HP OfficeConnect Router Series User's Manual
Contents
1. Touran get E peinga aged automate gly if pour network tUat thet capabi Otherness au reel io atk youd reedi irrar aia bea the appoapriabs IP petingr Qbear an iF aea auaa han ther ea CP Obin DHG barrir ib ats Bitirdi aly Une the okee DNS serve addons Subeoneesd B DE Cancel Restart your computer Windows 95 98 1 2 4 From the Windows Start Menu select Settings gt Control Panel Double click on Network Select the TCP IP item for your network card and click on Properties In the TCP IP dialog select the P Address tab and ensure that Obtain IP address automatically is selected Click OK Restart your computer Macintosh OS 8 5 9 x If you are using a Macintosh computer use the following procedure to change your TCP IP settings From the desktop select Apple Menu Control Panels and TCP IP In the TCP IP control panel set Connect Via to Ethernet 20 3 In the TCP IP control panel set Configure to Using DHCP Server 4 Close the TCP IP dialog box and save your changes Restart your computer Disabling PPPoE and PPTP Client Software If you have PPPoE or PPTP client software installed on your computer you will need to disable it To do this 1 From the Windows Start menu select Settings gt Control Panel 2 Double click on Internet Options 3 Select the Connections Tab A screen similar to Figure 9 should be displayed 4 Select the Never Dial a Connectio2. IPSec IPSec Internet Protocol Security is a VPN encryption protocol based on TCP IP It is a flexible protocol with a wide range of encryption options IPSec is commonly used for both connections between separate private networks and for connections between remote PCs and private networks 101 ISP Internet Service Provider An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations LAN Local Area Network A network of end stations such as PCs printers servers and network devices hubs and switches that cover a relatively small geographic area usually not larger than a floor or building LANs are characterized by high transmission speeds over short distances up to 1000 metres L2TP over IPSec L2TP over IPSec is a combination of protocols commonly used to authenticate a user L2TP and encrypt data using IPSec MAC Media Access Control A protocol specified by the IEEE for determining which devices have access to a network at any one time MAC Address Media Access Control Address Also called the hardware physical or Ethernet address A layer 2 address associated with a particular network device Most devices that connect to a LAN have a MAC address assigned to them as they are used to identify other devices in a network MAC addresses are 6 bytes long NAT Network Address Translation NAT enables all the computers on your network to share
3. You have successfully completed the OfficeConnect Gateway Discovery Application Product Code Product Name IP Address Serial Number Summary of tasks still to be completed Secure Router ZW OV ALED 054 74 Configure the Device using its Web Wizard To exit the application and launch the Web Wizard for your Device click Finish lt Back Finish _ canca 4 Click on Finish to launch a web browser and display the login i gt In Figure 79 the serial number of the unit has been replaced with page for the Router XXXXXXXXXX lt Back Cancel 80 IP ADDRESSING The Internet Protocol Suite The Internet protocol suite consists of a well defined set of communications protocols and several standard application protocols Transmission Control Protocol Internet Protocol TCP IP is probably the most widely known and is a combination of two of the protocols IP and TCP working together TCP IP is an internationally adopted and supported networking standard that provides connectivity between equipment from many vendors over a wide variety of networking technologies IP Addresses and Subnet Masks Each device on your network must have a unique IP address to operate correctly An IP address identifies the address of the device to which data is being sent and the address of the destination network IP addresses have the format n n n x where n is a decimal number between O and 255 and x is a number betwe
4. Coment Filtering F Enable Cay ght Saas Cancel WEN Hostor iP Address tole s Current ayitem Gate and tra on the Secure Roubar ig Thu Jan QI OL 45292 1970 System Teols Status and Leos Nebe This unit was unable ko synchronize its chock with an NTP Server Support Feedback Skates Ready Status Ready 68 Loading and Saving the Router Configuration Figure 70 Configuration Screen OfficeConnect Secure Router System Tools Backup Configuration Cid the Bactup button to sare congurabon data to your PC Nete The configurabon Me should be hept in a safe place as R cortains senstive ormabon e select o Sean ora ao y backed up a your PC mi og ee A o too butt Ee e Note You need to make sure the Files of type 15 get to Al fles to see RESTORE the file RESET Please press the Aster button to restore corfiguraton to factory Gefauk Note Al currert confgurabon wil be lost Select the Configuration tab to display the Configuration screen Figure 70 Click BACKUP to save the current configurations of the OfficeConnect Secure Router You will be prompted to download and save a file to disk If you want to reinstate the configuration settings previously saved to a file click Browse to locate the backup file on your computer and then RESTORE to copy the configuration back to the Router For security purposes restoring the configuration does not change
5. Close MAC Address of client IP Address for client Advanced Networking Setting up NAT The Router is able to perform Network Address Translation NAT in one of two modes as shown in Figure 38 m One to many NAT The Router shows only one address to the Internet m One to one NAT Every address on the Internet pool is linked to an address in the LAN pool The Router will respond to all the addresses in the Internet pool Figure 38 One to Many and One to One NAT One to Many NAT 192 168 1 100 192 168 1 101 192 168 1 102 sS i WA One to One NAT 172 16 57 1 72 16 5 70 172 16 57 54 192 168 1 100 192 108 1 101 P gt 192 168 1 102 44 Setting up One to Many NAT Figure 39 Network Address Translation Screen C OfficeConnect Secure Router SCOT o a a a r l j biis Nebwork Address Translation Hale Pub i Settings A ebrrork Setting HOT Mode ve MAT fd Advanced Setwerking Anoly Firewall Coment fitering Cancel WRN System Tans State and Lage Support Feedback This is very easy to set up and is the Router s default mode It works with any IP Allocation Mode and will map all the addresses on your LAN to the Internet address of your Router To set up One to Many NAT Select One to Many NAT from the NAT Mode drop down box 2 Click Apply to save your changes Setting up One to One NAT The following cri
6. E E tup Wirend iorosolt Interret Leplomer J wrug Wiser rroia biberet Feplurer E Internet Settings Internet Addressing Mode AUS Confiquratie Mi SuUMMary Some SPs paracularty those offering DEL raquire PPPoE of PPTP to allow YOU Bo pnra ho their nebwork If th installahan instructions that atcompany your modem ask you bo setup a dialup connection using a FETE WPH tunnel then select tha PPTP option The Setup Wizard has devected that you have previously configured the Secure Router The Setup Wizard will continua using the Intemet Settings you have prewously configured If you would like Aute Conhguraien be attempt 69 detect your Inbornet Settings click on the Ceisir button if your 15 does not require PPPoE or PATE they may supply your Intamet Configuration dynamically oF pou may hine to manually eanfigure your Secure Router with a state address Please select the mode that applies bo your SF trom the list below IF u gure piease Contact your ISP ISP has provided a static IP address PSP prorides configuration dynamically via DHCP PPPOE is required PPTP is required some DSL users in Europe EA ll Cancl l he Internet Addressing m r ISP requires and click Click Next to accept the option you have chosen and continue EE i Et alee ae ede yoy equresanenais Next Depending on your selection refer to m f the Router could not automatically configure your internet settings or if you chose to configu
7. back screen which will connect you to 3Com s website Figure 77 Feedback Screen BCom is always looking for product improvements If you d like to help us by proving feedback you can do so by choking on the button below whech wil connect you to 3Com s wetste None of the fields are mandatory just provide the information you with Please Go not use this link for Technical Support If you need assistance chick on the Support option at the top of the page j 74 TROUBLESHOOTING Basic Connection Checks m Check that the Router is connected to your computers and to the Cable DSL modem and that all the equipment is powered on Check that the LAN and Cable DSL port link status LEDs on the Router are illuminated and that any corresponding LEDs on the Cable DSL modem and the NIC are also illuminated Ensure that the computers have completed their start up procedure and are ready for use Some network interfaces may not be correctly initialized until the start up procedure has completed Ensure that the Router has completed its power on self test Refer to Alert LED on page 77 for details If the link status LED does not illuminate for a port that is connected check that you do not have a faulty cable Try a different cable Ensure that you have configured your computer as described in Setting Up Your Computers on page 19 Restart your computer while it is connected to the Router to ensure that your computer
8. m LAN IP address 192 168 1 1 m LAN Subnet Mask 255 255 255 0 Secure Router Two is located at the sales office and is configured with the following settings m Internet IP address 172 27 34 202 m LAN IP address 192 168 2 1 m Remote Subnet Mask 255 255 255 0 To set up an IPSec Connection between the two Secure Routers do the following on each device Select IPSec Enabled from the VPN Mode screen Enter the Internet IP address of the Router you are configuring in the This Router s ID field a Enter 174 19 201 162 on Router One b Enter 172 27 34 202 on Router Two yy Sp 10 11 12 Switch to the VPN Connections screen and click New Ensure that the Gateway to Gateway radio button is selected The remote Secure Router used in this example could be any other IPSec terminating VPN enabled device e g a 3Com SuperStack 3 Firewall Check that PSec is selected as the Tunnel Type In the Tunnel Description field enter Connection from head office to sales office In the Remote IPSec Server ID field enter the ID of the REMOTE Router a Enter 172 27 34 202 on Router One b Enter 174 19 201 162 on Router Two Enter the Internet IP address of the other Secure Router in the Remote IPSec Server Address field a Enter 172 27 34 202 on Router One b Enter 174 19 201 162 on Router Two Enter the IP address of the other LAN subnet in the Remote Network address field a Enter 192 168 2 0 on Router One b Enter 192
9. Green 100 Mbps link Yellow 10 Mbps link Indicates a number of different conditions as described below On The link between the port and the next piece of network equipment is OK Flashing The link is OK and data is being transmitted or received Off Indicates one of the following m nothing is connected m the connected device is switched off m there is a problem with the connection Troubleshooting on page 5 4 Cable DSL Status LED Green 100 Mbps link Yellow 10 Mbps link Indicates a number of different conditions as described below On The link between the Router and the cable or DSL modem is OK Flashing The link is OK and data is being transmitted or received Off Indicates one of the following m nothing is connected m the modem is switched off m there is a problem with the connection Troubleshooting on page 5 13 Rear Panel The rear panel Figure 4 of the Router contains four LAN ports one Ethernet Cable DSL port and a power adapter socket Figure 4 Secure Router Rear Panel 10 30 VDC 0 O e POWER 5 Power Adapter socket Only use the power adapter that is supplied with this Router Do not use any other adapter 6 Ethernet Cable DSL port Use the supplied patch cable to connect the Router to the 10 100 port on your cable or DSL modem This port will automatically adjust for the correct speed duplex and cable type You can connect your Cable DSL modem usi
10. Routing 47 Dynamic DNS 48 Configuring the Router 48 The Virtual Servers Menu 48 PC Privileges 50 Special Applications 52 Advanced 55 Content Filtering 56 Allow Block Lists 56 Filter Policy 57 Configuring VPNs 58 Setting the VPN Mode 58 Viewing VPN Connections 60 Editing IPSec Routes 66 Accessing the System Tools 67 Restart 6 7 Time Zone 68 Diagnostics Tools 68 Loading and Saving the Router Configuration 69 Upgrading the Firmware of your Router 69 Viewing Status and Logs 70 Obtaining Support and Feedback for your Router 72 Troubleshooting 75 Basic Connection Checks 75 Browsing to the Router Configuration Screens 75 Connecting to the Internet 76 Forgotten Password 76 Alert LED 77 Recovering from Corrupted Software 77 Frequently Asked Questions 78 Using Discovery 79 Running the Discovery Application 79 Windows Installation 95 98 XP 2000 2003 Server NT 79 IP Addressing 81 The Internet Protocol Suite 81 IP Addresses and Subnet Masks 81 How does a Device Obtain an IP Address and Subnet Mask 82 DHCP Addressing 82 Static Addressing 82 Auto IP Addressing 83 Private IP Addresses 83 Technical Specifications 85 Interfaces 85 Operating Temperature 85 Power 85 Humidity 85 Dimensions 85 Weight 85 VPN Tunnels 85 Standards 85 System Requirements 86 Operating Systems 86 Ethernet Performance 86 Cable Specifications 86 Safety Information 87 Important Safety Information 87 Wichtige Sicherheitshinweise 87
11. VPN Phe enabled DC CETP over Sec enabled CO PPT Server enabled Pa MOT awailabie Padithrough of her maie po a paguna Gn Pa LAH ig not possible when the IPSec or LITAI Ser servers ao onabled soe Pass thresph NOT available T Bassthrough of LATRI PS traffic to a computer on the LAM is not possible when the IPSec or L2TR DP Sec sarwers ore enabled Past theesgh can be configured PETE tatie can be panned through to a coesputer er tha LAH by bating up a virtual arver ri the Presea terion L2TP Configuration If you have enabled L2TP over IPSec you must enter the following items In the IPSec Configuration field enter This Router s ID as an Internet IP address the DNS address of the unit or the name of the Router that you are configuring This value is common across 59 gt 4 all IPSec connections but does not apply to PPTP connections If PPTP only is enabled This Router s ID field disappears In the Router ID type field Select one of the following IP address default This should be the public WAN address of the Router The DNS address of this unit A name for this unit Used when it is not possible to use one of the other modes for example if the IP address keeps changing In the L2TP Configuration field enter the Domain Name as an IP address A Domain Name locates a website on the Internet The PSec Shared Key This is the key for the connection and is a combination of letters numbers and
12. Venezuela AT amp T 800 998 2112 93 Virgin Islands 57 1 657 0888 Country Telephone Number You can also obtain support in this region using the following Spanish speakers enter the URL http lat 3com com lat support form html Portuguese speakers enter the URL http lat 3com com br support form html English speakers in Latin America should send e mail to lat _ support anc 3com com US and Canada Telephone Technical Support and Repair 1 800 876 3266 94 END USER SOFTWARE LICENCE AGREEMENT 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE DOWNLOADING INSTALLING AND USING THIS PRODUCT THE USE OF WHICH IS LICENSED BY 3COM CORPORATION 3COM TO ITS CUSTOMERS FOR THEIR USE ONLY AS SET FORTH BELOW DOWNLOADING INSTALLING OR OTHERWISE USING ANY PART OF THE SOFTWARE OR DOCUMENTATION INDICATES THAT YOU ACCEPT THESE TERMS AND CONDITIONS IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT DO NOT DOWNLOAD INSTALL OR OTHERWISE USE THE SOFTWARE OR DOCUMENTATION DO NOT CLICK ON THE I AGREE OR SIMILAR BUTTON AND IF YOU HAVE RECEIVED THE SOFTWARE AND DOCUMENTATION ON PHYSICAL MEDIA RETURN THE ENTIRE PRODUCT WITH THE SOFTWARE AND DOCUMENTATION UNUSED TO THE SUPPLIER WHERE YOU OBTAINED IT LICENSE 3Com grants you a nonexclusive nontransferable except as specified herein license to use the accompanying software program s in exec
13. address Windows 98 will allocate itself an address if no DHCP server can be found DNS Domain Name System DNS allows Internet host computers to have a domain name such as 3com com and one or more IP addresses such as 192 34 45 8 A DNS server keeps a database of host computers and their respective domain names and IP addresses so that when a domain name is requested as in typing 3com com into your Internet browser the user is sent to the proper IP address The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned DSL modem Digital Subscriber Line A DSL modem uses your existing phone lines to send and receive data at high speeds Ethernet A LAN specification developed jointly by Xerox Intel and Digital Equipment Corporation Ethernet networks use CSMA CD to transmit packets at a rate of 10 Mbps over a variety of cables 100 Ethernet Address See MAC address Fast Ethernet An Ethernet system that is designed to operate at 100 Mbps Firewall Electronic protection that prevents anyone outside of your network from seeing your files or damaging your computers Full Duplex A system that allows packets to be transmitted and received at the same time and in effect doubles the potential throughput of a link Gateway A device that acts as a central hub by connecting to each computer s network interface card and managing the data traffic b
14. allocate IP addresses trom the Router s LAN for use with PPTP The connections made by PPTP will appear to come from these addresses The addresses must be in a continuous range In the Address Pool for PPTP and L2TP clients field enter m The first LAN address you wish to reserve for PPTP clients in the First Remote IP Address field and m The last LAN address you wish to reserve for PPTP clients in the Last Remote IP Address field 60 If both PPTP and L2TP over IPSec modes are selected then the Address Pool is the same for both clients These addresses must be within the Router s LAN subnet and must not form part of the DHCP pool Click Apply to save your changes Viewing VPN Connections The VPN Connections Screen shows information about the IPSec L2TP over IPSec and PPTP connections made by the Router It also allows you to add delete edit and temporarily disable these connections Figure 60 VPN Connections Screen IPSec Connections with Other Server ers delete j 122 27 34 202 ame head office to sales omc 5 For each connection configured for the Router a row is added to the table Each row contains the following items m Delete button deletes the VPN connection on that row This will prevent the device or user from establishing a secure connection with the Router in future m Name Identifies the tunnel Clicking the name of a connection displays the Edit VPN Connection screen See Addin
15. change the encryption keys during the course of a connection making the tunnel more secure but slowing data transfer To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checked To keep the same key for the length of a connection leave the box unchecked Click Apply to save your changes or Close to return without Saving IPSec Connections using Gateway to Gateway If you have selected IPSec as a Tunnel Type and Gateway to Gateway as a Connection Type enter the following values m Remote IPSec Server ID The ID of the remote server In the case of another 3Com Secure Router this is the This Router s ID field on the VPN Mode page m Remote IPSec Server Address enter the Internet IP address or DNS name of the remote device Figure 62 A DNS name may only be entered if it is the same as the Remote IPSec Server ID in the box above m Remote Network address enter the LAN IP address of the remote network This is the first IP address of a subnet one below the first address available for use 63 Figure 62 IPSec Connection Gateway to Gateway 3 VPN Conner t ion Sebup Sicroseft Intenet Euplerer VEN Tunnel Contiguration Commaction Type C Remote User Goose Gateway fo gateway Turia Tyee Fare m Ramere IPSec Server ID Remote IPSec Servertuidrass gt T Remete Network address of El Tipe DES G0E5 3 Hash dagorithm ima z Esochange lntys using Ditic Holiman Gr
16. delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in this Agreement which is 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable TERM AND TERMINATION The licenses granted hereunder are perpetual unless terminated earlier as specified below You may terminate the licenses and this Agreement at any time by destroying the Software and Documentation together with all copies and merged portions in any form The licenses and this Agreement will also terminate immediately if you fail to comply with any term or condition of this Agreement Upon such termination you agree to destroy the Software and Documentation together with all copies and merged portions in any form LIMITED WARRANTIES AND LIMITATION OF LIABILITY All warranties and limitations of liability applicable to the Software are as stated on the Limited Warranty Card or in the product manual whether in paper or electronic form accompanying the Software Such warranties and limitations of liability are incorporated herein in their entirety by this reference GOVERNING LAW This Agreement shall be governed by the laws of the State of California U S A excluding its conflicts of laws principle
17. faulty Contact your supplier for advice Frequently Asked Questions How many computers on the LAN does the Secure Router support A maximum of 253 computers on the LAN are supported There are only 4 LAN ports on the Router How are additional computers connected You can expand the number of connections available on your LAN by using hubs and switches connected to the Router 3Com OfficeConnect hubs and switches provide a simple reliable means of expanding your network contact your supplier for more information or visit http www 3com com 78 Does the Router support virtual private networks VPNs The Router fully supports VPNs It is capable of m Initiating and terminating IPSec connections m Terminating L2TP over IPSec and PPTP connections m Providing hardware accelerated encryption for IPSec VPNs and IPSec VPNs within L2TP over IPSec m Providing VPN pass through m Configuring up to two VPN Tunnels Where can download software upgrades for the Router Upgrades to the Secure Router software are posted on the 3Com support web site accessible by visiting http www 3com com What other online resources are there The 3Com Knowledgebase at http knowledgebase 3com com is a database of technical information covering all 3Com products It is updated daily with information from 3Com technical support services and it is available 24 hours a day 7 days a week USING DISCOVERY Pe Discovery wi
18. first register your product on the 3Com web site at http eSupport 3com com First time users will need to apply for a user name and password A link to software downloads can be found at http eSupport 3com com or under the Product Support heading at http www 3com com Software Upgrades are the software releases that follow the software version included with your original product In order to access upgrades and related documentation you must first purchase a service contract from 3Com or your reseller Contact Us 3Com offers telephone e mail and internet access to technical Support and repair services To access these services for your region use the appropriate telephone number URL or e mail address from the list below You will find a current directory of support telephone numbers posted on the 3Com web site at http csoweb4 3com com contactus Telephone Technical Support and Repair To obtain telephone support as part of your warranty and other service benefits you must first register your product at http eSupport 3com com When you contact 3Com for assistance please have the follow ing information ready m Product model name part number and serial number m A list of system hardware and software including revision level m Diagnostic error messages m Details about recent configuration changes if applicable To send a product directly to 3Com for repair you must first obtain a return authoriz
19. for billing purposes See Figure 74 Log Settings to choose whether to store the log on the Router or to send to the remote user or both and to choose to to enable or disable some log entries See Figure 75 If you choose the option to store the log on the Router the log file will be overwritten when it Is full If you choose the option to send logs to a remote server then you will need to specify the IP address of the remote server The IP address must be within the LAN subnet and a syslog server must be installed on the remote Server Logs to view both the normal events and security threats logged by the Router Figure 72 Status Screen com OfficeConnect Secure Router sabri Revting Table Usage Monitor Log Settings Logs Weloonne General Information Nebererk Settings Advanced Networking Firewall Content Filtering WEN Spsbem Tools k Stabes and Logs Supper Feedback Interet MAC Address 000 AC 00 5878 LAN Settings LEN F diy 193 0609 Skate Ready You may be asked to refer to the information on the Status screen if you contact your supplier for technical support Figure 73 Routing Table screen OfficeConnect Secure Router Matus Houting T abis Uisg Hunter Log Settings tog Statws Ready Figure 74 Usage Monitor Screen 2 3com Wis brn ree OfficeConnect Secure Router tos hartina Fable Lage tipali Lug Semiings Lega farbar Seringi I
20. is particularly useful for networks with large numbers of users on them Static Addressing You must enter an IP Address and the subnet mask manually on every device Using a static IP and subnet mask means the address is permanently fixed Auto IP Addressing Network devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DHCP server Automatic IP addressing is a scheme where devices allocate themselves an IP address at random from the industry standard subnet of 169 254 x x with a subnet mask of 255 255 0 0 If two devices allocate themselves the same address the conflict is detected and one of the devices allocates itself a new address Automatic IP addressing support was introduced by Microsoft in the Windows 98 operating system and is also supported in Windows 2000 XP NT Private IP Addresses The following address ranges have been reserved by the Internet Engineering Task Force IETF for private use m 10 0 0 0 10 255 255 255 m 172 16 0 0 172 31 255 255 m 192 168 0 0 192 168 255 255 The Router has a default subnet of 192 168 1 0 192 168 1 255 3Com recommends that you use this subnet for the LAN addresses of your first Device and subsequent ranges 192 168 2 0 192 168 2 255 for the LAN range of other Devices that you will connect to by VPN 83 84 TECHNICAL SPECIFICATIONS This section lists the technical specifications for t
21. left side of all screens is a main menu as shown in Figure 26 When you click on a topic from the main menu that page will appear in the main part of the screen Figure 26 OfficeConnect Secure Router Screen Layout EA OfficeConnect Secure Router Option Tabs B Main Menu m Welcome displays the firmware version of the Router and important messages on the Notice Board allows you to change your password and launch the Wizard m Network Settings allows you to set up Internet addressing modes such as PPPoE connection dynamic IP address allocation and static IP address settings Also allows you to configure LAN IP address and subnet mask information set up DHCP server parameters and display the DHCP client list m Advanced Networking allows you to set up Network Address Translation NAT static routing dynamic routing and dynamic DNS m Firewall allows configuration of the Router s firewall features Virtual Servers Special Applications PC Privileges and other general security options m Content Filtering allows control of access to web sites on the internet m VPN Allows the administrator to set up and maintain Virtual Private Network VPN connections m System Tools allows the administrator to perform maintenance activities on the Router m Status and Logs displays the current status and activity logs of the Router m Support Feedback contains a comprehensive online help s
22. or damaging your network However there are hackers who may try to break into your network 55 Content Filtering Select Content Filtering to display the Content Filtering Settings screen See Figure 54 below When the Content Filter Mode Is set to Block all sites only allowed sites can be viewed Figure 54 Content Filtering Screen 3com OfficeConnect Secure Router Allows Merk Liai TConbewt F ilteri g Pikir Pality Wilier Help Netrerk Semng Adaeted Netrreriieg Firewall i Ceatent T YPN Syri Tees State and Logs Saeet Feedback Allow Block Lists Select Enable Content Filtering on the Filter Settings screen and check the required content filter mode Select the Allow Block Lists tab to display the Allow Block List screen See Figure 55 below Figure 55 Allow Block Lists screen OfficeConnect Secure Router Comtent filtering Allove Block Lists Fitter Policy Status and Logs Support t eedbeck Note All other websites are BLOCKED To set up a list of sites 1 Click EDIT to display the Content Filtering Edit List See Figure 56 below 2 Enter the URLs of sites that are allowed to be viewed or blocked depending on the chosen content filtering mode 3 Click Apply to save your changes 56 Figure 56 Content Filtering Edit List Screen Figure 57 Filter Policy Settings Screen p Content Filtering Edit List Microsoft Internet Explorer IPSec Routes Access to site
23. provided on any licensed program or documentation delivered to you under this Agreement ASSIGNMENT NO REVERSE ENGINEERING You may transfer the Software Documentation and the licenses granted herein to another party in the same country in which you obtained the Software and Documentation if the other party agrees in writing to accept and be bound by the terms and conditions of this Agreement If you transfer the Software and Documentation you must at the same time either transfer all copies of the 95 Software and Documentation to the party or you must destroy any copies not transferred Except as set forth above you may not assign or transfer your rights under this Agreement Modification reverse engineering reverse compiling or disassembly of the Software is expressly prohibited However if you are a European Union EU resident information necessary to achieve interoperability of the Software with other programs within the meaning of the EU Directive on the Legal Protection of Computer Programs is available to you from 3Com upon written request EXPORT RESTRICTIONS The Software including the Documentation and all related technical data and any copies thereof collectively Technical Data is subject to United States Export control laws and may be subject to export or import regulations in other countries In addition the Technical Data covered by this Agreement may contain data encryption code which is unlawful to export or
24. punctuation and can be up to 64 characters in length 3Com recommends that the key and password are not the same The user will need to know the IPSec Shared Key to enable connection In the Encryption Level field choose the encryption type from DES 3DES or AES 3DES is more secure than DES but may take longer to encrypt and decrypt AES provides the highest security but will take longer than 3DES to encrypt and decrypt 3DES and AES are not shipped with the Router as standard due to international restrictions on encryption If your country permits their use they can be downloaded from the 3Com web site at http www 3com com To set up the Router for L2TP over IPSec you must allocate IP addresses from the Router s LAN for use with L2TP over IPSec The connections made by L2TP over IPSec will appear to come from these addresses The addresses must be in a continuous range In the Address Pool for PPTP and L2TP clients field enter m The first LAN address you wish to reserve for L2TP over IPSec in the First Remote IP Address field m The last LAN address you wish to reserve for L2TP over IPSec in the Last Remote IP Address field If both PPTP and L2TP over IPSec modes are selected then the Address Pool is the same for both clients These addresses must be within the Router s LAN subnet and must not form part of the DHCP pool Click Apply to save your changes PPTP Configuration To set up the Router for PPTP you must
25. rights for all computers connected to the Router 3 Check the box of a service to authorize it Clear the box to deny the service See Figure 48 Figure 48 All PCs Setup Screen 3 Enter the IP address of the computer in the PC s IP Address text box Wy PL Privileges Setup Macrowoft intemnet Explorer 4 Check the box of a service to authorize it Clear the box to deny the service See Figure 49 PC Privil ages Select serntes authonred from this PE s non Sea ATETA Figure 49 PC Privileges Setup Screen C Web Proxy 8080 rt Privileges Sebup Microwolt inbert Expiocer F SMTP 25 F POPS 110 eMail PC Privileges T IMAP 143 PC s IP Addross 192 188 1 2 FTP 21 Select services authonged fram tus PC News 119 Other F HTTP 80 C Teinet 23 E HTTPS 443 iweb Browesirig E Web Proxy 8080 Black or Allow other sarvinhs Allow All oth i SMTP 25 a pect iiia F POPS 110 amai ports E IMAP 143 m FTF 21 C News 119 Either E Telnet 23 m Enter the additional services that you wish to allow in the N except specify ports box and set the drop down box to et ate services Allow ports m Enter the services that you wish to deny in the except specify 5 Either ports box and set the drop down box to Deny 7 m Enter the additional services that you wish to allow in the Enter multiple ports as either a comma separated list e g 101 except specify ports box and set the drop down box to 1
26. should be large enough to contain all your computers and other network devices The default 255 255 255 0 allows for 254 devices including the Router If you are going to set up an IPSec VPN with another Router you must set your subnet mask to 255 255 255 0 See Configuring VPNs on page 58 Activating DHCP The Router contains a Dynamic Host Configuration DHCP server that can automatically configure the TCP IP settings of every computer on your network The DHCP Server Setup screen is shown below If you intend to use the Router to control the permissions of individual machines on your network then you must use the Router s DHCP server to allocate addresses or use static addressing If you use another DHCP server you may get unexpected results See PC Privileges on page 50 Figure 24 DHCP Server Setup Screen 2 Setup Wizard Microsoft Internet Explorer oO xi LAN Settings DHCP Server Setup The Secure Router can act as a DHCP Server to provide IP addresses to the PCs on your LAN This option should only be enabled if there are no other DHCP servers on your LAN C Do not enable the DHCP server Enable the DHCP server with the following settings The fields below have been pre filled with a recommended IP Pool range for your network IP Pool Start Address fi 92 168 1 100 IP Pool End Address fi 92 168 1 200 3Com recommends that you activate the DHCP server and leave it at the default values unless you
27. 05 107 or as a range e g 101 107 Allow Click Apply to save the settings m Enter the services that you wish to deny in the except specify ports box and set the drop down box to Deny To assign different access rights for different computers i gt Enter multiple ports as either a comma separated list e g 101 Click the Control PC Access to the Internet radio button 105 107 or as a range e g 101 107 Click New to display the PC Privileges setting screen e didkAppi to save the settings 51 Example Allowing only web and E mail access Special Applications Select Special Applications tab to display the Authorized To allow web and E mail access and block all other services er Application setup screen See Figure 50 below across the Router s firewall m Ensure that the Control PC Access to the Internet radio button Figure 50 Special Applications Screen is selected m Click on All PCs to pop up the PC Privileges window m Ensure that the Email 110 25 and Web 80 boxes are checked and that other check boxes are left cleared m Set the Block or Allow other services drop down box to Block other services For the purposes of this example your users also need to access a test server on port 8000 To allow this m Enter the number 8000 in the except specify ports box m Click Apply to save your changes and close the PC Privileges window VPN connections to other networks are unaffected by settings in PC P
28. 168 1 0 on Router Two In this example the Remote Subnet Mask is a default setting of 255 255 255 0 this is the subnet mask on the LANs of the two devices Enter a password in the Tunnel Shared Key field in both Gateways e g TYPO249 23b Choose 3DES as the Encryption Type 65 13 14 15 16 17 18 Choose SHA 7 as the Hash Algorithm Choose Diffie Hellman Group 2 1024 bit in the Exchange Keys Using drop down box Set Renegotiate After seconds to 600 Ensure that the Use Perfect Forward Secrecy box is checked Leave the Use IKE Keep Alive box unchecked Click Add to save your new connection or Close to return without saving L2TP over IPSec Connections If you have selected L2TP over IPSec as your Tunnel Type enter the following values See Figure 63 m User Name This is the username that the remote VPN client will use to connect m Password The password that will need to be supplied to connect Figure 63 L2TP over IPSec Connections T YPN Connection Setup Microsoft Internet Explorer YPN Tunnel Configuration Connection Type Remote User Access C Gateway to gateway L2TP over IPSec Tunnel Type Tunnel Description User Name Password Click Apply to save your changes or Close to return without saving When you have created a user account the user will need to know in order to enable connection PPTP Connections If you have selected PPTP as a Tunnel Type enter the fo
29. 3C0 OfficeConnect Secure Router 3CR860 95 3Com Corporation 350 Campus Drive Marlborough MA 01752 3064 Copyright 2003 3Com Corporation All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from 3Com Corporation 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this documentation at any time If there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the hard copy documentation or on the removable media in a directory file named LICENSE TXT or ILICENSE TXT If you are unable to locate a copy please contact 3Com and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then th
30. Consignes importantes de s curit 88 Obtaining Support for your Product 91 Register Your Product to Gain Service Benefits 91 Purchase Value Added Services 91 Troubleshoot Online 91 Access Software Downloads 91 Contact Us 92 Telephone Technical Support and Repair 92 End User Software Licence Agreement 95 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT 95 ISP Information 97 Information Regarding Popular ISPs 97 Glossary 99 Index 105 Regulatory Notices 111 ABOUT THIS GUIDE This guide is intended for use by those responsible for installing and setting up network equipment consequently it assumes a basic working knowledge of LANs Local Area Networks and Internet security systems i gt If a release note is shipped with this OfficeConnect Secure Router and contains information that differs from the information in this guide follow the information in the release note Most user guides and release notes are available in Adobe Acro bat Reader Portable Document Format PDF on the 3Com World Wide Web site http www 3com com Naming Convention Throughout this guide the OfficeConnect Secure Router is referred to as the Router Category 3 and Category 5 Twisted Pair Cables are referred to as Twisted Pair Cables throughout this guide Conventions Table 1 and Table 2 list conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description i gt Information note Informa
31. D 13 dynamic host control protocol 100 dynamic IP address 16 37 configuring 38 dynamic routing 47 E End User Software Licence Agreement 95 Ethernet 100 Ethernet port cable DSL 13 LAN 13 F Fast Ethernet 100 FCC statement 111 feedback 8 filter policy 57 finding the Router 79 firewall 9 defined 100 disabling 55 settings 48 firmware upgrading 69 front panel diagram 12 full duplex 100 G Gateway defined 100 firewall 9 Gateway to Gateway connection 64 getting help 34 giving feedback 8 Glossary 99 H half duplex 100 help menu 34 hub 100 I IEEE 101 IETF 101 installation information 16 Internet protocol 81 Internet Settings PPTP 40 Internet settings blocking access 50 configuring 36 DHCP 38 PPPoE 39 Static address 37 wizard 26 inventory 11 IP address 81 allocation methods 16 36 IP defined 101 IPSec defined 101 IPSec Routes editing 66 ISP defined 101 ISP Information 97 L L2TP 58 editing 65 LAN defined 101 LAN Ethernet port 13 LAN settings configuring 35 wizard 30 LAN status LED 12 LED alert 12 cable DSL status 13 LAN status 12 power 12 loading Router configuration 69 local area network 101 login screen 23 logs viewing 70 M MAC address 101 Macintosh OS 8 5 9 x setting up 20 main menu accessing 33 media access control 101 multiple hosts 54 N NAT configuring 33 44 defined 102 network address remote 63 network address translation 33 44 102 network defined 102 n
32. Landon Edinburgh Note that no setters are saved wil you click on the Aish button ta go back and make any changes click Back To awit without sawing the changes dick Garai When you click Aash thee Sound Router will boot fo update all the sakiorngs 3Com recommends that you print the Configuration Summary screen for your records If you have changed the IP address of your Router your computer will need to change its IP address to communicate with the Router Reboot your computer once the Router has restarted to get a new address If want to make changes click the Back button until you reach the screen which contains the settings you want to change and follow the instructions from that point Your Router is now configured You can start using your Router straight away or further configure your Router see Router Configuration on page 33 32 ROUTER CONFIGURATION This chapter describes all the options available through the Router configuration pages and is provided as a reference Navigating Through the Router Configuration Pages To get to the configuration pages browse to the Router by entering the URL in the location bar of your browser The default URL is http 192 168 1 1 If you changed the Router LAN IP address during initial configuration use the new IP address instead When you have browsed to the Router log in using your system password The default password is admin Main Menu At the
33. N protocol like IPSec It is not as secure as IPSec but is easy to administrate PPTP does not support gateway to gateway connections and is only suitable for connecting remote users Enabling IPSec VPN will disable pass through to IPSec and L2TP IPSec Virtual Servers on the LAN Enabling L2TP over IPSec will disable pass through to IPSec and L2TP IPSec Virtual Servers on the LAN Enabling the PPTP server will disable PPTP pass through to a Virtual Server on the LAN Pass through outbound from clients on the LAN to servers on the internet is unaffected A VPN Tunnel needs the same protocol on both sides of the connection If you are trying to establish an IPSec connection with another gateway device or with a user the other gateway device must support IPSec or the user must have software installed that supports IPSec VPN The VPN Mode menu is shown in Figure 59 below Choose from the options by clicking in the appropriate radio button under VPN Server Setup IPSec Configuration In the IPSec Configuration field enter This Router s ID as an Internet IP address or name of the Router that you are configuring This value is common across all IPSec connections gt but does not apply to PPTP connections If PPTP only is enabled This Router s ID field does not appear If you require main mode IPSec connections then this value must be the public IP address of the Router Figure 59 VPN Mode Screen OfficeConnect Secure Router
34. actly as it appears In your documentation Usually special software installed on PC MacPOET WinPOET EnterNet 300 The Secure Router has this software built in and you can safely remove it from your PC You will need to enter the account name and password that your ISP provided to you in the PPPoE page of the Router Leave the service name blank unless your ISP requires it Popular ISPs MediaOne RoadRunner Optimum Online Time Warner Charter and Adelphia Metrocast RCN Home Network Cogoco ComCast Cox Excite Rogers Shaw Insight Videotron Bell Century Tel Citizens Primus Prodigy Snet Sprint FC Verizon First World Brightnet Earthlink Ameritech Covad Mindspring Sympatico DSL USwest Qwest SNet Internet Connection Types Static DSL Static Cable Characteristics Cable or DSL always on Some European ISPs require a PPTP tunnel to authenticate their network DSL Modem always on Need to enter ALL IP information from ISP in the Static IP section of the Router Cable Modem Always on ISP assigns specific IP information which needs to be entered on the Static IP page of the Router Popular ISPs KPN Netherlands Austria Telecom CableSpeed Cnet Direct Link Drizzle DSL Extreme Earthlink Wireless Fast Point Flashcom GTE WhirlWind Heavenet HSA Corp I 55 InterAccess LinkLine Mission Nauticom NAS Omitel Onterra Phatpipe Rhy
35. already have a DHCP Server on your network m To activate the DHCP Server option select Enable the DHCP server with the following settings The DHCP server will default to the addresses 192 168 1 100 to 192 168 1 200 if the IP address of the Router has been left at the default 192 168 1 1 The Setup Wizard suggests a DHCP server address range that is valid for the LAN settings entered If the defaults are used it will be 100 200 The suggested range will vary depending on the LAN settings entered in the LAN IP Address screen m To disable DHCP select Do not enable the DHCP server Click Next when you have finished 31 Viewing the Summary gt gt When you complete the Setup Wizard a configuration summary will display See Figure 25 below Verify the configuration information of the Router and click Finish to save your settings and restart the Router Figure 25 Configuration Summary Screen F Setup Wizard Microsolt Internet Explorer Contiguration Summary You have now completed the OfficeConnact Secure Router Setup Wizard A summary of your chosen configuration is shown below When you dick on the Anish button these settings will b applied LAH DP Address 192 160 1 1 LAH Subnet Mask 295 255 2595 0 GHCP Sawer Enabled DHCP Range 100 200 Intannet ddressing Mode PPTE PETE Sarr r Address 10 0 0 136 PPTP Usar Meet Minami PETE Pogeweord Mypaseword DMS Address 1 DHS Address 2 Timg on OMT 00 00
36. and the Router is operational again The Router reads the correct time from NTP servers on the Internet and sets its system clock accordingly The Daylight Savings option automatically adjusts the clock to daylight savings time as appropriate to your time zone Time Zone Diagnostics Tools Choose the time zone that is closest to your actual location The This screen provides Ping Trace Route and Host Name Lookup time zone setting is used by the system clock when displaying facilities the correct time in the log files Figure 69 Diagnostics Screen If you use Daylight saving tick the Enable Daylight savings box YS 7 t and then click Apply Figure 68 C A OfficeConnect Secure Router SCOM Disunostie Taots Eaiigarati Uae Figure 68 Time Zone Screen S Ror ee O i 2 Enber the Host Name or DP address that you want fo peng than press ther Ping button CAN OfficeConnect Secure Router naia Firewall 3com ost or IF Address to Pang few Jicom com PNG Trace Route inber kha IP addrege or Meet Hama khak you want bo brata then preps the Trace butter Syilem Tools Mowe or IP deldres to Trace feweramarchcam TRACE Status and Logs Content Filtering Welcome CME ehevark Setinggi Host Mame L ookup Advanced Netvrorking MGMT o London Eanbuegh Suppert Fesdback i amiy etal tena Dinter the hegt Mame you would ike to leskug uiing ONS then pred the Laius Button bela Loc our
37. ard requests please contact pour JSP mentee conent Click Next to continue If the Wizard does not launch automatically this may occur if the You will now be guided through the setup of your Router Router has been powered up or configured previously you can launch the Wizard manually Setting the Password To launch the Wizard manually click on the Setup Wizard tab in When the Change Administration Password screen Figure 14 the welcome screen followed by the WIZARD button appears type the Old Password then a new password in both the New Password and Confirm Password fields D gt The default password for the Router is admin It is case sensitive and must be entered as the Old Password the first time you configure the Router 3Com recommends that you change the password from its default value 24 Figure 14 Change Administration Password Screen J welu Wiraril ioe bbernet Eeplorer Change Administration Pi To ensure the secunty of your Router itis recommended that you chook a mew password the should be 4 mm of leathers and numbers and net masily Quessed by othars To Inawe the password litare tho fields blank and click het Old Passend New Password Confiem Password i gt Choose a password that you can remember but that others are unlikely to guess Remember that the password is case sensitive Click Next to display the Time Zone setup screen Figure 15 Setting the Time Zone The Rout
38. at you set your DHCP pool to the same as the range of LAN addresses used as your LAN pool 4 Enter the number of addresses in the range into the Pool Size Netrrork Settings SO EES field tee jestination Network Subnet mask e E gj O LAELZLSAO 255 755 2950 IOO 5 Click Apply to save your changes Static Routing Setting up Static Routing The Router supports up to 10 static routes in total shared between LAN and WAN interfaces WAN side static routes are only available if the mode of connection to your ISP is Static or Dynamic DHCP Client mode To set up Static Routing 1 Select New on the right side of the screen to open the Static Routing configuration dialogue box 2 Enter the IP address of the Destination Network e g 192 168 20 0 Enter the IP address of the Subnet Mask e g 255 255 255 0 4 Enter the IP address of the Gateway Address e g 192 168 1 25 46 Dynamic Routing Figure 42 Dynamic Routing Screen The Router provides support for RIPv1 RIPv2 or both for each interface for sending and receiving data LAN routes are sent on the LAN subnet and WAN routes are sent on the WAN subnet From the Dynamic Routing screen you can enable the Router to automatically adjust to physical changes in the networks layout Using the RIP protocols the Router determines the network packets route based on the fewest number of hops between the source and the destination The RIP protocol regularly broadcasts routing i
39. ation number RMA Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened at the sender s expense If your product is registered and under warranty you can obtain an RMA number online at http eSupport 3com com First time users will need to apply for a user name and password 92 Telephone numbers are correct at the time of publication Find a current directory of support teleohone numbers posted on the 3Com web site at http csoweb4 3com com contactus Country Telephone Number Asia Pacific Rim Telephone Technical Support and Repair Australia 1 800 678 515 Hong Kong 800 933 486 India 61 2 9424 5179 or 000800 6501111 Indonesia 001 803 61 009 Japan 00531 616 439 or 03 5977 7991 Malaysia 1800 801 777 New Zealand 0800 446 398 Pakistan 61 2 9937 5083 Philippines 1235 61 266 2602 or 1800 1 888 9469 PR of China 10800 61 00137 or 021 6350 1590 or 00800 0638 3266 Singapore 800 6161 463 S Korea 080 333 3308 Taiwan 00801 611 261 Thailand 001 800 611 2000 You can also obtain support in this region using the following e mail apr_technical_support 3com com Or request a repair authorization number RMA by fax using this number 65 543 6348 Country Telephone Number Europe Middle East and Africa Telephone Technical Support and Repair From anywhere in these regions 44 0 1442 435529 call Country Telephone Number Latin A
40. browser Netscape Navigator or Internet Explorer To use the Setup Wizard Sytem Padiwerd eo oe Lag im as ite The patfecrd i hide tanitimi Ceo bere pou cant hemember h Felis 1 Ensure that you have at least one computer connected to the Router See Installing the Router on page 15 2 Launch your Web browser on the computer Enter the URL of your Router in to the location or address box of your browser Figure 10 i gt The default URL for the Router is http 192 168 1 1 If you have changed the IP address of the unit you should substitute this for the default address within the URL Figure 10 Web Browser Location Field Factory Default 4 Ifthe password is correct the OfficeConnect Secure Router Welcome screen shown in Figure 12 will appear If your Router has not been configured before the Wizard shown in Figure 13 will also launch automatically File Edit View Favorites Tools Help Address Attp 192 168 1 1 23 Figure 12 Welcome Screen Figure 13 Wizard Screen The Setup Wizard voll hele you quickly coniegure your Secure Rouber sa that YOU Gan gerts your INbGrriit CoRFeCION Gree COMP lobed you Con ube thee With Mangement noertace for mort configuration options Pinase som the oer Guide for further details To complete the Internet setiegs vou will reed bo have all of the mifarmator prewed bo you by your Se avgileblo IF pou do not howe any of H information that the Setup Wiz
41. by InterNIC Subnets A network that is a component of a larger network Switch A device that interconnects several LANs to form a single logical LAN that comprises of several LAN segments Switches are similar to bridges in that they connect LANs of a different type however they connect more LANs than a bridge and are generally more sophisticated 103 TCP IP Transmission Control Protocol Internet Protocol This is the name for two of the most well known protocols developed for the interconnection of networks Originally a UNIX standard TCP IP is now supported on almost all platforms and is the protocol of the Internet TCP relates to the content of the data travelling through a network ensuring that the information sent arrives in one piece when it reaches its destination IP relates to the address of the end station to which data is being sent as well as the address of the destination network Traffic The movement of data packets on a network VPN Virtual Private Network A VPN is a private network where the data is passed across a public network infrastructure such as the Internet The data is kept private by using encryption WAN Wide Area Network A network that connects computers located in geographically separate areas for example different buildings cities or countries The Internet is an example of a wide area network Wizard A Windows application that automates a procedure such as insta
42. c IP address 16 37 configuring 37 Status viewing 70 status LED cable DSL 13 LAN 12 subnet mask 42 103 Support 72 Support for your product 91 switch 103 system password 23 system requirements 86 system tools 67 T TCP IP 81 101 defined 103 technical specifications 85 time zone setting 68 wizard 25 traffic 103 trigger port 54 Triple DES 99 tunnel shared key 62 63 65 66 U upgrading firmware 69 usage monitor 70 User ID 62 UTC world time 25 V VCCI statement 111 viewing status and logs 70 virtual DMZ 49 virtual private network 103 virtual servers 48 creating 49 VPN defined 103 example 64 VPN mode 58 W WAN See wide area network web proxies disabling 21 Wichtige Sicherheitshinweise 87 wide area network 103 Windows 2000 XP 2003 Server setting up 19 Windows 95 98 ME setting up 20 wizard auto configuration 26 defined 103 DHCP 30 Internet settings 26 LAN settings 30 launching manually 24 setup 23 summary 31 world time UTC 25 110 REGULATORY NOTICES FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules and the Canadian Department of Communications Equipment Standards entitled Digital Apparatus ICES 003 These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequ
43. can access this server C paphorized Remote IP Address es 4 Select either All WAN PCs can access this server or Authorized Remote IP Address es If you select Authorized Remote IP Address es you must specify an IP address or a range of addresses For example 162 223 41 12 162 223 41 15 gives access to all IP addresses in this range 5 Click Add to save the settings PC Privileges Access from the local network to the Internet can be controlled on a PC by PC basis In the default configuration the Router will allow all connected PCs unlimited access to the Internet PC Privileges allows you to assign different access rights for different computers on your network restricting this access and controlling your users access to outside resources Select PC Privileges to display the PC Privileges setup screen This is shown in Figure 47 below 50 gt The Router s DHCP server has been enhanced to support PC Privileges If you want to control access to the Internet on a user by user basis then you should either use the Router s DHCP server or static addressing Figure 47 PC Privileges Screen Enaitle Prive apes C ARCs have unieted goons bo the inboret G nbrol PS deoeds to the Intercet PC s IP Address Authorized Services ALP Cs feet emo DMAP web Prcoy Telnet me To use access control for all computers 1 Click the Control PC Access to the Internet radio button 2 Click on All PCs to setup the access
44. cannot be solved with 87 A A problem solving actions in this guide contact your supplier WARNING Disconnect the power adapter before moving the unit WARNING RJ 45 ports These are shielded RJ 45 data sockets They cannot be used as telephone sockets Only connect RJ 45 data connectors to these sockets Wichtige Sicherheitshinweise A gt VORSICHT Warnhinweise enthalten Anweisungen die Sie zu Ihrer eigenen Sicherheit befolgen m ssen Alle Anweisungen sind sorgf ltig zu befolgen Sie m ssen die folgenden Sicherheitsinformationen sorgf ltig durchlesen bevor Sie das Ger ts installieren oder ausbauen VORSICHT Bei der Installation und beim Ausbau des Ger ts ist mit h chster Vorsicht vorzugehen VORSICHT Stapeln Sie das Ger ts nur mit anderen OfficeConnect Ger tes zusammen VORSICHT Aufgrund von internationalen Sicherheitsnormen darf das Ger t nur mit dem mitgelieferten Netzadapter verwendet werden AN gt VORSICHT Die Netzsteckdose mu in der N he des Ger ts und leicht zug nglich sein Die Stromversorgung des Ger ts kann nur durch Herausziehen des Ger tenetzkabels aus der Netzsteckdose unterbrochen werden VORSICHT Der Betrieb dieses Ger ts erfolgt unter den SELV Bedingungen Sicherheitskleinstspannung gem IEC 60950 Diese Bedingungen sind nur gegeben wenn auch die an das Ger t angeschlossenen Ger te unter SELV Bedingungen betrieben werden VORSICHT Es sind keine von d
45. copied to the Router and once this has completed the Router will restart Although the upgrade process has been designed to preserve your configuration settings 3Com recommends that you make a backup of the configuration beforehand in case the upgrade process fails for any reason for example the connection between the computer and the Router is lost while the new software is being copied to the Router 70 gt The upgrade procedure can take a few minutes and is complete when the Alert LED has stopped flashing and is permanently off Make sure that you do not interrupt power to the Router during the upgrade procedure if you do the software may be corrupted and the Router may not start up properly afterwards If the Alert LED comes on continuously or flashing slowly after a failed upgrade refer to Troubleshooting on page 75 Viewing Status and Logs Selecting Status and Logs from the Main menu displays the Status and Logs screens in your Web browser The Status and Logs screen displays a tabular representation of your network and Internet connection Status to display the current unit status including a summary of the configuration See Figure 72 Routing Table to display the configured static and dynamic routings See Figure 73 Usage Monitor to display the amount of data transmitted to and received from the Internet This information is provided for guidance only and may differ from that used by your ISP
46. dary DNS Address If your ISP requires you to supply a host name enter it in the Host Name box otherwise leave the box blank If your ISP charges for connection time then you may wish to set the Maximum Idle time to control costs The Maximum Idle Time is the amount of time without activity before the Router terminates the Internet connection By default the value will be forever Click Next to continue Continue at Choosing your LAN Settings on page 30 PPTP Mode To setup the Router for use with a PPTP connection use the following procedure 29 Figure 22 PPTP Screen Z Setup Wizard Microsoft Internet Explorer Internet Settings PPTP Please enter your PPTP account settings as provided by your ISP below The PPTP Server is typically located in your DSL modem In the case of an Alcatel Speed Touch modem its default address is 10 0 0 138 fi 0 0 0 138 optional optional Maximum Idle Time forever v Enter your PPTP server address in the PPTP Server Address text box PPTP Server Address PPTP User Name PPTP Password Primary DNS Address Secondary DNS Address Enter your PPTP user name in the PPTP User Name text box Enter your PPTP password in the PPTP Password text box If your ISP requires the address of a Primary DNS Server then enter it in the field labelled Primary DNS Address If your ISP requires the address of a Secondary DNS Server then enter it in the field labelled Secondary DNS Add
47. de la prise AVERTISSEMENT L appareil fonctionne une tension de s curit extr mement basse conform ment la norme CEI 60950 La conformit cette norme n est maintenue A A A que si l guipement auquel il est raccord fonctionne galement dans des conditions conformes cette norme AVERTISSEMENT Il n y a pas d l ment rempla able ou r parable par l utilisateur l int rieur de l appareil Si vous rencontrez avec cet appareil un probl me ne pouvant tre r solu par les actions de r solution de probl mes pr sent s dans ce manuel veuillez contacter votre fournisseur AVERTISSEMENT D branchez l adaptateur lectrique avant de d sinstaller cet appareil AVERTISSEMENT Ports RJ 45 Il s agit de prises de donn es femelles blind es RJ 45 Vous ne pouvez pas les utiliser comme prise de t l phone Branchez uniquement des connecteurs de donn es RJ 45 dans ces prises femelles 89 90 Register Your Product to Gain Service Benefits To take advantage of warranty and other service benefits you must first register your product at http eSupport 3com com 3Com eSupport services are based on accounts that you create or have authorization to access First time users must apply for a user name and password that provides access to a number of eSupport features including Product Registration Repair Services and Service Request Purchase Value Added Services To enhance response times or extend
48. dian Interference Causing Equipment Regulations Cet appareil num rique de la classe B respecte toutes les exigences du R glement sur le mat riel brouilleur du Canada VCCI Statement CORBI APRUBRESRRMASSERMMRMS VCCI ORE LEDC VOABRRHRMRRE CT OBL RAR CHATZTL AAWELCRETA TOREN STOF LEY a RERE T ERSNA c SBSSABCTCLEMHAOET RR AAAS Io TIELWRORWELTFAY DUAO08609 5AAA01 Published September 2003
49. dress of 192 168 100 8 is again split into two parts but is structured differently m Part one 192 168 identifies the network on which the device resides m Part two 100 8 identifies the device within the network This type of IP Address operates on a subnet mask of 20020000 See Table 4 for an example about how a network only four PCs represented and a Secure Router might be configured Table 4 Device PC 1 PC 2 PC 3 PC 4 Secure Router IP Addressing and Subnet Masking in a Large Network IP Address 192 168 100 8 192 168 201 30 192 168 113 155 192 168 2 230 192 168 2 72 Subnet Mask 255 255 0 0 255 255 0 0 255 255 0 0 255 255 0 0 255 255 0 0 How does a Device Obtain an IP Address and Subnet Mask There are three different ways to obtain an IP address and the subnet mask These are m Dynamic Host Configuration Protocol DHCP Addressing m Static Addressing m Automatic Addressing Auto IP Addressing DHCP Addressing The Secure Router contains a DHCP server which allows computers on your network to obtain an IP address and subnet mask automatically DHCP assigns a temporary IP address and subnet mask which gets reallocated once you disconnect from the network DHCP will work on any client Operating System such as Windows XP Windows 98 or Windows NT 4 0 Also using DHCP means that the same IP address and subnet mask will never be duplicated for devices on the network DHCP
50. dress Automatically Windows 2000 XP 2003 Server 3 If you are using Windows 2000 Windows XP or Windows 2003 Server use the following procedure to change your TCP IP settings Windows XP and 2003 Server specific instructions in brackets From the Windows Start Menu select Settings gt Control Panel select Control Panel directly from the Start menu in Windows XP Double click on Network and Dial Up Connections Network and Internet Connections For XP and 2003 Server only click on Network Connections Double click on Local Area Connection 19 4 6 Click on Properties A screen similar to Figure 7 should be displayed Select Internet Protocol TCP IP and click on Properties Figure 7 Local Area Connection Properties ax Conmeck rey BQ om TSG Integrated Fant Ethemet Conie IA forties Lignan Shaker aie uted bey thet arrester Mv link Mets AF Hw PARON ARDS Gompabbis Trager Prada x niere Pri CEAR istal Urata Properties Qesenpioy Traraminion Control Protocollindemet Protocol Tha chet salt packs ane e A a at e a a ea B iitt Greenies miiiiiritad mater i D Shoceyy wate m hack Beat where iratra OK Carnal Ensure that the options Obtain an IP Address automatically and Obtain DNS server address automatically are both selected as shown in Figure 8 Click OK 7 Figure 8 Internet Protocol Properties Intet Proborol TCP IP Propertias BIE General
51. e subnet as the Router and have their default Gateway set as the Router s LAN IP address If you reconfigure your network you may need to change your Subnet Mask The Subnet Mask detemines how many addresses are available to your network The default Subnet Mask is 255 255 255 0 For example if the IP Address of your Router is 192 168 1 1 and the Subnet Mask of your network is 255 255 255 0 then your network can have a maximum of 254 addresses from 192 168 1 1 to 192 168 1 254 192 168 1 0 and 192 168 1 255 are reserved by the subnet and are not available for use When you change the IP Address or Subnet Mask of the Router you should review the DHCP Server settings as described below Changing the DHCP Server Settings This section allows to you enable disable and configure the settings of the Router s DHCP server If you intend to use the Router to control the permissions of individual machines on your network then you must use the Router s DHCP server to allocate addresses or use Static addressing If you use another DHCP server you may get unexpected results See PC Privileges on page 50 To enable the DHCP Server ensure that the Enable check box is ticked To disable the DHCP Server ensure that the Enable check box is cleared Click Apply to validate your changes 42 gt Set the P Pool Start Address and IP Pool End Address to the first and last address you want the Router to allocate to computers The IP add
52. e system software has become corrupted In this condition the Router will enter a fail safe state DHCP is disabled and the LAN IP address is set to 192 168 1 1 Follow the instructions below to upload a new copy of the system software to a Router unit in this state Ensure that one of your computers has a copy of the new software image file stored on its hard disk If not contact 3Com by visiting http www 3com com Remove power from the Router and disconnect the Cable DSL modem and all your computers except for the one computer with the software image You will need to reconfigure this computer with the following Static IP address information m P address 192 168 1 2 m Subnet mask 255 255 255 0 m Default Gateway address 192 168 1 1 Restart the computer and re apply power to the Router Using the Web browser on the computer enter the following URL in the location bar http 192 168 1 1 This will connect you to the fail safe mode of the Router Follow the on screen instructions Enter the path and filename of the software image file When the upload has completed the Router will restart run the self test and if successful resume normal operation The Alert LED will go out Reconnect your Router to the Cable DSL modem and the computers in your network Do not forget to reconfigure the computer you used for the software upload If the Router does not resume normal operation following the upload it may be
53. eb based setup and configuration m Provides centralization of all network address settings DHCP m Provides Virtual Server redirection to enable remote access to Web FTP and other services on your network Package Contents The OfficeConnect Secure Router kit includes the following items One OfficeConnect Secure Router One power adapter for use with the Router Four rubber feet One stacking clip One Ethernet cable One CD ROM containing m the Discovery program m this User Guide m the license agreement One Installation Guide One Support and Safety Information sheet One Warranty flyer One License Agreement If any of these items are missing or damaged please contact your retailer 11 Minimum System and Component Requirements Your OfficeConnect Secure Router requires that the computer s and components in your network be configured with at least the following A computer with an operating system that supports TCP IP networking protocols for example Windows 95 98 NT Me 2000 XP Unix Mac OS 8 5 or higher m An Ethernet 10 Mbps or 10 100 Mbps NIC for each computer to be connected to the four port switch on your Router m An Internet access device with an Ethernet RJ 45 port for example a cable modem or DSL modem m An active Internet access account m A Web browser program that supports JavaScript such as Netscape 4 7 or higher or Internet Explorer 5 5 or higher Front Panel The front panel of
54. em Benutzer zu ersetzende oder zu wartende Teile in dem Ger t vorhanden Wenn Sie ein Problem mit dem Router haben das nicht mittels der Fehleranalyse in dieser Anleitung behoben werden kann setzen Sie sich mit Ihrem Lieferanten in Verbindung VORSICHT Vor dem Ausbau des Ger ts das Netzadapterkabel herausziehen VORSICHT RJ 45 Anschl sse Dies sind abgeschirmte RJ 45 Datenbuchsen Sie k nnen nicht als TelefonanschluBbuchsen verwendet werden An diesen Buchsen d rfen nur RJ 45 Datenstecker angeschlossen werden 88 Consignes importantes de s curit AN eo gt AVERTISSEMENT Les avertissements pr sentent des consignes que vous devez respecter pour garantir votre s curit personnelle Vous devez respecter attentivement toutes les consignes Nous vous demandons de lire attentivement les consignes de s curit ci apr s avant d installer ou de d sinstaller l appareil AVERTISSEMENT Faites tr s attention lors de l installation et de la d sinstallation de l appareil AVERTISSEMENT L appareil ne doit tre empil qu avec d autres produits OfficeConnect AVERTISSEMENT Pour garantir le respect des normes internationales de s curit utilisez uniquement l adaptateur lectrique remis avec cet appareil AVERTISSEMENT La prise secteur doit se trouver proximit de l appareil et son acc s doit tre facile Vous ne pouvez mettre l appareil hors circuit qu en d branchant son cordon lectrique au niveau
55. en 1 and 254 inclusive However an IP Address alone is not enough to make your device operate In addition to the IP address you need to set a subnet mask All networks are divided into smaller sub networks and a subnet mask is a number that enables a device to identify the sub network to which it is connected For your network to work correctly all devices on the network must have m The same sub network address m The same subnet mask 81 gt The only value that will be different is the specific host device number This value must always be unique An example IP address is 192 168 100 8 However the size of the network determines the structure of this IP Address In using the Router you will probably only encounter two types of IP Address and subnet mask structures Type One In a small network the IP address of 192 168 100 8 is split into two parts m Part one 192 168 100 identifies the network on which the device resides m Part two 8 identifies the device within the network This type of IP Address operates on a subnet mask of 200 200 2000 gt See Table 3 for an example about how a network with three PCs and a Secure Router might be configured Table 3 IP Addressing and Subnet Masking in a Small Network Device Subnet Mask PC 1 255 255 255 0 PC 2 255 255 255 0 PC 3 255 255 255 0 Secure Router 255 255 255 0 Type Two In larger networks where there are more devices the IP ad
56. ency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation Information to the User If this equipment does cause interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures m Reorient the receiving antenna m Relocate the equipment with respect to the receiver m Move the equipment away from the receiver a Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits m Consult the dealer or an experienced radio television technician for help The user may find the following booklet prepared by the Federal Communications Commission helpful How to Identify and Resolve Radio TV Interference Problems This booklet is available from the U S Government Printing Office Washington DC 20402 Stock No 004 000 00345 4 In order to meet FCC emissions limits this equipment must be used only with cables which comply with IEEE 802 3 111 CE Statement Europe This product complies with the European Low Voltage Directive 73 23 EEC and EMC Directive 89 336 EEC as amended by European Directive 93 68 EEC CSA Statement This Class B digital apparatus meets all requirements of the Cana
57. er sets its time automatically when it connects to the Internet This time is used when recording information log Tiles To set the Router to your local time 1 Select your time zone from the drop down menu 2 Check the Enable Daylight Saving box to automatically adjust the time seasonally 3 Click Next to continue To set the Router to World Time UTC Select GMT Greenwich Mean Time from the drop down menu Ensure that the Enable Daylight Saving box is cleared Click Next to continue Figure 15 Time Zone Screen base Selo your ne Zor From the list below and whether pour locaton uses i saing time GMT 000i Londen Edinburgh F Gnabla Daylight savings The Daylight Savings option automatically adjusts the system clock for summer and winter time To disable this feature ensure that the Enable Daylight Saving box is cleared Auto Configuration Settings Internet Settings If the Router is able to detect a PPPoE or DHCP server on its Ethernet Cable DSL port then it will offer you the option of configuring its Internet settings automatically As an example the Auto Configuration screen for PPPoE is shown in Figure 16 below The Internet Settings window allows you to set up the Router for the type of Internet connection you have Before setting up your Internet connection mode have the modem configuration supplied by your ISP to hand Figure 17 Internet Settings Screen Figure 16 PPPoE Auto configuration Screen
58. er you will need to know the following m Username a Password m VPN server address usually your modem Configuring a Static IP Address If your ISP has allocated you one or more static addresses you will have selected Static IP address to be specified manually as your IP Allocation Mode Figure 31 Static Address Setup Screen ISP Gateway Address Prmnary DHE Addres Secondary DAS Address fopooral The following settings are required to set up Static IP address connection Enter the values provided by your ISP m P Address The address allocated by your ISP for this connection If you have been allocated a range of IP addresses by your ISP enter the first IP address in the range m Subnet Mask The subnet mask supplied by your ISP for this connection m SP Gateway Address The Gateway address from your ISP to the Internet m Primary DNS Address The address of your ISP s Domain Name Service server m Secondary DNS Address The address of your ISP s secondary Domain Name Service server The second server is optionally provided by an ISP in case of failure of the primary server Click Apply to save any changes you have made Configuring a Dynamic IP Address If your ISP has allocated you a dynamic address using DHCP you will have selected Dynamic IP address automatically allocated as your IP Allocation Mode Figure 32 Dynamic Address Setup Screen itticeConnect Secure Router N
59. ethod used to exchange shared keys Diffie Hellman Group 5 and Diffie Hellman Group 2 are more secure but less common than Diffie Hellman Group 17 m Renegotiate after seconds this controls how often the connection will be renegotiated and the encryption key changed Longer periods are less secure but may be useful for connections to older equipment which does not have the processing power to negotiate frequently The default value is 600 seconds 10 minutes m Use Perfect Forward Secrecy Choose whether to use perfect forward secrecy Using perfect forward secrecy will change the encryption keys during the course of a connection making the tunnel more secure but slowing data transfer To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checked To keep the same key for the length of a connection leave the box unchecked 64 m Use IKE keep alive when checked the gateway will attempt to ensure that this tunnel remains operational once it has been established even if there is no traffic on it This is useful for tunnels where only one end can establish the connection eg one end of the tunnel is on a dynamic IP address in this case set IKE keep alive on the dynamic end of the tunnel Example Setting up an IPSec connection between two Secure Routers Secure Router One is located at the head office and is configured with the following settings m Internet IP address 174 19 201 162
60. etween the local network and the Internet Half Duplex A system that allows packets to transmitted and received but not at the same time Contrast with full duplex Hub A device that regenerates LAN traffic so that the transmission distance of that signal can be extended Hubs are similar to repeaters in that they connect LANs of the same type however they connect more LANs than a repeater and are generally more sophisticated IEEE Institute of Electrical and Electronics Engineers This American organization was founded in 1963 and sets standards for computers and communications IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area this group is responsible for the development of the SNMP protocol Internet Protocol IP is a layer 3 network protocol that is the Standard for sending data through a network IP is part of the TCP IP set of protocols that describe the routing of packets to addressed devices An IP address consists of 32 bits divided into two or three fields a network number and a host number or a network number a subnet number and a host number IP Address Internet Protocol Address A unique identifier for a device attached to a network using TCP IP The address is written as four octets separated with periods full stops and is made up of a network section an optional subnet section and a host section
61. etwork Settings Dynamat IP addet eigenen alloca IFP Address Ciak doy to tare mie conhguraieom Aalroik ese Pran CHG dddretg optiona Secccdary DhE iddag optional Host hama Loo ophonH Sone DEPE segues pour te negate paur ADIE piieii wiih de D pair ame dsa Ah Di ALIG ues a bap Secure Boater mah Da ciag to the MAT piiri Dat you buted io paur JEE pe the Secure Routers original Mac pddapi 00 00ott ii H T Enter a rere MAC address manualy To setup the Router for use with a dynamic IP address connection the following settings are configured m P Address The internet address allocated by your ISP for this connection is automatically configured and is not editable 38 m Subnet Mask The subnet for the address is automatically Configuring a PPPoE connection configured but is not displayed If your ISP has allocated you a dynamic address using PPPoE you m SP Gateway Address The Gateway address from your ISP will have selected PPPoE PPP over Ethernet as your IP Allocation to the Internet is automatically configured but is not Mode displayed m Primary DNS Address If your ISP requires the address of a Figure 33 PPPoE Setup Screen Primary DNS Server then enter it in the field labelled Primary m r DNS Address Ae Tice act Secure Router ork Settings m Secondary DNS Address If your ISP requires the address of a Secondary DNS Server then enter it in the field labelled PPPOE FPP ove
62. etwork interface card defined 102 NIC defined 102 notice board 34 NTP server 68 O obtaining support feedback 72 one to many NAT configuring 45 one to one NAT configuring 45 P package contents 11 password changing 35 system 23 wizard 24 PC privileges setting 50 PING allowing 55 port cable DSL Ethernet 13 LAN Ethernet 13 positioning the Router 15 power adapter socket 13 power cycle 67 power LED 12 powering up the Router 17 PPPoE 16 37 changing the password 36 configuring a connection 39 defined 102 disabling 20 disabling client software 20 PPTP 16 37 configuring a connection 40 defined 102 disabling 20 editing 66 users 58 private IP addresses 83 privileges setting 50 protocol defined 102 R rear panel diagram 13 remote network address 63 remote User ID 62 restarting the Router 67 restoring Router configuration 69 RJ 45 defined 102 Router changing the password 35 connecting the cable DSL modem 17 installation information 16 positioning 15 powering up 17 restarting 67 Router configuration 33 S safety information 87 sample network diagram 9 saving Router configuration 69 server defined 102 session chaining 54 setting up Macintosh OS 8 5 9 x 20 Windows 2000 XP 2003 Server 19 Windows 95 98 ME 20 setting up computers 19 settings advanced 55 setup wizard 23 Shared key 62 63 65 66 sharing broadband 9 special applications 52 adding 53 custom 53 Stacking clip using 15 Stati
63. fications Cable Specifications The Secure Router supports the following cable types and maxi mum lengths Category 3 Ethernet or Category 5 Fast Ethernet or Dual Speed Ethernet Twisted Pair shielded and unshielded cable types Maximum cable length of 100m 327 86 ft i gt Category 5 cables are required for a 100BASE TX connection 86 SAFETY INFORMATION Important Safety Information A gt gt PP gt gt WARNING Warnings contain directions that you must follow for your personal safety Follow all directions carefully You must read the following safety information carefully before you install or remove the unit WARNING Exceptional care must be taken during installation and removal of the unit WARNING Only stack the Router with other OfficeConnect units WARNING To ensure compliance with international safety standards only use the power adapter that is supplied with the unit WARNING The socket outlet must be near to the unit and easily accessible You can only remove power from the unit by disconnecting the power cord from the outlet WARNING This unit operates under SELV Safety Extra Low Voltage conditions according to IEC 60950 The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions WARNING There are no user replaceable fuses or user serviceable parts inside the Router If you have a physical problem with the unit that
64. g and Editing VPN Connections below m Description A text description that enables you to identify a connection This field in the table additionally displays whether the connection is currently active m Type Indicates the type of connection m Fnabled This check box allows you to enable or disable a connection without deleting it and thus losing the connection details Check this box to enable a connection Clear this box to disable the connection If the connection is active it will be disconnected m Test attempts to establish a connection in Gateway to Gateway mode only Additionally there are three buttons outside the table m Helo displays the online help page for this screen m Refresh updates the contents of the window allowing you to see the current status of connections m New creates a new VPN connection See Adding and Editing VPN Connections below 61 Adding and Editing VPN Connections This screen also allows you to add new IPSec L2TP over IPSec and PPTP connections and to edit existing ones When adding or amending values on this screen remember that both sides of an IPSec L2TP over IPSec or PPTP connection must contain the same information An IPSec L2TP over IPSec or PPTP connection cannot therefore be activated until both ends of the tunnel have been configured m Connection Type choose either Gateway to Gateway only available with IPSec to connect to anothe
65. guration screen but cannot log on because you do not know or have forgotten the password follow the steps below to reset the Router to it s factory default configuration Warning all your configuration changes will be lost and you will need to run the configuration wizard again before you can re establish your Router connection to the Internet Also other computer users will lose their network connections whilst this process is taking place so choose a time when this would be convenient Remove power from the Router Disconnect all your computers and the cable DSL modem from the Router Using an Ethernet cable connect the Ethernet Cable DSL port on the rear of the Router to any one of the LAN ports Re apply power to the Router The Alert LED will flash as the Router starts up and after approximately 30 seconds will start to flash more slowly typically 2 seconds on 2 seconds off Once the Alert LED has started to flash slowly remove power from the Router Remove the cable connecting the Cable DSL port to the LAN port and reconnect one of your computers to one of the Router LAN ports Re apply power to the Router and when the start up sequence has completed browse to http 192 168 1 1 and run the configuration wizard You may need to restart your computer before you attempt this When the configuration wizard has completed you may reconnect your network as it was before Alert LED When the Router is first p
66. he OfficeConnect Secure Router Interfaces Cable or DSL modem connection one 10 100 Mbps Ethernet port 10BASE T 100BASE TX with Auto MDI MDIX LAN connection four 10 100 Mbps Ethernet ports 10BASE T 100BASE TX with Auto MDI MDIX Operating Temperature OC 10 40 C 2 Fto 105 F Power 7 W power dissipated Humidity 0 to 90 non condensing humidity Dimensions Width 220 mm 8 7 in Depth 135 mm 5 3 in Height 36 mm 1 4 in Weight Approximately 537 g 1 18 Ibs VPN Tunnels Two 85 Standards Functional ISO 8802 3 IEEE 802 3 Safety UL 60950 EN 60950 CSA 22 2 60950 IEC 60950 EMC EN 55022 Class B EN 55024 AS NZS 3548 Bt FCC Part 15 Class B ICES 003 Class Bt VCCI Class B CNS 13438 Class A Environmental EN 60068 IEC 68 Category 5 screened cables must be used to ensure compliance with the Class B requirements of this standard The use of unscreened cables Category 3 or Category 5 complies with the Class A requirements Category 5 cables must be used if you are connecting to 100 Mbps devices See Safety Information on page 87 for conditions of operation System Requirements Operating Systems The Secure Router will support the following Operating Systems Windows 95 98 Me Windows NT 4 0 Windows 2000 Windows XP Windows 2003 Server Mac OS 8 5 or higher Unix Ethernet Performance The Secure Router complies with the IEEE 802 3i u and x speci
67. ic IP Address DSL or Cable The ISP provides the IP addressing information for you to enter manually To configure the Router you will need to know the following IP Address Subnet Mask ISP Gateway Address and DNS address es PPTP DSL or Cable PPTP is used by some providers mostly in Europe If the installation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select this option Note that when you install the Router you will not need to use the dialup VPN on your PC anymore To configure the Router you will need to know the following Username Password and VPN Server address usually your modem You will be asked for the IP Allocation Mode when you run the Setup Wizard Powering Up the Router 1 Plug the power adapter into the power adapter socket located on the back panel of the Router refer to Power Adapter socket on page 13 2 Plug the power adapter into a standard electrical wall socket Connecting the Secure Router The first step for installing your Secure Router is to physically connect it to a cable or DSL modem in order to be able to access the Internet 17 Figure 6 Connecting the Secure Router Your existing Cable DSL Modem I OfficeConnect AMO Cate i j Secure Router OfficeConnect Switch To
68. is documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo and OfficeConnect are registered trademarks of 3Com Corporation Intel and Pentium are registered trademarks of Intel Corporation Microsoft MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation Novell and NetWare are registered trademarks of Novell Inc UNIX is a registered trademark in the United States and other countries licensed exclusively through X Open Company Ltd Netscape Navigator is a registered trademark of Netscape Communications JavaSc
69. lease as was issued previously even if that lease has expired Expired leases are only reused when there are no free leases available When an expired lease is re issued the oldest lease that is not a fixed association is used The Release button allows the lease for an IP address that has been issued to a device to be cleared If you are running short of addresses in the DHCP Pool and you know of computers that are unlikely to connect to your network soon you can release the IP address allowing it to be reallocated to another machine 43 gt If you have spare or expired IP addresses in the pool you will not need to release addresses The P Address Host Name and MAC Address indicate the address that has been allocated They identify the machine by name and by the unique number MAC Address of the machine s network card The Fixed Association check box allows you to freeze the relationship between an IP address and a particular machine If you check the box for one row that IP address will always be given out to the same machine and will not be allocated to another machine even if the lease has expired Clear the check box to allow the address to revert back to normal behavior Click Refresh to save any changes you have made Click New to allocate an IP address to a MAC address Click Add to save Figure 37 Fixed DHCP Mapping Screen Z DHCP Fixed Mapping Setup Microsoft Interne Add Fixed DHCP Mapping Add
70. ll find the Router even if it is unconfigured or Running the Discovery Application misconfigured 3Com provides a user friendly Discovery application for detecting the OfficeConnect Secure Router on the network Figure 78 Discovery Welcome Screen 3Com OfficeConnect Discovery 5 0 3 A x If your computers are configured with static addresses also known as fixed addresses and you do not wish to change this then you should use the Discovery program on the Router CD ROM to detect and configure your Router Windows Installation 95 98 XP 2000 2003 Server NT 1 Insert the Router CD ROM in the CD ROM drive on your computer A menu will appear select Gateway Discovery Welcome This application will help you to find and configure your OfficeConnect product Please select the network interface that your product is connected to 3Com EtherLink PCI IP address of adapter 161 71 121 111 Cancel 79 2 When the Welcome screen is displayed click on Next and wait 3 Figure 79 shows an example Discovered Devices screen Highlight until the application discovers the Routers connected to your the Secure Router by clicking on it and press Next LAN Figure 80 Discovery Finish Screen Figure 79 Discovered Router 3Com OfficeConnect Gateway Discovery 4 04 f x Completing the OfficeConnect Gateway Discovery Application 3Com OfficeConnect Discovery 5 0 x Discovered Devices Please choose a Device to configure
71. llation or configuration 104 INDEX Numbers 1OOBASE TX 99 1OBASE T 99 3DES defined 99 upgrading to 69 A access rights 50 adding special applications 53 address TCP IP 81 admin password 23 changing 35 advanced settings 55 AES 99 alert LED 12 allow block lists 56 Apple Macintosh see Macintosh auto configuration wizard 26 Auto IP addressing 83 Auto negotiation 99 B bandwidth 99 BCIQ statement 111 blocking Internet access 50 broadband sharing 9 C cable specifications 86 cable DSL Ethernet port 13 cable DSL modem connecting to 17 cable DSL status LED 13 category 3 cables 99 category 5 cables 99 changing the admin password 35 client 99 configuring computers 19 configuring the Router 33 connecting the cable DSL modem 17 connecting to the Internet 36 Consignes importantes de s curit 88 content filtering 56 57 creating a virtual server 49 CSA statement 111 D data encryption standard 99 daylight saving 68 DES 99 DHCP 100 wizard 30 DHCP Internet settings 38 DHCP server configuring 42 DHCP settings Macintosh OS 8 5 9 x 20 Windows 2000 XP 2003 Server 19 Windows 95 98 ME 20 diagram front panel 12 rear panel 13 sample network 9 digital subscriber line 100 disabling IPSec 61 disabling PPPoE client software 20 disabling the firewall 55 disabling web proxies 21 discovery application 79 DMZ virtual 49 DNS 100 domain name system 100 DSL 100 DSL Ethernet port 13 DSL modem 100 DSL status LE
72. llowing m Username This is the username that the remote VPN client will use to connect m Password The Password that the user will need to supply to connect Figure 64 When you have created a user account the user will need to know the User Name and Password you have given them Figure 64 PPTP Connections E YPN Connection Setup Microsoft Internet Explorer VPN Tunnel Configuration Connection Type Remote User Access C Gateway to gateway PPTP M Tunnel Type Tunnel Description User Name Password The screens to edit and add a PPTP user contain the same fields 66 Click Apply to save your changes or Close to return without saving Editing IPSec Routes The IPSec Routes tab is only displayed when IPSec Enabled is selected on the VPN Mode screen This screen allows you to add and replace networks in the existing IPSec Route See Figure 65 To do this Select edit to display the Edit Route screen Figure 66 Click in the table and add a new Network and Subnet Mask entry Leave the Negotiate all subnets whenever tunnel is triggered check box blank unless the remote subnet cannot open the connection and needs to try more than one subnet Click Apply to save your changes or Close to return without saving The gateway for a remote network must also be set to use the VPN tunnel to access your local network Therefore if you include a subnet for a remote network in your IPSec route then the
73. ly those offering Cable use the Hostname of the device connected to their service to identify them If you do not have a hostname leave this field blank Primary DNS Address optional optional optional Secondary DNS Address Host Name AnA ff cancel If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secondary DNS Address If your ISP does not require one of the fields to be filled in then leave it blank If your ISP requires you to supply a host name enter it in the Host Name box otherwise leave the box blank Click Next to continue to the Clone MAC Address screen shown in Figure 20 below 4 Figure 20 Clone MAC Address Screen Setup Wizard Microsoft Internet Explorer x Clone MAC Address Some ISP s particularly those offering Cable require you to register your MAC address with them If you have done this the MAC address of the Secure Router must be changed to the MAC address that you supplied to your ISP Does your ISP require this No C Yes please clone the MAC address from the PC I m currently using 00 B0 D0 53 56 64 C Yes I would like to enter a MAC address manually fo 0B ac Do BA EE Valid characters 0 9 and A F If your ISP requires an assigned MAC address select the appropriate radio button m Yes please clone the MAC address from the PC I m currently using if the co
74. merica Telephone Technical Support and Repair From the Caribbean Central and South America call From the following countries you may use the numbers shown Antigua 1 800 988 2112 Argentina 0 810 444 3COM ae ee ae Aruba 1 800 998 2112 Denmark 7010 7289 Bahamas 1 800 998 2112 Finland 01080 2783 Barbados 1 800 998 2112 France 0825 809 622 Belize 52 5 201 0010 Germany 01805 404 747 Bermuda 1 800 998 2112 Hungary 06800 12813 Bonaire 1 800 998 2112 lreland 01407 3387 Brazil 0800 13 3COM Israel 1800 945 3794 Cayman 1 800 998 2112 Italy 199 161346 Chile AT amp T 800 998 2112 Luxembourg 342 0808128 Colombia AT amp T 800 998 2112 Netherlands 0900 777 7737 Costa Rica AT amp T 800 998 2112 Norway 815 33 047 Curacao 1 800 998 2112 Poland 00800 441 1357 Ecuador AT amp T 800 998 2112 Portugal 707 200 123 Dominican Republic AT amp T 800 998 2112 South Africa 0800 995 014 Guatemala AT amp T 800 998 2112 Spain 9 021 60455 Halt 57 1 657 0888 Sweden 07711 14453 Honduras AT amp T 800 998 2112 Switzerland 08488 50112 Jamaica 1 800 998 2112 U K 0870 909 3266 Martinique 571 657 0888 Mexico 01 800 849CARE You can also obtain support in this region using the following Nicaragua AT amp T 800 998 2112 URL http emea 3com com support email html Panama AT amp T 800 998 2112 Paraguay 54 11 4894 1888 Peru AT amp T 800 998 2112 Puerto Rico 1 800 998 2112 Salvador AT amp T 800 998 2112 Trinidad and Tobago 1 800 998 2112 Uruguay AT amp T 800 998 2112
75. mputer you are using now is the one that was previously connected directly to the cable or DSL modem m Yes would like to enter a MAC address manually and manually enter the values for a MAC address if the computer you are using now was not previously connected directly to the cable or DSL modem Otherwise select No Click Next to continue Continue at Choosing your LAN Settings on page 30 PPPoE Mode To setup the Router for use with a PPP over Ethernet PPPoE connection use the following procedure Figure 21 PPPoE Screen 3 Setup Wizard Microsoft Internet Explorer SE ixt Internet Settings PPPoE Please enter your PPPoE settings as provided by your ISP below If you have not been provided with a PPPoE Service Name leave this field blank T optional optional optional a optional Maximum Idle Time forever z PPPoE User Name PPPoE Password PPPoE Service Name Primary DNS Address Secondary DNS Address Host Name Enter your PPP over Ethernet user name in the PPPoE User Name text box Enter your PPP over Ethernet password in the PPPoE Password text box If your ISP does not require one of the fields to be filled in then leave it blank If your ISP requires you to supply a PPPoE service name enter it in the PPPoE Service Name text box If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secon
76. n Setup Screen gains the extra fields needed to describe a custom special application These are shown in Figure 52 below Figure 52 Custom Special Applications Setup Screen a Spee ial apple ation Slup Micra babeneet Explorer Special Application Settings Choose Applicaton Custom Trigger Port o l Enable seconds Address Translation Type Ma Addras Trartisban Agpicahon Hame peii Protgig Multiple Hosts Aowad Tenut Sassion Chaining ej m Application Name Each special application is named and will detect the ports that need to be opened so you do not need to specify them This name is not used by the Router and is only to enable you to identify the connection m rigger Port This is the TCP IP port number that the Router uses to recognize the outgoing packet that starts special application session Your application provider can provide you with this information The Router allows Trigger Ports that are a single value or a range of values but not a list So 6599 and 6577 6587 are both valid but 6577 6579 6582 is not m Specify Protocol Select the protocol TCP or UDP that your special application uses Your application provider can provide you with this information mg Multiple Hosts Allowed If your application provider uses more that one IP address during a session or responds from 54 gt an address different to the one you use to start the special a
77. n configure the Router you need to know the IP information allocation method used by your ISP There are four different ways that ISPs can allocate IP information as described below When you install the Router you will not need to use the PPPoE software on your PC When you install the Router you will not need to use the dialup VPN on your PC anymore The Router will automatically dial on demand PPPoE or PPTP and obtain date time via NTP m Static IP Address DSL or Cable The ISP provides the IP addressing information for you to enter manually To configure the Router you will need to know the following m P address a Subnet Mask m ISP Gateway address a DNS address es Dynamic IP Address DSL or Cable Dynamic IP addressing or DHCP automatically assigns the Router IP information This method is popular with Cable pro viders This method is also used if your modem has a built in DHCP server PPPoE DSL only PIf the installation instructions that accompany your modem ask you to install a PPPoE client on your PC then select this option To configure the Router you will need to know the following m Username m Password m Service Name if required by your ISP PPTP DSL or Cable PPTP is used by some providers mostly in Europe If the instal lation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select this option To configure the Rout
78. n option and click OK Figure 9 Internet Properties ax heneral Securty Content Conmedsons Programs satver MB usa ete Internat Coenaction Wounds Ss zonnet sour oonpuber be the Internet Diaby peliim Piip Cannet Hever dial a connection Dial whenever a neterork connection in nok pat O Ablabys dal my default connection Long ines Nabeak LM pettiness i gt You may wish to remove the PPPoE client software from your computer to free resources as it is not required for use with the Router Disabling Web Proxy Ensure that you do not have a web proxy enabled on your computer Go to the Control Panel and click on Internet Options Select the Connections tab and click on LAN Settings at the bottom Make sure that the Use Proxy Server option is unchecked 21 22 RUNNING THE SETUP WIZARD If the Router needs to be configured for example if it has not yet been used or has been reset it will run the Setup Wizard The Login screen as shown in Figure 11 should appear in your browser If it does not refer to Troubleshooting on page 75 automatically This detects some of the settings the Router needs to function and asks that you input the others 3 To log in enter the password the default password is admin in the System Password field and click Log in Figure 11 Login Screen Accessing the Wizard The Secure Router Setup Wizard is Web based which means that it is accessed through your Web
79. nformation to other devices on the network Setting up Dynamic Routing To set up Dynamic Routing 1 Select a Service from the pull down list 2 Click Apply to save your changes The list of all routes static and dynamic are listed in the Status and Logs section 47 Dynamic DNS The Router provides a list of dynamic DNS providers for you to choose from Dynamic DNS is disabled by default Figure 43 Dynamic DNS Screen a 3com Welcome Network Settings Advanced Metrerarking Firevrall osten Filtering VPN System Tools Stabus and Logs Supports eedback OfficeConnect Secure Router Dynamle DNS Dynamic DNS Help Enable Dynamic Das FF Car Har Harr heri F Patceord onseword oynamic bis concer E DNS heer haii wemi ong States This page has changed Click Anoy to cave mew configuration Setting up Dynamic DNS To set up Dynamic DNS 1 Check the Enable Dynamic DNS box to open the Dynamic DNS settings screen 2 Enter your User Name and Password Select a Dynamic DNS Provider from the pull down list 4 Enter the DNS Host Name 48 5 Click Apply to save your changes Configuring the Router On the main frame of the Firewall setup screen is a menu with four tabs Virtual Servers PC Privileges Special Applications and Advanced These enable you to set the access to and security of your network The Virtual Servers Menu Selecting the Firewall option on the main menu display
80. ng either straight through or crossover cables 7 Four 10 100 LAN ports Use suitable cable with RJ 45 connectors You can connect your Router to a computer or to any other piece of equipment that has an Ethernet connection for example a hub or a switch All ports will automatically adjust for the correct speed duplex and cable type You can connect your Ethernet devices using either straight through or crossover cables 14 INSTALLING THE ROUTER Introduction This chapter will guide you through a basic installation of the OfficeConnect Secure Router including m Connecting the Router to the Internet m Connecting the Router to your network Positioning the Router You should place the Secure Router in a location that m is conveniently located for connection to the cable or DSL modem that will be used to connect to the Internet m allows convenient connection to the computers that are to be connected to the four LAN ports on the rear panel m allows easy viewing of the front panel LED indicator lights and access to the rear panel connectors if necessary Safety Information A A WARNING Please read the Important Safety Information section before you start VORSICHT Bitte lesen Sie den Abschnitt Wichtige Sicherheitsinformationen sorgf ltig durch bevor Sie das Ger t einschalten AVERTISSEMENT Veuillez lire attentivement la section Consignes importantes de s curit avant de mettre en
81. nt CONTENTS Contents 3 About This Guide 7 Naming Convention 7 Conventions 7 Introducing the OfficeConnect Secure Router 9 OfficeConnect Secure Router 9 Secure Router Advantages 10 Package Contents 11 Minimum System and Component Requirements 11 Front Panel 12 Rear Panel 13 Installing the Router 15 Introduction 15 Positioning the Router 15 Safety Information 15 Using the Rubber Feet 15 Using the Stacking Clip 15 Before you Install your Router 16 Dynamic IP Address DSL or Cable 16 PPPoE DSL only 16 Static IP Address DSL or Cable 16 PPTP DSL or Cable 16 Powering Up the Router 17 Connecting the Secure Router 17 Setting Up Your Computers 19 Obtaining an IP Address Automatically 19 Windows 2000 XP 2003 Server 19 Windows 95 98 20 Macintosh OS 8 5 9 x 20 Disabling PPPoE and PPTP Client Software 20 Disabling Web Proxy 21 Running the Setup Wizard 23 Accessing the Wizard 23 Setting the Password 24 Setting the Time Zone 25 Auto Configuration Settings 26 Internet Settings 26 Choosing your LAN Settings 30 Activating DHCP 30 Viewing the Summary 31 Router Configuration 33 Navigating Through the Router Configuration Pages 33 Main Menu 33 Option Tabs 33 Welcome Screen 34 Viewing the Notice Board 34 Changing the Administration Password 35 Setup Wizard 35 Network Settings 35 Connection to ISP 36 LAN Settings 41 DHCP Clients List 42 Advanced Networking 44 Setting up NAT 44 Static Routing 46 Dynamic
82. nt title m Document part number on the title page m Page number if appropriate Example m OfficeConnect Secure Router User Guide m Part Number DUA08609 5AAA0x m Page 24 INTRODUCING THE OFFICECONNECT SECURE ROUTER Welcome to the world of networking with 3Com In the Figure 1 Example Network Without a Secure Router modern business environment communication and sharing information is crucial Computer networks have proved to be one of the fastest modes of communication but until recently only Cable DSL large businesses could afford the networking advantage The Modem OfficeConnect product range from 3Com has changed all this bringing networks to the small office _ lt The products that compose the OfficeConnect line give you the small office user the same power flexibility and protection that has been available only to large corporations Now you can 4 network the computers in your office connect them all to a single Internet outlet and harness the combined power of all of VA your computers A S OfficeConnect Secure Router The OfficeConnect Secure Router is designed to provide a cost effective means of sharing a single broadband Internet connection amongst several computers The Router also increases your network security by acting as a P A firewall preventing unauthorised external access to your J Zig Za network and by creating Virtual Private Networks VPNs TE q b encryp
83. nteret Lage Monit r oe Det dtwanted hebraorking Firerrall Cmtent Filtering WRN Srilem Tauls b Stato and Logs appar f eadhask Slaten Realy 71 Figure 75 Log Settings Screen ar p Pi F a ceConne E Status and Logs opr beg cm te Poe D Geese beep on Mewar AnD band Be amaa deve P Gand beep io temcte berre onip Remon kee gerne ii we 1D adden Bator ing for ae folie evenia LAN Ewer 1S Connection Eegeby Wehi Dated Logger Tropeeed Paces imbir fotar Amid Ditebas Obtaining Support and Feedback for your Router Selecting Support Feedback on the main menu generates both m The support links screen which contains a list of Internet links that provide information and support concerning the Router Figure 76 Figure 76 Support Screen This Admirettration Syste cortains a comprehensive online help system that oves explanatioes and instructions about configuring the Router License Agreement Table of Contents H addtional assistance is requred please select one of the following inks Seaport from vour Network Susplier Support from 3 om m The feedback links screen which contains an Internet link to the 3Com website so that you can provide feedback on the product Figure 77 3Com is always looking for product improvements If you would like to help us by providing feedback please do so by 72 clicking on the Provide Feedback button on the Support Feed
84. o disable the firewall as shown below Select Advanced to display the Advanced Settings screen See Figure 53 below m Allow PING from the Internet PING is a utility which is used to determine whether a device is active at the specified Figure 53 Advanced Settings Screen IP address PING is normally used to test the physical connection between two devices to ensure that everything is working correctly By default the Router has PING disabled so that it does not respond to PING requests This makes the device more diffi hi A ETRE cult to find on the Internet and less prone to attack Dade PAj firea This feature is enabled by clicking on the check box so that a tick can be seen and then selecting Apply i gt 3Com recommends that you leave Allow PING from the Internet disabled as this provides greater security m Disable SPI Firewall The firewall feature detects attack patterns used by hackers on the Internet and once detected will block their access to your network The firewall feature is disabled by clicking on the check box so that a tick can be seen and then clicking Apply The Internet connects millions of computer users throughout the i gt 3Com recommends that you leave the firewall feature enabled world The vast majority of the computer users on the Internet checkbox cleared for normal use You may wish to turn it off are friendly and have no intention of breaking into stealing for diagnostic purposes from
85. of the unit below 2 Press down gently on the unit to secure it onto the clip ensuring the fastening pieces fit into the slots on the unit below as shown in Figure 5 picture 2 Figure 5 Stacking Your Units Together IE Fastening 2 EE To remove the clip 1 Remove the top unit together with the clip If you hook a finger around one of the the fastening pieces and then pull it gently from out of the slot the clip should come away with the upper unit attached to it 2 Push the clip in the center so it bends towards the base of the unit and then separate once the clip is loose 16 Before you Install your Router Before you can configure the Router you need to know the IP information allocation method used by your ISP There are four different ways that ISPs allocate IP information as described below Dynamic IP Address DSL or Cable Dynamic IP addressing or DHCP automatically assigns the Router IP information This method is popular with Cable providers This method is also used if your modem has a built in DHCP server PPPoE DSL only If the installation instructions that accompany your modem ask you to install a PPPoE client on your PC then select this option Note that when you install the Router you will not need to use the PPPoE software on your PC To configure the Router you will need to know the following Username Password and Service Name if required by your ISP Stat
86. ondary DNS Address If your ISP requires the address of a Secondary DNS Server then enter it in the field labelled Secondary DNS Address otherwise leave the box blank m Maximum Idle Time The amount of time without activity before the Router terminates the Internet connection Initial IP Address and Initial Subnet Mask IP settings must be used when establishing a PPTP connection Alternatively if the PPTP server is located in your DSL modem click Suggest to select an IP address on the same subnet as the PPTP server LAN Settings The LAN Settings screen allows you to change the TCP IP settings of your Router and its DHCP server 41 Figure 35 Unit Configuration Screen EEI I EEET Changing the LAN Settings These settings will have been entered during the set up wizard when the device is first used You only need to change these if you reconfigure your network If you make any changes click Apply to save them to the Router When changing the IP Address of the Router choose an address that will be unique in your network and in your network s subnet The default IP Address of the Router is 192 168 1 1 When you change the IP Address of the Router you must reboot all computers that gain their IP address from the Router before they will be able to access the Internet gt If you are using static addresses for your PCs you must alter the network configuration on each PC so that they have an IP address within the sam
87. one IP address The NAT capability of the Router allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP Network A Network is a collection of computers and other computer equipment that are connected for the purpose of exchanging information or sharing resources Networks vary in size some are within a single room others span continents Network Interface Card NIC A circuit board installed into a piece of computing equipment for example a computer that enables you to connect it to the network A NIC is also known as an adapter or adapter card Ping Packet Internet Groper An internet utility used to determine whether a particular IP address is online It is used to test and debug a network by sending out a packet and waiting for a response Protocol A set of rules for communication between devices on a network The rules dictate format timing sequencing and error control 102 PPPoE Point to Point Protocol over Ethernet Point to Point Protocol is a method of secure data transmission originally created for dial up connections PPPoE is for Ethernet connections PPTP Point to Point Tunnelling Protocol PPTP is a simple VPN encryption protocol based on the Point to Point protocol It Is most frequently used to connect remote PCs to private networks RIP Routing Information Protocol A simple routing protocol that is part of the TCP IP p
88. ormation Refer to the documentation supplied with your NIC for details 75 Connecting to the Internet If you can browse to the Router configuration screens but cannot access sites on the Internet check the following m Confirm that the physical connection between the Router and the Cable DSL modem is OK and that the link status LEDs on both Router and modem are illuminated m Confirm that the connection between the modem and the Cable DSL interface is OK m Ensure that you have entered the correct information into the Router configuration screens as required by your Internet Service Provider Use the Internet Settings screen to verity this m For DSL users check that the PPPoE or PPTP user name password and service name are correct if these are required Only enter a PPPoE service name if your ISP requires one m For cable users check whether your ISP requires a fixed MAC Ethernet address If so use the Clone MAC Address feature in the Router to ensure that the correct MAC address is presented as described in Configuring a Dynamic IP Address on page 38 m Ensure that your computers are not configured to use a Web proxy On Windows computers this can be found under Control Panel gt Internet Options gt Connections m Check PC Privileges to see if you have allowed your PCs to connect to the Internet See PC Privileges on page 50 76 Forgotten Password If you can browse to the Router confi
89. oup 1 Embi Ronegetiate Adter seconds Use Pectect Forward Secrecy W Use IKE Eprp Alni E Description Ramote Subnet Patel Turiel Shared hey Enerypfion Type If the remote device has a LAN IP address of 192 168 1 1 and a subnet mask of 255 255 255 0 then the LAN IP address of the remote subnet is 192 168 1 0 The devices must be configured with LAN IP address ranges that do not overlap m Remote Subnet Mask this is set as 255 255 255 0 as default m Tunnel Shared Key this is the password for the connection and is a combination of letters numbers and punctuation and can be up to 64 characters in length If you are creating a Gateway to Gateway connection you have no need to remember the Tunnel Shared Key once the tunnel is established and do not have to make the key a memorable password m Encryption type choose the encryption type from DES 3DES or AES 3DES is more secure than DES but may take longer to encrypt and decrypt AES offers the highest security but will take longer than 3DES to encrypt and decrypt 3DES and AES are not shipped with the Router as standard due to international restrictions on encryption If your country permits their use they can be downloaded from the 3Com web site at http www 3com com mg Hash Algorithm choose either SHA 1 or MD5 from the drop down list Both ends of the connection must use the same value m Exchange keys using choose the encryption m
90. owered on the Alert LED will be on for between three and five seconds and then start to flash while the system software checks the hardware for proper operation The Alert LED may continue to flash for one minute or longer depending on your network configuration Once the Router has Started normal operation the Alert LED will go out m If the Alert LED does not go out following start up but illuminates continuously this indicates that the software has detected a possible fault with the hardware If the Alert LED is flashing slowly this indicates a firmware failure Remove power from the Router wait 10 seconds and then re apply power If the Alert LED comes on continuously again then a fault has been detected refer to Recovering from Corrupted Software below If this does not fix the problem contact your supplier for further advice m During normal operation you may notice the Alert LED lighting briefly from time to time This indicates that the Router has detected a hacker attack from the Internet and has prevented it from harming your network You need take no specific action on this unless you decide that these attacks 77 are happening frequently in which case you may wish to discuss this with your ISP The Router logs such attacks and this information is available through the configuration screens Recovering from Corrupted Software If the Alert LED flashes slowly on and off following power up it is possible that th
91. pplication then you must ensure that the Multiple Hosts Allowed box is checked Otherwise leave it clear Your application provider can provide you with this information CAUTION Selecting Multiple Hosts Allowed weakens the security that your Router s firewall is able to provide and should only be used if the special application requires It m Timeout Enter the number of seconds the Router should wait for the first reply from the special application server before it abandons the connection The default Timeout is three seconds If you find that connections are being dropped enter a higher value m Session Chaining Some special applications need to take control of a session If the special application you wish to run requires this ensure that Session Chaining is enabled otherwise ensure that it is disabled CAUTION Allowing Session Chaining weakens the security that your Router is able to provide and should only be used if the special application requires it m Address Translation Type If your special application provider embeds IP addresses in TCP or UDP packets you will have to enable address translation on the appropriate protocol type Your application provider can provide you with this information When you have configured your special application click Add to save your changes or Close to quit without making any changes Advanced The options on this screen enable you to allow PING from the internet and t
92. r Gateway Firewall or Router or Remote User Access to create a connection for a remote computer m Tunnel Type Choose either IPSec either Remote User Access or Gateway to Gateway L2TP over IPSec or PPTP m Description a description of the connection This can be different on each Router as it is not used in the connection If the remote site has another Gateway Firewall or Router with an established IPSec L2TP over IPSec or PPTP connection then there is no need to create a connection for a remote user on that site If you configure an IPSec connection for a remote computer then that computer will require software that supports IPSec If you configure an L2TP over IPSec or PPTP connection for a remote computer then you should contact Microsoft for information on whether an upgrade is required Depending on which Tunnel Type you have selected choose from the following to edit or add the remaining fields IPSec Connections using Remote User Access on page 62 IPSec Connections using Gateway to Gateway on page 63 L2TP over IPSec Connections on page 65 PPTP Connections on page 66 IPSec Connections using Remote User Access If you have selected IPSec as a Tunnel Type and Remote User Access as a Connection Type enter the following values m Connection Name Enter a descriptive name for the connection m Remote User ID Enter the Remote User ID This must be entered identically on the IPSec
93. r more of the computers on your network to function as an Internet service host For example one of your computers could be configured as an FTP host allowing others outside of your office network to download files of your choosing Or if you have created a Web site you can configure one of your computers as a Web server so that others can view your Web site If you are using One to Many NAT you can only have one server of each type on your network To have more than one server of a type for example more than one web server visible to the Internet you must be using One to One NAT 49 To configure a virtual server Click New on the right side of the Virtual Servers screen to open the Virtual Server Settings dialogue box Figure 45 Enter the IP address of the computer in the Server P Address text box Select the Service from the pull down list Figure 45 Virtual Servers Settings Screen Fj vera Gererr Sete Piira iriiri Enpe Virtual Server Settini xl If you select Custom the screen shown in Figure 46 displays Specify a suitable name for the service and then enter the port numbers required for that service If a service requires more than one port number enter the multiple ports as a comma separated list or a range e g 51 52 54 59 Figure 46 Custom Setup Screen Server IP Address Local Service Custom Service Name Specify Custom Service Ports Specify Protocol Access frora the Internet AN WAN PCs
94. rEtame st Secondary DNS Address otherwise leave the box blank ele ai Dae ches els te save naw cortaron E m Host Name The Host Name of your computer may be Gell reeccremeet 0 f PPPOE Senior Hame OOOO iad required by your ISP sho ae ae Primary DHS aderena ees m Clone MAC Address Your ISP may require you to have a Support Feeaha a pam particular MAC address This will be the MAC address of the hasan tole Tare oe computer you first used to connect with your ISP Click Apply to save any changes you have made Your ISP may need you to enter host name or PPPoE settings To setup the Router for use with a PPPoE connection the following fields will need to be completed m P Address The internet address allocated by your ISP for this connection is automatically configured and is not editable m PPPoE User Name The user name you use to access your ISP 39 m PPPoE Password The password you use to access your ISP Configuring a PPTP connection m PPPoE Service Name Your ISP may require you to specify a If your ISP has allocated you a dynamic address using PPTP you service name for your connection will have selected PPTP used by some European providers as m Primary DNS Address If your ISP requires the address of a your IP Allocation Mode Primary DNS Server then enter it in the field labelled Primary DNS Address m Secondary DNS Address If your ISP requires the address of x OfficeConnect Secu
95. re Router a Secondary DNS Server then enter it in the field labelled ining Secondary DNS Address otherwise leave the box blank Figure 34 PPTP Setup Screen m Host Name The Host Name of your computer may be required by your ISP PPTP User Neme m Maximum Idle Time The amount of time without activity serene C before the Router terminates the Internet connection RE punann Secondary DNS Address optional f f k Mecmum ide Time lore i Since the Router firmware contains its own PPPoE client you no tees rst apecty IP pettings to be uted when establiran he PPTP longer need to run PPPoE client software on your computer to hintaan S access the Internet You can simply start your browser and iziap Address foon intial Subrat Mast FES 7557550 Suggest connect to the Internet immediately after setting up your cable a or DSL modem To setup the Router for use with a PPTP connection the following fields will need to be completed m P Address The internet address allocated by your ISP for this connection is automatically configured and is not editable m PPTP Server Address This is typically the address of your modem 40 m PPTP User Name The user name you use to access your ISP m PPTP Password The password you use to access your ISP m Primary DNS Address If your ISP requires the address of a Primary DNS Server then enter it in the field labelled Primary DNS Address m Sec
96. re your Internet settings manually continue at Internet Settings below Static IP Mode on page 27 Dynamic IP Address Mode on page 27 m f you chose one of the automatic configuration options PPPoE Mode on page 28 continue at Choosing your LAN Settings on page 29 PPTP Mode on page 29 26 Static IP Mode To setup the Router for use with a static IP address connection use the following procedure Figure 18 Static IP Mode Screen A Setup Wizard Microsoft Internet Explorer O x Internet Settings Static IP Mode Please enter your settings as provided by your ISP below fi 0 10 1 1 255 255 255 0 optional IP Address Subnet Mask Internet ISP Gateway Address Primary DNS Address Secondary DNS Address ecaack next gt ff cancel Enter your IP Address in the P Address text box Enter your subnet mask in the Subnet Mask text box Enter your ISP Gateway address in the nternet ISP Gateway Address text box Enter your primary DNS address in the Primary DNS Address text box If your ISP provides a secondary DNS address enter it in the Secondary DNS Address text box otherwise leave the box blank Click Next to continue 27 Dynamic IP Address Mode To setup the Router for use with a dynamic IP address connection Figure 19 Hostname Screen 2 Setup Wizard Microsoft Internet Explorer Internet Settings Hostname Some ISPs particular
97. receives an IP address When entering the address of the Router into your web browser ensure that you include the full URL including the http prefix e g http 192 168 1 1 If you cannot browse to the Router use the winipcfg utility in Windows 95 98 ME to verify that your computer has received the correct address information from the Router From the Start menu choose Run and then enter winipcfg Check that the computer has an IP address of the form 192 168 1 xxx where xxx is in the range 2 254 the subnet mask is 255 255 255 0 and the default Router is 192 168 1 1 the address of the Router If these are not correct use the Release and Renew functions to obtain a new IP address from the Router Under Windows NT 2000 XP use the ipconfig command line utility to perform the same functions If you still cannot browse to the Router then use the Browsing to the Router Configuration Screens If you have connected your Router and computers together but cannot browse to the Router configuration screens check the following Discovery program on the accompanying CD ROM as described in Using Discovery on page 79 m Confirm that the physical connection between your computer and the Router is OK and that the link status LEDs on the Router and NIC are illuminated and indicating the same speed 10Mbps or 100Mbps Some NICs do not have status LEDs in which case a diagnostic program may be available that can give you this inf
98. remote network must also include your subnet in its IPSec route also Figure 65 IPSec Routes Accessing the System Tools Cale OfficeConnect Secure Router Oo 3com The System Tools menu includes four administration items TS Restart Time Zone Diagnostics Tools Configuration and Upgrade See Figure 67 Weltome Network Settings Advanced Networking f irerrall Eia L E n daina Restart enbenk Filtering E VPN ae Pressing the Restart the Gateway button has the same effect as eee power cycling the unit No configuration information will be lost Sepport Fendback but the log files will be erased This function may be of use if you are experiencing problems and you wish to re establish your Internet connection Figure 67 Restart Screen C A OfficeConnect Secure Router 3COM Status Ready Restart Time Zone Diegnostic Tools Configuration Upgrade Welcome Figure 66 Edit Route network Settings Advaeced Networking Firewall Dy ide wes Routes Micrnendt intent npka _a Ei Content filtering YPN j Note wit be d t t w Rat ct IPSec Routes Apply n System Tools Clase Stetes and Logs l Metwork Subnet Mask Suppert t eedback 193 160 2 6 55 25 aL LOG our 5 out Status Ready 67 Any network users who are currently accessing the Internet will have their access interrupted whilst the restart takes place and they may need to reboot their computers when the restart has completed
99. rent password in the Old Password field Enter the new password in the New Password field Enter the new password again in the Confirm Password field Click Apply to save the new password A WN The password is case sensitive Setup Wizard Figure 29 Wizard Screen C A OfficeConnect Secure Router 3com Welcome Setup Wizard The wizard is a set of soneers that help pou configure the Secure Powter for the fest ima Plgaee chek on tha WIZARD butter bo launch the miray hetivork Settings Advanced Netrrorking Firevralll Contest Filtering WIZARD wiry Syitem Tools Status and Logs Support Feedback Click the WIZARD button to launch the configuration wizard Refer to Running the Setup Wizard on page 23 for information on how to run the wizard Network Settings The Network Settings menu allows you to view and amend your Router s m Connection to ISP m LAN settings m DHCP Clients list Connection to ISP 3cOM Aptwark Tebtiegs Advanced Networking T irervall nbent itoring VPN This option shown in Figure 30 allows you to change the method your Router uses to connect to your ISP You should only need to change these settings if m you change your Internet connection password PPPoE only or m your ISP informs you of a change in their settings or you change ISPs Figure 30 Connection to ISP Screen ceConnect Secure Router Network Setting
100. ress otherwise leave the box blank If you wish to set maximum idle time enter it in the Maximum Idle Time box otherwise leave the box blank If your ISP charges for connection time then you may wish to set the Maximum Idle time to control costs The Maximum Idle Time is the amount of time without activity before the Router terminates the Internet connection By default the value will be forever 7 Check all your settings and then click Next Choosing your LAN Settings The LAN settings screen shown in Figure 23 below displays the Router s current IP address and subnet mask If this is the first time the Wizard has been run it will display the default address and subnet mask Figure 23 LAN IP Address Screen Setup Wizard Microsoft Internet Explorer LAN Settings LAN IP Address The fields below show a suggested LAN IP address and subnet mask for your Secure Router If these values are not suitable please change them and then click Next to continue IP Address fi 92 168 1 1 Subnet Mask 255 255 255 0 1 Enter your chosen IP address for the Router in the P Address field This should be a private network so that it does not conflict with IP addresses on the Internet See Private IP Addresses on page 83 30 gt 3Com recommends that you use the default IP address and subnet mask unless you already have a network that uses different values Enter your chosen subnet mask in the Subnet Mask field This
101. ress pool must be contained within the subnet as defined in Changing the LAN Settings on page 41 The default Start and end addresses are 192 168 1 100 and 192 168 1 200 The Local Domain Server is set to Domain as default If you have a WINS Server on your network enter its IP address in the WINS Server box The Router will pass this information on to all Windows PCs that obtain an address from its DHCP server If you have a 3Com NBX Call Processor on your network enter its IP address in the 3Com NBX Call Processor box The 3Com NBX Call Processor acts as a switchboard for voice over IP phones and the Router will pass on this information If you will be using One to One NAT you must set up a range that is one less than the number of public addresses allocated to you by your ISP The DHCP range must also be identical to the range specified when you set up One to One NAT See Setting up One to One NAT on page 45 DHCP Clients List The DHCP Clients List screen provides details of the devices that have been given IP addresses by the Router s DHCP server For each device that has been granted a lease the P address Host Name and MAC address of that device is displayed Figure 36 DHCP Clients Screen OfficeConnect Secure Router LEP ATR ONCE Cos List The Router grants leases for 7 days If a computer does not connect for a week its IP Address may be reused The Router will attempt to supply a computer the same
102. ript is a trademark of Sun Microsystems All other company and product names may be trademarks of the respective companies with which they are associated ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations To uphold our policy we are committed to Establishing environmental performance standards that comply with national legislation and regulations Conserving energy materials and natural resources in all operations Reducing the waste generated by all operations Ensuring that all waste conforms to recognized environmental standards Maximizing the recyclable and reusable content of all products Ensuring that all products can be recycled reused and disposed of safely Ensuring that all products are labelled according to recognized environmental standards Improving our environmental record on a continual basis End of Life Statement 3Com processes allow for the recovery reclamation and safe disposal of all end of life electronic components Regulated Materials Statement 3Com products do not contain any hazardous or ozone depleting material Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable managed forests it is fully biodegradable and recyclable and is completely chlorine free The varnish is environmentally friendly and the inks are vegetable based with a low heavy metal conte
103. rivileges To allow or deny VPN connections to other networks see Configuring VPNs on page 58 Some software applications need a connection to be started from the Internet an act that is usually blocked by the Router s firewall 52 So that these special applications can work properly and are not blocked the firewall needs to be told about them In each instance there will be an outgoing trigger which tells the Router s firewall that the application has started and to allow the incoming connections Each defined Special Application only supports a single computer user and any incoming ports opened by a Special Application trigger will be closed after 20 minutes of inactivity for TCP IP connections or 10 for UDP IP connections For each special application configured by the Router a row is added to the table Each row contains the following items m Delete button Deletes the special application on that row This will prevent the Router s firewall from opening to that connection m Authorized Applications Each special application is named This name is not used by the Router and is only to enable you to identify the connection Clicking the name of a connection displays the Special Application Setup screen See Adding and Editing Special Applications below m rigger Port This is the TCP IP port number that the Router uses to recognize that the application has started Additionally there are
104. rotocol suite It determines a route based on the smallest hop count between source and destination RIP is a distance vector protocol that routinely broadcasts routing information to its neighbouring routers Router Protocol dependant device that connects subnetworks together Routers are useful in breaking down a very large network into smaller subnetworks they introduce longer delays and typically have much lower throughput rates than bridges RJ 45 A standard connector used to connect Ethernet networks The RJ stands for registered jack Server A computer in a network that is shared by multiple end stations Servers provide end stations with access to shared network services such as computer files and printer queues SPI Stateful Packet Inspection This feature requires the Router to remember what outgoing requests have been sent and only allow responses to those requests back through the Router This way un requested attempts to access the network will be denied Subnet Address An extension of the IP addressing scheme that allows a site to use a single IP network address for multiple physical networks Subnet mask A subnet mask which may be a part of the TCP IP information provided by your ISP is a set of four numbers configured like an IP address It is used to create IP address numbers used only within a particular network as opposed to valid IP address numbers recognized by the Internet which must assigned
105. route A 15 When positioning your Router ensure m Itis out of direct sunlight and away from sources of heat m Cabling is away from power lines fluorescent lighting fixtures and sources of electrical noise such as radios transmitters and broadband amplifiers m Water or moisture cannot enter the case of the unit m Air flow around the unit and through the vents in the side of the case is not restricted We recommend you provide a minimum of 25mm 1in clearance Using the Rubber Feet Use the four self adhesive rubber feet to prevent your Router from moving around on your desk or when stacking with flat top OfficeConnect units Only stick the feet to the marked areas at each corner of the underside of your Router Using the Stacking Clip The stacking clip allows you to stack your OfficeConnect units together neatly and securely CAUTION You can stack up to a maximum of four units Smaller units must be stacked above larger units To fit the clip 1 Place your unit on a flat surface 2 Fit the clip across the top of the unit as shown in Figure 5 picture 1 ensuring that the longer sections of the fastening pieces are pointing downwards 3 Align the fastening pieces over the slots found on each side of the unit 4 Push the clip down gently to secure it ensuring the fastening pieces snap into the slots on the unit To fit another unit 1 Rest the second unit on top of the clip and align it with the front
106. s Gz i Donnedhon Parameters IF Mocaton Mode Emami F addoer automatically located Cik Apr bo dane naw coethbgurabern Relresh Renew antari ewberall bei Haar ig toral Chane MAC Address Saree OSs negate you bo Ager your ALAC pidkeii ch Darma M you Ae ove Bost the ALAC padati oe phe Saud Sur rae bi Ghee b a MAC Gels Mial p u Suttle to patent FSP IP Mdicirene Primary OMS address Secondary QAG ddraig Use the Secure Rowter s ongina MAC address 00 08 42 00 54 78 Enter a ray MAC address manually 36 Select the addressing method that your ISP uses to allocate your Router s Internet IP address Choose from the options in the P Allocation Mode drop down box and the screen will refresh with options relevant to that choice m f you select Static IP address to be specified manually see Configuring a Static IP Address on page 37 m If you select Dynamic IP address automatically allocated see Configuring a Dynamic IP Address on page 38 m f you select PPPoE PPP over Ethernet see Configuring a PPPoE connection on page 39 m f you select PPTP used by some providers mostly in Europe see Configuring a PPTP connection on page 40 If you are using One to One NAT your method of connection will already be fixed to Static To change to another method of address allocation you must first turn off One to One NAT See Setting up NAT on page 44 Before you ca
107. s and excluding the United Nations Convention on Contracts for the International Sale of Goods SEVERABILITY In the event any provision of this Agreement is found to be invalid illegal or unenforceable the validity legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired and a valid legal and enforceable provision of similar intent and economic impact shall be substituted therefor ENTIRE AGREEMENT This Agreement sets forth the entire understanding and agreement between you and 3Com and supersedes all prior agreements whether written or oral with respect to the Software and Documentation and may be amended only in a writing signed by both parties Should you have any questions concerning this Agreement or if you desire to contact 3Com for any reason please contact the 3Com subsidiary serving your country or write 3Com Corporation 350 Campus Drive Marlborough MA 01752 3064 This product contains encryption and may require U S and or local government authorisation prior to export or import to another country 96 ISP INFORMATION Information Regarding Popular ISPs Internet Connection Types Dynamic IP Clone MAC Dynamic IP Hostname Characteristics Cable modem ISP non hostname based Need to clone MAC in the DHCP page of router Cable ISP Requires Hostname to authenticate i e CX213818 B Need to enter the hostname in the DHCP page of the router ex
108. s the Virtual Servers screen Figure 44 Figure 44 Virtual Servers Screen 3com hel no rie pi Netveork Settings Advanced Neivrorking Firewall Content Filtering WEN Sytlem Tools Cate and Lage Support Feedback aon our OfficeConnect Secure Router Virtual DMZ me A nquabet Arden the Internet ic MOT dined fo vitua server heted in the table below E Block request Recheck requedt to Virtua OME hat thig reduced the gecurity prewicdedd Ery the wat address of DMZ Host sawe Help Virtual Server There if ro Virtual terrer defined inte Click on the Naw button on the night to specty a Virtual Server Siete Ready Creating a Virtual DMZ A virtual DMZ De Militarized Zone Host is a computer on your network with reduced protection provided by the firewall This feature allows a single computer to be exposed to 2 way communication from outside of your network in One to Many NAT mode The PC is still protected against DoS and hacker attacks CAUTION This feature should be used only if the Virtual Server or Special Applications options do not provide the level of access needed for certain applications To specify one of your computers as a DMZ host select Redirect Reguest to Virtual DMZ Host and enter the IP address of the computer in the P Address of DMZ Host text box and then click SAVE Creating a Virtual Server Activating and configuring a virtual server allows one o
109. s with the following in the URL will always be ALLOWED EE box 2 EEE foncom d EE aon SSON 5 der nea SOOO d wa 9 Da ee s 10 Bia lt s C C C 19 Dia lt C CisS 12 Dia tt lt sC 13 a i i ss CS TITT y E APC hove fitered web access Control which PCs have ther web access fiterod To set up a New Filter Policy Filter Policy p 1 Click New to open the Filter Poilcy Settings screen Figure 58 Select the Filter Policy tab to display the Filter Policy screen See p y g Figure 58 Figure 57 below 2 Enter the PC s IP address To set up the same content filtering policy for all PCs on the Check a Policy for that PC network Figure 58 Filter Policy Settings Screen 3J ontent Filler Pol y Settings Microsolt Internet Fiqplorer 1 Check the All PCs have filtered web access box Filler Policy Settings To set up which PCs have the content filtered ieidiee Filter web acoess 1 Check the Control which PCs have their web access filtered box Policy O alow til web access 2 Check the Filtered or Full Access box against each PC as required See Figure 57 below 57 Configuring VPNs gt Virtual private networks VPN provide an encrypted connection or tunnel between networks or between a network and a user over a public network such as the Internet Instead of using a dedicated real world connection s
110. software installed on the client s machine m Tunnel Shared Key this is the password for the connection and is a combination of letters numbers and punctuation and can be up to 64 characters in length 62 Figure 61 IPSec Connection Remote User Access z VPN Connection Sehup Microsoft Intemet Puplorer VEN Tunnel Configuration Conrusttioon Tyre Remote User Access C Gateway to gatiwiy Tunnel Type IPSec x Destreption Tunner setup for remote Connection Hame iemgba Worker fusememe aa Triple DES IDES Difie Halinian Graup 1 babi Pamote User ID Tunnel Shared Key Enerypoon Typa Exchange kiys using Use Perfect Forward Secrecy W m Encryption type choose the encryption type from DES 3DES or AES 3DES is more secure than DES but may take longer to encrypt and decrypt AES provides the highest security but will take longer than 3DES to encrypt and decrypt 3DES and AES are not shipped with the Router as standard due to international restrictions on encryption If your country permits their use they can be downloaded from the 3Com web site at http www 3com com m Exchange keys using choose the encryption method used to exchange shared keys Diffie Hellman Group 5 and Diffie Hellman Group 2 are more secure but less common than Diffie Hellman Group 1 m Use Perfect Forward Secrecy Choose whether to use perfect forward secrecy Using perfect forward secrecy will
111. ted links to other private networks Switch The example in Figure 1 shows a network connected to the Internet without a Router One computer is connected to the Internet using a Cable or DSL modem This computer must always be powered on for the other computers on the network to access the Internet When you use the Secure Router in your network Figure 2 It becomes your connection to the Internet Connections can be made directly to the Router or through an OfficeConnect Hub or Switch expanding the number of computers you can have in your network Figure 2 Example Network Using a Secure Router Your existing cos D i OfficeConnect Secure Router OfficeConnect Switch 10 Secure Router Advantages The advantages of using the Secure Router include m Provides firewall protection against Internet hacker attacks m Implements Stateful Packet Inspection SPI to block net work intrusions m Blocks Denial of Service DoS attacks by using pattern detection m Supports Virtual Private Networks VPNs Initiates and terminates IPSec connections Terminates PPTP and L2TP over IPSec connections m Provides hardware accelerated encryption for IPSec VPNs including L2TP over IPSec m Shared Internet connection m No need for a dedicated always on computer serving as your Internet connection m Cross platform operation for compatibility with Windows Unix and Macintosh computers m Easy to use W
112. teria must be met to be able to use One to One NAT m You must have a static Internet IP address for every computer on your network plus one for the Router itself m The addresses must be in one continuous block in the same subnet m You must have selected Static IP Address as your IP Allocation Mode and have given your Router the first of the Internet addresses allocated by your ISP Figure 40 One to One NAT Screen C4 OfficeConnect Secure Router 3com Weleame hiehwork Address Transation Network Settings SEE RET AT Mode Onertorone NAT Ad d Wetveaerki dranted Meivarking First DP Address in 18 Pool Firewall Coment fitering Firat DP Ausra in LAN Post Cantal YPN Pool Sire Syttem Tends Shabu and Lage Support Feedback Status This page hes chamged Click Anny to cave mew configuration To set up One to One NAT 5 Select the location of the Destination Network in relation to the Router either LAN or WAN from the Location drop down box 1 Select One to One NAT from the NAT Mode drop down box 2 Enter the second address of your Internet range of addresses in the First IP Address in ISP Pool field i gt The list of all routes static and dynamic are listed in the Status and Logs section 6 Click Apply to save your changes 3 Enter the first address in your LAN range of addresses to which ital to map this range in the First IP Address in LAN Pool Figursal Site kouna Saem i gt 3Com recommends th
113. the Secure Router contains a series of indicator lights LEDs that help describe the state of various networking and connection operations Figure 3 Secure Router Front Panel 3CR860 95 i LAN Status Cable DSL OfficeConnect Secure Router 1 2 3 4 Green 100M Yellow 10M Flash Activity 1 Alert LED Orange Indicates a number of different conditions as described below Off The Router is operating normally Flashing quickly Indicates one of the following conditions m The Router has just been started up and is running a self test routine The Alert LED may continue to flash for one minute or longer depending on your network configuration m The system software is in the process of being upgraded In each of these cases wait until the Router has completed the current operation and the alert LED is Off Flashing slowly The Firmware is corrupt or the Router has booted in fail safe mode See Troubleshooting on page 75 12 On for 2 seconds then off The Router has detected and prevented a hacker from attacking your network from the Internet Continuously on A fault has been detected with your Router during the start up process See Troubleshooting on page 75 i gt The Alert LED will be on for a period of between three and five seconds during the power on self test This is normal and no cause for alarm 2 Power LED Green Indicates that the Router is powered on 3 Four LAN Status LEDs
114. the password 69 b gt m f you want to reset the settings on your Router to those that were loaded at the factory click RESET You will lose all your configuration changes The Router LAN IP address will revert to 192 168 1 1 and the DHCP server on the LAN will be enabled You may need to reconfigure and restart your computer to re establish communication with the Router Upgrading the Firmware of your Router The Upgrade facility allows you to install on the Router any new releases of system software that 3Com may make available 3DES and AES encryption are not shipped with the Router as standard due to international restrictions on encryption If your country permits their use they can be downloaded from the 3Com web site at http www 3com com Figure 71 Upgrade Screen OfficeConnect Secure Router System Tools Tres allows you to upgrade the software nvttalied on thes und to a new version downloaded from the a Hom support web site Please select the locaton of the software upgrade file on your PC using the browse Dutton below then press the Anpy button Dowe You need to make sure the Fies of type z set to All files to see the file Once you have downloaded the software use the Browse button to locate the file on your computer and then click on Apply You may need to change the file type in the dialog box displayed by your web browser to to be able to see the file The file will be
115. thms Speakeasy Sterling XO Zyan Cox Cable Sprint US Cable Cable Cable Bell includes Bell Advantage Bell Canada Bell South PacBell and Southwestern Bell 97 98 GLOSSARY 10BASE T The IEEE specification for 10 Mbps Ethernet over Category 3 4 or 5 twisted pair cable 100BASE TX The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted pair cable 3DES Triple DES See DES 3DES is an extremely secure 168 bit encryption system that works by applying the DES encryption system three times on the same message using different keys It is typically used in military applications where it is expected that the VPN traffic will be intercepted and an effort made to decode it AES Advanced Encryption Standard A 256 bit FIPS approved symmetric encryption algorithm that may be used by U S Government organizations and others to protect sensitive information AES provides much higher security than 3DES Auto negotiation Some devices in the OfficeConnect range support auto negotiation Auto negotiation is where two devices sharing a link automatically configure to use the best common speed The order of preference best first is 100BASE TX full duplex 100BASE TX half duplex 10BASE T full duplex and 10BASE T half duplex Auto negotiation is defined in the IEEE 802 3 standard for Ethernet and is an operation that takes place in a few milliseconds 99 Bandwidth The information capaci
116. tion that describes important features or instructions q Caution Information that alerts you to potential loss of data or potential damage to an application system or device Warning Information that alerts you to potential personal injury Table 2 Text Conventions Convention Description The words enter When you see the word enter in this guide you and type must type something and then press Return or Enter Do not press Return or Enter when an instruction simply says type Keyboard key If you must press two or more keys simultaneously names the key names are linked with a plus sign Example Press Ctrl Alt Del Table 2 Text Conventions continued Do not use this e mail address for technical support questions For information about contacting Technical Support please refer convention Description to Obtaining Support for your Product on page 91 Words in italics Italics are used to m Emphasize a point m Denote a new term at the place where it is defined in the text m Identify menu names menu commands and soft ware button names Examples From the Helo menu select Contents Click OK Feedback about this User Guide Your suggestions are very important to us They will help make our documentation more useful to you Please e mail comments about this document to 3Com at pddtechpubs_comments 3com com Please include the following information when commenting m Docume
117. transfer from the United States or country where you legally obtained it without an approved U S Department of Commerce export license and appropriate foreign export or import license as required You agree that you will not export or re export the Technical Data or any copies thereof or any products utilizing the Technical Data in violation of any applicable laws or regulations of the United States or the country where you legally obtained it You are responsible for obtaining any licenses to export re export or import the Technical Data In addition to the above the Product may not be used exported or re exported i into or to a national or resident of any country to which the U S has embargoed or ii to any one on the U S Commerce Department s Table of Denial Orders or the U S Treasury Department s list of Specially Designated Nationals TRADE SECRETS TITLE You acknowledge and agree that the structure sequence and organization of the Software are the valuable trade secrets of 3Com and its suppliers You agree to hold such trade secrets in confidence You further acknowledge and agree that ownership of and title to the Software and Documentation and all subsequent copies thereof regardless of the form or media are held by 3Com and its suppliers UNITED STATES GOVERNMENT LEGENDS The Software Documentation and any other technical data provided hereunder is commercial in nature and developed solely at private expense The Software is
118. two buttons outside the table m Helo displays the online help page for this screen m New creates a new special application See Adding and Editing Special Applications below 53 Adding and Editing Special Applications Click on the New button to create a new special application or on the name of a special application to edit the settings for that application Figure 51 Special Application Settings Screen e Special Application Setup Microsoft Internet Explorer Special Application Settings Choose Application FTP Trigger Port 21 Protocol TCP Multiple Hosts Allowed NO Timeout 3 seconds Session Chaining disabled Address Translation Type None Select the applications from the Choose Application drop down box See Figure 51 If the application you want to define is not in the list select Custom and see Creating Custom Special Applications below Click Add to add the special application to the list of protocols or Close to abort your selection and return to the Special Applications screen Depending on the settings you have made in PC Privileges the Special Application you have defined may not be allowed across the Router See PC Privileges on page 50 Creating Custom Special Applications If your special application is not listed in the Choose Application drop down box you can still configure it manually Select Custom from the Choose Application drop down box and the Special Applicatio
119. ty measured in bits per second that a channel can transmit The bandwidth of Ethernet is 10 Mbps the bandwidth of Fast Ethernet is 100 Mbps Category 3 Cables One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 3 is voice grade cable and can only be used in Ethernet networks 10BASE T to transmit data at speeds of up to 10 Mbps Category 5 Cables One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 5 can be used in Ethernet 10BASE T and Fast Ethernet networks 100BASE TX and can transmit data up to speeds of 100 Mbps Category 5 cabling is better to use for network cabling than Category 3 because it supports both Ethernet 10 Mbps and Fast Ethernet 100 Mbps speeds Client The term used to described the desktop PC that is connected to your network DES Data Encryption Standard DES is one of the encryption protocols that can be used by an IPSec Virtual Private Network It is a strong encryption standard only currently exceeded in security by 3DES DHCP Dynamic Host Configuration Protocol This protocol automatically assigns an IP address for every computer on your network Windows 95 Windows 98 and Windows NT 4 0 contain software that assigns IP addresses to workstations on a network These assignments are made by the DHCP server software that runs on Windows NT Server and Windows 95 and Windows 98 will call the server to obtain the
120. uch as leased line a VPN uses virtual connections through the public network The Secure Router supports both network to network connections and network to remote client connections There are two modes of operation pass through and server The Router supports IPSec tunnels L2TP over IPSec and PPTP connections and allows VPN pass through to enable other secure devices on your network to set up their own secure connections Your Cable DSL modem and your ISP must support IPSec pass through L2TP over IPSec pass through or PPTP pass through for you to be able to use these protocols To allow VPN pass through you must configure a virtual server See The Virtual Servers Menu on page 48 for details of how to configure pass through protocols Setting the VPN Mode The Router supports three modes of VPN operation m PSec Enabled IPSec Internet Protocol Security is a complex secure protocol with a variety of different encryption methods When setting up an IPSec connection between two devices they must support the same encryption method 58 gt m L2TP over IPSec Enabled L2TP over IPSec is a combination of two protocols A user is authenticated using L2TP and encrypts data using IPSec See L2TP Configuration on page 59 L2TP does not support gateway to gateway connections and is only suitable for connecting remote users m PPTP Server Enabled PPTP Point to Point Tunnelling Protocol is an encrypted VP
121. use your Secure Router to connect to the Internet through an external cable or DSL modem Figure 6 Use the supplied cable to connect the Router s Ethernet Cable DSL port to your Cable DSL modem Ensure that your modem is connected to the Internet and switched on Connect your computer to one of the 10 100 LAN ports on the Router Connect the power adaptor to the Router and wait for the Alert LED to stop flashing Check that the Cable DSL Status LED is illuminated Switch on your computer Once your computer is ready to use check that the LAN Port Status LED on the Router is illuminated You have now completed the hardware installation of your Router You now need to set up your computers so that they can make use of the Router to communicate with the Internet 18 SETTING UP YOUR COMPUTERS The OfficeConnect Secure Router has the ability to dynamically allocate network addresses to the computers on your network using DHCP However your computers need to be configured correctly for this to take place To change the configuration of your computers to allow this follow the instructions in this chapter If your computers are configured with static addresses also known as fixed addresses and you do not wish to change this then you should use the Discovery program on the Router CD ROM to detect and configure your Router Refer to Using Discovery on page 79 for information on using the Discovery program Obtaining an IP Ad
122. utable form the Software and accompanying documentation the Documentation subject to the terms and restrictions set forth in this Agreement You are not permitted to lease rent distribute or sublicense except as specified herein the Software or Documentation or to use the Software or Documentation in a time sharing arrangement or in any other unauthorized manner Further no license is granted to you in the human readable code of the Software source code Except as provided below this Agreement does not grant you any rights to patents copyrights trade secrets trademarks or any other rights with respect to the Software or Documentation Subject to the restrictions set forth herein the Software is licensed to be used on any workstation or any network server owned by or leased to you for your internal use provided that the Software is used only in connection with this 3Com product You may reproduce and provide one 1 copy of the Software and Documentation for each such workstation or network server on which the Software is used as permitted hereunder Otherwise the Software and Documentation may be copied only as essential for backup or archive purposes in support of your use of the Software as permitted hereunder Each copy of the Software and Documentation must contain 3Com s and its licensors proprietary rights and copyright notices in the same form as on the original You agree not to remove or deface any portion of any legend
123. warranty benefits contact 3Com or your authorized 3Com reseller Value added services can include 24x7 telephone technical support software upgrades onsite assistance or advance hardware replacement Experienced engineers are available to manage your installation with minimal disruption to your network Expert assessment and implementation services are offered to fill resource gaps and ensure the success of your networking projects More information on 3Com Extended Warranty and Professional Services is available at http www 3com com Contact your authorized 3Com reseller or 3Com for additional product and support information 91 OBTAINING SUPPORT FOR YOUR PRODUCT Troubleshoot Online You will find support tools posted on the 3Com web site at http www 3com com m 3Com Knowledgebase helps you troubleshoot 3Com products This query based interactive tool is located at http knowledgebase 3com com and contains thousands of technical solutions written by 3Com support engineers m Connection Assistant helps you install configure and troubleshoot 3Com desktop and server NICs wireless cards and Bluetooth devices This diagnostic software is located at http www 3com com prodforms software con nection assistant ca_thankyou html Access Software Downloads Software Updates are the bug fix maintenance releases for the version of software initially purchased with the product In order to access these Software Updates you must
124. ystem and 3Com contact information Option Tabs Each menu page may also provide sub sections which are accessed through the use of option tabs see Figure 26 for example To access an option simply click on the required tab 33 Getting Help Figure 27 Notice Board Screen On every screen a Help button is available that provides access to the context sensitive online help system Click this button for further assistance and guidance relating to the current screen Welcome Screen The Welcome section allows you to view the Notice board and to change your Password You can also gain access to the Configuration Wizard See Accessing the Wizard on page 23 for details Viewing the Notice Board The Notice Board shown in Figure 27 below is used to display important messages For example you would be warned if you had disabled the firewall feature or if the LAN and Internet addresses or subnets conflicted 34 Changing the Administration Password You should change the password to prevent unauthorized access to the Administration System Figure 28 Password Screen C A OfficeConnect Secure Router Pasorord Setup WERE Welcome on Passwore Help Network Settings Old Patswored Advanced Networking aot New Password Firewall Content Filtering Contym Password a j VPA y Note Password is case sensitive System Tools Status end Legs Support t eedback Stat Ready To change the password Enter the cur
Download Pdf Manuals
Related Search