XiNCOM XC-DPG603 User's Manual
Contents
1. WAN IP Account erify Password IP Address Host Name Optional Action Session IP Address Status Settings Advanced PPTP Select the desired Port and click the Select button The data for the selected Port will then be displayed in the WAN IP Account section User Name The PPTP user name login name assigned by your ISP e Password This field is associated with the User Name above This is assigned by your ISP and used to login to the PPTP Server Verify Password Re enter the PPTP password assigned by your ISP IP Address Enter the IP address of the PPTP Server This is provided by your ISP Static IP Address If you have a fixed IP address enter if here Otherwise this field should be left at 0 0 0 0 Use the Connect and Disconnect buttons to establish or terminate a connection on this session This displays the current connection status 20 XC DIPG6O0O3 Twin WAN DNS 6 IP VPN Gateway Chapter Contents e Host IP Setup e Virtual Server e Custom Virtual Server e Special Applications e Dynamic DNS e Multi DMZ e Advanced Features e UPnP Chapter 4 Advanced Setup Overview The following advanced features are provided O Host IP Setup O Virtual Server O Custom Virtual Server O Special Applications O Dynamic DNS O Multi DMZ O Advanced Features O UPnP This chapter contains details o2. TWIN WAN DNS GIP VPN GATEWAY User Guide CUTTING EDGE INNOVATIONS Model XC DPG603 XC DIPG6O0O3 Twin WAN DNS 6 IP VPN Gateway Table of Contents introduction Physical Details Features Configuring your LAN 10 Connecting Broadband Modems 12 Configuring for Interent Access 13 Configuring your LAN PCs 14 Port Options 17 Load Balance 18 Advanced PPPoE 19 Advanced PP TP 20 Host IP Setup 22 Virtual Server 23 Custom Virtual Server 24 Special Applications 25 Dynamic DNS 26 Multi DMZ 27 UPnP 27 Advanced Features 28 Block URL 31 Access Filter 31 Session Limit 32 Firewall Exception 32 Table of Contents IPSec Global Setting 35 Policy Setup 36 Domain Name Server Configuration 40 Map Host URL 42 SNMP 43 Email Alert 43 Syslog 44 Upgrade Firmware 45 System Status 47 Restore Factory Defaults 48 WAN Status 48 LAN Status 48 Existing DHCP Server 49 Static Routing 50 Appendix A 52 Appendix B 53 Appendix C 56 XC DIPG60O3 Twin WAN DNS 6S IP VPN Gateway Chapter Contents e Introduction e Features e Physical Details Chapter 1 Introduction The XINCOM XC DPG603 is a revolutionary DNS to IP VPN Gateway that provides advanced networking services most commonly found in enterprise class infrastructures at a fraction of the cost XINCOM tailors these services with innovative features such as inbound outbound load balancing auto failover and a built in VPN endpoint The XC DPG
3. can t connect to the XC DPG603 to configure it check its settings If you cannot connect to it check the LAN and Check the following power connections O The XC DPG603 is properly installed LAN connections are OK and the device is powered ON O Ensure that your PC and the XC DPG603 are on the same network segment O If your PC is set to Obtain an IP Address automatically DHCP Client restart it lf the XC DPG603 is configured correctly check your Internet connection DSL Cable modem etc to see that it is working correctly Some applications do not run properly when using the XC DPG603 The XC DPG603 processes the data that passes through it and therefore it does not act as a transparent device O If your PC uses a Fixed Static IP address ensure that it is using an IP Address within the range 192 168 1 2 to 192 168 1 254 and thus compatible with the XC DPG603 s default IP Address of 192 168 1 1 O Use the Special Applications feature to allow the use of Internet applications which do not function correctly O Also the Network Mask should be set to 255 255 255 0 to match the XC DPG603 O In Windows you can check these settings by using Control Panel Network to check the Properties for the TCP IP protocol O If this does solve the problem you can use the DMZ function This should work with most applications but It is a security risk since the firewall is disabled for the DMZ PC e Only one 1
4. Figure 2 Admin Password Twin WAN Gateway MINcOoOm ARE OHS Admin Password 2 User Name admin Password Verify Password 10 Configuring the XC DPG603 for your LAN Figure 3 LAN amp DHCP Ensure these settings are suitable for your LAN LAN IP Configuration The default settings are suitable for many situations A Nex Bae DBR DROS e See the following table for details of each setting OEnable Disable 60 Minutes lient Default DNS DNS 1 192 168 1 1 DNS 2 192 168 1 1 DHCP IP Address Range Offered Range 192 168 1 2 192 168 1 100 X XXX XXX XXX XXX ree Entries 99 ARP Proxy Used only when LAN and WAN are on the same IP segment nternal LAN IP Range O Enable 0 0 0 0 0 0 0 0 X XXX XXX XXX XXX DHCP Client List Name Mac Address IP Address p Status Time Left Settings LAN amp DHCP This is the IP address for the XC DPG603 when seen from the local LAN Use the defualt value unless the address is already in use or your LAN is using a different IP addres range In the latter case enter an unused IP Address from within the range used by you LAN The default value 255 255 255 0 is standard for small class C networks For other networks use the Subnet Mask for the LAN segment to which the XC DPG603 is attached the same value as the PCs on that LAN segment DHCP Server Setup If Enabled the XC DPG603 will allocate IP Addresses to PCs DHCP clients on your LAN when they start up The defa
5. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures 52 Appendices Appendix B Windows TCP IP Setup TCP IP Settings If using the default XC DPG603 settings and the default Windows 95 98 ME 2000 TCP IP settings no changes need to be made O By default the XC DPG603 will act as a DHCP Server and automatically provide a suitable IP Address and related information to each PC when the PC boots O For all non Server versions of Windows the default TCP IP setting is to act as a DHCP client O If you wish to check your TCP IP settings the procedure is described in the following sections O If your LAN has a Router the LAN Administrator must re configure the Router itself Refer to Chapter 5 Advanced LAN Setup for details Checking TCP IP Settings Windows 9x ME 1 Select Control Panel Network You should see a screen like the following Network Ei ES Configuration Identification Access Control The following network components are installed 14 NetBEUI gt PCI Fast Ethernet Adapter fa NetBEIJI gt Dial Up Adapter y NetBEUI gt Dial Up Adapter 2 WPM Sunnat A TCP IP gt PC Fast Ethernet Adapter 3 TCR SIF gt Dial Up Adapter 3 TCP IF gt Dial Up Adapter 2 VPN Support File and printer sharing for Netware Networks 4 Add Remove Properties Figure A Network Configuration 2
6. PC can use this feature 56
7. The address order in the list will be the order in which these machines are used New gateway 192 168 0 Installed gateways 53 Appendices O On the DNS Configuration tab ensure Enable DNS is selected If the DNS Server Search Order list is empty enter the DNS address provided by your ISP in the 3 Select the TCP IP protocol for your network card fields beside the Add button then click Add 4 Click on the Properties button You should then see a screen like the following TCP IP Properties y p fie ka Internet Protocol TCP IP Properties Gateway WINS Configuration IP Address lt 7 i a General Bindings Advanced NetBIOS DNS Configuration C Disable DNS You can get IP settings assigned automatically if your network supports E this capability Otherwise you need to ask your network administrator for Enable DNS the appropriate IP settings Host Domain Obtain an IF address automatically C Use the following IP address DNS Server Search Order IP add address Subnet mask Default gateway F igu re D D N S Ta b Win do WS 9 5 9 8 Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server Alternate DNS server Checking TCP IP Settings Windows 2000 1 Select Control Panel Network and Dial up Connection 2 Right click the Local Area Connection icon and select Properties
8. See the following section for details 13 Configure PCs on your LAN Overview For each PC the following may need to be configured O TCP IP network settings O Internet Access configuration TCP IP Settings When using Windows 95 98 ME 2000 XP and the XC DPG603 s TCP IP default settings no changes need to be made Just start or reboot your PC O By default the XC DPG603 will act as a DHCP Server automatically providing a suitable IP Address and related information to each PC when the PC boots up O For all non Server versions of Windows the default TCP IP setting is to act as a DHCP client In Windows this is called Obtain an IP address automatically Just Start or restart your PC and it will obtain an IP address from the XC DPG603 O If using fixed IP addresses on your LAN or you wish to check your TCP IP settings refer to Appendix B Windows TCP IP Setup Internet Access To configure your PCs to use the XC DPG603 for Internet access follow this procedure For Windows 9x 2000 1 Select Start Menu gt Settings gt Control Panel gt Internet Options 2 Select the Connection tab and click the Setup button 3 Select want to set up my Internet connection manually or want to connect through a local area network LAN and click Next 4 If connect through a local area network LAN is selected ensure all of the boxes on the following Local area network Internet Configuration screen are unchecked 5
9. You should see a screen like the following Local Area Connection Properties HE Figure F TCP IP Properties Windows 2000 General Connect using 5 Ensure your TCP IP settings are correct SMC EZ Card 10 100 SMC1211Ts Using DHCP Components checked are used by this connector Bente ances To use DHCP select the radio button Obtain an IP Address automatically This is the 2 File and Printer Sharing for Microsoft Networks default Windows settings as Restart your PC to ensure it obtains an IP Address from the XC DPG603 Install Uninstall Properties Using a fixed IP Address Use the following IP Address Description i E O A A A Te If your PC is already configured check with your network administrator before making the Wide area network protocol that provides communication following changes across diverse interconnected networks i O Enter the IP address of the XC DPG603 in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the XC DPG603 O If the DNS Server fields are empty select Use the following DNS server addresses Figure E Network Configuration Windows 2000 Enter the DNS address or addresses provided by your ISP and then click OK Show icon in taskbar when connected 54 Appendices Checking TCP IP Settings Windows XP 1 Select Control Panel Network Connection 2 Right click the Local Area Connection and choose
10. address to be dynamic or static Status Displays the current status of the DHCP client either leased or reserved Time Left This displays the time left of the leased IP Address Connecting two broadband modems Procedure Figure 4 Installation Diagram for XC DPG603 1 Ensure the XC DPG603 and the DSL Cable modem are powered OFF O e Leave the modem or modems connected to their data line 2 Connect the Broadband modem s to the XC DPG603 If using only one 1 Broadband modem connect it to the WAN 1 port Broadband Modem Broadband Modem 3 Use standard LAN cables to connect PCs to the LAN ports on the XC DPG603 O Both 10BaseT and 100BaseT connections can be used simultaneously O Use a standard CAT 5 Ethernet cable to connect any port on the XC DPG603 to a standard port on another hub Any LAN port on the will automatically act as an Uplink port when required 4 Power Up O Power on the Cable or DSL modem s O Connect the supplied power adapter to the XC DPG603 and power up 5 Check the LEDs O The Power LED should be ON O The WAN Link LED should be ON when the corresponding WAN port is connected toa broadband modem O For each PC connected to the LAN ports the corresponding LAN LED either 10 or 100 should be ON Local Area Network 12 Configuring for Internet Access Figure 5 Primary Setup Screen Select Primary Setup from the menu aIMmecIon Mode E Shh O Disable O Back
11. edit an existing entry select it from this list and click the Select button The data for the selected application will then be displayed in the Special Application Configuration section Make any required changes and then click the Update button Special Application Configuration Use this to Enable or Disable the Special Application Enter a descriptive name to identify this Special Application Outgoing Protocol select the protocol used by this application when sending data to the remote server or PC Outgoing Port Range For data being sent enter the beginning and end of the range of port numbers used by the application server If the application uses a single port number enter the range in both fields Incoming Protocol Select the protocol used by this application when receiving data from the remote server or PC Incoming Port Range For data being recieved enter the beginning and end of the range of port numbers used by the application server If the application uses a single port number enter it in both fields Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry e Cancel Cancel any changes you have made since the last save operation Special Application List This shows details of all Special Applications which are currently defined Using a Special Application on your PC O Once the Special Applications scr
12. of new sessions for system exceed the maximum in the Sampling Time Any new sessions in the system will be dropped Default 65535 session sec If the number of new sessions for the host exceeds the maximum in the sampling time Any new session of the host will be dropped Default session sec If the number of dropped new sessions for the host exceeds the Maximum in the sampling time any new session of the host will be dropped for the pause time Within the pause time no new session of the suspended host could be served by system Default is 5 minutes Firewall Exception System Firewall Exception Rules The rules with which any received packets is complied the packets will not processed by Firewall or NAT module but to be processed directly by system protocol stack Settings Firewall Exception The check box can allow you enable or disable firewall exception You can select LAN WAN1 WAN2 or ALL interfaces to be process by the system protocol stack There are six protocols UDP TCP ICMP GRE ESP AH to choose from This allows packets to be directly processed by the system protocol stack Select foreign port number range directly process by system protocol stack Click the check box to enable Select device port number range directly process by system protocol stack Click the check box to enable 32 Chapter 6 QoS Configuration Overview The XC DPG603 provides QoS which supports the high quality of network servic
13. one broadband connection goes down all traffic is automatically re routed through the second broadband connection Stateful Packet Inspection SPI Firewall Protects your network using advanced SPI against malicious and DDoS attacks Advanced NAT features Access Filters DMZ DDNS Remote Management Dynamic or Static Routing Special Applications Virtual Servers SNMPv Access Filter Gain fine control over the Internet access and applications available to LAN users with a powerful URL Blocking Engine Five 5 user groups are available and each group can have different access rights Block URL Use this feature to block access to undesirable Web sites by LAN users You can even have different settings for different groups of PCs Features Other Features DHCP Server Support Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request The XC DPG603 can act as a DHCP Server for devices on your local LAN Multi Segment LAN Support LANs containing one or more segments are supported via the XC DPG603 s built in Static routing table ARP proxy The ARP proxy feature allows you to assign an external Internet IP address to the XC DPG603 s LAN port This allows Servers on your LAN to have external Internet IP addresses Easy Setup Use your favorite WEB browser for configuration Remote Management The XC DPG603 can be managed from any PC on your LAN If the Internet connection ex
14. they can be forwarded to the Internet This is done by configuring other Routers to use the XC DPG603 as the Default Route or Default Gateway as illustrated by the example below Configuration settings for the LAN shown with 2 routers and 3 LAN segments the XC DPG603 requires 2 entries as follows For the XC DPG603 Gateway s Routing Table 19216820 5 nt 0 192 108 12 LAN IP Rango Network Mask 255 255 255 0 1921681100 Segment 1 192 168 2 x LAN IP Range Bo 4 192 168 3 0 255 255 255 0 Standard Class C 192 168 1 100 Segment 2 192 168 3 x LAN IP Range 0 0 0 0 Network Mask 0000 12 1681 0 0 0 0 Network Mask 00 00 192 168 2 80 XC DIPG6G6O3 Twin WAN DNS IP VPN Gateway Chapter Contents e Appendix A Specifications e Appendix B Windows TCP IP Setup e Appendix C Troubleshooting Appendices Appendix A Specifications CTI per Dimensions zsm Memm Oom Network Interface 6 Ethernet 4 x 10 100BaseT RJ45 auto Switching Hub ports for LAN devices 2 x 10 100BaseT RJ45 for WAN 8 LAN 4 WAN 1 Status 1 Power External Power Adapter 5V1 5ADC FCC Statement This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation CE Marking Warning This is a Class A product
15. 2 LAN 15 System 192 168 10 1 Can Sa E ak 192 168 10 1 WAN E Manual 192 168 9 7 Dao Len sie ao 192 168 9 7 WAN 15 System Note If there is an entry or entries in the Routing table with an Index of zero 0 these are System entries You can not modify or delete these entries Settings Static Routing If adding a new entry skip this field To edit an existing entry select it from the list and click the Select button The screen will then update with the data for the selected entry If the Index is 0 this is a System entry which you can neither delete nor modify The network address of the remote LAN segment For standard class C LANs the network address is the first 3 fields of the Destination IP Address The 4th last field can be left at 0 The Network Mask for the remote LAN segment For class C networks the default mask is 255 255 255 0 The IP Address of the Gateway or Router which the XC DPG603 must use to communicate with the destination above NOT the router attached to the remote segment Select the correct interface usually LAN The WAN interface is only available if NAT Network Address Translation is disabled The number of hops routers to pass through to reach the remote LAN segment The shortest path will be used 50 Advanced LAN Configuration Configuring other Routers on you LAN All traffic for devices not on the local LAN must be forwarded to the XC DPG603 so that
16. 603 s primary features are full VPN Load Balancing with Automatic Failover and the Authorative DNS fucntion with Inbound Load Balancing The VPN capability will allow for two concurrent VPN tunnels that will load balance both inbound and outbound traffic requests Full redundancy is assured when establishing a VPN tunnel on each WAN port The authoritative DNS feature load balances inbound traffic requests to the respective IP address on a network infrastructure that hosts content on multiple servers High throughput of inbound and outbound requests are managed by dual WAN ports that utilize the combined bandwidth of two separate concurrent broadband connections including DSL Cable and or T1 Use TWO ISPs for expanded bandwidth and redundancy Using two separate ISPs provides redundant connectivity to the Internet In the event that one ISP goes down the XC DPG603 auto fails over to the other ISP service Redundancy to the Internet provides a truly uninterrupted connection for a business s customers while maintaining uptime and productivity for its employees Robust Security Features The XC DPG603 also features NAT a Stateful Packet Inspection SPI Firewall DHCP server Access Filters and a built in VPN endpoint to secure a business s network services The Quality of Service QoS feature schedules and directs a network s traffic to take advantage of available bandwidth The XC DPG603 UPnP support can dynamically open and close ports requi
17. Address automatically This is the default Windows settings Restart your PC to ensure it obtains an IP Address from the XC DPG603 Using a fixed IP Address Use the following IP Address If your PC is already configured check with your network administrator before making the following changes O Enter the IP address of the XC DPG603 in the Default gateway field and click OK Your LAN administrator can advise you of the IP Address they assigned to the XC DPG603 O Ifthe DNS Server fields are empty select Use the following DNS server addresses Enter the DNS address or addresses provided by your ISP and then click OK 55 Appendices Appendix C Troubleshooting Internet Access When enter a URL or IP address get a time out error Overview A number of things could be causing this Try the following troubleshooting steps This chapter covers some common problems that may be encountered s while using the XC DPG603 and some possible solutions to them If you Check if other PCs work If they do ensure that your PCs IP follow the suggested steps and the XC DPG603 still does not function settings are correct If using a Fixed Static IP Address check properly contact XINCOM for further advice the Network Mask Default gateway and DNS as well as the IP Address General Problems If the PCs are configured correctly but still not working check the XC DPG603 Ensure that it is connected and ON Connect to it and
18. Check the No option when prompted Do you want to set up an Internet mail account now 6 Click Finish to close the Internet Connection Wizard Setup is now completed For Windows XP Select Start Menu gt Control Panel gt Network and Internet Connections Select Set up or change your Internet Connection Select the Connection tab and click the Setup button Cancel the pop up Location Information screen Click Next on the New Connection Wizard screen Select Connect to the Internet and click Next Select Set up my connection manually and click Next Check Connect using a broadband connection that is always on and click Next CO oO N OO A WS N gt Click Finish to close the New Connection Wizard Setup is now completed Accessing AOL To access AOL America On Line through the XC DPG603 the AOL for Windows software must be configured to use TCP IP network access rather than a dial up connection The configuration process is as follows O Start the AOL for Windows communication software Ensure that it is Version 2 5 3 0 or later This procedure will not work with earlier versions O Click the Setup button O Select Create Location and change the location name from New Locality to XC DPG603 O Click Edit Location Select TCP IP for the Network field Leave the Phone Number blank O Click Save then OK Configuration is now complete O Before clicking Sign On always ensure t
19. DMZ feature either Enabled or Disabled Block URL Status of the Block URL feature either Enable or Disable Hardware ID The manufacturers ID for this particular device System UpTime The time since the system of a device was last re initialized CPU Usage The current usage percentage of CPU Memory Usage The current usage percentage of Memory Heap 4 Queue Refresh Update the data on screen Restart Restart reboot the XC DPG603 Restore Factory Defaults This will delete all existing settings and restore the factory default settings 47 Operation amp Status Restore Factory Defaults When the Restore Factory Defaults button on the Status screen above is clicked the following screen is displayed Reset To Factory Default Values To restore the factory default setting values you can click on the RESTORE button You have to be careful doing this it will erase all your setting previously and set to factory default values Restore Default Value If the Restore Default Value button on this screen is clicked e ALL of your settings will be erased e The default IP address password and ALL other settings will be restored to the factory default values e The DCHP server function will be enabled These changes may mean that the current connection is invalid and you will have to re connect to the XC DPG603 using its default IP address 192 168 1 1 WAN Status Th
20. ES y Internet security Association and Key Protocol Management ISAkmp is designed to metic a EE En imna negotiate establish modify and delete security associations and their attributes In Retry Counter E 4 ET particular it was assigned UDP port 500 by the IANA Retry Interval fo Seconds fo Seconds Maxtime to complete Phase 1 Bo Seconds ko Seconds Phase 1 DH Group Maxtime to complete Phase 2 fo Seconds Eo Seconds Use DH Group 1 768 bits DH Group 2 1024 bits Group 5 1536 bits to generate IPSec Count Per Second j i Spiers Phase 1 Encryption Method ES face There are three data encryption methods available DES 3DES and AES Submit Reset Phase 1 Authentication Method There are two authentication available MD5 and SHA1 Secure Hash Algorithm Phase 1 SA Life Time By default the Security Association lifetime is set at 28800 Sec Planning the VPN Consider these questions and setups when planning your VPN Maxtime to complete phase 1 The aim of phase 1 is to authenticate and establish a secure tunnel which will protect further IKE negotiation The maximum time default is 30 sec Ifthe remote end is a LAN network the two endpoint network must have different LAN IP address ranges If the remote endpoint is a single PC running a VPN client its destination Maxtime to complete phase 2 address must be a single IP address with subnet mask of 255 255 255 255 Maximum time to establish the IPSec SAs By default the ma
21. GATEWAY POWER mnNcom XC DPG6O3 O srarus LAN O O mmacr O O om loom Operation of the Front Panel LEDs is as follows System Power OFF No Power ON Normal Operation C POWER Status OFF Normal Operation O il ON Firmware not loaded or Hardware Error Blinking Data in out WAN LINK ACT ON Physical connection to the Broadband modem on WAN port 1 2 established A OFF No physical connection on WAN port 1 2 pny p O O 10M 100M O C ON Physical connection using 100BaseT on WAN port 1 2 established OFF 10BaseT connection or no connection on WAN port 1 2 LAN LINK ACT ON Physical connection or data in out LEN OFF No physical connection y E 3 Y O emeavacr 10M 100M O O O mmm ON The corresponding LAN port is using 100BaseT OFF 10BaseT connection on the corresponding LAN port or no connection Physical Details Front Panel Status and Error conditions Rear Panel DC5V WAN2 Reset LAN Ports Connect the PCs to these ports Both 10BaseT and 100BaseT connections can be used simultaneously Note Any port will automatically operate as an Uplink port if required Use a standard RJ 45 Ethernet cable to connect to any port to another hub or switch Reset Button VANESA Press the Reset button once for a warm E rah cien reboot To reset the XC DPG603 to default onnect the primary broadband Modem to settings press and hold the reset button fo
22. P Internet IP Address of the XC DPG603 The Port number is also required After the IP Address enter followed by the port number e g HTTP 123 123 123 123 8080 e This example assumes the WAN IP Address is 123 123 123 123 and the port number is 8080 e If using the Dynamic DNS feature you can connect using the domain name allocated to you e g HTTP my_domain_name dyndns org 8080 29 XC DIPG6G6O3 Twin WAN DNS 6 IP VPN Gateway Chapter Contents e Block URL e Access Filter e Session Limit e Firewall Exception Chapter 5 Security Management Overview O Block URL This feature blocks specific web sites by IP address URL or keywords O Access Filter Block all Internet access well known ports or block user define ports by groups O Session Limit Eliminate users Internet access and send email alert to the administrator if the device detects new sessions that exceeds the maximum sampling time O Firewall Exception 30 Block URL Block URL This feature allows you to block access to undesirable Web sites You can block by URL IP address or Keyword You can also have different blocking settings for different groups of PCs O Every URL is searched to see if it matches or contains any of the URL or keywords entered here After a DNS lookup determines the IP address of the requested site the site s IP address is checked against IP address entries on this screen O Note that a single IP addr
23. P address See the Host IP section earlier in this chapter for details on reserving an IP address Figure 10 Virtual Servers Q O n Desktop Accessing FTP ss ftp 200 150 100 50 e Private IP Pur 100 50 192 168 1 1 Web Server 192 168 1 3 192 168 1 2 Laptop Accessing Web Server FTP Server http 200 150 100 50 Note In this illustration both Internet users are connecting to the same IP Address but using different protocols 23 Custom Virtual Servers Custom Virtual Servers This screen allows you to define your own Server types This is for situations when the desired Server type is not listed on the Virtual Servers screen Settings Custom Virtual Servers Server List If creating a new entry ignore this list To edit an existing entry select it and then click the Select button The screen will update with data for the selected entry This data defines the Custom Virtual Server Server Name Enter a suitable name for this server e State Use this to Enable or Disable the server Server IP Enter the IP address of the PC on you LAN which is running the required Server software Each PC should have a fixed IP address or have a reserved IP address See the Host IP section earlier in this Chapter for details on reserving an IP address Each PC must be running the appropriate Server software Protocol Type Select the network protocol used by this sever type LAN Port Rang
24. Properties You should see a screen like the following lt Local Area Connection Properties General Authentication Advanced Connect using Eg D Link DFE 530T PC Fast Ethernet Adapter rew B This connection uses the following items El Client for Microsoft Networks File and Printer Sharing hor Microsoft Networks los Packet Scheduler Pm nternet Protocol TEP 1P Install Uninstall Description Transmission Control Protocol Internet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Figure G Network Configuration Windows XP 3 Select the TCP IP protocol for your network card 4 Click on the Properties button You should then see a screen like the following Internet Protocol IEP AP Properties General Alternate Configuration fou can get F settings assigned automatically if your network supports this capability Othenwise pou need to ask pour network administrator for the appropriate IP settings O Use the following IP address IP address Subnet mask Default gateway Obtain DNS server address automatically O Use the following ONS server addresses Preferred DNS server Po Alternate ONS server ARA Figure H TCPAP properties Windows XP 5 Ensure your TCP IP settings are correct Using DHCP To use DHCP select the radio button obtain an IP
25. Select the TCP IP protocol for your network card 3 Click on the Properties button You should then see a screen as showed in Figure B TCP IP Properties Bindings Advanced NetBIOS Gateway WINS Configuration An IF address can be automatically assigned to this comput your network does not automatically assign IP addresses a network administrator for an address and then type itinthe s C Specify an IF address Figure B IP Address Windows 95 Ensure your TCP IP settings are correct as follows Using DHCP To use DHCP select the radio button Obtain an IP Address automatically This is the default Windows settings Restart your PC to ensure it obtains an IP Address from the Link Balancer Using Specify an IP Address If your PC is already configured check with your network administrator before making the following changes O If the DNS Server fields are empty select Use the following DNS server addresses and enter the DNS address or addresses provided by your ISP then click OK O On the Gateway tab enter the IP address of the XC DPG603 in the New Gateway field and click Add as shown below Your LAN administrator can advise you of the IP Address they assigned to the XC DPG603 TCP IP Properties Fad Figure C Gat Tab Bindings Advanced NetBIOS DNS Configuration aleway la Gateway WINS Configuration IPAddress Windows 95 98 The first gateway in the Installed Gateway list will be the default
26. WAN IP Address IP address for the domain name on WAN 1 if different from the Primary Setup CNAME Record CNAME Record Canonical Name 1 amp 2 Canonical Name 1 The official name of the server used in CNAME records Canonical Name 2 Host URL List Host URL List Host URL List Host URL DNS Server Local IP Address Port Range List of domain names already configured Drop down and press select to modify www mydomain com DNS1 192 168 1 100 80 80 42 XC DPGGOS Chapter 9 Management Assistant SNMP Simple Network Management Protocol Twin WAN DNS O IP This section is to compliment any SNMP Simple Network Management Protocol software installed on your PC If VPN G ateway you have SNMP software you can use a standard MIB II file with the XC DPG603 Settings SNMP System Information Cha pter Contents Contact Person The name of the person responsible for this device e SNMP Device Name Enter a name for the XC DPG603 Email Alert Physical Location The location of the XC DPG603 e Syslog Trap Targets e Upgrade Firmware eld Email Alert Enter the IP address of any targets PCs running SNMP software to which you want traps to be sent All traps are The email alert feature will send an warning email to the system administrator and inform that one of the WAN ports was disconnected Enable This will enable email alert to send an warning email when WAN port was disconnected e Disable This will d
27. a web server When this field is blank the ISP gateway IP address is used Note This is not used for PPPoE connections MTU The Maximum Transmission Unit is used when determining the packet size to be used on the WAN interface Normally this does not need to be changed but if your ISP advises you to use a particular MTU enter it here WAN 1 ICMP CJHTTP 11478 Bytes WAN 2 ICMP OHTTP 1478 Bytes WAN 1 WAN 2 Enable 0 minutes 130 seconds 3 times Enable 0 minutes 30 seconds 3 times WAN 1 WAN 2 DO Enable Strict Binding Loose Binding Enable Load Balancing No IF Translation For Loose Binding or Load Balancing Mode 32 Entries Auto Dialup When set to Enable a connection will be established whenever outgoing WAN traffic is detected If not Enabled you must establish a connection manually Auto Disconnect This determines when an idle connection will be terminated Enter the required time period Echo Time This determines how often an Echo request is sent to the PPPoE server The Echo request is used to determine if the connection is still valid Normally there is no need to change the default value Echo Retry The number of time the Echo request will be sent if there is no response to the first request Normally there is no need to change the default value Clear Tables View Tables Bridge Mode When set to Enable this WAN port does not use NAT amp Load Bal
28. ance function when LAN WAN IP have the real IP addresses on the same network segment Traffic Management Strict Binding When a WAN port connection is disconnected the packets will not go to another WAN port Loose Binding When the WAN port connection is connected the packets will go another WAN port Load Balancing This will mix real and private IP s on the LAN side doing the load balancing Load Balance Figure 7 Load Balance Console Load Balance Configuration Enable Balance Type Based on Bytes rt Loading Share on WAN hioo f Configuring Load Balancing The Twin WAN line of products uses a session based Load Balancing algorithm by allowing you to manage sessions using several different options Bytes rx tx By monitoring real time speed of both WAN connections the XC DPG603 will establish new sessions on the WAN port with the lower speed Use this if there is a fairly even speed on both lines and would like to benefit the most from the speed NAT Statistics WAN 1 WAN 2 available Connection Status Disconnected Disconnected Default Loading Share 100 0 Packets rx tx Same as above but in this case the XC DPG603 monitors the packet flow and tries Current Loading Share 50 50 to maintain an even number of packets Use this if transmitting a lot of small packets Sessions 4 4 such as web browsing and Usenet This helps you maintain the best latency Current Loading Bytes 1 1 Packets 1 1 Sessions The XC DPG603 tr
29. atistics section 18 Advanced PPPoE Figure 8 Advanced PPPoE The screen is required in order to use multiple Select WAN Port 4 Session PPPOE sessions on the same WAN port It can also be used to manually connect or disconnect a PPPoE session ferify Password o IP Address 0 0 0 0 EX XXK_XKX XXK XKX Host Name Optional Action Connection Status WAN session IP Address Status Settings Advanced PPPoE Select the desired Port and Session then click the Select button The data for the selected Port Session will then be displayed in the WAN IP Account section User Name Enter the PPPoE user name assigned by your ISP e Password Enter the PPPoE password assigned by your ISP Verify Password Re enter the PPPoE password assigned by your ISP IP Address If you have a fixed IP address enter it here Otherwise this field should be left at 0 0 0 0 Host Name This field is used by a Host to uniquely associate an access concentrator to a particular Host request Use the Connect and Disconnect buttons to establish or terminate a connection on this session This displays the current connection status for each session Advanced PPTP Figure 9 Advanced PPTP Select WAN Port amp Session AN Port WAN 1 PPPoE Session Session 1 Y
30. cess a server on your LAN because O Your Server s IP address is only valid on your LAN not on the Internet O Attempts to connect to devices on your LAN are blocked by the firewall in the XC DPG603 The Virtual Server feature solves these problems and allows Internet users to connect to your servers as illustrated in Figure 10 Connecting to Virtual Servers Once configured anyone on the Internet can connect to your Virtual Servers They must use the XC DPG603 s Internet IP Address the IP Address provided by your ISP Example http 205 20 45 34 Ep 205 20 15 34 O To Internet users all virtual Servers on your LAN have the same IP Address This IP Address is allocated by your ISP O This address should be static rather than dynamic to make it easier for Internet users to connect to your Servers However you can use the Dynamic DNS feature explained later in this chapter to allow users to connect to your Virtual Servers using a URL instead of an IP Address e g HTTP my domain name dyndns org FTP my domain name dyndns org Settings Virtual Server Use this to Enable or Disable each Virtual server as required Select the desired Server type If the type of Server you wish to use is not listed use the Custom Virtual Server screen to define your own type Enter the IP address of the PC on your LAN which is running the required Server software Each PC should have a fixed IP address or have a reserved I
31. d The XC DPG603 keeps last 100 messages in the RAM These messages will clear when reboot or powered off Syslog Configuration Enable This allows the XC DPG603 to send system log messages to other PCs Enable When enabled the XC DPG603 will keep sent messages If not enabled sent messages will be deleted IP address Up to 3 syslog servers can be used Enable You can enable or disable each server temporarily Port If your syslog server does not use the default port you can change it e Log Priority Level The syslog messages are divided into 8 levels from Emergency to Debug level The lower the level the less messages will be generated Emergency is the lowest priority level and Debug is the highest one 44 Management Assistant Admin Password Screen The password screen allows you to assign a password to the XC DPG603 Admin Password Administrator Password User Name admin Password Verity Password Enter the desired password Re enter the password in the Verify Password field and then save it When you connect to the XC DPG603 with your Browser you will be prompted for the password when you connect as shown below Connect to 192 168 1 1 gt O Enter Admin for the User Name O Enter the password for the XC netstat htm DPG603 as set on the Admin User name Password screen above Password _ Remember my password Upgrade Firmware Using the TFTP U
32. dapter provided with the product using a different one may cause hardware damage 3 Start your PC or restart your PC if it is already running Once restarted the PC will then obtain an IP address from the XC DPG603 4 Start your WEB browser 5 In the Address or Location box enter HTTP 192 168 1 1 6 You will be prompted for the User Name and password as shown in Figure 1 7 Enter admin for the User Name and leave the Password blank e The User Name is always set to admin e You can and should set a password using the following Admin Password screen No Response Is your PC using a Fixed IP address If so you must configure your PC to use an IP address within the range 192 168 1 2 to 192 168 1 254 with a Network Mask of 255 255 255 0 See Appendix B Windows TCP IP Setup for details Be sure to check for the following the XC DPG603 is properly installed the Ethernet cable to the XC DPG603 is properly attached the XC DPG603 is powered ON 8 After the login you will then see the Admin Password screen as shown in Figure 2 Assign a password in both the Password and Verify Password fields and press the Submit button 9 From the setup menu select Basic Setup and then LAN amp DHCP from the submenu You will see a screen like the example in Figure 3 Figure 1 Password Dialog Connect to 192 168 1 1 netstat htm User name E Password _ Remember my password
33. dwidth load balance type and load share percentage Advanced Port gt Load Balance menu When a request comes in to your domain name the XC DPG603 looks at these factors to determine which WAN port should be used to access the server When the traffic load is higher on WAN 1 the XC DPG603 will reply with the IP address of WAN2 in which case the user will connect to WAN 2 allowing for the best latency and speed The XINCOM XC DPG603 is capable of handling up to 10 domain names in such manner giving you the ability to provide hosting services with automatic fail over and load balancing Check your Internet Service Provider service agreement before hosting any content on your connections Configure DNS You must have two WAN connections with static IP addresses in order to use the Load Balance and Fail over functionality provided by the XC DPG603 DNS to IP function Only one broadband connection is required for the Authoritative DNS function It is necessary to register your WAN1 WAN2 IP addresses with your Domain Name Provider for a static DNS NOTE Once you have configured the DNS configuration you may configure your connection validation and load balance options in the Advanced Port menu in Load Balancing and Port Options 38 How it works XC DPG602 amp 603 as an Authoritative DNS An example of the Inbound Load Balancing function for the XC DPG602 603 Gateways Requests www website1 com Requests www websit
34. e Enter the range of port number used for outgoing traffic from this Server If only a single port is required enter it in both fields WAN Port Range Enter the range of port number used for incoming traffic to this Server If only a single port is required enter it in both fields Interface Binding This selection allows the servers to be bound to WAN1 WAN2 or both ports together Add Create a new Special Application entry Delete Delete the selected entry Update Save any changes you have made to the current entry Cancel Cancel any changes you have made since the last save operation This table shows details of all defined Custom Virtual Servers 24 Special Applications Special Application If you use Internet applications which have non standard connections or port numbers you may find that they do not function correctly because they are blocked by the XC DPG603 firewall In this case you can define the application as a Special Application in order to make it work Note that the terms Incoming and Outgoing on this screen refer to traffic from the client PC viewpoint Settings Special Applications Select Special Application Name Select Name Item This lists any special applications which are currently defined Ignore this list if adding a new Special Application Enter your data in the Special Application Configuration section and click the Add button e To
35. e Classifying outgoing packets based on some policies defined by users provides real time applications to get better response or performance XC DPG6GOS Twin WAN DNS OG IP Settings QoS Setup VPN Gateway e Queuing Method The methods that how you manage your queue Priority queuing It is one of the first queuing variations to be wildly implemented Enable QoS This will allow users enable QoS function e Process TOS Field An 8 bit field in the IP packet header designed to contain values indicating how each packet should be handled in the network If you choose enable then it will enable this function to process the IP Type of Service field Cha pter Contents e Overwrite policy priority Choose yes to set the priority of the TOS field in IP packet e Overview overwrite the priority defined in policy configuration e QoS Setup e Policy Configuration Policy Configuration When you use QoS you must define some policies to make some packets to have higher priority to pass through Settings Policy Configuration This section identifies each policy Policy Name List Ignore this list when adding a new Policy To edit an existing entry select it from the list and click the Select button The data fields will then be updated with data for the selected entry Policy Name Enter a suitable name Generally you should use the Policy Name for the network traffic Source Address Define the sourc
36. e address of packets here It has two types like IP address or MAC address If you select IP address you can define IP address range Otherwise you may define up to four MAC addresses Destination Address Define the destination address of packets here The explanation is as the same as above Protocol Type The field defines traffic packet type i e IP TCP and UDP Source Port Define the source port of packets here Destination Port Define the destination port of packets here Priority Queue This defines a packet If it meets all conditions defined above it will be serviced with some priority level 33 XC DIPG6O0O3 Twin WAN DNS IP VPN Gateway Chapter Contents e Overview e PSec Global Setting e Policy Setup Note The XC DPG603 VPN Gateway uses the industry standard IPSec VPN protocol Due to variations in how manufactures interpret these standards many VPN products are not interoperable Although the XINCOM XC DPG603 VPN Gateway can interoperate with many other VPN products it is not possible for XINCOM to provide specific technical support for each and every other product Chapter 7 VPN Configuration Overview Virtual Private Network VPN uses encryption to connect computers over a public network such as the Internet Encrypted connections between computers are commonly referred to as a tunnel These secure tunnels permit sending private data from one computer to another without the risk of unauth
37. e group you wish to put this host into e Reserve in DHCP Select Enable to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while having an IP address which never changes e Reserved IP If the setting above is Enabled enter the IP address you wish to reserve Otherwise ignore this field Bind WAN port Session Select Enable if you wish to associate this PC with a particular PPPoE Session All traffic for that PC will then use the selected PPPoE port and session Binding Method Strict Binding no failover Loose Binding failover only Load Balancing load balancing amp failover Select WAN Port Select PPPoE session If the setting above is Enable select the desired Port and Session Otherwise ignore these settings Note Multiple PPPoE sessions are defined on the Advanced PPPoE screen e Add Use this to add a new entry to the database using the data shown on screen e Delete Click this to delete the selected entry Update Use this to update the selected entry after making the desired changes Reset Reverse any changes you have made since loading the data from the XC DPG603 This table shows the current bindings 22 Virtual Servers Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users Normally Internet users would not be able to ac
38. e2 com Requests www website3 com IP XXX XXX XXX 3 www website3 com IP XXX XXX XXX 2 www website2 com IP XXX XXX XXX 1 www website1 com DNS Request Information Request Authoritative Load Balancing Algorithm Domain Name Server Module Web or FTP Server Note This example uses WAN 1 as the initial recipient for the request of a domain name A web browser makes a request for a domain name This request is received by WAN 1 The domain name request is transferred and processed through the Authoritative DNS Module 3 The DNS Module then asks the WAN Port Monitoring Module to provide the IP address of the requested web server The WAN Port Monitoring Module service checks the current load on WAN 1 and WAN 2 The Load Balance Algorithm is applied to the request This holds the Gateway s user preferences and setting values including load share and load balance type The Load Balancing Algorithm determines that WAN 2 has the least amount of traffic sessions and therefore instructs the DNS Module to use WAN 2 7 Areply from the Gateway is then sent back through WAN 1 to the source of the DNS request 8 The web browser receives the Gateway s reply and is forwarded to the domain name s respective IP address The web browser will now retrieve the information that was requested The information request is then directed through WAN 2 10 The information
39. een is configured correctly you can use the application on your PC normally Remember that only one 1 PC can use each Special application at any time O Also when 1 PC is finished using a particular Special Application there may need to be a Time out period before another PC can use the same Special Application O If an application still cannot function correctly try using the DMZ feature if possible 25 DAAA lancom DINN Dynamic DNS Dynamic DNS is very useful when combined with the Virtual Server feature It allows Internet users to connect to your Virtual Servers using a URL rather than an IP Address This also solves the problem of having a dynamic IP address With a dynamic IP address your IP address may change whenever you connect to your ISP You must register for the Dynamic DNS service The XC DPG603 supports 2 types of service providers O Standard client available at http www dyndns org Other sites may offer the same service but can not be guaranteed to work O TZO at http www tzo com O 3322 is available in China at http www 3322 org To use the Dynamic DNS Feature 1 Register for the service from your preferred service provider Settings Dynamic DNS 2 Follow the service provider s procedure to have a Domain Name Use this to Enable Disable the Dynamic DNS feature and select the required service Host name allocated to you provider Disable Dynamic DNS is not used 3 Configure the app
40. ercepted There are three encryption method available DES 3DES and AES The default is null Authentication This specifies the packet authentication mechanism to use Packet authentication confirms the data s source There are three authentications available MD5 SHA1 and SHA2 36 Policy Setup VPN Policy Setup continued Key Key Type There are two key types manual key and auto key available for the key exchange management O Manual Key If manual key is selected no key negotiation is needed o Encryption Key This field specifies a key to encrypt and decrypt IP traffic O Authentication Key This field specifies a key use to authentication IP traffic a Inbound outbound SPI Security Parameter Index is carried on the ESP header Each tunnel must have a unique inbound and outbound SPI and no two tunnels share the same SPI Notice that Inbound SPI must match the other router s outbound SPI O AutoKey IKE There are two types of operation modes can be used OU Main mode accomplishes a phase one IKE exchange by establishing a secure channel o Aggressive Mode is another way of accomplishing a phase one exchange It is faster and simpler than main mode but does not provide identity protection for the negotiating nodes Perfect Forward If PFS is enable IKE phase 2 negotiation will generate a new key material Secrecy PFS for IP traffic encryption amp authentication Preshared Key This field is to authenticate the rem
41. es true redundancy to ensure a network remains connected to the Internet I Active connection from the ISP EF Inactive connection from the ISP All incoming and outgoing traffic from a LAN has an uninterrupted connection to the Internet when one of the two connections fail Built in VPN Endpoint Full VPN Endpoint with support for up to 50 VPN tunnels using the IPsec encryption protocol Authoritative DNS to IP Gateway The XC DPG603 is an authoritative DNS to IP gateway that resolves a domain name to its respective IP addresses This new capability allows for inbound failover and load balancing for servers located behind the gateway Using dual WAN ports simultaneously increases available bandwidth for both uploads and download requests You can set load balance type by Packets Bytes rx tx and Sessions Multiple Connection Methods All popular DSL and Cable Modems and connection methods are supported including Fixed IP Dynamic IP PPPoE even multiple session PPPoE 2 x 10 100 WAN Ports The XC DPG603 incorporates dual 10 100 WAN ports complete with auto crossover for easy connection to an existing network All popular DSL and Cable Modems and connection methods are supported including Fixed IP Dynamic IP PPPoE even multiple session PPPoE 4 Port 10 100 Switch The XC DPG603 incorporates a 4 port 10 100 N Way Ethernet Switch complete with auto crossover for easy connection to an existing network Automatic Fail over If
42. ess may host many Web sites Entering the IP address on this screen will block all Web sites hosted on that IP address Settings Block URL This allows you have different blocking rules for different Groups of PCs All PCs users are in the Default Group unless moved to another group on the Host IP screen If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen e If you wish to apply different restrictions on different Groups select the desired Group and click the Select button The screen will update with data for the selected Group Enable Disable Use this to Enable or Disable each setting as needed Block URL IP Keyword Enter the URL IP address or keyword you wish to block Access Filter The network Administrator can use the Access Filter to gain fine control over the Internet access and applications available to LAN users O Five 5 user groups are available and each group can have different access rights O All PCs users are in the Default group unless assigned to another group on the Host IP screen Settings Access Filter This allows you have different access rights for different Groups of PCs If you want the same restrictions to apply to everyone select Default for the Group In this case there is no need to enter any Hosts on the Host IP screen e If you wish to apply different restrictions o
43. f the configuration and use of each of these features 21 Host IP Host IP This feature is used in the following situations O When you have Multi Session PPPoE and wish to bind each session to a particular PC on your LAN O When you wish to use the Access Filter feature This requires that each PC be identified by using the Host IP Setup screen O When you wish to have different Block URL settings for different PCs This requires that each PC be identified by using the Host IP Setup screen You do not have to use the Host IP feature to apply the same Block URL settings to all PCs O When you wish to reserve a particular LAN IP address for a particular PC on your LAN This allows the PC to use DHCP Windows calls this Obtain an IP address automatically while gaining the benefits of a fixed IP address The PC s IP address will never change so it can be provided to other people and applications Settings Host IP Setup This section identifies each Host PC e Host List Ignore this list when adding a new Host To edit an existing entry select it from the list and click the Select button The data fields will then be updated with data for the selected entry Host name Enter a suitable name Generally you should use the Host name computer name defined on the Host itself e MAC Address Also called Physical Address or Network Adapter Address Enter the MAC address of this host Select Group Select th
44. hat you are using the XC DPG603 location 14 Configure PCs on your LAN For Apple Clients 1 Open the TCP IP Control Panel 2 Select Ethernet from the Connect via pop up menu 3 Select Using DHCP Server from the Configure pop up menu The DHCP Client ID field can be left blank 4 Close the TCP IP panel saving your settings Note If using manually assigned IP addresses instead of DHCP the required changes are Set the Router Address field to the XC DPG02 s IP Address Ensure your DNS settings are correct For Linux Clients To access the Internet via the XC DPG603 it is only necessary to set the XC DPG603 as the Gateway and ensure your Name Server settings are correct Make sure you are logged in as root before attempting any changes Fixed IP Address By default most Unix installations use a fixed IP Address If you wish to continue using a fixed IP Address make the following changes to your configuration Set your Default Gateway to the IP Address of the XC DPG603 Ensure your DNS Name server settings are correct To act as a DHCP Client recommended The procedure below may vary according to your version of Linux and X windows shell 1 Start your X Windows client 2 Select Control Panel Network 3 Select the Interface entry for your Network card Normally this will be called ethd 4 Click the Edit button set the protocol to DHCP and save this data 9 To appl
45. he Internet If not enabled access is only available to PCs on the LAN e Port The port number used when connecting remotely See below for details Allowed IP range Remote access is only available to the IP addresses entered here Leaving these fields blank will allow access by all PCs These addresses must be Internet IP addresses and not addresses on the local LAN To specify a single address enter it in both fields These settings determine whether or not the XC DPG603 should respond to ICMP ping requests received from the WAN port e Block Selected packet types This acts as master switch If checked the selected packet types are blocked Otherwise they are accepted e Echo Request Timestamp Request Select the packet types you wish to block using the checkboxes RIP v2 This acts as master switch If enabled the selected WAN or LAN will run RIPv1 v2 e LAN WAN1 WAN2 When enabled any WAN or LAN can execute RIP function Some servers on a LAN and their domain names have already registered on public DNS To avoid DNS loopback problem enter the following fields e Domain Name Enter the domain name specified by you for local host server Private IP Enter the private IP address of your local host server SMTP Simple Mail Transport Protocol Binding This applies only when using E mail accounts from different ISPs on each port Some ISPs configure their E mail Servers so they will not accept E
46. he configuration after which the Gateway will reboot Example of how to configure to upload previously saved configuration fe TFTP V1 00 Local File config ie bin Browse Server IP 152 168 1 1 Download Upload Set to Defaut Help Cancel Statu HTTP Upgrade Firmware The Upgrade Firmware Screen within the XC DPG603 s setup console allows you to upgrade firmware or backup system configuration by using HTTP upgrade O You can backup your system configuration by press save button of Save System Configuration It will save the system configuration for you Notice You have to refresh the browser after you saved the system configuration file O You also can do firmware upgrade by input the correct password and the file name of your firmware Remember do not Reset or Restart the device while update new firmware because it may cause system to crash 46 XC DIPG6G6O3 Twin WAN DNS IP VPN Gateway Chapter Contents e System Status e Restore Factory Defaults e WAN Status e LAN Status Chapter 10 Operation amp Status Operation amp Status Overview Once both the XC DPG603 and the PCs are configured operation is automatic However there are some situations where additional Internet configuration may be required Refer to Chapter 4 Advanced Features for further details System Status Connection Status Current status either Connected or Not connected Connection Type The
47. he specified WAN Port MX Record MA Record Mail Exchange 1 Mail Exchange 2 ee i a o Location 1 o Private Public Location 2 Private Public IP Address 1 0000 IP Address 2 0 0 0 0 si Mail Exchange This sets the mail route for the domain name Preference 1 amp 2 This sets the route preference The lower number will have the higher priority Location This sets the location for either the public or private IP IP Address The user can set the IP address of the public or private mail server 41 Map Host URL Select Map Host URL from the main menu Enter all the information for your domains Submit the changes A Record O RE wra mydomain com DNS Server List DNS1 y ae a ann domains that are already configured net IID ee erver Lis Ss cn tele List of DNS servers Click select to view a different Host URL list Select DNS Server DNS1 y Host URL Private IP Address 192 168 1 100 OX XXX XXX XXX XXX Input your registered domain name in this field Port Range 80 80 Select DNS Server Public WAN1 IP Address 0000 only for multiple static IPs edi nan select which DNS server you want the entry to belong Public WAN2 IP Address da only for multiple static IPS Home IP Address of the server binded to the domain name Port Range Port range used by the server of the selected domain name Public WAN IP Address IP address for the domain name on WAN 1 if different from the Primary Setup Public
48. ies to maintain an even number of sessions on each WAN port by Current Bandwidth 9 Wload Speed OBytes s OBytes s Established looking at the current amount of sessions currently established This is a very general Upload Speed OBytes s OBytes s setting only to be used if you have similar types of connections Cable and Cable DSL and DSL to promote good Internet traffic Interface Statistics Interface Usage 0 0 Bytes received OKB OKB Over All Bytes transmitted OKB OKB Total OKB OKB Settings Load Balance Enable Use this to enable your Load Balance settings Balance Type Select the desired Balance Type Bytes rx tx Traffic is measured by Bytes Packets rx tx Traffic is measured by Packets Sessions established Traffic is measured by Sessions Loading Share on WAN 1 Enter the percentage of traffic to be sent over WAN 1 The WAN port with the greater bandwidth should be given a higher percentage of traffic over the other WAN port Click the Update button to save your changes This section displays the current data about WAN 1 and WAN 2 You can use this information to help you fine tune the settings above This section displays cumulative statistics Use the Restart Counters button to restart these counters when required Update Save the settings on this screen Refresh Update the data on screen Restart Counters Restart the counters used in the Interface St
49. is section displays data for each WAN port Connection status This will display either Connected or Not Connected Default Loading Share The default traffic loading between the WAN ports Current Loading Share The current traffic loading between the WAN ports Current Loading The number of sessions Bytes and Packets currently being processed on each port Current Bandwidth The current Download and Upload speeds on each WAN port Check NAT Detail will display the NAT Status screen described below This section displays cumulative statistics Use the Restart Counter button to restart these counters when required NAT Status IP Address The LAN IP Address of the XC DPG603 Mask Address The Network Mask Subnet Mask for the IP Address above There is one 1 row for each active connection For each connection the following data is shown IP Address The WAN Internet IP Address of the XC DPG603 Mask Address The Network Mask Subnet Mask for the IP Address above This displays the current timeout values for TCP and UDP connections This displays the MSS Maximum Segment Size and Maximum Windows size for TCP packets This section displays statistics for both outgoing LAN to Internet and Incoming Internet to Local traffic This displays the current number of active connections For further details click the View Connection list button Statistics are di
50. isable email alert not to send an warning email when WAN port was disconnected Email Sender Address An email address that sends a warning email to a recipient The warning email will inform the recipient if there is any problem on either or both WAN ports Email SMTP Server Address This sets the email server to where the warning email will be sent to For example mail domain com Email SMTP server user name This authenticates the user name of email sender optional Email SMTP server password This is the user password Management Assistant Email Alert continued This field sets the email sever s address for the warning email will be sent to Email Alert must be enabled For example mall domain com This field sets the email address for the warning email will be sent to This is usually the system administrator email address For example admin mail domain com This feature is useful to prevent ICMP attacks from WAN or LAN It will drop the packets if the ping times are exceeding the threshold value A notification email will be sent to the administrator Syslog This feature can send real time system information on a web page or to a specified PC Syslog Configuration syslog Configuration allow you where to send system information to another machine or not There are up to three machines you can choose to send your system log to Message Status Messages send only keep when keep send message checke
51. ists the XC DPG603 can be setup to be configured remotely via the Internet Password Protected Configuration Optional password protection is provided to prevent unauthorized users from modifying the XC DPG603 s configuration data and settings HTTP Firmware Upgrade and backup The web management feature allows you to use HTTP to upgrade new firmware and backup system configuration from local or remote locations Email Alert The XC DPG603 will send an alert via email to the system administrator in the event a single or both WAN connections go down Syslog Generates real time system information on the web page or sends to a particular computer This is used for monitoring and diagnosis purposes DNS Configuration This sets the inbound load balancing features for the XC DPG603 Users have to construct a DNS server in order to enable the inbound load balancing cababilities Map Host URL In addition to the DNS configuration Map Host URL allows for users to select a URL to map to the IP address of a local host QoS Configuration You will be able to schedual and direct your network traffic to take advantage of your available bandwidth This function allows for specified packets with higher priority to pass through such as Internet phone video conference and other real time applications UPnP UPnP dynamically opens and close ports required by certain software automatically Physical Details Front Panel S TWIN WAN DNS OIP VPN
52. l Type You can choose either TCP UDP ICMP GRE protocol as your connection protocol By default the protocol type is Any Encryption Method NULL y Authentication Method NULL Key Type Manual Key y Encryption Key Char Authentication Key Char Inbound SPI pxo Dec Hex 0x Outbound SPI 0x0 Dec Hex 0x TI NetBIOS Broadcast Enable Check ESP Pad C Enable Keep Alive Enable Allow Full ECN r Enable Anti Replay C Enable Copy DF Flag C Enable Passive Mode Enable Set DF Flag r Enable Action Delete Update Reset Security Association List State Name Security Gateway Remote Site Security Policy Key Type WAN Status Previous Page Next Page Refresh Local Security Network These entries identify the private network on the VPN gateway and the hosts of which can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN LAN to LAN connection Remote Security Network These entries identify the private network on the remote peer VPN router whose hosts can use the LAN to LAN connection You can choose a single IP address the subnet or a selected IP range to make VPN connection Remote Security Gateway You can either select remote side domain name or remote side IP address WAN IP address as your remote side security gateway Encryption Method It specifies the encryption mechanism to use Data encryption makes the data unreadable if int
53. le as Example config file bin 4 Press the Upload button and the file will be saved to the same directory as the TFTP utility 45 Management Assistant Example of how to configure to save file TFTP 1 00 Local File config ie bin Browse Server IP 192 168 1 1 Dowload Upload Set to Defaut Help Cancel Statu Uploading the Firmware Using the TFTP utility you are able to update the firmware on the XC DPG603 this is useful when you also need to recover the Gateway from a crash To upload the firmware to the Gateway 1 Open the TFTP utility by double clicking on it 2 Enter the Gateways IP address Default is 192 168 1 1 3 Click the Browse button and select the firmware file 4 Click the Download button It could take up to 1 to 3 minutes to upload the firmware after which the Gateway will reboot Example of how to configure to upload firmware fic TFTP V1 00 Local File jen bin Browse Server IP 152 168 1 1 Download Upload Set bo Defaut Help Cancel Statu Restoring Saved Configuration Once you have updated your firmware you are able to upload previously saved configuration To upload previously saved configuration 1 Open the TFTP utility by double clicking on it 2 Enter the Gateways IP address Default is 192 168 1 1 3 Click the Browse button and select the configuration file 4 Click the Download button It could take up to 1 to 3 minutes to upload t
54. ly assigned You can only select assign one 1 Private LAN IP address to each port If using multi session PPPoE select the desired PPPoE session These sessions are defined on the Advanced PPPoE screen You can assign one 1 Private LAN IP address to each PPPoE session Enter the IP address of the PC you wish to associate with this WAN port IP address This IP address should be fixed or reserved See the Host IP section for details on reserving an IP address You can decide the users to have the authority of using DMZ by defining the groups For DMZ you can allow inbound outbound only or both inbound and outbound Settings Multi DMZ UPnP The UPnP Universal Plug amp Play function can easily setup and configure an entire network enable discovery and control network devices and services When UPnP is enabled an ADV520 icon will show up on network neighborhood Microsoft Windows OS Every time you add a new network device with port mapping the new network device will appear on the mapping list 27 Advanced Features Advanced Features O NAT NAT Network Address Translation is the technology which allows a number of LAN PCs to share one 1 Internet IP address O Remote Access Configuration This feature allows you to manage the XC DPG603 via the Internet You can restrict access to a specified IP address or address range O External Filters Configuration These settings determine whether o
55. mail from IP addresses not allocated by themselves If you are using accounts from different ISPs sending E mail over the wrong port may result in non acceptance of the mail In this case you can use these settings to correct the problem Enable When enabled the port you specify below will be used for all outgoing SMTP traffic If not enabled either port will be used e WAN 1 WAN 2 Select the desired port Use these settings if you wish to ensure user defined traffic to be sent by a specific WAN port This allows that user defined traffic to be handled by a designated ISP account Enable Enable or disable each item as required e Source IP IP address of source which packets are sent from e Destination IP IP address of destination which packets are sent to e Subnet Mask With subnet mask other than 255 255 255 255 you can make a IP sub network as your destination e Protocol Select the protocol used by the traffic you wish to configure e Port Range Enter the beginning and end of the port range used by the traffic you wish to configure If only a single port is used enter the port number in both fields e WAN Select the port you wish this traffic to use Advanced Features continued Using Remote Web based Setup To connect to the XC DPG603 from a remote PC via the Internet 1 Ensure that both your PC and the XC DPG603 are connected to the Internet 2 Start your Web Browser 3 In the Address bar enter HTT
56. n different Groups select the desired Group and click the Select button The screen will update with data for the selected Group Select the desired option for this Group No filtering Nothing is blocked Internet access is not restricted Block All Access Everything is blocked Internet access is not available e Block selected items Items selected on this screen are blocked You can block well known services by using the check boxes or define your own filters Select the services you wish to block The current group will not be able to use any services which are checked This section is optional It allows you to define your own filters if required For each filter the following information is required e Name Enter a name for this filter e TPC UDP Packets Select either TCP or UDP depending on which protocol is used by the service you wish to block Port No Range Enter the range of port numbers used by the service you wish to block If only a single port is required enter it in both fields Session Limit amp Firewall Exception Session Limit This new feature allows to drop the new sessions from both WAN and LAN side If the new sessions number are exceed the maximum sessions in a sampling time Settings Session Limit The period to count the new session Only those new sessions occurred in the most recently sampling time were be count for limit checking Default is 400 mil sec If the number
57. om Serial Number 1 Refresh Interval 36000 sec Retry Interval 600 ee Expiration Limit 86400 sec Minimum TTL 180 sec Domain Name Sets your registered domain name Primary Name Server This sets the primary name server for your domain Example NS1 yourdomain com Admin Mail Box This field sets the administrator s mail box for the DNS Serial Number This setting is used by the secondary name server The serial number determines if a zone transfer is required from the primary name server Refresh Interval The user can set the amount of time for the serial number to check the primary name server Retry Interval In the event of a Refresh Interval failure this field sets the amount of time for the name server to reinitiate the Refresh Interval Expiration Limit The user can define an expiration limit for the name server to stop serving its associated zone in the event of recurring failed refresh intervals Minimum TTL This field sets the time in seconds before the cached record is purged 40 Domain Name Configuration NS Record i NS Record Pri Name Server Ins1 mydomain1 com Sec Name Server Ins2 mydomain2 com Public WAN1 IP Address 0 0 0 0 Public WAN2 IP Address 0 0 0 0 Primary Secondary Name Server This holds the settings for the domain This setting is usually obtained locally rather than a remote source Public WAN 1 amp 2 IP Address This sets the public IP address for the domain name on t
58. orized access from outside intruders Combined with low cost and straight forward configuration the XC DPG603 makes VPN a perfect alternative to private communication lines XiNCOM XC DPG603 is a VPN capable Dual WAN Gateway with industry standard IPsec encryption It provides extremely secure LAN to LAN connectivity over the Internet with the use of two concurrent VPN tunnels that will load balance traffic requests while providing full redundancy with auto failover The XC DPG603 supports VPN by encryption encapsulation and authentication using the following methods DES 3DES AES MD5 SHA 1 and SHA 2 up to 50 IPsec tunnels are permitted The VPN configuration menu allows you to configure the behavior of the XINCOM XC DPG603 Before creating a configuration please review your requirement for VPN e Is this going to be a Client to Gateway VPN or a Gateway to Gateway VPN e What type of authentication would you be using DES 3DES or AES e How many computers do you want to have access to the VPN How it works E VPN Sessions fj LAN Connection XC DPG603 XC DPG603 Solid security load balancing and redundancy when connecting two concurrent VPN tunnels 34 IPSec Global Settings IPSec Global Setting IPSec Global Setting Q WAN1 WAN2 Enable Enable F F ae ISAKmp Port po po Enabling either WAN 1 WAN 2 or both will start the VPN global setting PRESSE RETO ETE ISAkmp Port Phase 1 Encryption Method DES y D
59. ote IKE peer Key Lifetime This specifies the lifetime of the IKE generated Key If the time expires or data is passed over this volume a new key will be renegotiated By default 0 is set for no limit NetBIOS Broadcast This is used to forward NetBIOS broadcast across the Internet aa Alive This is to help maintain the IPSec connection tunnel It can be re a pa immediately if a connection is dropped Anti Replay The Anti Replay mechanism works by keeping track of the sequence numbers in packets as they arrive When enabled your PC establishes the data connection Check ESP Pad When checked this will enable ESP Encapsulating Security Payload padding Allow Full ECN Enable will allow full Explicit Congestion Notification ECN ECN is a standard proposed by the IETF that will minimize congestion on network and the gateway dropping packets Copy DF Flag When an IP packet is encapsulated as payload inside another IP packet some of the outer header fields can be newly written and others are determined by the inner header Among these fields is the IP DF Do not fragment flag When the inner packet DF flag is clear the outer packet may copy it or set it However when the inner DF flag is set the outer header MUST copy it Set DF Flag If the DF Do not Fragment flag is set it means the fragmentation of this packet at ra IP level is not permitted 37 XC DPGS6O0O3 Twin WAN DNS IP VPN Gateway Chapter Contents e O
60. r WAN 1 and the second Broadband Modem 30 seconds on WAN 2 Default Settings When the XC DPG603 has finished booting all configuration settings will be set to the factory defaults including The IP Address is set to its default value of 192 168 1 1 with a Network Mask of 255 255 255 0 e DHCP Server is enabled e User Name admin e Password cleared no password XC DIPG6G6O3 Twin WAN DNS ON IP VPN Gateway Chapter Contents e Overview e Procedure 1 Configuring your LAN 2 Connecting Broadband Modems 3 Configuring for Internet Access 4 Configuring your LAN PCs Chapter 2 Basic Setup Overview Basic setup of your XC DPG603 wil involve the following steps 1 Connect the XC DPG603 to one 1 PC and configure it to your existing LAN 2 Connecting one or two Broadband Modems to your XC DPG603 3 Configuring the XC DPG603 for Interent Access 4 Configuring all PCs on your LAN to use the XC DPG603 Requirements One or two Broadband modems T1 xDSL Cable and Satillite with an active account from your ISP s Two standard 10 100BaseT network UTP cables with RJ 45 connectors TCP IP network protocol must be installed on all PCs CAT5 Ethernet Cables Broadband Modems TCP IP Enabled PCs Configuring the XC DPG603 for your LAN Procedure 1 Use a standard LAN cable to connect your PC to any LAN port on the XC DPG603 2 Connect the power adapter and power up the XC DPG603 Only use the power a
61. r not the XC DPG603 should respond to ICMP ping requests received from the WAN port O Interface Binding Use these to ensure that certain traffic is sent by a particular WAN port and thereby a particular ISP account These settings are only useful if using both WAN ports O Protocol 8 Port Binding This allows you binding WAN 1 or WAN 2 ports by selecting TCP UDP protocol Settings Advanced Features NAT Routing NAT Network Address Translation is the technology which allows one 1 WAN Internet IP address to be used by many LAN users If you disable NAT Internet access is only possible if all PCs are configured with valid Internet IP addresses The XC DPG603 needs 2 addresses 1 for the LAN port and 1 for the WAN port NAT is disabled only when you wish to use the XC DPG603 as a Static Router e TCP Timeout Enter the desired value to use on both WAN ports The default is 300 e UDP Timeout Enter the desired value to use on both WAN ports The default is 120 TCP Window Limit Enter the desired value to use on both WAN ports The default is 0 no limit e TCP MSS Limit Enter the required MSS Maximum Segment Size to use on both WAN ports The default is 0 no limit e Disable Port Translation Enter the desired port range of all packets which are not translated via WAN port e Remote Upgrade If enabled you can ul e Remote Web based setup If enabled access to the Web based interface is available via t
62. red by certain software automatically Increased bandwidth and redundant connectivity to the Internet provides cost effective bandwidth solutions to expensive leased telecommunication lines for your network infrastructure O Package Contents The following items should be included e XC DPG603 Twin WAN DNS to IP VPN Gateway e Power Adapter 5V e Quick Installation Guide e CD ROM containing the on line manual Two CAT RJ 45 Ethernet Cables e Rack Mounts for a standard 19 server rack Features Figure 1 How it works A client computer makes a request to access www yourdomain com 2 The request goes to the ISP s DNS server and the DNS server replies with the IP address of the DNS responsible for that domain 3 The request is then processed by the Authoritative DNS of that domain and provides the IP address of the 13 specified server 4 The client can then access the web server Figure 2 Load Balancin Load Balance two concurrent broadband connections in any combination to expand a network s bandwidth to the Internet The XC DPG603 supports T1 xDSL Cable and Satillite broadband connections E Active connection from the ISP The XC DPG603 load balances both inbound and outbound traffic requests Figure 3 Automatic Fail over In the event of one connection going down all traffic is re routed to the second WAN port utilizing the live broadband connection from the second ISP This provid
63. requested from the web browser is now accessed on the web or FTP server loaced behind the Gateway 39 Domain Name Configuration Configuring your Domain Name services Register your Domain Name with an Internet Name Registrar Log into your Domain Name management console and locate the domain name settings for NS1 and NS2 some Registrar services use up to NS3 and NS4 Input the IP address from your XC DPG603 WAN 1 and WAN 2 to your domain name s NS1 and NS2 settings Input IP settings from WAN 1 Input IP settings from WAN 2 It will take up to two or more days for your domain name records to propagate to all the servers on the Internet Note Please consult your Internet Name Registrar for any specific information regarding your domain name management DNS Server Configuration Prior to configuring the Authoritative DNS on the XINCOM XC DPG603 it is recommended that you configure all of the WAN lines that will be used 1 Click DNS Configuration from the XINCOM XC DPG603 main menu select Configure DNS 2 In the Configure DNS section enter you domain name server host configuration Submit the changes Setup DNS Server This option lets you select which DNS server you want the entry to belong to Setup DNS Server DNS Server List vst x SOA Record SOA Record www mydomain com Domain Name Primary Name Server Ins1 mydomain1 com Admin Mail Box admingimydomain c
64. ropriate settings in the Dynamic DNS screen e TZO Select this to use the TZO service www tzo com You must configure the 4 The XC DPG603 will then automatically update your IP Address TZO section of this screen recorded bv the Dynamic DNS service provider Standard Client Select this to use the standard service from www dyndns org or y y p other provider You must configure the Standard Client section of this screen 5 From the Internet users will now be able to connect to your Virtual 3322 in China This is available in China It is similar to Standard client Servers or DMZ PC using your Domain name Select the WAN port on which the Dynamic DNS is used e The Force Update button will update your record on the Dynamic DNS Server immediately If you have registered for this service complete these fields e Key Enter your Key as recorded on the TZO Web site E mail Enter your E mail address as recorded on the TZO Web site e Domain Enter the domain name allocated to you by TZO If you have registered for this service complete these fields e User Name Enter the user name given by the service provider e Password Enter the password given by the service provider Verity Password Re enter the password above e Server Enter the name or IP address of the service provider s server e Host Name Enter the domain name allocated to you by the service provider These options are a
65. splayed for Checksum errors number of retries and number of bad packets This displays the total IP packets and reserved address 48 Chapter 11 Advanced LAN Configuration XC DIPG6G6OS3 Twin WAN DNS 6 IP VPN Gateway Chapter Contents Overview i Overview These settings are provided to deal with non standard situations or to provide additional options for advanced Existing DHCP Server users e Static Routing Existing DHCP Server If your LAN already has a DHCP Server and you wish to continue using it the following configuration is required O The DHCP Server function in the XC DPG603 must be disabled This setting is on the LAN amp DHCP screen O Your DHCP Server must be configured to provide the XC DPG603 s LAN IP address as the Default Gateway O Your DHCP Server must provide correct DNS addresses to the PCs 49 Advanced LAN Configuration Static Routing This section is only relevant if your LAN has other Routers or Gateways O If you do not have other Routers or Gateways on your LAN skip the Static Routing page O If your LAN has other Gateways and Routers you must configure the Static Routing screen as described below You also need to configure the other Routers Static Routing Static Routing Entry Entry Index Network Address Add Delete Upda Reset Destination IF Subnet Mask Gateway Interface Metric Type 192 168 9 1 aa la 192 168 9 1 WANI 15 System pee alte mee pan ee iat aes 192 168 1
66. st complete the PPPoE dialup fields Note If using the PPTP connection method select Static IP or Dynamic IP to correspond to the IP address method used by your ISP This is for Static IP users only Enter the address information provided by your ISP If your ISP provided multiple IP address you can use the Multi DMZ screen to assign the additional IP addresses This is for PPPoE and PPTP users only Enter the Username and Password provided by your ISP If using PPTP enable the PPTP Connection checkbox and enter the IP address of the PPTP server Host name Optional For PPPoE This field is used by a Host to uniquely associate an access concentrator to a particular Host request Note There are additional PPPoE PPTP options on the Port Options screen To use multiple PPPoE sessions on either port configure the Advanced PPPoE screen If using a Fixed IP address you MUST enter at least 1 DNS address If using Dynamic IP or PPPoE the DNS information is optional Host name This is required by some ISPs If your ISP provided a Host Name enter it here Otherwise you can use the default value e Domain name This is required by some ISPs If your ISP provided a Domain Name enter it here Otherwise you can use the default value e MAC address Some ISP s record your MAC address also called Physical address or Network Adapter address Setup of the XC DPG603 is now complete PCs on your LAN must now be configured
67. tility Recommended The XC DPG603 Twin WAN Gateway supports the Trivial File Transfer Protocol TFTP This is mainly used to upload the firmware to the device lt can also be used to save and upload the configuration and reset the Gateway to defaults This guide will show you how to perform all those actions along with the proper procedure for upgrading your XC DPG603 to the latest firmware release Updating the Firmware To update the firmware on your XC DPG603 you must first download the firmware from the XINCOM Support web page http www xincom com support You will need an unzipping utility such as WinZip www winzip com or WinRAR www rarlab com to extract the contents of the file Included will be a README file usually README txt TFTP tftp exe utility and the firmware file name bin Backup your configuration When you update the firmware on the XC DPG603 the default configuration overwrites any settings that you previously entered into the Gateway You will need to save the configuration of the file to the Gateway There are two ways to do this the TFTP utility and the HTTP user interface This section covers only the TFTP utility you can learn how to update using the HTTP utility in the Admin Control section To save the XC DPG603 Configuration to a file 1 Open the TFTP utility by double clicking on it 2 Enter the Gateways IP address Default is 192 168 1 1 3 Enter a file name that you would like to save the fi
68. type of connection used DHCP Fixed IP PPPoE or PPTP Force Renew button Only available when using a dynamic IP address DHCP Clicking this button will perform a DHCP Renew transaction with the ISP s DHCP server This will extend the period for which the current WAN IP address is allocated to you IP Address The IP address of the XC DPG603 when seen from the Internet This IP Address is allocated by the ISP Internet Service Provider Subnet Mask The Network Mask Subnet Mask for the IP Address above Domain Name IP Address The address of the current DNS Domain Name Server MAC Address The MAC physical address of the XC DPG603 when seen from the Internet IP Address The LAN IP Address of the XC DPG603 Subnet Mask The Network Mask Subnet Mask for the IP Address above MAC Address The MAC physical address of the XC DPG603 when seen from the local LAN DHCP Server The status of the DHCP Server function either Enabled or Disabled Firmware Version Version of the Firmware currently installed NAT Status of the NAT feature either Enable or Disable Load Balance Status of the Load Balance feature either Enable or Disable Virtual Server Status of the Virtual Server feature either Enabled or Disabled Special Applications Status of the Special Applications feature either Enabled or Disabled DMZ Status of the
69. ult and recommended value is Enable Windows systems by default act as DHCP clients This setting is called Obtain an IP address automatically DHCP Server Setup If you are already using a DHCP Server the DHCP Server setting must be Disabled and the existing DHCP server must be set to provide the IP address of the XC DPG603 as the Default Gateway Client Lease Time A set duration before client s IP address is released and renewed again after Client Default DNS The default DNS which are used by clients These settings can be altered Offered Range fields set the values used by the DHCP server when allocating IP Addresses to DHCP clients This range also determines the number of DHCP clients supported Free Entries indicates how many DHCP entries are not currently allocated and are still available Enable this ONLY if the LAN port has an IP address in the same address range as the WAN port s This means that all PCs using this Gateway must have valid fixed external Internet IP addresses If enabled enter the IP address range used on your LAN This table shows the IP addresses which have been allocated by the DHCP Server function For each address which has been allocated the following information is shown Name The hostname of the PC In some cases this may not be known MAC Address The physical address network adapter address of the PC IP Address The IP address allocated to the PC Type Indicates IP
70. up o Enable Disable O Backup Comecton Type Static IPF e Batic P 1 Configure WAN 1 and or WAN 2 as required ne ee 2 For any of the following situations refer to Chapter 3 Advanced Port Setup ae for any further configuration which may be required such as PPTP Connection Enable CJ Enable Using both ports PPIP Server IF Address User Mare e Multiple IP addresses on either port Password Host Name Optional lor PPPoE e Multiple PPPoE sessions e PPTP connection method DNS 1 DNS 2 DONS 3 Host Name Domain Name Settings Primary Setup MAC Address 00 09 A3 00 28 EE Select the appropriate setting Enable Select this if you have connected a broadband modem to this port Disable Select this if there is no broadband modem connected to this port Backup Select Enable for the primary port and Backup for the secondary port The Backup port will only be used if the primary port fails Check the requirements supplied by your ISP and select the appropriate option Static IP Select this if your ISP has provided a Fixed or Static IP address Then enter the data into the Address Info fields Dynamic IP Select this if your ISP provides an IP address automatically when you connect You can ignore the Address Info fields PPPoE Select this if your ISP uses this method PPPoE software that is usually provided by your ISP is not required to be used when selecting this method lf this method is selected you mu
71. vailable if using the standard client Enable Wildcard If selected traffic sent to sub domains of your Domain name will also be forwarded to you Enable backup MX If enabled you must enter the Mail Exchanger address below e Mail Exchanger If the setting above is enabled enter the address of the backup Mail Exchanger 26 Multi DMZ UPnP Dynamic DNS This feature allows each WAN port IP address to be associated with one 1 computer on your LAN All outgoing traffic from that PC will be associated with that WAN port IP address Any traffic sent to that IP address will be forwarded to the specified PC This allows unrestricted 2 way communication between the DMZ PC and other Internet users or Servers Note The DMZ PC is effectively outside the Firewall making it more vulnerable to attacks Enable the DMZ feature when required Use this to enable or disable the DMZ setting when required Enter a name to assist you to remember this setting This name has no effect on the operation Enter the WAN port Internet IP address you wish to associate to a PC This IP address must have been allocated to you by your ISP Enter the IP address of the PC you wish to associate with this WAN port IP address This IP address should be fixed or reserved See the Host IP section for details on reserving an IP address select the desired WAN port e Select DHCP if the IP address on this WAN port is dynamical
72. verview e Domain Name Configuration e DNS Server Configuration e Map Host URL Chapter 8 DNS Configuration Overview A domain name is a unique name that identifies a server on the Internet A domain name typically consists of two or more parts usually separated by dots In the example of www xincom com the given root name of xincom denotes the second level domain Second level domain names are registered by a consumer business through a Top Level Domain TLD registry such as Internic com The suffix behind the root name com in this example is a Top Level Domain in the Domain Name System This denotes the highest level of the hierarchy after the root name of xincom Both the second and top level domains create the unique domain name xincom com Every Web FTP or Email server requires an Authoritative Domain Name Server to route the domain name to the respective IP address or multiple IP addresses Using the XC DPG603 as an authoritative DNS gives the network administrator the ability to easily create and manage extra domain names This provides a web site with expanded bandwidth and redundancy via auto failover in case a single Internet connection fails The DNS Configuration is a major part of the XC DPG603 By acting as an authoritative name server it is able to serve the incoming requests on UDP port 53 DNS port and provide the IP address of the web server The XC DPG603 manipulates the last step based on a few factors such as current ban
73. ximum time is 30 sec Select a VPN log level that you like to display on VPN log Will you be using the Internet Key Exchange IKE setup or Manual Keying For either method you must specify each phase of the connection Atleast one side must have a fixed IP address The other side with a dynamic IP address must always be the initiator of the connection O What encryption level will you use DES 3DES hardware encryption AES software encryption 35 Policy Setup Policy Setup 2 VPN Policy Setup VPN Tunnel List Dame VPN Tunnel List unne lr Enable WAN Port any El It shows the tunnels that you have entered The router can setup up to 50 tunnels PPPoE Session Session 1 y Tunnel Name Traffic Selector This distinguishes different tunnels by name Service Protocol Type Any y Local Type Subnet gt Tunnel Local Security Network IP Address ooo Mask Address 0 00 The tunnel can only be connected when the Enable check box is selected Port Range lo Remote Type Subnet z WAN port Address pia Mask Address bono You can choose WAN1 WAN2 or Any to make the VPN connection Port Range lo Remote Security Gateway Edi in oe El PPPoE Session Some ISPs offer multiple sessions when using PPPoE to make the VPN connection You can Security Level select these PPPoE sessions to construct VPN tunnels Encryption Method NULL Authentication Method NULL Remote Security Gateway Pd ML a Service Protoco
74. y your changes use the Deactivate and Activate buttons if available OR restart your system 15 XC DIPG6O0O3 Twin WAN DNS 6 IP VPN Gateway Chapter Contents e Overview e Port Options e Load Balance e Advanced PPPoE e Advanced PPTP Chapter 3 Advanced Port Overview O Port Options contains some options which can be set on either or both WAN ports For most situations the default values are satisfactory O Load Balance screen is only functional if you are using both WAN ports It allows you to determine the proportion of WAN traffic sent through each port O Advanced PPPOE setup is required if you wish to use multiple sessions on one or both of the WAN ports It can also be used to manually connect or disconnect a PPPoE session Otherwise this screen can be ignored O Advanced PPTP setup is required if using the PPTP connection method Port Options Figure 6 Port Options Connection Validation Health Check Alive Indicator MTU PPPoE PPTP Connection Option Auto Dialup Auto Disconnect After idle for Transparent Bridge Option Bridge Mode Traffic Management Arp Tables Health Check Use this field to select the type of connection validation to perform When set to ICMP the XC DPG603 sends out ICMP echo requests When set to HTTP the XC DPG603 requests web pages Alive Indicator This is the IP address used to check if the WAN connection is operational When using HTTP put in a valid IP address of
Download Pdf Manuals
Related Search