SMC Networks SMCBR18VPN User's Manual
Contents
1. 1821582 d 2 192 1682 3 19321682 C 4 192168 2 5 192168 2 d 7 8 Advanced Setup FIREWALL 7 8 1 Network Filters The VPN Broadband Router firewall includes comprehensive Outbound and Inbound Network Packet Filters The firewall does not significantly affect system performance The packet filter lets you control which packets are allowed to pass through the router The Outbound Filter applies to all outbound packets The Inbound Filter applies only to packets addressed to a virtual server or DMZ host You can select one of the two filtering policies e Allow all to pass except those that match the specified rules e Deny all to pass except those that match the specified rules SETUP WIZARD Outbound Network Filter Allows you to control access to a network by analyzing the incoming and outgoing packets and letting them pass or haltinc on the IP address of the source and destination Enable Disable FIREWALL ALLOW all network traffic except for the rules listed below BLOCK DENY all network traffic except for the rules listed below Schedule rule D Always ID as Inbound Filter MAC Level E Source IP Ports Destination IP Ports Use Rule 2 2 12. TCP TCP STATUS TCP v Pw aa TD TCP a For example if you have an FTP server port 21 at 192 168 123 1 a Web server port 80 at 192 168 123 2 and a VPN server at 192 168 123 6 you need to specify the following virtual server mapping as shown in the table below Service Port 192 168 123 1 80 192 168 1232 1723 192 168 123 6 The IP Address section should contain the IP of the server computer in the LAN network that will be providing the virtual services The Public Port is the port number or port range on the WAN side that will be used to access the virtual service The Private Port is the port number of the service used by the server computer Data Type can be User Datagram Protocol UDP Transmission Control Protocol TCP or both This depends on the type of service you are running TCP is connection oriented protocol and UDP is connectionless Since most services are connection oriented you will most likely need to select TCP For example FTP and HTTP are connection oriented services while DNS and many streaming radio servers are connectionless 7 7 2 Special Applications Some applications require multiple connections such as Internet games video conferencing and Internet telephony These applications cannot work with a pure NAT router because of the firewall function However the Special Applications feature allows some of these
3. Enable gt Disable FIREWALL hax number of tunnels m g e VPN VPN protects network information from intruders However it greatly decreases network throughput Enable it only when a security tunnel is absolutely necessary This feature is disabled by default e Max Number of Tunnels Set the number of tunnels that are allowed to be in operation simultaneously e Tunnel name Lists the monitored tunnel e Method IPSec VPN supports two kinds of key exchange methods manual key exchange and the automatic key exchange The manual key exchange method indicates that the authenticator and the encryption key of the two end VPN gateways are setup manually by the system managers However the IKE method performs an automatic Internet key exchange The system managers of both end gateways only need to set the same pre Shared key e More button Click the More button to setup detailed configuration for Manual key or IKE methods There are three settings that must be configured to enable IKE for a dedicated tunnel e Basic setup e IKE proposal setup e IPSec proposal setup Basic Setup e Local Subnet The subnet of the local VPN gateway s LAN site The subnet can be a host a partial subnet or the whole subnet of the local gateway s LAN site e Local netmask The local netmask combined with the local subnet forms a
4. BSS BSS stands for Basic Service Set Tt is an Access Point and all the LAN PCs that are associated with it CHAP When authenticating using Challenge Handshake Authentication Protocol CHAP the knowledge of the password rather than the password itself is what is sent by the client With CHAP the VPN Broadband Router sends the remote client a challenge string The remote client uses the challenge string and the password and creates a Message Digest 5 MD5 hash which is then forwarded to the VPN server The VPN server computes the same hash calculation and compares the result with the hash sent by the client If they match the remote client is considered an authentic user CSMA CA Carrier Sense Multiple Access with Collision Avoidance DES Data Encryption Standard A cryptographic encryption algorithm that is part of many standards DHCP Dynamic Host Configuration Protocol This protocol automatically configures the TCP IP settings of every computer on your home network DMZ Allows a networked computer to be fully exposed to the Internet This function is used when the special application sensing tunnel feature is insufficient to allow an application to function correctly DNS DNS stands for Domain Name System which allows Internet host computers to have a domain name such as www smc com and one or more IP addresses such as 192 34 45 8 A DNS server keeps a database of host computers and their respective domain name
5. 1 192 168 2 0 255 255 255 0 192 168 1 0 255 255 255 255 192 168 1 1 mypresharedkey When finished save your settings VPN Settings Tunnel 1 Set IKE Proposal SMC SETUP WIZARD VPN Settings Tunnel 1 Set IKE Proposal Empty IKE Proposal index Rene 7 select one iw Add to Proposal index P al E t Auth Lif Life Ti al PE Group sinorhm if shat nnb 4 4 e 1 E555 8 40 6 1 Set the Tunnel 1 IKE Proposal settings as follows ID 1 Proposal Name 1 DH Group Group2 Encypt algorithm 3DES Auth algorithm SHA1 Life Time 10000 Life Time Unit Sec When finished save the settings SMCBR1I8VPN UN VPN Settings Tunnel 1 Set IPSec Proposal SMCBR18VPN Logout VPN Settings Tunnel 1 Set IPSec Proposal Empty Proposal ID Add to Proposal index Life P al E 18 Auth Lif ae we Nowe 0 1 4 None ESP spEs None 4 D v Set the Tunnel 1 IPSec Proposal settings as follows ID 1 Proposal Name 1 DH Group Group2 Encap protocol ESP Encrypt algorithm DES Auth Algorithm MD5 Life Time 10000 Life Time Unit Sec When finished save the settings Now to view the VPN connection process go to the STATUS page and view the System Log 9 Troubleshootin
6. 2 2150 ed Jul 21 08 57 22 2004 DHCP renew ed Jul 21 08 57 22 2004 DHCP ack DOL 3600 71 1800 T2 3150 ed Jul 21 09 02 42 2004 Admin from 182 158 2 145 login successtully ed Jul 21 09 19 40 2004 Admin from 192 158 2 145 login successfully ed Jul 21 08 27 23 4004 DHCP renew ed Jul 21 08 27 23 2004 DHCP ack DOL 3600 71 1800 T2 3150 ed Jul 21 08 57 24 2004 DHCP renew ed Jul 21 09 57 24 2004 DHCP ackiDOL 3800 T121800 T2 3150 ed Jul 21 10 01 35 2004 Restarted by 132 158 2 145 Mead dal 21 W011 2 A3 AO TP trinnar from 1907 gt 115 1518 te 188 178 717 13871111 8 IPSec Settings Guide For Reference Example Only 8 1 Local Security Policy Settings Step 1 In Windows 2000 XP click the Start button select Settings and then Control Panel The Control Panel window will open Windows XP users may need to click Performance and Maintenance in the Control Panel window depending on user environment E Control Panel File Edit View Favorites Tools Help Back 2 JI Search Kes Folders 2 2 Address Control Panel Control Panel Pick a category Switch to Classic View EJ 2 8 Appearance and Themes Printers and Other Hardware a See Also AS To Windows Update Ak Help and Support Network and Internet Connections ye User Accounts a Date Time Language and Regional 4 6 Add or Remove Programs wu Options Sounds Speech and Audio Devices Accessi
7. Dial up Account Dial up Password Please retype your password Baud Rate i 7600 v bps Primary DNS 0 0 0 0 0 0 0 secondary DNS 0 0 0 Assigned IP Address 1 optional Modem Initialization String i Maximum Idle Time 0 60 0 minutes Eee Enable Disable O Always On Line Connect made Manual Connect 9 Connect On Demand 7 6 Advanced Setup LAN This is the local IP address of the router All networked computers must use the LAN IP address of the router as their default Gateway However if necessary it can be changed Here you can configure the LAN IP address for the router and enable disable the DHCP server for dynamic client address allocation You can change the lease time if necessary as well By default this is set to One Week The other options are Half Hour One Hour Two Hours Half Day One Day Two Days and Forever Forever signifies that there is no time limit on the IP address lease For the IP address pool a dynamic IP address range may be specified Default 192 168 2 100 199 Once the IP addresses e g 192 168 2 100 199 have been assigned these IP addresses will be part of the dynamic IP address pool IP addresses from 192 168 2 2 99 and 192 168 2 200 254 will be available as static IP addresses Remember not to include the address of the Router in the client address pool Also remember to configure your c
8. e Connect the equipment into an outlet on a circuit different from that to which the receiver is connected e Consult the dealer or an experienced radio TV technician for help FCC Caution To assure continued compliance for example use only shielded interface cables when connecting to computer or peripheral devices Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation CAUTION STATEMENT FCC Radiation Exposure Statement This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with a minimum distance of 5 centimeters between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter Note In order to maintain compliance with the limits of a Class B digital device SMC requires that you use a quality interface cable when connecting to this device Changes or modifications not expressly approved by SMC could void the user s authority to operate this equipment Attach unshielded twisted pair cable UTP to th
9. 01 v Time Ho 0 023 Minute 9 0 59 Se cond 0 59 Password Settings Use this section to configure the 2 password accounts and idle time out setting for your Barricade Router There are 2 levels of admin access for this VPN Router The Administrator account has Read Write permission to view and change any settings The default password for this account is smcadmin The User account has Read Only permissions to view but not change the settings The default password for this account is password Administrator Password Options Currant Passw scwnrd Confirm Mew Passw User Password Options Current Password Contrm Mew Password Idle Time Out Settings ldle Time Qut 10 Mins Idle Time 20 NO Time ut Remote Management Use this section to configure the remote management feature of your Barricade Router so the web management can be accessed from the Internet WAN You can restrict access to a single IP or a range of IP addresses If the specified IP address is 0 0 0 0 any host can connect to the router to perform these tasks You can use the subnet mask bits nn notation to specify a group of trusted IP addresses For example 10 1 2 0 24 You can also change the remote port that the administrator uses to gain access to the web management Enable Remote Management Allow Access to Any IP Address single IF Remote Management Port 000 Syslog Serve
10. Given the proper privileges it can then communicate directly with other machines as if it were actually on that local network T TES E 1 E i LA 1 _ 8 ui a __ The LI E a4 sr X 1 1 a li 1 1 1 my et ot ee 4 OMe COM tic MEX n ple ase Networks 36 Tesla irvine CA 92618 Phone 949 675 000
11. it allows you to establish a connection to a corporate network and Share files or other data as if your machine were actually on that local network Roaming A function that allows your to move through a particular domain without losing network connectivity SNMP Format used for network management data Data is passed between SNMP agents processes that monitor activity in hubs switches etc and the workstation used to oversee the network SNMP uses Management Information Bases MIBs which are databases that define what information is obtainable from a networked device and what can be controlled turned off on etc Static IP If your Service Provider has assigned a fixed IP address enter the assigned IP address subnet mask and the gateway address provided by your service provider SPI Stateful Packet Inspection ensures that the data coming into your network was requested by an end node computer on your LAN The Barricade examines the incoming data and compares it to a database of trusted information As traffic leaves the network it is defined by certain characteristics Incoming information is then compared to these sets of characteristics If the incoming data matches the predefined set of characteristics the incoming traffic is allowed If no match is found the incoming traffic is discarded Subnet Mask A subnet mask which may be a part of the TCP IP information provided by your ISP is a set of four numbers configured like
12. PAP or CHAP Authentication Protocol MPPE Encryption cannot be enabled Therefore you must configure the VPN client to connect the Router s VPN server without requiring encryption By default Windows VPN clients require encryption You can go into the properties of the VPN connection and disable this requirement Advanced Security Settings General Options Security Networking Advanced ata encryption Security options inquic eneupon Jels on noel sever deines Typical recommended settings encryption allowed server will disconnect if i requires encryption Optional encryption connect even if no encryption Require encryption disconnect if server declines Maximum strength encryption disconnect if server declines C Allow these protocols Unencrpted password Shiva Password Authentication Protocol SPAP phis Settings Challenge Handshake Authentication Protocol CHAP Microsoft CHAP 5 Allow older MS CHAP version for Windows 95 servers Microsoft CHAP Version 2 5 sz Advanced custom settings For M5 CHAP based protocols automatically use my Windows logon name and password and domain if any J I forgot my password and can no longer log into the router You should restore your router to factory defaults via its hardware reset button Locate the reset button to the right of the power input While the device is powered on use a paper clip to
13. an IP address It is used to create IP address numbers used only within a particular network as opposed to valid IP address numbers recognized by the Internet TCP IP Transmission Control Protocol Internet Protocol This is the standard protocol for data transmission over the Internet TCP Transmission Control Protocol TCP and UDP User Datagram Protocol are the two transport protocols in TCP IP TCP ensures that a message is sent accurately and in its entirety However for real time voice and video there is really no time or reason to correct errors and UDP is used instead UDP User Datagram Protocol A protocol within the TCP IP protocol suite that is used in place of TCP when a reliable delivery is not required For example UDP is used for real time audio and video traffic where lost packets are simply ignored because there is no time to retransmit If UDP is used and a reliable delivery is required packet sequence checking and error notification must be written into the applications VPN Virtual Private Network that actually exists within a public network This consists of a point to point tunnel through which users can send and receive data The data packets are encrypted to provide for a true private connection to the endpoint i e corporate network These packets cannot be decrypted without the correct encryption keys Once the VPN tunnel is established the client machine is authenticated and registered on the network
14. an IPSec tunnel This rule does not specify an IPSec tunnel The tunnel endpoint is specified by this IP address 192 158 1 254 bv Step 18 Select the Tunnel Setting tab Step 19 Check The tunnel endpoint is specified by this IP address and enter 192 168 1 254 Step 20 Select the Connection Type tab Step 21 On the Connection Type page select All Network connections Step 22 Click OK to complete the tunnel 1 xp gt router configuration Edit Rule Properties IP Filter List Filter Action Authentication Methods Tunnel Setting Connection Type This rule only applies to network traffic over connections of Ud the selected type f All network connections C Local area network LAM Remote access Filter List 2 Router gt XP PC To configure tunnel 2 follow step1 through step 4 from the previous section Step 5 The Filter Properties window opens Select A specific IP Subnet from the Source Address field Step 6 Enter the IP address 192 168 2 0 and the Subnet mask 255 255 255 0 Filter Properties Addressing Protocol Description Source address IPAddess 192 168 2 0 subnet mask 755 255 25h D Destination address 4 specific IP Address IP address Mirrared Also match packets with the exact opposite source and destination addresses Step 7 Select A specifi
15. containing that word will be blocked e Enable Check the box to enable the rules e Use Rule Applies a configured schedule rule URL Blocking You can block access to certain Web sites from a particular PC by entering either a full URL address or just a keyw site O0 Ahways ID Rule Number URL Keyword Use Rule 0 Site 1 Site 2 0 Site 3 0 Site 4 0 site 5 site Site Site 8 oite 9 mim 7 8 3 MAC Filter MAC Address Filtering allows you assign different access rights to various users and you can also assign a specific IP address to a certain MAC address Select the Enable radio button to enable the MAC Address Control All of the settings on this screen take effect when Enable is checked e MAC Address This is the unique address of a specific client e IP Address Expected IP address of the corresponding client You can keep this text field blank if you do not know the address The DHCP pull down menu lets you select specific clients Select clients from the DHCP clients list and click Copy to to copy the MAC addresses to the selected ID chosen from the ID pull down menu e Previous Page Next Page Use these links to navigate to different pages The router supports up to 32 MAC filters enn Enable Disable Q ALLOW these clients access to your network 9 BLOCK DENY these clients access to your network MEM 0 j0 40
16. depress this button for about 5 7 seconds and then release Now you have completed the reset to factory defaults K Upgrading the firmware New firmware revisions will be made available as necessary when new product features or functionality is released You should check http www smc com on a periodic basis for these updates If a new version is available check the release notes to be sure of what has been changed added and then you can decide if you wish to complete the upgrade Then download and unzip the firmware file Log into the web based administration of the SMC Router click TOOLS then click FIRMWARE UPGRADE and browse to the new firmware file Then click the BEGIN UPGRADE button to upload the firmware to the SMC Router Once this is completed be sure to reset the router to factory defaults and reconfigure your WAN connection before continuing to use it 10 Technical Specifications Standards IEEE 802 3 10Base T Ethernet IEEE 802 3u 100Base TX Fast Ethernet Hardware Ports LAN Port 4x RJ45 10 100 Mbps with Auto MDI MDIX BR14VPN 8x RJ45 10 100 Mbps with Auto MDI MDIX BR18VPN WAN Port 1x RJ45 10 100 Mbps with Auto MDI MDIX COM Port 1x DB9 male Up to 115200bps Input Power DC 5V2A LEDs Power 1x Green LED for Power WAN 1x Amber LED for 10Mbps link Green LED for 100Mpbs link Blinking LED when data is transmitted LAN 4 port 4x Amber LED for 10Mbps connection 4x Green LED for 100Mbps connection Blinkin
17. in the index list will be used in phase 2 of the IPSec negotiation for getting the IPSec SA of the dedicated tunnel VPN Settings Tunnel 1 Set IPSec Proposal Remove Remove Life Ti 7 9 4 Dynamic VPN When using the VPN Dynamic IP Setting the router functions as a Dynamic VPN server The Dynamic VPN server does not check the VPN client IP information this means that you can build a VPN tunnel with a VPN gateway from any remote host regardless of the IP information VPN Settings Dynamic VPN Tunnel 7 9 5 PPTP L2TP Server Point to Point and Layer 2 Tunneling Protocols PPTP L2TP allows the secure remote access over the Internet by simply dialing in a local point provided by an ISP The following screen displays the management interface where you enter username and passwords for authorized remote users the authentication protocol and the IP address range to assign to those users PPTP Server ieee O Enable 9Disahle Virtual IP af PPTP Server 10 10 A THC PAP O CHAP O MSCHAP Disable Enable EN MEET RN 1 The VPN Broadband Router supports PAP CHAP and MS CHAP authentication protocols You can also enable or disable support MPPE which is a Microsoft standard Point to Point Encryption protocol We recommend enabling MPPE at all times However please note that with MPPE enabled the only supported authentication protocol is MS CHAP This is bec
18. m 4 iz Barricade Tool Options Backup Router Settings Backup to SMCrouter_backup bin EN 3 3 Brows Restore Router Settings B ze r T estore Cong Reset Barricade to Factory Settings Reset to Default Settings 79 FIREWALL ADVANCED TOOLS STATUS 7 17 Status You can use the Status screen to see the connection status for Barricade s WAN LAN interfaces firmware and hardware version numbers any illegal attempts to access your network as well as information on all DHCP client PCs currently connected to your network Current time Wed Jul 21 2004 01 46 05 PM Connection Status Barricade Settings Hardware Information DHCP Client Connected IP Address 132 158 2 1 Runtime Cade Versian R1 00iJul 20 2004 WAN IP 10 10 2885 Subnet Mask 255 255 255 0 Boot Code Version R1 C321 88AB subnet Mask 455 255 255 0 DHCP Server Enabled LAN MAC Address UD SO 18 21 B2 7 4 Gateway 10 10 2 1 Made Disabled WAR MAC Address O0 50 10 21 B2 75 Primary DNS 10 10 2 1 UPnP Disabled Hardware Version R100 secondary ONS 0 0 0 0 Numbers af DHCP Clients 1 DHCP Client Log View DHCP clients Mame sotec I P 192 166 2 146 Expire Date Wed Jul 28 08 25 50 2004 Network Log lew network activity a E nd security logs wi HIT E Ejup Ju LI LI Z ed Jul 21 8 27 20 2004 DHCP regquest 1D 10 2 95 in ed Jul 21 08 27 21 2004 DHCP ackiDOL 3800 T1 21800
19. or by any means electronic or mechanical including photocopying recording or information storage and retrieval systems for any purpose other than the purchaser s personal use without the express written permission of SMC Copyright 2004 by SMC Networks Inc 38 Tesla Irvine California 92618 All rights reserved Trademarks SMC is a registered trademark and EZ Stream EZ Connect Barricade and EZ Hub are trademarks of SMC Networks Inc Other product and company names are trademarks or registered trademarks of their respective holders Compliances FCC Class B This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with instructions may cause harmful interference to radio communications However there is no guarantee that the interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures e Reorient the receiving antenna e Increase the separation between the equipment and receiver
20. remotely by polling and setting terminal values and monitoring network events e Enable SNMP You can check Local Remote or both options to enable the SNMP function o If Local is checked the router responds only to requests from the LAN o If Remote is checked the router responds only to requests from the WAN e Get Community Setting this option allows the router respond to a request e Set Community Setting this option allows your router to accept a request FIREWALL SNMP Setting VPN Enable SNMP Local C Remote ADVANCED public E _ TOOLS lee 7 11 Advanced Setup ROUTING The Routing Table lets you determine which physical interface address to use for outgoing IP data grams If you have more than one router and subnet you will have to enable the routing table to allow packets to find the routing path This allows different subnets to communicate with each other The settings in the routing table are used to support static and dynamic routing functions RIPv1 is a protocol where the IP address is routed through the Internet RIPv2 is an enhanced version of RIP v1 with added features such as Authentication Routing Domain Next Hop Fowarding and Subnetmask Exchange 9 Disable RIPV2 EDEN Disable Enable Janonnut Enable Static Routing by selecting the radio button next to Enable e Static Routing Allows you to sp
21. repair replacement options Do not take apart the equipment This may cause fire electric shock or other injuries Do not overload wall outlets and extension cords as this can result in a fire or electric shock This product is for use with the AC adapter that comes with it Use with any other AC power is strongly discouraged as it may cause fire electric shock or damage to the equipment 1 System Requirements Internet access from your local telephone company or Internet Service Provider ISP using a DSL modem cable modem Dial Up modem or ISDN modem A PC using a fixed IP address or dynamic IP address assigned via DHCP as well as a Gateway server address and DNS server address from your service provider A computer equipped with a 10 Mbps 100 Mbps or 10 100 Mbps Fast Ethernet card or a USB to Ethernet converter TCP IP network protocol installed on each PC that needs to access the internet A Java enabled web browser such as Microsoft Internet Explorer 5 0 or above or Netscape Communicator 4 0 or above installed on one PC at your site for configuring the router 2 Equipment Checklist After unpacking the Barricade VPN Cable DSL Broadband Router check the contents of the box to be sure you have received the following components 1 Barricade VPN Cable DSL Broadband Router 1 EZ Installation Wizard and Documentation CD 1 Ethernet CAT5 UTP Straight Through Cable 1 Power Adapter 1 Quick Installation Guide Immediatel
22. subnet domain e Remote subnet The subnet of a remote VPN gateway s LAN site The subnet can be a host a partial subnet or the whole subnet of the remote gateway s LAN site e Remote netmask The remote netmask combined with the remote subnet forms a subnet domain e Remote gateway The IP address of the remote gateway e Pre shared key The first key that supports the IKE mechanism of both VPN gateways to negotiate further security keys The pre shared key must be the same for both end gateways Options e Select IKE proposal Click this button to setup a set of frequently used IKE proposals for the dedicated tunnel e Select IPSec proposal Click this button to setup a set of frequently used IPSec proposals for the dedicated tunnel The tunnel name is equal to the name you configured on the previous page of VPN settings The IKE proposal index includes the settings for a set of frequently used IKE proposals and offers a selection of the IKE proposals The IPSec proposal index includes the settings for a set of frequently used IPSec proposals and offers a selection of the IPSec proposals VPN Settings Tunnel 1 IKE Tunnel 1 IKE eee sample Ce Enable Disable MEE 0 0 0 0 Local Metmask 0 0 0 0 Remote Subnet 0 0 0 0 Remote Metrnask 1 0 0 0 ms Remote Gateway Preshare Key IKE Proposal index select IKE Propos
23. the Diffie Helman group 8 4 Example IPSec VPN Configuration VPN Router WAN IP Address 192 168 1 254 LAN IP Address 192 168 2 1 PC 192 168 2 xxx SMC SETUP WIZARD VPN Settings VPN Settings are used to create virtual private tunnels to remote VPN gateways Enable O Disable NetBIOS broadcast O Enable Disable Max number of tunnels EE pase Next page Dynamic VPN ID Tunnel Name Method O ke More Bm 1 6 C o we E sys nz 1 azul Set the VPN settings as follows VPN Enable Max number of 2 tunnels ID 1 Tunnel Name 1 Method IKE When finished click More SMCBR18VPN Logout VPN Settings Tunnel 1 IKE SMC SETUP WIZARD lt gt ae 7 FIREWALL ADVANCED STATUS SMCBR1I8VPN Home SYSTEM VPN Settings Tunnel 1 IKE Tunnel 1 IKE Tunnel Name OEnable Disable 92 168 2 0 Local Subnet 192 168 2 Local Netmask 2552552550 255255 255 Remote Subnet 255 255 255 255 192 168 1 1 mypresharekey Select IKE Proposal Select IPSec Proposal Remote Gateway Preshare Key IKE Proposal index IPSec Proposal index Set the Tunnel 1 IKE settings as follows Tunnel 1 Local Subnet Local Netmask Remote Subnet Remote Netmask Remote Gateway Preshare Key
24. 45 11 20 77 182 158 2 145 sotec a IN 7 Iz 1824882 2 1824882 3 1821882 4 192 1682 5 fF 192188217 7 8 4 Schedule Rule Set scheduled times to be used to control what time of day a service or set of services is enabled Use this section to configure up to 10 Schedule Rules to limit network access based on time and day To create a schedule rule click the Add Schedule Rule link below Enable Disable ET Im ET No Valid Schedule Rule Add Schedule Rule Enter a rule name into the text field next to Name of Rule 1 Click Save Settings to save your settings Edit Schedule Rule 1 Use this section ta configure the details for the Schedule Rule The military time format is used to configure the time far a sc for example 2 00 is entered as 14 00 of Rule 1 Start Time hh mm End Time hh mm Every Day sunday Monday Tuesday Wednesday Thursday Friday E E Saturday The Schedule Rule screen appears It now shows your setting for Rule 1 If you need to make changes to your setting click the Edit button If you want to delete Rule 1 click the Delete button O Enable Disable Rule Name Configure j sample sis Delete Add Schedule Rule 7 8 5 Advanced In this section you can enabl
25. AT 5 TP cable has a network data transfer rate of up to 100Mbps Access Point A device that is able to receive wireless signals and transmit them to the wired network and vice versa thereby creating a connection between the wireless and wired networks Ad Hoc An ad hoc wireless LAN is a group of computers each with LAN adapters connected as an independent wireless LAN Adapter A device used to connect end user nodes to the network each contains an interface to a specific type of computer or system bus e g EISA ISA PCT PCMCIA CardBus etc Auto Negotiation A signaling method that allows each node to define its operational mode e g 10 100 Mbps and half full duplex and to detect the operational mode of the adjacent node Backbone The core infrastructure of a network The portion of the network that transports information from one central location to another central location where it is unloaded onto a local system Base Station In mobile telecommunications a base station is the central radio transmitter receiver that maintains communications with the mobile radiotelephone sets within its range In cellular and personal communications applications each cell or micro cell has its own base station each base station in turn is interconnected with other cells bases Bitmap A Windows and OS 2 bitmapped graphics file format Bitmap files provide formats for 2 16 256 or 16 million colors It uses the extension BMP
26. Auth Protocol gt SETUP WIZARD COME CREE pons ver mes _ N gt lt 0 gt eo D o b ct 55 I gt lt e 7 2 The firewall of the router filters out unrecognized packets to protect your intranet This means that all network hosts are invisible to the outside world However some of the hosts can be made accessible by enabling the Virtual Server mapping A virtual server is defined as a Service Port All requests to this port will be redirected to the computer specified by the Server IP The virtual server can work with scheduling rules as well This gives you more flexibility for access control SETUP WIZARD SYSTEM Virtual Server WAN You can configure the Barricade as a virtual server so that remote users accessing services such as the Web or FTP at you via public IP addresses can be automatically redirected to local servers configured with private IP addresses In other words LAN on the requested service TCP UDP port number the Barricade redirects the external service request to the appropriate ser at another internal IP address select Schedule rule 00 v ID FIREWALL IP Address Public Port s Private Port s Data Type Enable Rule VPN ADVANCED 19218822 DDNS 2 192182 v GE 1921821 bu 4 3493892 5 4921682 6
27. Configuring Your Broadband VPN Router Before you attempt to log into the web based Administration please verify the following 1 Your browser is configured properly see below 2 Disable any firewall or security software that may be running 3 Confirm that you have a good link LED where your computer is plugged into the Router If you don t have a link light then try another cable until you get a good link 7 1 Browser Configuration Confirm your browser is configured for a direct connection to the Internet using the Ethernet cable that is installed in the computer This is configured through the options preference section of your browser You will also need to verify that the HTTP Proxy feature of your web browser is disabled This is so that your web browser will be able to view the Router configuration pages The following steps are for Internet Explorer and for Netscape Determine which browser you use and follow the appropriate steps Internet Explorer 5 or above For Windows Open Internet Explorer Click Tools and then select Internet Options In the Internet Options window click the Connections tab Click the LAN Settings button Clear all the check boxes and click OK to save these LAN settings changes Click OK again to close the Internet Options window Internet Explorer For Macintosh 1 Open Internet Explorer Click Explorer Preferences 2 Inthe Internet Explorer Preferences window under Network s
28. E proposal can be selected for adding a corresponding proposal to the dedicated tunnel A total of ten proposals can be set in the proposal pool A maximum of four proposals from the pool can be applied to the dedicated tunnel e to button Click this button to add the selected proposal shown in the proposal ID field of the IKE Proposal index list The proposal shown in the index list will be used in phase 1 of the IKE negotiation for obtaining the IKSAMP SA of the dedicated tunnel VPN Settings Tunnel 1 Set IKE Proposal Empty IKE Proposal index selectone Add ta Proposal Index Proposal Encrypt Auth Life Life Time mesie s mp EN 4 Group 1 3DE 0 x 0 Sem 3DES SHAl w 0 Sec Group T 5 Group 1 Lu 1 TI ER 7 9 3 IPSec Proposal IPSec Proposal index A list of selected proposal indexes from the IPSec proposal pool The selected activity is performed when you select a proposal ID and click the Add to button next to Proposal ID roll down list A maximum of four indexes can be selected from the proposal pool for the dedicated tunnel Proposal Name The proposal name indicates which IPSec proposal will be monitored The first character of the name with the value of 0x00 stands for the IPSec proposal that is not available DH Group Three groups c
29. Green Steady The WAN port is connected ay Blinking The WAN port is sending or receiving data Link status Green Steady An active station is connected to the LAN port Blinking The corresponding LAN port is sending or receiving data Steady Data is transmitted at 100 Mbps SMCBR18VPN Front Panel 8 LAN 1 WAN and 1 COM port Port Type Description 5 VDC Receptor for power adapter 5 VDC 2 A minimum WAN This is the connection for the Ethernet cable to the Ethernet port on the cable or DSL modem Port 1 4 8 These are the connections for Ethernet cables to your Ethernet enabled computers COM Serial port connection for an analog modem or console cable 5 Hardware Installation The router can be placed anywhere in your office or home No special wiring or cooling requirements are necessary However you should comply with the following guidelines e Place your router on a flat horizontal surface e Be sure to place your router away from any heating devices e Avoid dusty and or humid areas 1 Setup LAN Connection Connect an Ethernet cable from your computer s Ethernet port to one of the LAN ports of the router 2 Step WAN Connection Insert one end of the Ethernet cable into the WAN port on the back panel of your router and the other end to the cable DSL modem You may connect an analog modem optional to function as a backup connection 3 Power Up The router automatically enters the self testing phase once the po
30. Manual Connect 9 Connect On Demand Dial Up Most Dial up users will select this option to connect to their ISP through an analog dial up modem This feature can be used as a back up when your broadband connectivity is unavailable Enter the phone number account name and password assigned to you by your ISP The baud rate is the communication rate between the broadband router and your modem Set this to the desired rate If you have received DNS addresses from your ISP enter them here otherwise leave these addresses at their default settings The modem initialization string setting is most commonly used to optimize the communication quality between the ISP and your analog dial up modem If you are using the dial up modem as a backup Enable the Auto Backup Failover option Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again Dial up Phone Number
31. Mask 255 255 255 0 WAN Gateway Connection ID Maximum Idle Time 0 60 io minutes Always On Line OD Manual Connect Connect Gn Demand BigPond If you use the BigPond Internet Service which is available in Australia enter your username and password and apply the changes BigPond In this Section you can configure the built in client for the BigPond Internet service available in Australia Please retype your password Authentication Service optional L2TP Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in Europe It can be used to join different physical networks using the Internet as an intermediary If you have been provided with the information as shown on the screen enter the assigned IP address subnet mask default gateway IP address user ID and password and L2TP Gateway Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand op
32. Network Make sure that Built in Ethernet is selected in the Show field On the TCP IP tab select Using DHCP in the Configure field Close the TCP IP dialog box 6 5 Verifying Your TCP IP Connection After installing the TCP IP communication protocols and configuring an IP address in the same network as the Router use the ping command to check if your computer has successfully connected to the Router The following example shows how the ping procedure can be executed in an MS DOS window First execute the ping command ping 192 168 2 1 If a message similar to the following appears Pinging 192 168 2 1 with 32 bytes of data Reply from 192 168 2 1 bytes 32 time 2ms TTL 64 a communication link between your computer and the Router has been successfully established If you get the following message Pinging 192 168 2 1 with 32 bytes of data Request timed out be something wrong in your installation procedure Check the following items in sequence 1 Is the Ethernet cable correctly connected between the Router and the computer The LAN LED on the Router and the Link LED of the network card on your computer must be on 2 Is TCP IP properly configured on your computer If the IP address of the Router is 192 168 2 1 the IP address of your PC must be from 192 168 2 2 254 and the default gateway must be 192 168 2 1 If you can successfully ping the Router you are now ready to connect to the Internet 7
33. SMCBR I4VPN SMGBRISVPN o Barricade VPN 478 port Broadband Router Copyright Information furnished by SMC Networks Inc SMC is believed to be accurate and reliable However no responsibility is assumed by SMC for its use nor for any infringements of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice The products and programs described in this User Guide are licensed products of SMC This User Guide contains proprietary information protected by copyright and this User Guide and all accompanying hardware and documentation are copyrighted SMC does not warrant that the hardware will work properly in all environments and applications and makes no warranty and representation either implied or expressed with respect to the quality performance merchantability or fitness for a particular purpose Information in this User Guide is subject to change without notice and does not represent a commitment on the part of SMC SMC assumes no responsibility for any inaccuracies that may be contained in this User Guide SMC makes no commitment to update or keep current the information in this User Guide and reserves the right to make changes to this User Guide and or product without notice No part of this manual may be reproduced or transmitted in any form
34. SYSTEM ADVANCED TOOLS 1 You can apply up to 8 rules for each direction inbound or outbound For each rule you can define the following e Source IP address Source port address Destination IP address Destination port address Protocol TCP or UDP or both Use Rule You can define a single IP address 4 3 123 254 or a range of IP addresses 4 3 123 254 4 3 2 254 for the source or destination IP address A blank IP implies that all IP addresses are included You can define a single port 80 or a range of ports 1000 1999 for the source or destination port Specify the TCP or UDP protocol by adding the prefix T or U Not adding a prefix implies all ports Each rule can be enabled or disabled 7 8 2 URL Blocking URL Blocking blocks LAN computers from accessing pre defined Websites The difference between the Domain Filter and URL Blocking is that the Domain filter requires you to enter a suffix com or org while URL Blocking requires you to enter only a keyword In other words the Domain Filter can block specific Websites while URL Blocking can block hundreds of Websites simply by using a keyword e URL Blocking Check the box next to Enable if you want to enable the URL Blocking option e URL Keyword If any part of a Website s URL matches the pre defined word you have entered here the connection will be blocked For example if you type the word firewall into the URL text field all URLs
35. Security Settings window will appear Local Security Settings File Action View Help e BB Security Settings Name 9 Account Policies OB Account Policies 9 Local Policies B Local Policies m Public Key Policies public Key Policies H C Software Restriction Policie software Restriction Policies 2 i a IP Security Policies on Local Step 4 Right click IP Security Policies on Local Computer then click Create IP Security Policy Step 5 The IP Security Policy Wizard window will appear Click Next Step 6 In the next window type to_vpn_router in the Name field and click Next Step 7 Then deselect the Activate the default response rule check box and click Next Step 8 To complete the setup make sure that the Edit check box is checked and click Finish 8 2 Create Two IP Filter Lists PC gt Router Router gt PC Filter List 1 XP PC gt Router Step 1 From the to vpn router Properties window deselect the Use Add Wizard check box and click Add to create a new rule to vpn router Properties General Security rules for communicating with other computers IP Security rules IPFiterList Filter Action gt ate R equire Security Preshared Key router gt Require Security Preshared Key Dynamics Default Response Kerberos Authentication Use Add Wizard Edit Ru
36. address field and enter the IP address 192 168 2 0 and Subnet mask 255 255 255 0 Step 7 If you want to select a protocol for your filter click the Protocol tab Step 8 Select the protocol type you want and click OK Filter Properties Addressing Protocol Description Select a protocol type P Step 9 You are returned to the IP Filter List window Click OK to complete this part of the setup Step 10 From the Edit Rule Properties window select Require Security from the Filter Actions field and click Edit F Edit Rule Properties Authentication Methods Tunnel Setting Connection Type IP Filter List Filter Action The selected filter action specifies whether this rule negotiates for secure network traffic and how it will secure the traffic Filter Actions Mame Description Permit Permit unsecured IP packets to Request Security Optional Accepts unsecured communica Require Security Accepts unsecured communicat Add Edit Remove E Use Add Wizard Step 11 The Required Security Properties window opens Select Negotiate security and then check the Session key perfect forward security PFS Require Security Properties Secunty Methods General Permit t Block Negotiate security Security method preference order Type Integrity ESP Confidential Custom Hone DES Custom None gt SIDES Cu
37. ain an IP address automatically to configure your computer for DHCP Click the OK button to save this change and close the Properties window Click the OK button again to save these new changes Reboot your PC 6 3 Obtaining an IP Address Windows 95 98 Me 1 Click Start Run 2 Type WINIPCFG and click OK 3 From the drop down menu select your network card Click Release and then Renew Verify that your IP address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 1 These values confirm that the Router is functioning Click OK to close the IP Configuration window Windows 2000 XP 1 2 3 4 On the Windows desktop click Start Programs Command Prompt In the Command Prompt window type IPCONFIG RELEASE and press the lt ENTER gt key Type IPCONFIG RENEW and press the ENTER key Verify that your IP Address is now 192 168 2 xxx your Subnet Mask is 255 255 255 0 and your Default Gateway is 192 168 2 254 These values confirm that the Router is functioning Type EXIT and press ENTER to close the Command Prompt window 6 4 Configuring a Macintosh Computer You may find that the instructions here do not exactly match your screen This is because these steps and screen shots were created using Mac OS 10 2 Mac OS 7 x and above are all very similar but may not be identical to Mac OS 10 2 1 2 3 4 Pull down the Apple Menu Click System Preferences and select
38. ain electronics that regenerate signals to boost strength as well as monitor activity active intelligent hub Hubs may be added to bus topologies for example a hub can turn an Ethernet network into a star topology to improve troubleshooting ID3 The data fields in an MP3 that hold the artist name track titles album titles genre etc are known as ID3 tags IP Address IP stands for Internet Protocol An IP address consists of a series of four numbers separated by periods that identifies an single unique Internet computer host Example 192 34 45 8 IP Security Provides IP network layer encryption IPSec can support large encryption networks such as the Internet by using digital certificates for device authentication ISAKMP Internet Security Association and Key Manangement Protocol The basis for IKE ISP Internet Service Provider An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations JPEG Joint Photographic Experts Group JPEG is a standard for compressing still images and it provides compression with ratios up to 100 1 File extensions are JPG or JPEG LAN A communications network that serves users within a confined geographical area It is made up of servers workstations a network operating system and a communications link Servers are high speed machines that hold programs and data shared by network users The workstations clients are the users per
39. al IPSec Proposal index select IPsec Proposal 7 9 2 IKE Proposal e IKE Proposal index A list of selected proposal indexes from the IKE proposal pool The selected activity is performed when you select a proposal ID and click the Add to button next to the Proposal ID roll down list A maximum of four indexes can be selected from the proposal pool for the dedicated tunnel e Proposal Name The proposal name indicates which IKE proposal will be monitored The first character of the name with the value of 0x00 stands for the IKE proposal that is not available e DH Group Three groups can be selected o Group 1 MODP768 o Group 2 MODP1024 o Group 5 MODP1536 e Encryption algorithm Two algorithms can be selected 3DES o DES e Authentication algorithm Two algorithms can be selected o SHA1 o MD5 e Life Time The unit of Life time is based on the value of the life time unit which can be seconds or KB If the value of the unit is seconds the value of life time represents the life time of the dedicated VPN tunnel between both end gateways Its value can range from 300 to 172 800 seconds If the value of the unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways This value can range from 20 480 to 2 483 647 KB e Life Time Unit The life time unit can be set to seconds or KB Proposal ID The identifier of the IK
40. an be selected o Group 1 MODP768 o Group 2 MODP1024 o Group 5 MODP1536 However you can also select None Encapsulation protocol Two protocols can be selected ESP o AH Encryption algorithm Two algorithms can be selected o 3DES o DES However when the encapsulation protocol is set to AH the encryption algorithm is unnecessary Authentication algorithm Two algorithms can be selected 5 1 MD5 However you can also select None Life Time The unit of Life time is based on the value of the life time unit which can be seconds or KB If the value of the unit is seconds the value of life time represents the life time of the dedicated VPN tunnel between both end gateways Its value can range from 300 to 172 800 seconds If the value of the unit is KB the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways This value can range from 20 480 to 2 483 647 KB Life Time Unit The life time unit can be set to seconds or KB Proposal ID The identifier of the IPSec proposal can be selected for adding a corresponding proposal to the dedicated tunnel A total of ten proposals can be set in the proposal pool A maximum of four proposals from the pool can be applied to the dedicated tunnel Add to button Click this button to add the selected proposal shown in the proposal ID field of the IPSec Proposal index list The proposal shown
41. applications to work with the router Should the Special Applications feature fail to make an application work you can try setting your computer as a DMZ host Trigger This is the outbound port number issued by the application Incoming Ports When the trigger packet is detected the inbound packets sent to specified port numbers are allowed to pass through the firewall The router provides some predefined settings To add a predefined setting to your list select an application and click Copy to Note Only one computer can use the Special Application tunnels at any given time Popular applications select one v Trigger Port s Data Type MSN Gaming Zone 1 PC to Phone 4 Quick Time 4 2 TCP M TCP 3 Of 4 o 5 v 6 mew am 7 5 8 TCP m TCP OF 9 TCP P 10 For a full list of ports and the services that run on them see http www iana org assignments port numbers 7 7 3 Virtual Computer Use the Virtual Computer option to maintain the privacy and security of the local network Virtual Computer enables you to use the original NAT feature and allows you to setup the one to one mapping of multiple global IP address and local IP address Global IP
42. ause during the MS CHAP authentication process shared secret encryption keys for Microsoft Point to Point Encryption MPPE are generated This does not occur when using PAP or CHAP PAP is a simple authentication protocol where the username and password data are both handled in a cleartext or unencrypted format We do not recommend using PAP because your passwords are easily readable from the Point to Point Protocol PPP packets exchanged during the authentication process When authenticating using Challenge Handshake Authentication Protocol CHAP the knowledge of the password rather than the password itself is what is sent by the client With CHAP the VPN Broadband Router sends the remote client a challenge string The remote client uses the challenge string and the password and creates a Message Digest 5 MD5 hash which is then forwarded to the VPN server The VPN server computes the same hash calculation and compares the result with the hash sent by the client Tf they match the remote client is considered an authentic user Note The virtual IP of the PPTP server and L2TP server must not conflict L2TP Server Enable Disable virtual IP af LATP Server ho o nh PAP OCHAP QOMSCHAP Authentication Protocol MPPE Encryption Disable Enable ID Tunnel Name User Name Password 7 10 Advanced Setup SNMP The Simple Network Management Protocol SNMP lets you manage a computer network
43. bility Options Performance and Maintenance The Performance and Maintenance window opens Performance and Maintenance File Edit Favorites Tools Help Back d 2 Search c Folders ii Address gt Performance and Maintenance Performance and Maintenance See Also gg File Types XB System Restore Pick a task a ae E See basic information about your computer 3 Startup and Shutdown gt Adjust visual effects gt Free up space on your hard disk gt Back up your data Rearrange items your hard disk to make programs run faster or pick a Control Panel icon Administrative Tools Power Options wir p Scheduled Tasks amp 4 System Step 2 Windows 2000 XP Double click Administrative Tools The Administrative Tools window will now open Administrative Tools File Edit Favorites Tools Help d P 2 Search lc Folders Address Administrative Tools gt Component Services Computer Management File and Folder Tasks Shortcut Shortcut 5 2 2KB Share this Folder Data Sources ODBC Event Viewer Fai Shortcut Shor teut Other Places 206 KE gt Control Panel Local Security Policy S Performance Shortcut Shortcut My Documents 2 KB 2 KB Shared Documents Services 3 My Computer Shortcut 3 My Network Places 2 KB Details Step 3 Double click the Local Security Policy icon The Local
44. c IP Address from the Destination address field and enter the IP address 192 168 1 1 Step 8 If you want to select a protocol for your filter click the Protocol tab and continue with step 8 through step 17 from the previous section The Edit Rule Properties window opens Edit Rule Properties Ed IP Filter List Filter Action Authentication Methods Tunnel Setting Connection Type The tunnel endpoint the tunneling computer closest to the IP traffic destination as specified by the associated IP filter list t takes two rules to describe an IPSec tunnel f This rule does not specify an IPSec tunnel f The tunnel endpoint is specified by this IP address 192 158 1 1 eed ime Step 9 Select the Tunnel Setting tab Step 10 Check The tunnel endpoint is specified by this IP address and enter 192 168 1 1 Step 11 Select the Connection Type tab Step 12 On the Connection Type page select All Network connections Edit Rule Properties ud Filter List Filter Action Authentication Methods Tunnel Setting Connection Type This rule only applies to network traffic over connections of END the selected type f All network connections t Local area network t Remote access Cancel nplu Step 13 Click OK to complete the tunnel 1 router gt xp configuration 8 3 Configuring the IKE Properties Step 1 From the to_vpn_rout
45. e Properties eda IF Filter List Filter Action Authentication Methods Tunnel Setting Connection Type Authentication methods specify how trust established between computers These authentication methods are offered and accepted when negotiating security with another computer Authentication method preference order Method Details Preshared mupresharedk eu Cancel Apply Step 15 Select the Authentication Methods tab and click Add The Edit Authentication Method Properties window will appear Step 16 Select Use this string preshared key to protect the key exchange and enter your pre shared key string for example mypresharedkey Edit Authentication Method Properties Authentication Method The authentication method specifies how trust is established between the computers C Active Directory default Kerberos v5 protocol C Use a certificate from this certification authority f Use this string preshared Step 17 Click OK to return to the Edit Rule Properties window and click OK again The Edit Rule Properties window appears F Edit Rule Properties IP Filter List Filter Action Authentication Tunnel Setting Connection Type IF traffic destination as specified by the associated IP filter I The tunnel endpoint is the tunneling computer closest ta the list E takes two rules ta describe
46. e RJ 45 port and shielded USB cable to the USB port EC Conformance Declaration Class B SMC contact for these products in Europe is SMC Networks Europe Edificio Conata II Calle Fructuos Gelabert 6 8 20 4a 08970 Sant Joan Despi Barcelona Spain This equipment complies with the requirements relating to electromagnetic compatibility EN 55022 A1 Class B and EN 50082 1 This meets the essential protection requirements of the European Council Directive 89 336 EEC on the approximation of the laws of the member states relation to electromagnetic compatibility Important Safety Notices Unplug this product from the AC power before cleaning Do not use liquid cleaners or aerosol cleaners Use a dry cloth for cleaning Route the power supply cords so that they are not likely to be walked on or pinched by items placed upon or against them Pay particular attention to cords at plugs convenience receptacles and the point where they exit from the product Situate the product away from heat sources such as radiators heat registers stoves and other products that produce heat To prevent fire or shock hazard do not expose this unit to rain or moisture Do not allow water or any foreign objects to enter the interior This may cause a fire or electric shock In the event that water or other foreign objects get into the product immediately unplug the AC adapter from the electrical outlet and contact Customer Service for inspection and or
47. e Router Use this address when registering for Internet service and do not change it unless required by your ISP Tf your ISP used the MAC address of an Ethernet card as an identifier when first setting up your broadband account only connect the PC with the registered MAC address to the Router and click the Clone MAC Address button This will replace the current Router MAC address with the already registered Ethernet card MAC address If you are unsure of which PC was originally set up by the broadband technician call your ISP and request that they register a new MAC address for your account Register the default MAC address of the Router 3 IP Address Information 1 Cable Modem cable modem requires minimal configuration If the ISP requires vou to input a Host Name type it in the Hast Name field above Host Mame D0 50 18 21 B2 73 Clone MAC Address Fixed IP xDSL Some xDSL Internet Service Providers may assign a fixed static IP address If you have been provided with this information choose this option and enter the assigned IP address gateway IP address DNS IP addresses and subnet mask 3 IP Address Information ier Fixed IP xDSL Enter the IP address Subnet Mask Gateway IP address and DNS IP address provided to you by your ISP in the appropriate fields above IP amp ddress 0 0 0 Subnet Wlask 255 255 255 0 Gateway Address 0 0 0 0 Primary DNS Server BEIRIRIAT Secondary ONS Se
48. e disable Stateful Packet Inspection SPI Discard Ping from WAN and PPTP and IPSec VPN Passthrough types When Discard Ping From WAN is enabled computers on the Internet will not get a reply back from the VPN Broadband Router when it is being ping ed This may help to increase security When SPI is enabled the router will extensively record specific packet information passed through the router such as IP address port address ACK and so on The router will also check every incoming packet to detect its validity FIREWALL Options See Enable Disable O Enable Disable YPN Passthrough tee Enable Disable Enable Disable 7 8 6 DMZ If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall then you can open the client up to unrestricted two way Internet access by defining a Virtual DMZ Host O Enable 9 Disable IPF Address 07 1 amp 2 7 9 Advanced Setup VPN 7 9 1 IPSec Tunnel VPN settings are used to create virtual private tunnels to remote VPN gateways The tunnel technology supports data confidentiality data origin authentication and data integrity of network information by utilizing encapsulation protocols encryption algorithms and hashing algorithms SETUP WIZARD VPN Settings Settings are used to create virtual private tunnels to remote VPM gateways Meee OEnable 9 Disable
49. ecify up to 8 routing rules You can enter the destination IP address subnet mask gateway hop for each routing rule and then enable or disable the rule by toggling the Enable check box Once the routing table settings are configured click Save Example SMC SETUP WIZARD SMCBR18VPN P Logout and alow aimerenr subners ro communicare wiin eacn Dynamic Routing Disable O RIPy1 O ntn ex TE Scares Disable 9 Enable 5 io Destination SubnetMask Gateway Enable 2 19216850 5 5 92168158 E ol I i 1 D BW D m E ont ESE AA See a 8 co v If the host wants to send an IP data gram to 192 168 3 88 it uses the above table to determine that it has to go via the 192 168 1 33 gateway If the host wants to send packets to 192 168 5 77 it has to go via the 192 168 1 55 gateway For an overview see the chart below 192 168 1 1 192 168 1 33 192 168 1 55 192 168 2 1 192 168 3 254 192 168 5 254 SMCBR 14 18VPN SNMCP2SO0dWBR SMCZOOJAVWBR J 192 168 2 100 192 168 3 88 192 168 5 77 7 12 Advanced Setup MISCELLANEOUS If you experience difficulties accessing an FTP server that is running on a port other than 21 you can enter that port in the Non standard FTP port and apply the changes Wake on LAN is a technology that lets you power up a networked router r
50. elect Proxies 3 Uncheck all check boxes and click OK 7 2 Web Management To access the Router s management interface enter the Router IP address in your web browser http 192 168 2 1 SMCBR18VPN Password Please enter correct password for Administrator Access Thank you Copyright 2004 SMC All rights reserved We suggest that you use IE4 0 or Netscape4 0 on 800x600 or 1024x765 16bits Note that there are two different Web user interfaces one for general users and one for the system administrator To log on as an administrator enter the system password default password is smcadmin and click the LOGIN button If you typed the password correctly the left panel of the Web user interface changes to the administrator configuration mode as shown in the following figures 7 3 Setup Wizard Time Zone After logging into the web management click on SETUP WIZARD on the top left navigation panel The first item is Time Zone For accurate timing of client filtering and log events you need to set the time zone Select your time zone from the drop down list 1 Time Zone 1 Time Zone 2 2 Broadband Type 3 IP Address Info Set Time Zone GMT 08 00 Pacific Time US amp Canada Tijuana Set the time zone for the Barricade This information is used for log entries and client filtering Broadband Type The following screen lets you select a WAN type Click one of the five options and then click Ne
51. emotely To use this feature the target network adapter must be Wake on LAN enabled and you have to know the MAC address of the adapter The address should look similar to this 00 11 22 33 44 55 Depressing the Wake up button tells the router to send the wake up frame to the target adapter Miscellaneous Options Non standard FTP part MAC Address far VVake oan LAM Domain or IF address for Ping Test The ping diagnostics feature allows you to configure an IP address to ping from the router You can ping a specific IP or domain to test whether the router is active 7 13 Advanced Setup DISPLAY STATUS Enable the Display Status option to view the WAN connectivity settings on the login page Display Status Display the connection status Enabled Disabled the login page When this is enabled the login page appears as follows SMCBR14VPN Password Connection Status Online WAN IP Address 10 10 2 96 subnet Mask 255 255 255 Gateway 10 10 21 Remain Lease Time Days 0 Hours 59 Mins 7 14 DDNS Dynamic DNS Dynamic DNS provides users on the Internet a method to tie their domain name s to computers or servers DDNS allows your domain name to follow your IP address automatically by having your DNS records changed when your IP address changes Before you can enable the Dynamic DNS you need to register an account with one of the Dynamic DNS
52. er Name Please retype your password Service Mame 1492 575 MTU Value lt 1492 Maximum Idle Time 0 60 1 minutes Always On Line Veena Connect Connect On Demand PPTP Point to Point Tunneling Protocol is a common connection method used for xDSL connections in Europe It can be used to join different physical networks using the Internet as an intermediary If you have been provided with the information as shown on the screen enter the assigned IP address subnet mask default gateway IP address user ID and password and PPTP Gateway Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again EET steiciPAdciess v Po Pee Password Please retype your password I service IP Address My Subnet
53. er Properties window select the General tab and click Advanced to vpn router Properties Rules General mm IP Security policy general properties Mame router Description Check for policy changes every p180 minute s Perform key exchange using these settings Advanced Authenticate and generate a new key after every 0000 minutes Im sg Protect identities with these security methods Methods Internet Exchange IKE For Windows F Jointh developed by Microsoft and Cisco Systems Inc Cancel Step 2 Check the Master key perfect forward secrecy PFS option Step 3 Enter 10000 into the text field below Authenticate and generate a new key after every and click Methods The Key Exchange Security Methods window opens F Key Exchange Security Methods Protect identities during authentication with these security methods 3DES Edit DES DES Remove Move down Encryption Add Cancel Step 4 Click the Add button The IKE Security Algorithms window opens P IKE Security Algorithms 2 Integrity algorithm Encryption algorithm 3DES Dittie H ellman group 2 Step 5 Select SHA1 from the Integrity algorithm field Step 6 Select 3DES from the Encryption algorithm field Step 7 Select Medium 2 from
54. g A Verifying your connection to the router If you are unable to access the Router s web based administration pages then you may not be properly connected or configured To determine your TCP IP configuration status please follow the steps below 1 Click Start then choose Run 2 Type cmd or command to open a DOS prompt 3 In the DOS window type ipconfig and verify the information that is displayed 4 If your computer is set up for DHCP then your TCP IP configuration should be similar to the information displayed e Address 192 168 2 x x is number between 100 and 199 by default e Subnet 255 255 255 0 e Gateway 192 168 2 1 If you have an IP address that starts with 169 254 xxx xxx then see the next section If you have another IP address configured then see section C B I am getting an IP Address that starts with 169 254 xxx xxx If you are getting this IP Address then you need to check that you are properly connected to the Router Confirm that you have a good link light on the Router for the port this computer is connected to If not please try another cable If you have a good link light please open up a DOS window as described in the previous section and type ipconfig renew If you are still unable to get an IP Address from the Router reinstall your network adapter Please refer to your adapter manual for information on how to do this C My computer s IP Address is incorrect If you have another IP address li
55. g LED when data is transmitted LAN 8 port 8x Amber LED for 10Mbps connection 8x Green LED for 100Mbps connection Blinking LED when data is transmitted VPN Pass through IPSec PPTP LT2P VPN Support IPSec Endpoint PPTP Server L2TP Server Key management IKE Manual Aggressive Main mode for VPN Remote gateway FQDN support Dynamic VPN support Encryption algorithm DES 3DES AES Authentication algorithm MD5 SHA 1 PFS support Keying Mode Pre Shared Key Enabled NetBIOS Broadcast Routing Static Route Dynamic Route RIP1 2 WAN Connection Types Dial Up ISDN PPPoE Dynamic IP L2TP PPTP BigPond Static IP Input Power 5V 2A Operating Temperature 0 40 C Humidity 10 90 non condensing Compliances FCC CE VCCI UL 11 Terminology 10BaseT Physical Layer Specification for Twisted Pair Ethernet using Unshielded Twisted Pair wire at 10Mbps This is the most popular type of LAN cable used today because it is very cheap and easy to install It uses RJ 45 connectors and has a cable length span of up to 100 meters There are two versions STP Shielded Twisted Pair which is more expensive and UTP Unshielded Twisted Pair the most popular cable These cables come in 5 different categories However only 3 are normally used in LANs Category 3 4 and 5 CAT 3 TP Twisted Pair cable has a network data transfer rate of up to 10Mbps CAT 4 TP cable has a network data transfer rate of up to 16Mbps C
56. he desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again Address PPTP Accaunt PPTP Password Please retype your password Service IP Address My IP Address My Subnet Mask WAM Gateway IP Connection ID Maximum Idle Time 0 60 minutes Always On Line CO Manual Connect 9 Connect On Demand Static IP Some Internet Service Providers may assign a fixed static IP address If you have been provided with this information choose this option and enter the assigned IP address gateway IP address DNS IP addresses and subnet mask 0 0 0 0 255 255 255 0 subnet Mask 0 0 0 0 Gateway Address Primary DNS Server 2 0 0 0 0 0 0 0 secondary ONS Server BigPond If you use the BigPond Internet Service which is available in A
57. le Properties Authentication Methods Tunnel Setting Connection Type IP Filter List Filter Action The selected IP filter list specifies which network traffic will be affected by this rule IP Filter Lists Name Description AIICMP Traffic Matches all ICMP packets betw AIP Traffic Matches all IP packets from this e rauter p s xp rauter Step 3 The IP Filter List window opens Enter xp gt router in the Name field 1 Filter List i An IP filter list iz composed of multiple filters In this way multiple subnets addresses and protocols can be combined inta one IP filter Hame sprouter Description Remove Filters Use Add Wizard Mirrored Description Protocol Source Port Destination gt Cancel Step 4 Deselect the Use Add Wizard check box and click Add Step 5 The Filter Properties window opens Select A specific IP Address from the Source Address field and enter the IP address 192 168 1 1 Filter Properties Addressing Protocol Description Source address IP Address 19 Destination address A speni IF Subnet 192 168 2 Subnet mask 255 255 255 Mirrored Also match packets with the exact opposite source and destination addresses Step 6 Select A specific IP Subnet from the Destination
58. lient PCs for dynamic IP address allocation Lastly you can enter a local domain suffix in the Domain Name field SETUP WIZARD LAN Settings uo lt uo m You can enable DHCP to dynamically allocate IP addresses to your client PCs or configure filtering functions based on sp or protocols The Barricade must have an IP address for the local network LAN IP Settings IP Address 1821 68 2 1 255 255 255 0 Enable Disable KERSIES One Week Start IP Address pool 192 168 2100 1021682 199 Domain Name You also have the option to configure more advanced settings by clicking the More button You can configure the router s DHCP server to give out specific Primary and Secondary DNS Primary and Secondary WINS and an alternate Gateway in the event that the router is not the Internet gateway aio 5 lt gt air gt C t z gt m start IP Address pool 192 168 2100 End IP Address pool 192 168 2199 Domain Mame Primary ONS secondary DNS 000 Primary WINS secondary WINS Clicking on the Client List link brings up the DHCP Client Table showing all the clients that have obtained DHCP addresses from the router SETUP WIZARD DHCP Client List 192 168 2 146 sotec 00 40 45 11 20 77 F VPN Connection List VPN Tunnel Name VPN Protocol
59. nection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again Dial up Network Dial up Network WAM type 7 4 Advanced Setup SYSTEM Time Zone Use the section below to configure the Barricade s system time Select your timezone and configure the daylight savings option based on your location This information is used for the time date parental rules you can configure with the Barricade s Advanced Firewall This information is also used for your network logging Once you set you time zone you can automatically update the Barricade s internal clock by synchronizing with a public time server over the Internet To configure this setting choose one of the options below each option allows a different method of updating cet your Local Timezone Settings Daylight Savings _ Enable Auto Update feature Set Date and Time by online Time Servers NTP Set Date and Time using PC s Date and Time Computer Time Date Wednesday July 21 2004 6 05 24 AM Set Date and Time manually Date Year 2004 gt Manth dune Da
60. nes which is done by the regular ports MDI X ports that connect to end stations The MDI port connects to the MDI X port on the other device There are typically one or two ports on a device that can be toggled between MDI not crossed and MDI X crossed Medium Dependent Interface X crossed A port on a network hub or switch that crosses the transmit lines coming in to the receive lines going out MP3 MPEG Audio Layer 3 This is an audio compression technology that is included in the MPEG 1 and 2 specifications MP3 encoding can allow you to compress CD quality sound by a factor of 12 MPEG Moving Pictures Experts Group MPEG is a standard for compressing video MPEG 1 can provide resolution of 352x240 at 30 frames second fps with 24 bit color and CD quality sound MPEG 2 can provide resolution of 704x480 MPEG uses the same intraframe coding as JPEG for individual frames but also uses interframe coding which can help to further compress the video data thereby reducing the overall size of the video NAT Network Address Translation This process allows all of the computers on your home network to use one IP address The NAT capability of the Barricade allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP Network Address Translation can be used to give multiple users access to the Internet with a single user account or to map the local addre
61. nter username mindspring com Lastly Earthlink subscribers should enter either username earthlink net or ELN username earthlink net G Can I use this router with AOL DSL This is true in most scenarios Please verify with AOL that your particular connection type is PPPoE If yes then the SMC VPN Broadband Router should work with your WAN connection Follow the normal procedures as described in Section 7 3 of this manual but while doing so set the MTU value to 1400 AOL DSL does not allow for anything higher than 1400 H IPSec VPN Configuration When setting up IPSec VPN tunnels between two BR14VPN BR18VPN or one of each it is imperative that you a Use the same pre shared key between two endpoints b Configuring matching IKE and IPSec proposals between two endpoints To successfully create IPSec or IKE Proposal lists you must configure the desired DH Group Encryption Authentication Algorithms and Lifetimes and then select the appropriate proposal ID and click the Add to button to add the proposal to the Index I I have authentication problems with the L2TP or PPTP VPN Server The Router s VPN Server will reject VPN clients that attempt to connect without the proper credentials In the same token if the VPN client is configured to connect only to encrypted networks the client will not connect to the Router s VPN Server if it is configured for PAP or CHAP Authentication If you have configured the Router s VPN Server to use the
62. only connect the PC with the registered MAC address to the Router and click the Clone MAC Address button This will replace the current Router MAC address with the already registered Ethernet card MAC address If you are unsure of which PC was originally set up by the broadband technician call your ISP and request that they register a new MAC address for your account Register the default MAC address of the Router SMC SMCBR14VPN Home Logout SETUP WIZARD Dynamic IP The Host name is optional but may be required by some Service Provider s The default MAC address is set to the VVAN s physical interface on the Barricade If required by your Service Provider you use the Clone MAC Address button to copy the MAC address of the Network Interface Card installed in your PC to replace the WAN MAC address If necessary you can use the Release and Renew buttons on the Status page to release and renew the IP address Host 00 50 18 21 B2 73 Clone MAC Address FIREWALL ADVANCED PPPoE Enter the PPPoE User Name and Password assigned by your Service Provider The Service Name is normally optional but may be required by some service providers Leave the Maximum Transmission Unit MTU at the default value unless you have a particular reason to change it Enter a Maximum Idle Time in minutes to define a maximum period of time for which the Internet connection is maintained d
63. r The Syslog Server tool will automatically download the Barricade log to the server IP address specified by the user Enter the Server LAN IP Address and select the Enable radio button to enable this function The broadband router is also able to send the log files to a specific email address Simply enter the IP address of your mail server in the SMTP Server box enter the email addresses of the recipients who will receive the email log and put in your username and password Note that you can also customize the subject title of the email Check to be sure the radio button for Enable is checked and then submit the changes syslog Server Options Settee O Enable Disable 152182000 E MAIL Settings SOLA Enable Disable Send Mail Now SMTP Server IP Port E mail addresses E mail Subject Username Log Type settings Syst Debug Information Attacks ropped Packets em Activity ESI Notice 7 5 Advanced Setup WAN Dynamic IP The cable modem option allows you to configure a host name and MAC Address The Host Name is optional but may be required by some ISPs The default MAC address is set to the WAN s physical interface on the Router Use this address when registering for Internet service and do not change it unless required by your ISP Tf your ISP used the MAC address of an Ethernet card as an identifier when first setting up your broadband account
64. rver PPPoE xDSL Enter the PPPoE User Name and Password assigned by your Service Provider The Service Name is normally optional but may be required by some service providers Leave the Maximum Transmission Unit MTU at the default value unless you have a particular reason to change it Enter a Maximum Idle Time in minutes to define a maximum period of time for which the Internet connection is maintained during inactivity If the connection is inactive for longer than the Maximum Idle Time it will be dropped Default 10 Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again 3 IP Address Information PPPoE xDSL Enter the User Name and Password required by your ISP in the appropriate fields If your ISP has provided you with a Service Name enter it in the Service field otherwise leave it blank Us
65. s then click the Network and Dial up Connections icon Double click the Local Area Connection icon and click the Properties button on the General tab Click the install button Double click Protocol Choose Internet Protocol TCP IP Click the OK button to return to the Network window The TCP IP protocol will be listed in the Network window Click OK to complete the installation procedure 6 2 Setting up TCP IP Windows 95 98 Me You may find that the instructions here do not exactly match your version of Windows This is because these steps and screenshots were created in Windows 98 Windows 95 and Windows Millennium Edition are very similar but not identical to Windows 98 1 From the Windows desktop click Start Settings Control Panel 2 In the Control Panel locate and double click the Network icon 3 Onthe Network window Configuration tab double click the TCP IP entry for your network card 4 Click the IP Address tab 5 Click the Obtain an IP address option 6 Next click on the Gateway tab and verify the Gateway field is blank If there are IP addresses listed in the Gateway section highlight each one and click Remove until the section is empty 7 Click the OK button to close the TCP IP Properties window 8 Onthe Network Properties Window click the OK button to save these new settings Note Windows may ask you for the original Windows installation disk or additional files Check for the files at c windows op
66. s and IP addresses so that when a domain name is requested as in typing www smc com into your Internet browser the user is sent to the proper IP address The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned DSL DSL stands for Digital Subscriber Line A DSL modem uses your existing phone lines to transmit data at high speeds Ethernet A standard for computer networks Ethernet networks are connected by special cables and hubs and move data around at up to 10 million bits per second Mbps ESS ESS ESS ID SSID stands for Extended Service Set More than one BSS is configured to become an Extended Service Set LAN mobile users can roam between different BSSs in an ESS ESS ID SSID Fast Ethernet NIC Network interface card that is in compliance with the IEEE 802 3u standard This card functions at the media access control MAC layer using carrier sense multiple access with collision detection CSMA CD Fixed IP see Static IP Full Duplex Transmitting and receiving data simultaneously In pure digital networks this is achieved with two pairs of wires In analog networks or digital networks using carriers it is achieved by dividing the bandwidth of the line into two frequencies one for sending one for receiving Hub Central connection device for shared media in a star topology It may add nothing to the transmission passive hub or may cont
67. servers that are listed in the Provider field Dynamic DNS 9 Enable Disable service Contiguration Bites nnDils argimnamic DynDNS org Dynamic BE eee DynDNS orgiCustom Ee 40 Password Key cerner Configuration Sale 192 158 2 SCLLMERLEM Web Server HTTP Port 80 Part 8000 FTP Server Port 20 0 Port 21 O Email Server POP3 Port 110 O SMTP Port 25 0 7 15 UPnP Universal Plug and Play The Universal Plug and Play architecture offers pervasive peer to peer network connectivity of PCs of all form factors intelligent appliances and wireless devices UPnP enables seamless proximity networking in addition to control and data transfer among networked devices in the home office and everywhere in between tec Celie Enabled 9 Disabled 7 16 Tools The Toolbox menu allows you to view your system logs upgrade firmware backup settings restore settings to defaults reboot the router and access miscellaneous settings Configuration Tools Use the Backup tool to save the Barricade s current configuration to a file named backup config exe on your PC You can t the Restore tool to restore the saved configuration to the Barricade Alternatively you can use the Restore to Factory Defaull to force the Barricade to perform a power reset and restore the original factory settings uo lt uo
68. sonal computers which perform stand alone processing and access the network servers as required Diskless and floppy only workstations are sometimes used which retrieve all software and data from the server Increasingly thin client network computers NCs and Windows terminals are also used A printer can be attached locally to a workstation or to a server and be shared by network users Small LANs can allow certain workstations to function as a server allowing users access to data on another user s machine These peer to peer networks are often simpler to install and manage but dedicated servers provide better performance and can handle higher transaction volume Multiple servers are used in large networks The message transfer is managed by a transport protocol such as TCP IP and NetBEUI The physical transmission of data is performed by the access method Ethernet Token Ring etc which is implemented in the network adapters that are plugged into the machines The actual communications path is the cable twisted pair coax optical fiber that interconnects each network adapter MAC Address MAC Media Access Control A MAC address is the hardware address of a device connected to a network MDI MDI X Medium Dependent Interface Also called an uplink port it is a port on a network hub or switch used to connect to other hubs or switches without requiring a crossover cable The MDI port does not cross the transmit and receive li
69. ss for an IP server such as Web or FTP to a public address This secures your network from direct attack by hackers and provides more flexible management by allowing you to change internal IP addresses without affecting outside access to your network NAT must be enabled to provide multi user access to the Internet or to use the Virtual Server function Packet Binary Convulational Code tm PBCC A modulation technique developed by Texas Instruments Inc TI that offers data rates of up to 22Mbit s and is fully backward compatible with existing 802 11b wireless networks PAP This is a simple authentication protocol where the username and password data are both handled in a cleartext or unencrypted format We do not recommend using PAP because your passwords are easily readable from the Point to Point Protocol PPP packets exchanged during the authentication process PCI Peripheral Component Interconnect Local bus for PCs from Intel that provides a high speed data path between the CPU and up to 10 peripherals video disk network etc The PCI bus runs at 33MHz supports 32 bit and 64 bit data paths and bus mastering PPPoE Point to Point Protocol over Ethernet Point to Point Protocol is a method of secure data transmission originally created for dial up connections PPPoE is for Ethernet connections PPTP PPTP stands for Point to Point Tunneling Protocol It provides a means for tunneling IP traffic in Layer 2 For instance
70. sted then the PC may not be configured for a DHCP connection Once you have confirmed your computer is configured for DHCP then please follow the steps below 1 Open a DOS window as described above 2 Type ipconfig release 3 Then type ipconfig renew D The 10 100 LED does not light after a connection is made 1 Check that the host computer and the Router are both powered on 2 Be sure the network cable is connected to both devices 3 Verify that Category 5 cable is used if you are operating at 100 Mbps and that the length of any cable does not exceed 100 m 328 ft 4 Check the network card connections 5 The 10BASE T 100BASE TX port network card or cable may be defective E I can t get an Internet game server or application to work If you are having an issue getting any Internet server application or game to function properly you can expose the PC to the Internet using the DeMilitarized Zone DMZ function This option is useful when an application requires too many ports or when you are not sure which ports to use See section 7 8 6 to successfully configure this option F Iam having problems establishing a PPPoE xDSL WAN connection Some ISP s require you to enter the domain name in addition to your username and password For instance for SBC Global enter username sbcglobal net For Ameritech users enter username ameritech net BellSouth users may need to enter username bellsouth net and Mindspring subscribers e
71. stom None gt 3DES Custom None gt DES Remove Custom None gt BES Move down Accept unsecured communication but always respond using IPSec Allow unsecured communication with norlPSec aware computer Session key perfect forward secrecy PFS Cancel Appl Step 12 Click the Edit button to select a security method The New Security Method window will now appear Step 13 Select Custom and click OK New Security Method Securty Method Encryption and Integrity Data will encrypted and verified as authentic and unmodified t Integrity only Data will be venfied as authentic and unmodified but will not be encrypted Settings The Custom Security Method Settings window opens F Custom Security Method Settings Specify the settings for this custom security method Data and address integrity without encryption i Data integrity and encryption ESF Integrity algorithm Encryption algarithrn DES M Session key settings Generate a new key ever Generate anew key every 10000 seconds Step 14 Check Data integrity and encryption ESP e Select MD5 from the Integrity algorithm field e Select DES from the Encryption algorithm field e Check the Generate a new key every check box and select 10000 seconds then click OK The Edit Rule Properties window will open Edit Rul
72. ti port tunnel for it DMZ Host Supported Enables a computer to be fully accessible to the Internet This function is used when the special application sensing tunnel feature is insufficient to allow an application to function correctly SNMP Supported SNMP Simple Network Management Protocol is a protocol that lets users remotely manage a computer network by polling and setting terminal values and monitoring network events Lets you synchronize system time with the network time server Virtual Computers Supported The virtual computer lets you use the original NAT feature which lets setup the one to one mapping of multiple global and local IP addresses entering a keyword Routing Table Supported Allows you to determine which physical interface address to use for outgoing IP data grams If you have more than one Network Filter Supported router and subnet enable the routing table to allow packets to find the proper routing path and the different subnets to communicate with each other 4 Panel Layout The following figure shows the front panel layout which is followed by a table describing in detail the status and function of each LED SMCBR14VPN Front Panel SMCBR18VPN Front Panel olor Description _ Steady Power is being applied to this device indicator System Orange Blinking M1 is flashing once every second to status indicate that the system has power indicator Wan port
73. tion if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again ZEE Static IF Address d L2TP Account 4 Passward Please retype your password IP Address SEE 595 255 255 0 WAM Gateway IP server Address ww ereen Maximum Idle Time 0 60 11 minutes Always On Line cae Manual Connect 9 Connect On Demand Dial Up Most Dial up users will select this option to connect to their ISP through an analog dial up modem This feature can be used as a back up when your broadband connectivity is unavailable Enter the phone number account name and password assigned to you by your ISP The baud rate is the communication rate between the broadband router and your modem Set this to the desired rate If you have received DNS addresses from your ISP enter them here otherwise leave these addresses at their default settings The modem initialization string setting is most commonly used to optimize the communication quality between the ISP and your analog dial up modem If you are using the dial up modem as a backup Enable the Auto Backup Failover option Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any discon
74. tions cabs or insert your Windows CD ROM into your CDROM drive and check the correct file location e g D win98 D win9x if D is the letter of your CD ROM drive 9 Windows may prompt you to restart the PC If so click the Yes button If Windows does not prompt you to restart your computer do so to insure your settings Windows NT 1 From the Windows desktop click Start Settings Control Panel mo uM Ge Double click the Network icon Click on the Protocols tab Double click TCP IP Protocol Click on the IP Address tab In the Adapter drop down list be sure your Ethernet adapter is selected Click on Obtain an IP address from a DHCP server Click OK to close the window Windows may copy files and will then prompt you to restart your system Click Yes and your computer will shut down and restart Windows 2000 XP 1 2 3 5 6 7 Access your Network settings by clicking Start then choose Settings then select Control Panel In the Control Panel locate and double click the Network and Dial up Connections icon Locate and double click the Local Area Connection icon for the Ethernet adapter that is connected to the Router When the Status dialog box window opens click the Properties button In the Local Area Connection Properties box verify the box next to Internet Protocol TCP IP is checked Then highlight the Internet Protocol TCP IP and click the Properties button Select Obt
75. uring inactivity If the connection is inactive for longer than the Maximum Idle Time it will be dropped Default 10 Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again User Name Please retype your password Service Mame 1402 576 MTU lt 1492 Maximum Idle Time 0 60 17 minutes Always On Line O Connect 9 Connect On Demand PPTP Point to Point Tunneling Protocol is a common connection method used for xDSL connections in Europe It can be used to join different physical networks using the Internet as an intermediary If you have been provided with the information as shown on the screen enter the assigned IP address subnet mask default gateway IP address user ID and password and PPTP Gateway Configure the Connect mode option to t
76. ustralia enter your username and password and apply the changes Password Po Please retype your password eT Authentication Service Mame optional L2TP Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in Europe It can be used to join different physical networks using the Internet as an intermediary If you have been provided with the information as shown on the screen enter the assigned IP address subnet mask default gateway IP address user ID and password and L2TP Gateway Configure the Connect mode option to the desired settings Always On Line signifies that the broadband router will maintain your Internet connection consistently and automatically connect to the Internet after any disconnection Manual Connect signifies that the broadband router will establish an Internet connection only when the administrator logs into the web management and manually presses the Connect button While using the Connect On Demand option if the connection is inactive for longer than the Maximum Idle Time it will be dropped and will automatically re establish the connection as soon as you attempt to access the Internet again L2TP Account 14222 LATP Password 21 Please retype your password 21 IP Address subnet Mask 0 server Address 0 MTU 576 1462 Maximum Idle Time 0 60 minutes Always On Line caer
77. wer cord is plugged into a wall outlet When in self testing phase the M1 indicator LED illuminates for about five seconds to indicate proper connection The M1 LED flashes twice as soon as the self testing phase is completed After the completion of the self testing phase the M1 LED should flash once per second to indicate that the router is functioning properly 6 Network Settings and Software Installation Default Settings IP Address 192 168 2 1 SubnetMask 1 1 1 11 255255255 0 Administrator Password You must first verify that the TCP IP communication protocol is properly installed and the computer is configured to get its IP address via the DHCP Server that is built into this router If you have not previously installed TCP IP protocols on your client PCs refer to the following section 6 1 Installing TCP IP Windows 95 98 Me 1 Click Start Settings Control Panel 2 Double click the Network icon and select the Configuration tab in the Network window 3 Click the Add button 4 Double click Protocol 5 Select Microsoft in the manufacturers list Select TCP IP in the Network Protocols list Mo Click the OK button to return to the Network window The TCP IP protocol will be listed in the Network window Click OK The operating system may prompt you to restart your system Click Yes and the computer will shut down and restart Windows 2000 XP 1 ais SOM Click the Start button and choose Setting
78. xt SMCBR14VPN Logout 2 Broadband Type Y 1 Time Zone 2 Broadband Type 3 IP Address Info Specify the WAN connection type required by your Internet Service Provider Specify Cable modem or xDSL modem Cable Modem cable modem requires minimal configuration When you have setup an account with your Internet provider the Barricade will be automatically configured when plugged into the cable modem The host name field is optional but may be required by some Service Providers o Fixed IP xDSL Some xDSL Internet Service Providers may assign a fixed IP address for your Barricade If you have been provided with this information choose this option and enter the assigned IP address subnet mask gateway IP and DNS IP addresses for your Barricade of PPPoE xDSL If you connect to the Internet using an xDSL Modem and your ISP has provided you with a password and service name then your ISP uses PPPoE You must choose this option and enter the required information og PPTP Point to Point Tunneling Protocol is a common connection method used for xDSL connections in Europe o P BigPond The BigPond Internet service is available in Australia o amp Lore of Dial up Network Cable Modem The cable modem option allows you to configure a host name and MAC Address The Host Name is optional but may be required by some ISPs The default MAC address is set to the WAN s physical interface on th
79. y inform your dealer in the event of any incorrect missing or damaged parts If possible please retain the carton and original packing materials in case there is a need to return the product Please register this product and upgrade the product warranty at SMC s Web site http WWW Smc com 3 Functions and Features Broadband Modem and NAT Connects multiple computers to a broadband cable or DSL Provides a 10 100 Base TX interface to connect to a DSL or cable modem for broadband Internet access L2TP VPN servers Is NNNM dl protect your intranet automatically from this device Web based Configuration Configurable by any networked computer s Web browser using Netscape or Internet Explorer The Packet Filter lets you control access to a network by analyzing the incoming and outgoing packets this lets you either letting them pass or halt based on the IP address or the source and destination Universal Plug and Play UPnP Enables devices such as PCs routers and printers to be Supported plugged into a network and ensure automatic recognition Virtual Server Supported Lets you make your Website FTP site and other services on your LAN accessible to Internet users User Defined Application Lets you define the attributes to support special applications Sensing Tunnel that require multiple connections like Internet gaming video conferencing Internet telephony and so on This device can sense the application type and opens a mul
Download Pdf Manuals
Related Search