telecom J _ ADMINISTRATOR s MAIN MENU gt Status Wizard _ SECURITY SETTING ADVANCED SETTING TOOLBOX BASIC SETTING i FORWARDING RULES SPEER 3 Wireless Performance Settings HELP Dynamic DNS QoS msec range 1 1000 default 100 gt SNMP 3 rang
67. s have failed you may choose to Reset the NEGER VPN Pro 3G Router to its factory default settings To hard reset the NEGER VPN Pro 3G Router its factory default settings follow the steps listed below 1 Ensure the NEGER VPN Pro 3G Router is powered on 2 Locate the Reset button on the back of the NEGER VPN Pro 3G Router 3 Use a paper clip to press the Reset button 4 Hold for 10 seconds and then release 5 After the NEGER VPN Pro 3G Router reboots it is reset to the factory default settings Note Please note that this process will take a few minutes 8 What is VPN VPN stands for Virtual Private Networking VPNs create a tunnel through an existing Internet connection using PPTP Point to Point Tunneling Protocol or IPSec IP Security protocols with various encryption schemes including Microsoft Challenge Handshake Authentication Protocol MS CHAP This feature allows you to use your existing Internet connection to connect to a remote site with added security If your VPN connection is not functional verify that your VPN dial up configuration is correct Note This information should be provided to you from your VPN provider Pressing the Reset Button restores to its original factory default settings 9 What can I do if my Ethernet cable does not work properly First ensure that there is a solid cable connection between the Ethernet port on the Router and your NIC Network Interface Card Second ensure t
68. so reset this product to factory default by clicking the Reset to default button 3 2 5 5 Reboot You can also reboot this product by clicking the Reboot button 3 2 5 6 Miscellaneous Roteador 3G VPN Pro NEGER R1 01a2_0112 ADMINISTRATOR S MAIN MENU Status Wizard BASIC SETTING i FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX J Mi E a AO Miscellaneous Items HELP Item Backup Setting MAC Address for Wake on LAN 00 00 00 00 00 00 Wake up Reset to Default Domain Name or IP address for Ping Test Miscellaneous 1 MAC Address for Wake on LAN Wake on LAN is a technology that enables you to power up a networked device remotely In order to enjoy this feature the target device must be Wake on LAN enabled and you have to know the MAC address of this device say 00 11 22 33 44 55 Clicking Wake up button will make the router to send the wake up frame to the target device immediately 2 Domain Name or IP address for Ping Test You can key in URL or IP address and then click the Ping button for test 79 NEGER Telecom 4 Troubleshooting This section provides an overview of common issues and possible solutions for the installation and operation of the NEGER VPN Pro 3G Router 1 Unable to access the Configuration Menu when I use my computer to configure the route Why Note It is recommended that you use an Ethernet connection to configure the router E
69. ss To maximize your wireless range please follow these guidelines 1 Keep the number of walls and ceilings between the NEGER VPN Pro 3G Router and other network devices to a minimum Each wall or ceiling can reduce the NEGER VPN Pro 3G Router s range from 3 90 feet 1 30 meters Note The same considerations apply to your broadband EVDO connection 2 Keep your product aware from electrical devices such as microwaves air conditioners and televisions that emit large quantities of RFI Radio Frequency Interference 2 1 1 Installation Instructions Get Start Networking Connect the Wireless Router to Your Network Note DO NOT connect NEGER VPN Pro 3G Router to power before performing the installation steps below 1 Attach the antenna picture 2 1 Picture 2 1 a Remove the antenna from its plastic wrapper b Screw the antenna in a clockwise direction to the back panel of the unit c Once secured position the antenna upward at its connecting joint This will ensure optimal reception NEGER Telecom 2 Plug 3G Modem either USB or PC Card to the Gateway see Picture 2 2 PC CARD USB Picture 2 2 Note The NEGER VPN Pro 3G Router is designed to work with either UMTS or EV DO and even HSUPA 3G modem Please refer to your service provider for detailed feature information Reference the session 2 Using the Easy Setup Utility 3 Option Insert the Ethernet patch cable into Wired WAN port on the back p
70. ss from ISP automatically Dynamic IP Address Dynamic IP Address with Road Runner Session Management e g Telstra BigPond Some ISPs require the use of PPPoE to connectto their services PPP over Ethernet Some ISPs require the use of PPTP to connectto their services Some ISPs require the use of L2TP to connect to their services Pick up one of types you preferred to Click on Next button Step 4 Configure the LAN IP Address Host Name and WAN MAC Address NEGER Telecom J ADMINISTRATOR s MAIN MENU Roteador 3G VPN Pro NEGER R1 01a2_0112 gt Status gt Wizard FORWARDING RULES SECURITY SETTING ADVANCED SETTING s BASIC SETTING 3 Setup Wizard WAN Settings Dynamic IP Address EXIT gt LAN IP Address 192 168 123 254 s TOOLBOX gt Host Name ROUTER optional gt WAN S MAC Address 00 00 00 00 00 00 Clone MAC LAN is short for Local Area Network and is considered your internal network These are the IP settings of the LAN interface for the Wireless WAN Mobile Broadband Router and they may be referred to as Private settings You may change the LAN IP address if needed The LAN IP address is private to your internal network and cannot be seen on the Internet Note There are 254 addresses available on the Wireless WAN Mobile Broadband Router when using a 255 255 255 0 Class C subnet Example The router s IP address is 192 168 123 1
71. t or Undo to give up 58 NEGER Telecom 3 2 3 6 VPN L2TP Server NEGER Telecom DMINISTRATOR s MAIN MENU Status gt Wizard l gt Logout Roteador 3G VPN Pro NEGER R1 01a2_0112 BASIC SETTING FORWARDING RULES SECURITY SETTING ADVANCED SETTING TOOLBOX HELP Packet Filters l 1 Domain Filters URL Blocking VPN L2TP C Enable MAC Control gt Netbios over L2TP VPH IPSEC I L2TP Server Configuration VPH L2TP Client Te VPH L2TP Server Server Virtual IP ho 0 Ll1 VPH PPTP Client 10 0412 450 3 User Account Tunnel Name m J 3 Connection Status UserName PeerP Virtual IP Our Tunnel ID Our Call ID Operation No connection from remote The VPN gateway can behave as a L2TP server and allows remote hosts to access LAN servers after establishing L2TP connection with it The device can support three authentication methods PAP CHAP MSCHAP v1 and MSCHAP v2 Users can also enable MPPE encryption when using MSCHAP Server Virtual IP Check this checkbox to enable function of L2TP server 2 Virtual IP of L2TP Server The IP address of L2TP server This IP address should be different from IP address of PPTP server and LAN subnet of VPN gateway 3 Authentication Protocol Users can choose authentication protocol as PAP CHAP or
72. teway Local Netmask Local netmask combined with local subnet to form a subnet domain Life time The unit of life time is based on the value of Life Time Unit The value of unit is second 55 NEGER Telecom the value of life time represents the life time of dedicated VPN tunnel between both end gateways lis value ranges from 300 seconds to 172 800 seconds Encapsulation protocol There are two protocols can be selected ESP and AH pfs Configures perfect forward secrecy for connections created with this IPSec transport profile by assigning a Diffie Hellman prime modulus group pfs Group There are three groups can be selected None Group 1 Group 2 Group 5 None No pfs group Group 1 768 bit Diffie Hellman prime modulus group Group 2 1024 bit Diffie Hellman prime modulus group Group 5 1536 bit Diffie Hellman prime modulus group Preshared key The first key that supports IKE mechanism of both VPN gateway and VPN client host for negotiating further security keys The pre shared key must be same for both VPN gateways and clients Remote ID The Type and the Value are must same as the Type and the Value of the Local ID of the remote VPN gateway Local ID The Type and the Value are must same as the Type and the Value of the Remote ID of the remote VPN gateway Extended Authentication xAuth With xAuth feature the VPN client or initiator needs to provide additional user information to remote VPN server or VPN gateway
73. than 60 channels of Fixed Cellular Stations installed in S o Paulo ERICSSON z Rio de Janeiro Sao Jos dos Campos e Indaiatuba integrating a Least Cost Routing Service using 800 MHz digital CDMA and 1800 MHz digital GSM technologies IBM IT Services More than 60 channels of Fixed Cellular Stations installed in sites in S o lt Y Paulo Rio de Janeiro e Hortol ndia integrating a Least Cost Routing Service using 800 MHz digital CDMA and 800 MHz TDMA technologies GE Mabe Metallurgic Industry 12 channels of Fixed Cellular Stations installed in Campinas at Mabe plant integrating a Least Cost Routing Service using 800 MHz digital CDMA technology DHL Logistic and Courier Services More than 20 channels of Fixed Cellular Stations installed in Itupeva at DHL distribution center integrating a Least Cost Routing Service using 800 MHz digital CDMA and 800 MHz digital TDMA technologies Bosch Mechanical Industry More than 40 channels of Fixed Cellular Stations installed in Campinas BOSCH at two Robert Bosch plants integrating a Least Cost Routing Service i using 800 MHz digital CDMA 800 MHz digital TDMA and 1800 MHz digital GSM technologies Unilever Consumer Industry ei Fw More than 80 channels of Fixed Cellular Stations installed in sites in S o Paulo Indaiatuba and Vinhedo integrating a Least Cost Routing Service Urulever using 800 MHz digital CDMA technology Petrobras Oil Industry Fixed ce
74. up Tunnel name Indicate which tunnel that is focused now Local subnet The subnet of LAN site of local VPN gateway It can be a host a partial subnet and the whole subnet of LAN site of local gateway Local netmask Local netmask combined with local subnet to form a subnet domain Remote subnet The subnet of LAN site of remote VPN gateway it can be a host a partial subnet and the whole subnet of LAN site of remote gateway Remote netmas Remote netmask combined with remote subnet to form a subnet domain of remote end Remote gateway The IP address of remote VPN gateway Life time The unit of life time is based on the value of Life Time Unit The value of unit is second the value of life time represents the life time of dedicated VPN tunnel between both end gateways lis value ranges from 300 seconds to 172 800 seconds Encapsulation protocol There are two protocols can be selected ESP and AH pfs Configures perfect forward secrecy for connections created with this IPSec transport profile by assigning a Diffie Hellman prime modulus group pfs Group There are three groups can be selected None Group 1 Group 2 Group 5 None No pfs group Group 1 768 bit Diffie Hellman prime modulus group Group 2 1024 bit Diffie Hellman prime modulus group Group 5 1536 bit Diffie Hellman prime modulus group Aggressive Mode Enabling this mode will accelerate establishing tunnel but the devicewill suffer from less security in the me
Download Pdf Manuals
Related Search