Billion Electric Company 7560G User's Manual
Contents
1. emo Sex Delete AB Return 2 Restrict URL Features Block Java Applet This function can block Web content which including the Java Applet It is for preventing someone who wants to damage your system via standard HTTP protocol Block surfing by IP address Preventing someone who uses the IP address as URL for skipping Domains Filtering function 71 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Firewall Log Firewall Log Event will be shown in the Status Event Log Filtering Log O Enable Disable Intrusion Lag O Enable Disable URL Blacking Lag O Enable Disable Apply Firewall Log display log information of any unexpected action with your firewall settings Check the Enable box to activate the logs Log information can be seen in the Status Event Log after enabling a 12 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router VPN Virtual Private Networks Your router support three main types of VPN Virtual Private Network PPTP IPSec and L2TP and these are the two major section choices from the menu on the left E PPIP PPTP VPN PPIP for Remote Access Application Enable Disable Mame Type status vVPN PPIP for LAN to LAN Application Enable Disable Mame Type status Create 2 There are two types of PPTP VPN supported Remote Access and LAN to LAN please refer below for more information2. Click Create to configure a new VPN connection 13 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Remote Access PPTP Connection PPTP Remote Access Connection Dial nut Server IP Address or Hostname NEN ype O Dial in Private IP Address Assigned to Dialin User fo OE Username Connection Mame l Password Auth Type ChapiAuta Data Encryption Key Length Mode Idle Timeout D minutes Apni Connection Name This allows you to identify this particular connection e g Connection to office Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office server check Dial In operates as a VPN server When configuring your router as a Client enter the remote Server IP Address or Hostname you wish to connection to When configuring your router as a server enter the Private IP Address Assigned to Dial in User address Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authenticat
3. Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security Algorithm MUST BE identically set up on both sides Attention 94 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring IPSec VPN in the Head Office IPSec E dit Connection Name IPSec Head lfice C Lacal O Single Address IP Address fF O Net vork 9 Subnet IP Address 192 165 1 0 Netmask 255 255 255 0 D CIP Range IP Address EndP Remote secure Gateway Address or Hostname amia 3 2 Single Address IP Address fF OE NetWork Subnet IP Address Netmask 255 255 255 0 4 OIF Range IP Address f OE End IP FEE Proposal 2200 ac i MM Authentication MDS wiee 7 OAH Authentication Perfect Forward Secrecy ae Pr cshared Key 12845878 fee Encryption 3DES w O Apply Advanced Options ltem Function Description 1 Connection Name IPSec HeadOffice Given a name of IPSec connection Check Subnet radio button 2 IP Address 192 168 1 0 Netmask 255 255 255 0 Secure Gateway Address 69 121 1 30 IP address of the head office router in or Hostname mu WAN side Head office network Check Subnet radio button A IP Address 192 168 0 0 Branch office network Netmask 255 255 255 0 Check ESP radio button Authentication MD5 Encryption 3DES Prefer Forward Security No
4. octet of each IP packet If the value in the Precedence of TOS field matches the checked values in the table 0 to 7 this packet will be treated as high priority 36 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E DHCP Server You can disable or enable the DHCP Dynamic Host Configuration Protocol server or enable the routers DHCP relay functions The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically DHCP Server Configuration Disable DHCP Server Made 9 DHCP Server O DHCP Relay Agent DHCP Server Status Allow Bootp true Allow Unknown Clients true Enable true Subnet Definitions subnet Value 192 165 1 0 SubNetmask 255 255 255 0 Maximum Lease Time ob40U seconds Default Lease Time 43200 seconds Use local host address as ONS server true se local hast address as default gateway true set subnet trom IP interface Iolani IP Range 192 168 1 100 192 768 7 799 iotion domain name servers 0 0 0 0 To disable the routers DHCP Server check Disabled and click Next then click Apply When the DHCP Server is disabled you will need to manually assign a fixed IP address to each PCs on your network and set the default gateway for each PCs to the IP address of the router by default this is 192 168 1 254 To configure the router s DHCP Server check DHCP Server and click Nex
5. Delete 2 Delete 5 Delete 2 Delete 5 Delete 2 Delete 5 Delete 2 63 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router 2 Click Port Filters You will then be presented with the pre defined port filter rules screen in this case for the low security level shown below Port Filters Filtering Rules Add TCP UDP Filter Add Raw IF Filter Return Filtering Table Type Start Port End Part Inbound Outbound TCR 8n 50 Block Allow Edit Delete e Click Delete UDP 53 53 Black Allow Edit Delete TEF 53 53 Block Allow Edit Delete TCP 21 21 Block Allow Edit Delete TCF 23 23 Black Allow Edit Delete TCF 25 25 Block Allow Edit Delete TOP 110 110 Black Allow Edit Delete TCP 118 118 Block Allow Edit Delete UDP 7070 7070 Allow Allow Edit Delete 3 Click Delete to delete the existing HTTP rule 4 Click Add TCP Filter Click Add TCP Filter Port Filters Filtering Rules Add TCP UDP Filter 3 Add Raw IP Filter Return 5 Input the port number 80 and set both Inbound amp Outbound to Allow Port Filters Add TE PSUDP Filter Transport Type Start Port Port Range Input HTTP port number End Part zu Inbound lows T Direction EM Select Allow Outbound Allow bud Retum Q 64 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router 6 The new port filter rule for HTTP is shown b
6. S O Eb p o 2A Noe Only the BIPAC 7560G has a wireless interface and antenna BIPAC 7560 router does NOT have an antenna or wireless interface connecting to the ADSL telephone network Connect a PS2 RS 232 cable to this port when connecting to a a CONSOLE PC s RS 232 port 9 pin serial port LAN Connect a UTP Ethernet cable Cat 5 or Cat 5e to one of the M LINE Connect the supplied RJ 11 telephone cable to this port when 1X 4X four LAN ports when connecting to a PC or an office home RJ 45 connector network of 10Mbps or 100Mbps After the device is powered on press it to reset the device or restore to factory default settings 0 3 seconds reset the device 6 seconds above restore to factory default settings this is used when you cannot login to the router E g forgot the password s PWR Connect the supplied power adapter to this jack Power Switch Power ON OFF switch Chapter 2 Installing the Router Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Cabling One of the most common causes of problems is bad cabling or ADSL line s Make sure that all connected devices are turned on On the front of the product is a bank of LEDs Verify that the LAN Link and ADSL line LEDs are lit If they are not verify that you are using the proper cables Ensure that all other devices connected to the same telephone line as your Billion router e g telephones fax machines
7. See Figure 3 8 General Figure 3 6 LAN Connection Status Connect using 6 Click OK to finish the configuration Components checked are used by this connection 8f Client for Microsoft Networks Iv B File and Printer Sharing For Microsoft Networks Internet Protocol TCP IP Install Uninstall Properties m Description Transmission Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected OK Cancel Figure 3 7 TCP IP Internet Protocol TCP IP Properties 2 x General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings f Obtain an IP address automatically Use the following IP address IP address Subnet mast Default gateway Obtain DNS server address automatically Use the following DNS server addresses Preterred DNS server Alternate DNS server Advanced Cancel Fi gure 3 8 IP Address amp DNS Configuration 11 Chapter 3 Basic Installation For Windows 98 ME Go to Start Settings Control Panel In the Control Panel double click Network and choose the Configuration tab select TCP IP NE2000 Compatible or the name of any Network I
8. UPnP Portmap The section lists all port mapping established using UPnP Universal Plug and Play Please see the Advanced section of this manual for more details on UPnP and the routers UPnP configuration options UPnP Portmap UPnP Portmap Table Mame Pratacal External Port Redirect Fart IP Address emwebigd1 024 udp Giaa ae aa 2 15852 15052 192 168 1 205 emwebigd1025 tcp 456059 18888 14811 14811 182 158 1 205 emwebigd1063 udp 4210 S10 15169 15169 182 158 1 207 emwebigd1064 tcp 50937 50937 14500 14500 192 168 1 202 Chapter 4 Configuration 28 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Quick Start Quick Start Connection YPI va MAT Enable Disable Optional Settings IP Address 0 0 0 0 U L L D means Obtain an IP address automatically subNetmask Default Gateway f DNS Primary DNS Po secondary UNS f O PPP For detailed instructions on configuring your WAN settings please see the WAN section of this manual Usually the only details you will need for the Quick Start wizard to get you online are your login often in the form of username ispname your password and the encapsulation type Your ISP will be able to supply all the details you need alternatively if you have deleted the current WAN Connection in the WAN ISP section of the interface you can use the routers PVC Scan feature to attempt to determine the Encapsulation types offered by your ISP
9. 254 69 121 1 30 69 121 1 3 192 168 1 254 VPN Connection 192 168 0 0 24 192 168 1 0 24 IPSec VPN LAN to LAN Chapter 4 Configuration 97 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring IPSec VPN in the Office IPSec E dit Connection Mame Local O Single Address MetVork Subnet OIF Range Remote secure Gateway Addressior Hostname 9 Single Address Pss G IP Address 182 158 1 Metmask IP Address EndlP 69 121 1 30 c IP Address 59 121 1 30 e 255 255 255 0 gt Netvyork Subnet IP Address EE Metmask Po OIP Range IP Address EndlP Sal O00 0000 nn 6 6 MM p Authenticatian MDS ov as Encryption 3DES G O AH Authentication E Mane w om Apply Advanced Options C Item Function Description 1 Connection Name IPSec Givena name of IPSec connection Eie rs Check Subnet radio button IP Address 192 168 1 0 Head office network 255 255 255 0 Secure Gateway Address 69 121 1 30 IP address of the head office router in or Hostname mu WAN side a Readies RE rado owon ESP 1 f Check ESP radio button Encryption 3DES Security plan Prefer Forward Security None Pre shared Key 12345678 98 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a Remote Access L2TP VPN Dial in Connection A remote worker establishes a
10. 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Port Setting This section allows you to configure the settings for the router s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet as well allowing users to tweak the performance of their network Port Setting Parameters Part Connection Type l Au to i Portz Connection Type Ports Connection Type Part4 Connection Type IPv4 TOS Priority Control Enable Disable Set High Priority TOS ZB NEM mg uu Fo DE pi Port Connection Type Five options to choose from Auto 10M half duplex 10M full duplex 100M half duplex or 100M full duplex Sometimes there are Ethernet compatibility problems with legacy Ethernet devices and you can configure different types to solve compatibility issues The default is Auto which users should keep unless there are specific problems with PCs not being able to access your LAN IPv4 TOS priority Control Advanced users TOS Type of Services is the 2 octet of an IP packet Bits 6 7 of this octet are reserved and bit 0 2 are used to specify the priority precedence of the packet and bits 3 5 are specified the delay throughput and reliability This feature uses bits 0 2 to classify the packet s priority If the packet is high priority it will flow first Therefore when this feature is enabled the router s Ethernet switch will check the 2
11. ADSL VPN Firewall Router E IPSec IPSec YPN Tunnels Enable Disable Mame Local subnet Remote Subnet Remote Gateway Create 3 Click Create to configure a new IPSec VPN connection Chapter 4 Configuration IPSec Proposal 78 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configure a new VPN Connection IPSec Create Local Single Address IP Address 0 0 Netvvork CO Subnet IP Address Pf OE Metmask EE OIP Range IP Address EndP Remote secure Gateway Address or Hostname Po Single Address IP Address 0 Netvvork CO Subnet IP Address Ps Metmask EE OIP Range PAddess EnlP Proposal Authentication Mus Encryption OAH Authentication Perfect Forward Secrecy Pre shared Key Po Connection Name A user defined name for the connection e g connection to office Local Local Network Set the IP address subnet or address range of the local network Single Address The IP address of the local host Subnet The subnet of the local network For example IP 192 168 1 0 with netmask 255 255 255 0 specifies one class C subnet starting from 192 168 1 1 i e 192 168 1 1 through to 192 168 1 254 IP Range The IP address range of the local network For example IP 192 168 1 1 end IP 192 168 1 10 Remote Secure Gateway Address or hostname The IP address or hostname of the remote VPN device that is connected and establishes a VPN tunnel Network Set
12. Auto Scan Before you scan the Pv Cs please DELETE all the WAN interfaces IP Address if provided by ISP Gateway provided by ISP 29 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Click Start to begin scanning for encapsulation types offered by your ISP If the scan is successful you will then be presented with a list of supported options 1 found PPPoE PVC on 733 duck Start Configuration cave Config to FLASH Language Auto Scan P Cancel Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection Please note that the contents of this list will vary depending on what is supported by your ISP 30 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuration When you click this item you get following sub items to configure the ADSL router LAN WAN System Firewall VPN QoS Virtual Server and Advanced These functions are described below in the following sections LAN Local Area Network There are four items within the LAN section Ethernet Wireless Wireless Security Powerline Port Setting and DHCP Server E Ethernet Ethernet Primary IP Address IP Address 492 m 255 Boss E RIP O RIPvI LI RIPw O RIP v2 Multicast secondary IP Address The Secondary IP Address should be an the same subnet as the Primary IP Add
13. L2TP VPN connection with the head office using Microsoft s VPN Adapter included with Windows XP 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Office LAM Public IP 61 56 158 112 192 168 0 254 Remote Worker a L TP Client Router Encryption Data LTF Server VPN Connection 192 168 0 0 24 L2TP VPN Remote Access Dial in Chapter 4 Configuration 99 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring L2TP VPN in the Office The input IP address 192 168 1 200 will be assigned to the remote worker Please make sure this IP is not used in the Office LAN L2TP Remote Access Connection Connection Mame X d E ko T Dial out Server IP Address or Hostname Type Pe Dial in Private IP Address Assigned to Dialin User 192 168 1200 2 Password Auth Type Chap A amp uta a Idle Timeout O minutes Cs LL E 7 Item Function 1 Connection Name VPN L2TP B Private IP Address Assigned 192 168 1 200 An assigned IP address for the remote worker to Dialing User username Input username amp password to authenticate Password 123456 remote worker 4 Auth Type Chap Auto Keep as default value in most of the cases The connection will be disconnected when there Idle Timeout 0 Is no traffic in a predefined period of time Idle time 0 means the connection is always on Authentic
14. URL Filter URL Uniform Resource Locator e g an address in the form of http www billion com or http www example com filter rules allow you to prevent users on your network from accessing particular websites by their URL There are no pre defined URL filter rules you can add filter rules to meet your requirements URL Filter Configuration URL Filtering Enable Disable 9 Always Block Block Made 08 w 00 oo v Black fram a oncoy A Keywords Filtering Enable Details Enable Details Disable all WEB traffic except for Trusted Domains Block Java Applet Black surfing by IP address Domains Filtering Restrict URL Features Enable Disable To enable or disable URL Filter feature Always Block Select to always check the URL filter rules i e at all hours of the day Block from Specify the time period to check the URL filter rules e g during work hours Keywords Filtering Allows blocking by specific keywords within a particular URL rather than having to specify a complete URL e g to block any image called advertisement gif When enabled your specified keywords list will be checked to see if any keywords are present in URLs accessed to determine if the connection attempt should be blocked Please note that the URL filter blocks web browser HTTP connection attempts using port 80 only For example if the URL is http www abc com abcde html it will be dropped as
15. a program on your computer attempts to access the Internet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Detail You can define the destination port and packet type TCP UDP without checking by timer It allows you to set which outgoing traffic will not trigger and reset the idle timer RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface Advanced Options PPPoE LLC Header Selects encapsulation mode true for using LLC or false for using VC Mux Create Route This setting specifies whether a route is added to the system after IPCP Internet Protocol Control Protocol negotiation is completed If set to enabled a route will be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a specific or default route If set to enabled the route created will only apply to packets for the subnet at the remote end of the PPP link The address of this subnet is obtained during IPCP negotiation Subnet Mask sets the subnet mask used for the local IP interface connected to the PPP transport If the value 0 0 0 0 is supplied the netmask will be calculated from the class of the IP address obtained
16. analogue modems have a line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection including causing frequent disconnections Chapter 2 Installing the Router Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 3 Basic Installation The router can be configured with your web browser A web browser is included as a standard application in the following operating systems Linux Mac OS Windows 98 NT 2000 XP Me etc The product provides a very easy and user friendly interface for configuration PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub and have TCP IP installed and configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router The default IP address of the router is 192 168 1 254 and the subnet mask is 255 255 255 0 i e any attached PC must be in the same subnet and have an IP address in the range of 192 168 1 1 to 192 168 1 253 The best and easiest way is to configure the PC to get an IP address automatically from the router using DHCP If you encounter any proble
17. login and password refer to Chapter 3 If this fails you can your router login restore your router to its factory settings by holding the Reset button on the and or password back of your router more than 6 seconds Problems with the WAN Interface Ensure that the telephone cable is connected properly from the ADSL port to the wall jack The ADSL LED on the front panel of the router should be Initialization of the PVC connection linesync failed on Check that your VPI VCI encapsulation type and type of multiplexing settings are the same as those provided by your ISP Reboot the router GE If you still have problems you may need to verify these settings with your ISP LLL 17 Chapter 5 Troubleshooting Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Frequent loss of Ensure that all other devices connected to the same telephone line as your ADSL linesync Billion router e g telephones fax machines analogue modems have a disconnections line filter connected between them and the wall socket unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician and ensure that all line filters are correctly installed and the right way around Missing line filters or line filters installed the wrong way around can cause problems with your ADSL connection including causing frequent disconnections Problems with the LAN Interface
18. reset your router to factory settings by holding the small Reset pinhole button on the back of your router in for 10 12 seconds whilst the router is turned on 55 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E User Management User Management Current Defined Users Walid ser Comment true admin Default admin user Edit 2 Create 3 In order to prevent unauthorized access to your router s configuration interface it requires all users to login with a password You can set up multiple user accounts each with their Own password You are able to Edit existing users and Create new users who are able to access the device s configuration interface Once you have clicked on Edit you are shown the following options User Management Edit sername admin Password eree O O You can change the user s password whether their account is active and Valid as well as add a comment to each user account These options are the same when creating a user account with the exception that once created you cannot change the username You cannot delete the default admin account however you can delete any other created accounts by clicking Delete when editing the user You are strongly advised to change the password on the default admin account when you receive your router and any time you reset your configuration to Factory Defaults 56 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerl
19. security key automatically between wireless client and Access Point AP 33 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router WEP Wireless Security Parameters security Mode WEF v WEP Encryption OWEPS4 WEP128 Default Used WEP Key O iy Key O 00 00 00 00 00 00 00 00 00 00 00 00 00 Key 1 Key 2 00 00 00 00 00 00 00 00 00 00 00 00 00 Key 3 00 00 00 00 00 00 00 00 00 00 00 00 00 WEP Encryption To prevent unauthorized wireless stations from accessing data transmitted over the network the router offers highly secure data encryption Known as WEP If you require high security for transmissions there are two alternatives to select from WEP 64 and WEP 128 WEP 128 will offer increased security over WEP 64 Passphrase This is used to generate WEP keys automatically based upon the input string and a pre defined algorithm in WEP64 or WEP128 You can input the same string in both the AP and Client card settings to generate the same WEP keys Please note that you do not have to enter Key 0 3 as below when the Passphrase is enabled Default Used WEP Key Select the encryption key ID please refer to Key 0 3 below Key 0 3 Enter the key to encrypt wireless data To allow encrypted data transmission the WEP Encryption Key values on all wireless stations must be the same as the router There are four keys for your selection The input format is in HEX style 5 and 13 HEX code
20. the keyword abcde occurs in the URL 69 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 4 Configuration 70 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Domains Filtering This function checks the domain name in URLs accessed against your list of domains to block or allow If it is matched the URL request will be sent Trusted or dropped Forbidden The checking procedure is 1 Check the domain in the URL to determine if it is in the trusted list If yes the connection attempt is sent to the remote web server If not check if it is listed in the forbidden list and if present then the connection attempt is dropped If the packet does not match either of the above two items it is sent to the remote web server Please be note that the domain only should be specified not the full URL For example to block traffic to www sex com enter sex or sex com instead of www sex com In the example below the URL request for www abc com will be sent to the remote web server because it is listed in the trusted list whilst the URL request for www sex or www sex com will be dropped because sex com is in the forbidden list Domains Filtering Domain Name Domain Mame Sex Type Forbidden Domain Farhidden Damain Apply Trusted Domain Lu MERE TENERENT ecce www abo com Delete NM lur tere NIU A
21. the value automatically Refer to manual for details if you Mode stateful want to change the setting The connection will be disconnected when Idle Time there Is no traffic in a predefined period of time Idle time 0 means the connection is always on 90 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a LAN to LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Branch Office Head Office Public IP 192 168 0254 69 121 1 33 192 168 1254 Router Router Encryption Data PPTP Client PPTP Server VPH Connection 192 168 0 0 24 192 168 1 0 24 PPTP VPN LAN to LAN Both office LAN networks MUST in different subnet with LAN to LAN application Attention 91 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring PPTP VPN in the Head Office The IP address 192 168 1 201 will be assigned to the router located in the branch office Please make sure this IP is not used in the head office LAN PPTP LAN to LAN Connection Mame HeadOtice Dial out Server IP Address or Hostname eS Type Dial in Private IP Address Assigned to Dialin User 192 168 1200 2 Peer Network IP 192 165 0 0 Metmask 255 255
22. 2 11g ADSL Router A Wireless Security QoS Fa EI R ao i NL WEP WPA Prioritization IP Throttling a 3 a H a Powerline adapter BIPAC 2060 in B Powerline adapter BIPAC 2060 E T M 4 Adapter ADSLE Internet VPN PPTP IPSec L2TP BIPAC 7560G HARTA Sd LJ LI Firewall SPI DoS URL Blocking A Figure 1 2 Application Diagram of BIPAC 7560G Powerline 802 11g ADSL VPN Firewall Router Thank you for your purchase and welcome to the world of broadband Internet Chapter 1 Introduction Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 2 Installing the Router Important note for using the BIPAC 7560 G ADSL Router Do not use the BIPAC 7560 G in high humidity or high temperatures Do not use the same power source for the BIPAC 7560 G as other equipment Do not open or repair the case yourself If the BIPAC 7560 G is Warning too hot turn off the power immediately and have it repaired at a qualified service center Avoid using this product and all accessories outdoors Place the BIPAC 7560 G on a stable surface Only use the power adapter that comes with the package Using a different voltage rating power adaptor may damage the router Attention Package Contents BIPAC 7560 G Powerline 802 11g ADSL VPN Firewall Router CD ROM containing the online manual RJ 11 ADSL telephone Cable Ethernet CA
23. 255 0 e sername Username Password eesse Auth Type ChapiAuto Data Encryption key Length Mode C5 Idle Timeout 0 minutes e Item Funcio Description EM HeadOffice Given a name of PPTP connection Dialin CheckDialin Private IP Address Assigned 192 168 1 200 IP address assigned to branch office network to Dialing User ENMMMEMPC IM Q3 X Netmask 2652552550 o EE E rare Input username amp password to authenticate branch Saad es Keep as default value in most of the cases PPTP Data Encryption server amp client will determine the value automatically Key Length Refer to manual for details if you want to change the stateful setting The connection will be disconnected when there Is no Idle Time traffic in a predefined period of time Idle time 0 means the connection is always on 92 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring PPTP VPN in the Branch Office The IP address 69 1 121 30 is the Public IP address of the router located in head office If you registered the DDNS please refer to the DDNS section of this manual you can also use the domain name instead of the IP address to reach the router PPTP LAN to LAN Connection Mame BranchOfice 9 Dial out oever IP Address or Hostname 53 121 1 33 gt Type Dial in Private IP Address Assigned to Dialin User fF O
24. 28 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts 84 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router LAN to LAN L2TP Connection L2TP LAN to LAN Connection Mame Dial aut Server IP Address or Hostname bo TE CO Dial in Private IP Address Assigned to Dialin User Po Peer Network IP Po Metmask PF O Username fs Password Po Auth Type ChaplAuta Idle Timeout O minutes IPSec Enable Authentication Mone Encr
25. 3 10 IP Address TCP IP Properties 2 x Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration IP Address unt aum J Enable DNS Host Td ETVET Seach Wer Doman sutiy Search Wraer Bele Remove Cancel Figure 3 11 DNS Configuration 12 Billion BIPAC 75607560G Powerline 802 11g ADSL VPN Firewall Router For Windows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties See Figure 3 12 3 Select the Obtain an IP address from a DHCP server radio button and click OK See Figure 3 13 Chapter 3 Basic Installation Network i I x l Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NWLink IPX SPX Compatible Transport Y NWLink NetBIOS di Bewwe _ CBropetios d Unde Description Transport Control Protocol Intemet Protocol The default wide area network protocol that provides communication across divetse interconnected Figure 3 12 TCP IP Microcolt TCPAP Properties IP Address ONS WINS Address Routing An IP address can be automatically assigned bo this network card by a DHCP sever IF your network does not have a DHCP server ack pour niebacck administrator for an address amd then bape itin Ihe space below btan an lP address from a DHCP ser
26. 60 7560G Powerline 802 11g ADSL VPN Firewall Router Information from your ISP Before configuring this device you have to check with your ISP Internet Service Provider what kind of service is provided such as PPPoE PPPoA RFC1483 or IPoA Gather the information as illustrated in the following table and keep it for reference VPI VCI VC based LLC based multiplexing Username Password Service Name and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually PPPoA VPI VCI VC based LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned by your ISP when you connect or be set manually RFC1483 Bridged VPI VCI VC based LLC based multiplexing to use Bridged Mode RFC1483 Routed VPI VCI VC based LLC based multiplexing IP address Subnet mask Gateway address and Domain Name System DNS IP address it is fixed IP address VPI VCI VC based LLC based multiplexing IP address Subnet mask Gateway address and Domain Name System DNS IP address it is fixed IP address 16 Chapter 3 Basic Installation Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring with your Web Browser Open your web browser enter the IP address of your router which by default is 192 168 1 254 and click Go a user name and password window prompt will appear The default usernam
27. 9 W 8 0T gg bI 0 M BB8 05 JDUg o v m 838 3 080 gg 2 a C E zb E cui zb E oui zb 2 2 Enable Select it to activate the function Application A name that identifies an existing rule Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or IP range of packets to be monitored Destination IP address Range The destination IP address or IP range of packets to be monitored Upstream Rate Limit This function allows you to limit the speed of IP traffic from LAN to WAN The value entered will limit the speed of the application that you identified The speed can be specified in multiple of 32kbps 09 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Virtual Server Port Forwarding In TCP IP and UDP networks a port is a 16 bit number used to identify which application program usually a server incoming connections should be delivered to Some ports have numbers that are pre assigned to them by the IANA the Internet Assigned Numbers Authority and these are referred to as well known ports Servers follow the well known port assignments so clients can locate them If you wish to run a server on your network that can be accessed from the WAN i e from other machi
28. AC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Address Filters Address Filters are used to block traffic to from particular IP addresses They can be used to block IP addresses either on the Internet or on your local network There are no pre defined address filter rules you can add the filter rules to meet your requirements There are two kinds of address filters one is inbound and the other is outbound The rules can be set to prevent unauthorized users hosts or network to access the Internet from LAN outbound and or access LAN from the Internet inbound Host IP Address This is the IP address you wish to block access to or from Host Subnet Mask This is the subnet mask for the IP address range you wish to block Direction Whether you want to block access to the Internet outbound from the Internet inbound or both to and from the Internet both Tip To block access to from a single IP address enter that IP address as the Host IP Address and use a Host Subnet Mask of 255 255 255 255 UUMUME A MM H 074 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring your firewall to allow for a publicly accessible web server on your LAN The pre defined port filter rule for HTTP TCP port 80 is the same no matter whether the firewall is set to a high medium or low security level To setup a web s
29. Algorithm MUST BE identically set up on both sides Attention 04 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring L2TP VPN in the Head Office The IP address 192 168 1 200 will be assigned to the router located in the branch office Please make sure this IP is not used in the head office LAN L2TP LAN to LAN Connection Mame server IP Address for Hostname ey Private IP Address Assigned to Dialin User 192 168 1 200 2 Peer Network IP 92 168 0 0 Netmask Username usemame Password me Type KO 9 9 2 ED 5 2 5 T Auth Type Chap amp uta 5 Idle Timeout O minutes Co PSone T erate ID MDS Encryption DES Er Perfect Forward Secrecy E F i e ER c K Item Function Description 1 Connection Name HeadOffice Given a name of L2TP connection Dial in Check Dial in Private IP Address Assigned 192 168 1 200 IP address assigned to branch office network to Dialing User Em Peer Network IP 192 168 0 0 Branch office network Netmask 2552552550 59 4 Husememe __fusermamme Input username amp password to authenticate branch office nea 5 AuthType Chap Auto _ Keep as default value in mostofthecases The connection will be disconnected when there Is no Idle Timeout traffic in a predefined period of time Idle time 0 means the connection is al
30. BILLION BIPAC 7560 7560G Powerline 802 119 ADSL VPN Firewall Router User s Manual Version Release 1 54c Table of Contents CHAPTER 1 INTRODUCTION INTRODUCTION TO YOUR BIPAC 7560 G ROUTER nnne 1 FEATURES oe caacunsucanesnteucertucaspuamesscuuncetvecesheusivs ctusestvansuisuiuvsdssnnsuisedunssiteamnaaceviostnssunmneanseaiatanisd 1 BIPAC 7560 G POWERLINE 802 11G ADSL ROUTER APPLICATION nnns 4 CHAPTER 2 INSTALLING THE ROUTER 5 IMPORTANT NOTE FOR USING THE BIPAC 7560 G ADSL ROUTER 5 PACKAGE CONTENTS zemouiciotiriadap vna HE EEE IA EOE NE EXT RER REL SECURE FI AEIUEEA EE XUI A 5 iudidd m 6 ME FRE du cMee M 7 CABLING eroii cvs H 8 CHAPTER 3 BASIC INSTALLATION 9 CONNECTING YOUR ROUTER iricnua acc cKI UH ET E SEUEUEEEENTIEER LCS rumen HUNE FEX EIER IEEN CES 9 CONFIGURING PCS IN WINDOWS ceno snp Or AERE DERNIER UTERE CERES EUE EXE EXE POLEN EASA 10 For DC m 10 xus cedi 11 For Windows 98 mc 12 FOr snc s esenea arenie EEEa REOTA EEEa Eaa aan Eaa A 13 FACTORY DEFAULT SETTINGS oisinn udaan E E A 14 Usemame and Pac SWOT cnssistinn nE aE E REIR PS 15 LAN and
31. Corrective Action Can t ping any PCs on Check the Ethernet LEDs on the front panel The LED should be on for a the LAN port that has a PC connected If it is off check the cables between your router and the PC Make sure you have uninstalled any software firewall for troubleshooting Verify that the IP address and the subnet mask are consistent between the router and the workstations L A23 Chapter 4 Troubleshooting Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router APPENDIX A Product Support and Contact Information problems can be solved by referring to the Troubleshooting section in the User s Manual If you cannot resolve the problem with the Troubleshooting chapter please contact the dealer where you purchased this product Contact Billion AUSTRALIA http www billion com au 2004 Billion Electric Co Ltd PC Range P L All Rights Reserved WORLDWIDE http www billion com Mac OS is a registered Trademark of Apple Computer Inc Windows 98 Windows NT Windows 2000 Windows Me and Windows XP are registered Trademarks of Microsoft Corporation 2 Appendix A Product Support
32. Count Drop Packet Show Log Net Bus Scan RENI ECNO Default 15 c sec Src IP Source IP Src Port Source Port Dst Port Destination Port Dst IP Destination IP 67 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E MAC Address Filter A MAC Media Access Control address is the unique network hardware identifier for each PC on your network s interface i e its Network Interface Card or Ethernet card Using your routers MAC Address Filter function you can configure the switch to only accept traffic from specified machines or else to block specific machines from accessing your LAN There are no pre defined MAC address filter rules you can add the filter rules to meet your requirements MAC Address Filter Filtering Rules MAC Address Filter Enable Disable For LAN ethernet frames only the following Source MAC Address es are C Allowed Blocked 00 00 00 00 00 00 o Enable Disable To enable or disable the MAC Address Filter function Allowed Blocked To allow or block the following MAC addresses to surf outside network only If you check Allowed please be sure your PC s MAC address is listed If you check Blocked please be sure your PC s MAC address is not listed MAC Address There are 10 entries to enter the MAC addresses you want manage 68 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E
33. ER il NAT Enable Disable IP Address U 0 0 0 means Obtain an IP address automatically Authentication Protocol Connection Idle Timeout ENSE minutes Details RIP RIP v1 O RIP v2 LI RIP v2 Multicast Apply Advanced Options C Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive IP Address Specify an IP address allowed to logon and access the router s web server Note IP 0 0 0 0 indicates all users who are connected to this router are allowed to logon the device and modify data Authentication Protocol Type Default is Chap Auto Your ISP will advise you whether to use Chap or Pap 45 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Connection Always on If you want the route
34. IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive This will usually be in the format of username ispname instead of simply username Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive Service Name This item is for identification purposes If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters IP Address specify if the Router can get an IP address from the Internet Server Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the 41 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router DHCP client function and specify the IP address manually The setting of this item is specified by your ISP Authentication Protocol Default is Chap Auto Your ISP will advise you whether to use Chap or Pap Connection Always on If you want the router to establish a PPPoE session when starting up and to automatically re establish the PPPoE session when disconnected by the ISP Connect to Demand If you want to establish a PPPoE session only when there is a packet requesting access to the Internet i e when
35. IPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a Remote Access PPTP VPN Dial out Connection A company s office establishes a PPTP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Office LAM Public IP 69 12 1 1 33 192 168 0254 2 S nternet peaa Server Router Encryption Data PPTP Server PPTP Client VPH Connection Dial out 192 168 0 024 PPTP VPN Remote Access Dial out 89 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring the PPTP VPN in the Office You can either input the IP address 69 1 121 33 in this case or hostname to reach the server PPTP Remote Access Connection Connection Mame YPM PPTP T Dial out server IP Address for Hostname 58 121 1 33 ey ype C Dial in Private IP Address Assigned ta Dialin User PF OS Username Password e me Auth Type Chapi amp uta Data Encryption key Length Mode 4 Idle Timeout 0 minutes Cs Item Function Description 1 Connection Name VPN PPTP Given name of PPTP connection BL Ram Tessas Check Dial out Server IP Address 6o 454 4 33 An Dialed server IP or Hostname A given username amp password 123456 Auth Type Chap Auto Data Encryption Keep as default value in most of the cases Key Length PPTP server amp client will determine
36. P settings Obtain an IP address automatically Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses Figure 3 4 IP Address amp DNS Configuration 10 Chapter 3 Basic Installation Billion BIPAC 75607560G Powerline 802 11g ADSL VPN Firewall Router J Network and Dial up Connections Cf x F W d 2 0 00 File Edit wiew Favorites Tools Advanced Help El 0 r n 0 WS Back gt t A Search UFolders History UA ae ay Network and Dial up Connections Go as mj H Address Make New 1 Go to Start Settings Control Panel In the Control Network and Dial comecen Panel double click Network and Dial up Connections Type LAN Connection Status Fnahled hd 2 Double click Local Area LAN Connection See 9 re 3 5 LAN Area Connection Fig ure 3 5 Local Area Connection Status E x General Connection Status Connected 3 In the LAN Area Connection Status window click zo m Properties See Figure 3 6 iiis ELUNE Actiyiby mmj Sent 1 Received L ak Packets 12 215 108 427 4 Select Internet Protocol TCP IP and click Properties See Figure 3 7 Properties Disable Close 5 Select the Obtain an IP address automatically and Obtain DNS server address automatically radio zix buttons
37. Peer Network IP 182 168 1 0 Netmask 255 255255 0 e sername username a a Auth Type Chapi amp uta Data Encryption Key Length Mode E Idle Timeout 0 minutes Co Apply Item Function Description BranchOffice Given a name of PPTP connection Dial out Check Dial out Server IP Address 69 121 1 33 IP address of the head office router in WAN side or Hostname Peer Network IP 192 168 1 0 Head office network Netmask 255 255 255 0 Username username Input username amp password to authenticate branch iz3456 office network Auth Type Chap Auto Keep as default value in most of the cases PPTP Data Encryption server amp client will determine the value automatically Key Length Refer to manual for details if you want to change the stateful setting The connection will be disconnected when there Is no Idle Time traffic in a predefined period of time Idle time 0 means the connection is always on 93 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a IPSec LAN to LAN VPN Connection Branch Office Head Office Public IP Public IP 192 168 0 254 69 121 1 30 609 121 1 5 192 168 1 254 Router Encryption Data IPSec IPSec VPN Connection 192 168 0 0 24 192 168 1 0 24 IPSec VPN LAN to LAN Table 3 Network Configuration and Security Plan Bnei Office E Remote Network ID 192 168 1 0 24 192 168 0 0 24
38. PoE WAN Link Factory Defaults D 32 Edit 2 Change The factory default is PPPoE If your ISP uses this access protocol click Edit to input other parameters as below If your ISP does not use PPPoE you can change the default WAN connection entry by clicking Change A simpler alternative is to select Quick Start from the main menu on the left Please see the Quick Start section of the manual for more information 39 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router RFC 1483 Routed Connections WAN Connection RFC 1483 Routed Description RFC 1403 routed mode Pl MAT 9 Enable C Disable Encapsulation Method Obtain an IP address automatically via DHCP client C Use the following IP address IP Assignment IP Address Po RIP C RIP v1 L RIP v2 L RIP v2 Multicast Description Your description of this connection VPI and VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT function can be disabled Encapsulation method Select the encapsulation format the default is LIcBridged Select the one provided by your ISP DHCP client Enable or disable the DHCP client specify if the Router
39. T 5 LAN Cable Console PS2 RS232 Cable Power adapter for EU Market Only 2 dBi Antenna 7560G only Quick Start Guide Chapter 2 Installing the Router Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router The Front LEDs Antenna E a ee ee ai i i 1 2 3 4 5 6 7 8 9 10 1 12 13 F A OTE Only the BIPAC 7560G has a wireless interface and antenna BIPAC 7560 router does NOT have an antenna or wireless interface Lit when power is ON Gem Lit when the system is ready LAN port 1 Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is transmitted received LAN port 2 Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is transmitted received LAN port 3 Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps Blinking when data is transmitted received tem Lit when connected to an Ethernet device Green for 100Mbps Orange for 10Mbps nd when data is transmitted received MEN ss when econ data d RN Blinking when data is trinsimiffedi scele 100 MAIL Flash when there is Email in your NIORT o Email account e re PE rer 13 ADSL Lit when successfully connected to an ADSL DSLAM linesync Chapter 2 Installing the Router Billion BIPAC 7560 7560G Powerline 802 119 ADSL VPN Firewall Router The Rear Ports Antenna
40. WAN Port AUUf eSSOS scasseieaiaverdiitron UA RE Ropa oor don DTE Re ib 15 INFORMATION FROM YOUR IS Pantano Cet inen eb rep ERE tenants 16 CONFIGURING WITH YOUR WEB BROWSER nnne 17 CHAPTER 4 CONFIGURATION 18 cual m 19 ARP FADE 19 Wireless espere o e ERES OU G OI mm 20 89 ME m 22 EK Leased Table DOO 22 E Expired Table mmm nnne nnn 22 E Permanent Table ccccccccccccccccccccccccccceceeeeeeeececeeeecececececeeeeeneasattteneeeee 22 Table of Contents i PPTP nic E 23 lg sn ea E E E es 24 N EE E EE E AEN E A EE E T A 25 POWIE ee E A E MUE M NNNM MM 26 Sis eds UU RET tivstna E 26 sco 21 EO LOO TINO V O 7AE OO e2Z2u O QCUC 21 AST CC CREME UTTMMMMTTmT 20 HP IVE ie Ol Ve sco Don ako TO E DIVA np NOUIS 20 OUK START EN 29 CONFIGURATION e 31 WARNER IUE ARCET TNE 31 K Ethernet 2 0 0 0 cccccccccccceccececeeceeecceeeeeeeeeeeeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeteeeeeeeeeee 31 E Wireless 7560G Only 32 E Wireless Security 7560G Only 33 K Powerline 00 eeeeccceccecececeeccceececeeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeteet
41. When using PAP the password is sent unencrypted whilst CHAP encrypts the password before sending and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply after changing settings 83 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router IPSec Enable for enhancing your LT2P VPN security Authentication Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit There are three options Message Digest 5 MD5 Secure Hash Algorithm SHA 1 or NONE SHA 1 is more resistant to brute force attacks than MD5 however it is slower MD5 Aone way hashing algorithm that produces a 128 bit hash SHA 1 A one way hashing algorithm that produces a 160 bit hash Encryption Select the encryption method from the pull down menu There are four options DES 3DES AES and NONE NONE means it is a tunnel only with no encryption 3DES and AES are more powerful but increase latency DES Stands for Data Encryption Standard it uses 56 bits as an encryption method S3DES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 1
42. YHE C Dial in Private IP Address Assigned to Dialin User fs Connection Name Username PY Password PF OE Auth Type Idle Timeout D minutes IPSec Enable Authentication Mone Encryption MULL v Perfect Farward Secrecy Mone Pre shared Key Connection Name This allows you to identify this particular connection e g Connection to office Il Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office server check Dial In operates as a VPN server Q When configuring your router as a Client enter the remote Server IP Address or Hostname you wish to connection to When configuring your router as a server enter the Private IP Address Assigned to Dial in User address Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a server
43. andshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a server When using PAP the password is sent unencrypted whilst CHAP encrypts the password before sending and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder Data Encryption Data sent over the VPN connection can be encrypted by an MPPE algorithm Default is Auto so that this setting is negotiated when establishing a connection or else you can manually Enable or Disable encryption 16 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Key Length The data can be encrypted by MPPE algorithm with 40 bits or 128 bits Default is Auto it is negotiated when establishing a connection 128 bit keys provide stronger encryption than 40 bit keys Mode You may select Stateful or Stateless mode The key will be changed every 256 packets when you select Stateful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply after changing settings Tf Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g
44. anism authorization with fine granularity for remote monitoring Traps supported Cold Start Authentication Failure The following MIBs are supported From RFC 1213 MIB II oystem group Interfaces group Address Translation group IP group ICMP group TCP group E ER RS RS RN NS K UDP group x EGP not applicable v1 Transmission M SNMP group gt From RFC1650 EtherLike MIB v1 dot3Stats From RFC 1493 Bridge MIB v dot1dBase group v dot1dTp group v1 dot1dStp group if configured as spanning tree 18 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router From RFC 1471 PPP LCP MIB v pppLink group pppLqr group From RFC 1472 PPP Security MIB v1 PPP Security Group From RFC 1473 PPP IP MIB v PPP IP Group From RFC 1474 PPP Bridge MIB M PPP Bridge Group gt From RFC1573 IfMIB v ifMIBObjects Group From RFC1695 atmMIB v atmMIBObjects gt From RFC 1907 SNMPv2 M only snmpSetSerialNo OID 19 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Save Configuration to Flash After changing the routers configuration settings you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router Click Save to write your new configuration to FLASH save Config to FLASH Please confirm that you wish t
45. ation MD5 Encryption 3DES Perfect Forward Both sites should use the same value None Secrecy Pre shared Key 12345678 00 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a Remote Access L2TP VPN Dial out Connection A company s office establishes a L2TP VPN connection with a file server located at a separate location The router is installed in the office connected to a couple of PCs and Servers Office LAN Public IP 69 121 1 33 192 168 0 254 n iuum Internet Me Server Router Encryption Data L2TP Server L2TP Client VPN Connection Dial out 192 168 0 0 24 L2TP VPN Remote Access Dial out Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring the L2TP VPN in the Office L2TP Remote Access Connection Connection Mame venet 4 Tyne Dial out Server IP Address or Hostname CO Dial in Private IP Address Assigned to Dialin User Po Username Password Auth Type Idle Timeout IPSec Enable V Authentication Encryption 3DES v Cs Perfect Forward Secrecy s A A Funcdin Description VPN L2TP Given name of L2TP connection jDialou Check Dial out server IP Address 59 454 4 33 An Dialed server IP or Hostname Username username A given username amp password Password 123456 4 Au
46. between 0 12 DSP FirmwareVersion Current ADSL line code firmware version Connected Display current ADSL line sync status Operational Mode Display current ADSL mode standard Operational Mode your Router is using when ADSL line has sync Annex Type ADSL Annex A which works over a standard telephone line Annex B which works over an ISDN line Upstream Display current upstream rate of your ADSL line Downstream Display current downstream rate of your ADSL line 50 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router System There are six items within the System section Time Zone Remote Access Firmware Upgrade Backup Restore Restart and User Management E Time Zone Time Zone Parameters Time Zane 9 Enable C Disable Time Zane List By City CO By Time Difference Local Time Zane GMT Time GhT Greenwich Mean Time bi SUO Seer E E carl css gov Itime nist gov india colorado edu time b nist gov Daylight Saving v Automatic Resync Period 1440 minutes v The router does not have a real time clock on board instead it uses the Simple Network Time Protocol SNTP to get the current time from an SNTP server outside your network Choose your local time zone click Enable and click the Apply button After a successful connection to th
47. bnet The Subnet of the remote site Remote Gateway The Remote Gateway IP address SA The Security Association for this VPN entry 24 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router L2TP Status This shows details of your configured L2TP VPN Connections L2TP Status VPMN L 2TP for Remote Access Application Tunnel Call Mame Type Enable Active E EN Encryption WPH L2TP for LAN to L4N Application Tunnel Call Mame Type Enable Active e ener Encryption Name The name you assigned to the particular L2TP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection Chapter 4 Configuration 25 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Powerline This shows details of your Powerline network Powerline Parameters Device MAC Data Rate Mbns Scan PowerLine Device Password List Status Device MAC The MAC address of other Powerline devices Data Rate Mbps The data rates between 7560G and others Email Status Details and status for the Email Account you have configured the router to check Please see the Adva
48. cal IP network Static and RIP1 2 Routing Supports an easy static routing table or RIP1 2 routing protocol to support routing capability Simple Network Management Protocol SNMP It is an easy way to remotely manage the router via SNMP Web based GUI Supports web based GUI for configuration and management It is user friendly and comes with on line help It also supports remote management capability for remote users to configure and manage this product Firmware Upgradeable Device can be upgraded to the latest firmware through the WEB based GUI Rich management interfaces Supports flexible management interfaces with local console port LAN port and WAN port Users can use terminal applications through the console port to configure and manage the device or Telnet WEB GUI and SNMP through LAN or WAN ports to configure and manage the device Chapter 1 Introduction Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router BIPAC 7560 G Powerline 802 11g ADSL Router Application QBIPAC 7560 Powerline ADSL Router Wireless Security QoS B mS r3 WEP WPA Prioritization IP Throttling a 4 mi r P 5 4 E Powerline adapter BIPAC 2060 Powerline adapter BIPAC 2060 Adapter BIPAC 7560G m ADSL Cigna PPTP IPSec L2TP a Firewall b SPI DoS URL Blocking Figure 1 1 Application Diagram of BIPAC 7560 Powerline ADSL VPN Firewall Router BIPAC 7560G Powerline 80
49. can get an IP address from the Internet Service Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP address manually The setting of this item is specified by your ISP RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface 40 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router PPPoE Connections WAN Connection PPPoE Routed Description PPPoE WAN Link PI vC ATM Class UBR v NAT Enable Disable Username Password Serice Mame IP Address U 0 0 0 means Obtain an IP address automatically m Authentication Protocol Connection Idle Timeout RIP ChapiA amp uta Always On l minutes Details RIPs1 L RIP v2 L RIP v2 Multicast MTU 1492 Apply Advanced Options C Description A user definable name for this connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single ISP account sharing a single IP address If users on your LAN have public
50. ch private port numbers are used by common applications on this list please see the FAQs Frequently Asked Questions at http www billion com Table 4 Well know and registered Ports a ht FTP Control 22 TCP amp UDP SSH Remote Login Protocol O e iva File Transfer Protocol er Wi o HITP 10 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router NTP Network Time Protocol 161 TCP SNMP 443 TCP amp UDP HTTPS 1503 ITCP T 120 1720 ITCP H 323 4000 TCP ICQ 7070 RealAudio Virtual Server Port Forwarding Port Mapping Table IP Table Enable Application Protocol External Part Redirect Port IP Address NH Fe TCP 21 0o 1921681 Telnet TCP 73 oo 19214681 SMTP TCP 26 0o 1921681 HTP TCP 8n 0o 1921681 O PoP3 TCP 110 oo 1921681 NNTP TCP 119 0 921681 O NTP UDP 123 0o 1921681 O HTTPS TCP 443 0o 1921681 O O KE UDP 500 oo 19216861 E oie TCP 1503 o 1921681 TE TCP 1720 0 19214681 PPTP TCP 1723 Doo 1924681 E TCP UDP 5060 mE 921681 O CUSesMe TCP 7548 mE 1921681 Doi free wp Ro pio mo 1921591 Doi fue wp Ro jp mo 12191 LEM 1 o mo D H0 12181 Doi ee vo Hx po o 1mJ ed Because NAT can act as a natural Internet firewall your router protects your network from being accessed by outside users when using NAT as all incoming con
51. ddress of this subnet is obtained during IPCP negotiation Subnet Mask sets the subnet mask used for the local IP interface connected to the PPP transport If the value 0 0 0 0 is supplied the netmask will be calculated from the class of the IP address obtained during IPCP negotiation Route Mask Sets the subnet mask used by the route that is created when a PPP link comes up If it is set to 0 0 0 0 the subnet mask is determined by the IP address of the remote end of the link The class of the IP address is obtained during IPCP Internet Protocol Control Protocol negotiation MRU Maximum Receive Unit This is negotiated during the LCP protocol stage Discover Primary Secondary DNS This setting enables disables whether the primary secondary DNS server address is requested from a remote PPP peer using IPCP The default setting for this command is enabled Give DNSto Relay Controls whether the PPP Internet Protocol Control Protocol IPCP can request the DNS server IP address for a remote PPP peer Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS relay so that a connection can be established 46 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Give DNSto Client Controls whether the PPP Internet Protocol Control Protocol IPCP can request a DNS server IP address for a remote PPP peer Once IPCP has discovered the DNS server IP addre
52. ddress one Internet access account Many application layer gateway ALG are supported such as web browser ICQ FTP Telnet E mail News Net2phone Ping NetMeeting IP phone and others Firewall Supports SOHO firewall with NAT technology automatically detects and blocks Denial of Service DoS attacks URL blocking packet filtering and SPI Stateful Packet Inspection are also supported The hacker s attack will be recorded associated with timestamp in the security logging area More firewall functions will always be implemented through updated firmware releases Domain Name System DNS relay Provides an easy way to map the domain name a friendly name for users such as www yahoo com and IP address When a local machine sets its DNS server with this router s IP address every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network Dynamic Domain Name System DDNS The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname This dynamic IP address is the WAN IP address For example to use the service you must first apply for an account from a DDNS service like http www dyndns org More than 5 DDNS servers are supported Virtual Private Network VPN Allows user to make a tunnel with a remote site directly to secure the data transmission among the connection User can use embedded PPTP and L2TP client server IKE and IPSec which are supported by t
53. during IPCP negotiation Route Mask Sets the subnet mask used by the route that is created when a PPP link comes up If it is set to 0 0 0 0 the subnet mask is determined by the IP address of the remote end of the link The class of the IP address is obtained during IPCP Internet Protocol Control Protocol negotiation MRU Maximum Receive Unit This is negotiated during the LCP protocol stage Discover Primary Secondary DNS This setting enables disables whether the primary secondary DNS server address is requested from a remote PPP peer using IPCP The default setting for this command is enabled 42 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Give DNSto Relay Controls whether the PPP Internet Protocol Control Protocol IPCP can request the DNS server IP address for a remote PPP peer Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS relay so that a connection can be established Give DNSto Client Controls whether the PPP Internet Protocol Control Protocol IPCP can request a DNS server IP address for a remote PPP peer Once IPCP has discovered the DNS server IP address it automatically gives the address to the local DNS client so that a connection can be established Give DNSto DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setti
54. e Fast Ethernet Switch A 4 port 10 100Mbps fast Ethernet switch is built in with automatic switching between MDI and MDI X for 10Base T and 100Base TX ports An Ethernet straight or cross over cable can be used directly for auto detection Multi Protocol to Establish A Connection supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encapsulation over ATM bridged or routed PPP over Ethernet RFC 2516 and IPoA RFC1577 to establish a connection with the ISP The product also supports VC based and LLC based multiplexing Chapter 1 Introduction Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Quick Installation Wizard Supports a WEB GUI page to install this device quickly With this wizard end users can enter the information easily which they get from their ISP then surf the Internet immediately Universal Plug and Play UPnP and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand alone devices and PCs from many different vendors It makes network simple and affordable for users UPnP architecture leverages TCP IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices With this feature enabled users can now connect to Net meeting or MSN Messenger seamlessly Network Address Translation NAT Allows multi users to access outside resources such as the Internet simultaneously with one IP a
55. e and password are admin and admin See Figure 3 14 Connect to 197 168 1 254 User name V admin w Remember my password Figure 3 14 User namd amp Password Prompt Widonw Congratulation You are now successfully logon to the BIPAC 7560 G ADSL Router 17 Chapter 3 Basic Installation Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 4 Configuration At the configuration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including Status ARP Table Wireless Association Routing Table DHCP Table PPTP Status IPSec Status L2TP Status Powerline Email Status Event Log Error Log NAT sessions and UPnP Portmap Quick Start Configuration LAN WAN System Firewall VPN QoS Virtual Server and Advanced Save Config to FLASH Language provides user interface in English and German languages Please see the relevant sections of this manual for detailed instructions on how to configure your Billion router 18 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Status ARP Table This section displays the routers ARP Address Resolution Protocol Table which shows the mapping of Internet IP addresses to Ethernet MAC addresses This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router s Firewall MAC Address F
56. e Internet the router will retrieve the correct local time from the SNTP server you have specified If you prefer to specify an SNTP server other than those in the drop down list simply enter its IP address as shown above Your ISP may provide an SNTP server for you to use Resync Poll Interval in minutes is the periodic interval the router will wait before it re synchronizes the router s time with that of the specified SNTP server In order to avoid unnecessarily increasing the load on your specified SNTP server you should keep the poll interval as high as possible at the absolute minimum every few hours or even days 51 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Remote Access Remote Access You may temporarily permit remote administration of this network device Allow Access for 30 minutes To temporarily permit remote administration of the router i e from outside your LAN select a time period the router will permit remote access for and click Enable You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI lf you wish to permanently enable remote access choose a time period of 0 minutes This setting cannot be saved into flash when timer set to zero 52 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Firmware Upgrade Firmwar
57. e Is no Idle Timeout traffic in a predefined period of time Idle time 0 means the connection is always on lIPSec Enable for enhancing your L2TP VPN security Authentication 7 Encryption 3DES Perfect Forward None Both sites should use the same value None Secrecy Pre shared Key 12345678 06 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router QoS Quality of Service QoS function helps you to control your network traffic for each application from LAN Ethernet and or Wireless to WAN Internet It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream You can find two items under the QoS section Prioritization and IP Throttling bandwidth management 07 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Prioritization There are three priority settings to be provided in the modem High Normal The default is normal priority for all of traffic without setting Low The trigger of check can base on IP protocol port number and address And the balance of utilization of each priorities are High 60 Normal 30 and Low 10 Prioritization Configuration from LAN to WAN packet source IP Address Range U 0 0 0 means Any Destination IP Address Range U 0 0 0 means Any C PPTP GRE EN E ey ced sourc
58. e Part Enable Application Priority Protocol Destination Port Ses 7h 18 a ek _ 18 H Enable Select it to activate the function Application A name that identifies an existing rule Priority High or Low the priority for existing rule All of traffic will be set to normal priority until you change it The balance of utilizations for each priority is High 6096 Normal 3096 or Low 10 Protocol The name of supported protocol Source Port The source port of packets to be monitored Destination Port The destination port of packets to be monitored Source IP Address Range The source IP address or IP range of packets to be monitored Destination IP address Range The destination IP address or IP range of packets to be monitored 08 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router IP Throttling IP Throttling allows you to limit the speed of IP traffic The value entered will limit the speed of the application that you set to the specified value s multiple of 32kbps The trigger of check can base on IP protocol port number and address as well IP Throttling Configuration from LAN to WAN packet source IP Address Range 0 0 0 0 means Any Destination IP Address Range 0 0 0 0 means Any eM eM eh source Port Enable Application Protocol Upstream Rate Limit Destination Port 2 a NNI oe N lans Lp 28 4 Mr o
59. e Upgrade You may upgrade the system software on your network device Your routers firmware is the software that allows it to operate and provides all its functionality Think of your router as a dedicated computer and the firmware as the software it runs Over time this software may be improved and modified and your Billion router allows you to upgrade the software it runs to take advantage of these changes Clicking on Browse will allow you to select the new firmware image file you have downloaded to your PC Once the correct file is selected click Upgrade to update the firmware in your router DO NOT power down the router or interrupt the firmware upgrading while it is still in process Improper operation could damage the router M A 5 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Backup Restore Backup Restore Allows you to backup the configuration settings to your computer or restore configuration from your computer Backup Configuration Backup configuration ta your computer Restore Configuration Restore wi overwrite the current configuration and restart the device you want to keep the current configuration please use Backup first to save current configuration These functions allow you to save and backup your router s current settings to a file on your PC or to restore a previous
60. ed IP address DMZ The DMZ Host is a local computer exposed to the Internet When setting a particular internal IP address as the DMZ Host all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host when a packet received does not use a port number used by any other Virtual Server entries Using port forwarding does have security implications as outside users will be able to connect to PCs on your network For this reason you are advised to use specific Virtual Server entries just for the ports your application requires instead of simply using DMZ or create a Virtual Server entry for All protocols as doing so will result in all connection attempts to your public IP address will access the PC specified Server function will hence be invalid I If you have disabled the NAT option in the WAN ISP section the Virtual Attention If the DHCP server option is enabled you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts The easiest way of configuring Virtual Servers is to manually assign static IP address to each virtual server PC with an address that does not fall into the range of IP addresses that are to be issued by the DHCP server You Attention can configure the virtual server IP address manually but it must still be in the same subnet as the router 12 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN F
61. eeeeeeeeeeeees 25 E Port Setting ssseemmennnnmmmennnnnnemren entren sensn 36 K DHCP Server 0 cccccecccccccccccccccceeecececseeeeeeceeetenenneccececececeeeeeeeeeeeteeteeetensees 37 WANANE Sa NOWO oo spare Fu ME E ESSEN IR NUD UN SU HEU aan essademiineeersuenans 39 E ISP 39 E DNS 49 E a E E A A ET 50 TEE E E cette eng cea E E E E E E A EE 51 K Time Zone hhnn ehh h nenne ree r rrr r rr nr rrr nna 51 K Remote ACCESS ccccccccccccccesseeeecenccccecececseeeeenteneeeeecececseeeentutteeeeeeeerteeenenns 52 EK Firmware Upgrade eee 53 EK Backup Restore sssm eene nnrnmerr nsns 54 E Restart Router ssssss rennen nennen nsns nnns nnn 55 E User Management sesessseenmmmeeenneeee nennen ccn 56 Firewall iondccidugomE 57 K General Settings seesssssennnmn cnn 59 K Packet Filter ccccccccccccccccccccceeceeeeeceeeeececcecectncecccceceeeeeeceeeeeeeeeeeteeetensees 60 E Intrusion Detection ssseseseeenm enn 66 E MAC Address Filter eeeeeennnnnnn nnn 68 IS CUM NEES E 69 E Firewall LOQ RR 72 VPN Virtual Private IES WV OIG S Va ceieasnsansaccitn vats dean severcetnonie etna tesieinanctatidonnitatets UN FUIS Ud Iu aU RUIT TE 13 E a j e E E EAA A AEA EN AENT T3 BL PSCC oie eeccccccccccecececcccccccccccccccceeceesesseseeeeeeccenancacecceceeceeeeeeeeseteeeteeeteeeetsees 78 EK Advanced Opt
62. elow UDP 123 123 Block mm Edit ZTE ete Agmen BIBER T AR Edi Q REB an an Emm m Edit HTTP inbound amp outbound application ooo eeccecsesecececo Delete amp 7 Configure your Virtual Server port forwarding settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server Virtual Server Port Forwarding Port Mapping Table Enable Application Protocol External Port Redirect Port E FTF TCP 21 0 Telnet TCP 23 EN Leld MIEL neret Spee e E peu AT EE M fie nn eee JU RSS c alU sal Lr eee ui d POPS TEP 110 IP Address 18 158 1 192 1681 823984 192 1681 To enable the HTTP service in Virtual Server settings input the web server PC s IP address Tip If you wish to setup permanent remote management of your router you may enter the router s IP instead Chapter 4 Configuration 65 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Intrusion Detection Intrusion Detection Parameters Intrusion Detection Enable 9 Disable victim Protection Block Duration seconds scan Attack Block Duration seconds DOS Attack Block Duration seconds Maximum TCP Open Handshaking Count 100 per second Maximum Ping Count 15 per second Maximum ICMP Count per second Apply Clear Blacklist The routers Intrusion Detection System IDS is used to detect hacker attacks and intrusion at
63. er will light when it detects new messages waiting for download You may also view the status of this function using the Status Email Checking section of the web interface which also provides details on the number of new messages waiting See the Status section of this manual for more information Disable Check to disable the router s Email checking function Enable Check to enable the routers Emailing checking function The following fields Will be activated and required Account Name Enter the name login of the POP3 account you wish to check Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the account s password POP3 Mail Server Enter your POP mail server name You Internet Service Provider ISP or network administrator will be able to supply you with this Interval Enter the value in minutes between periodic mail checks Automatically dial out for checking emails When the function is enabled your ADSL router will connect to your ISP automatically to check emails if your Internet connection dropped Please be careful when using this feature if your ADSL service is charged by time online 15 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Device Management The Device Management advanced configuration settings allow you to control your router s security options a
64. eral Settings Inbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing your local network from the Internet Intrusion Detection Enable Intrusion Detection to detect prevent and log malicious attacks Access Control Prevents access from PCs on your local network Firewall Security and Policy General Settings Outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet of Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router MAC Filter rules To prevent unauthorized computers accessing the Internet URL Filter To block PCs on your local network from unwanted websites You can find six items under the Firewall section General Settings Packet Filter Intrusion Detection MAC Address Filter URL Filter and Firewall Log 58 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E General Settings You can choose not to enable Firewall to add all filter rules by yourself or enable the Firewall using preset filter rules and modify the port filter rules as required The Packet Filter is divided into two sections Port Filters and Address Filters used to filter packets based on Applications Port or IP addresses There are four options when you enable the Firewall they are All blocked User defined no pre defined port or address filter rules by de
65. erver located on the local network when the firewall is enabled you have to configure the Port Filters setting for HTTP As you can see from the diagram below when the firewall is enabled with one of the three presets Low Medium High inbound HTTP access is not allowed Port Filters Filtering Rules Add TCP UDP Filter amp Filtering Table Type TRE UDP ee MOR ICE IEF TII TET UDF ICMP TIE IEF TEF UDP TEF Configuring Packet Filter start Fort B 53 53 2 43 25 110 118 F r MA 1720 1503 Er 123 443 End Part B 53 53 2 dd 25 110 119 F r MA 1720 1503 22 123 443 Add Raw IP Filter Inbound Black Black Black Black Black Black Black Black Allow Black Black Black Black Black Black Outbound Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow Allow 1 Click Packet Filter you will get the following page Click Port Filters Packet Filter Firewall Security Co Type external Ic internal uratian Chapter 4 Configuration Port Filters Address Filters 2 Mate 1 By default all protocol types and TCP UDP ports are blocked 2 Only the listed IP addresses are blocked Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Edit Return Delete 3 Delete amp Delete 3 Delete Q Delete 3 Delete amp Delete 2 Delete amp
66. fault meaning that all inbound Internet to LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet Q High Medium Low security level the pre defined port filter rules for High Medium and Low security are displayed in Port Filters of Packet Filter Select either High Medium or Low security level to enable the Firewall The only difference between these three security levels is the preset port filter rules in the Packet Filter Firewall functionality is the same for all levels it is only the list of preset port filters that changes between each setting If you choose of the preset security levels and then add custom filters you may temporarily disable the firewall and recover your custom filter settings by re selecting the same security level The Block WAN Request is a stand alone function and not relate to whether security enable or disable Mostly it is for preventing any scan tools from WAN site by hacker General Settings Firewall Security Security O Enable Disable All blocked Userdetined High security level Policy Medium security level Low security level UNI some applications cannot work after enabling Firewall please check the Packet Filter especially Port Filter rules For example adding TOP 443 outbound allowed wil let HT TP S data go through Firewall Black WAN Request O Enable Disable 4S Enable for preventing any ping tes
67. his router to make a VPN connection or users can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer Virtual Server port forwarding Users can specify some services to be visible from outside users The router can detect incoming service requests and forward either a single port or a range of ports to the specific local computer to handle it For example a user can assign a PC in the LAN acting as a WEB server inside and expose it to the outside network Outside users can browse inside web servers directly while it is protected by NAT A DMZ host setting is also provided to a local computer exposed to the outside network Internet Chapter 1 Introduction Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Rich Packet Filtering Not only filters the packet based on IP address but also based on Port numbers It will filter packets from and to the Internet and also provides a higher level of security control Dynamic Host Configuration Protocol DHCP client and server In the WAN site the DHCP client can get an IP address from the Internet Service Provider ISP automatically In the LAN site the DHCP server can allocate a range of client IP addresses and distribute them including IP address subnet mask as well as DNS IP address to local computers It provides an easy way to manage the lo
68. illion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router http 192 168 1 254 100 in their web browser After 100 seconds the device will automatically logout User A Universal Plug and Play UPnP UPnP offers peer to peer network connectivity for PCs and other network devices along with control and data transfer between devices UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings removing the need for the user to control advanced configuration of their device Both the users Operating System and the relevant application must support UPnP in addition to the router Windows XP and Windows Me natively support UPnP when the component is installed and Windows 98 users may install the Internet Connection sharing client from Windows XP in order to support UPnP Windows 2000 does not support UPnP Disable Check to disable the router s UPnP functionality Enable Check to enable the router s UPnP functionality UPnP Port Its default setting is 2800 It is highly recommended for users to use this port value If this value conflicts with other ports already being used you may wish to change the port SNMP Access Control Software on a PC within the LAN is required in order to utilize this function Simple Network Management Protocol SNMP V1 and V2 Read C
69. ilter function See the Firewall section of this manual for more information on this feature ARP Table IP lt gt MAC List IP Address MAC Address Interface static 182 1b8 1 187 LL Dc be bd 11 bd iplan no IP Address A list of IP addresses of devices on your LAN Local Area Network MAC Address The MAC Media Access Control addresses for each device on your LAN Interface The interface name on the router that this IP Address connects to Static Static status of the ARP table entry no for dynamically generated ARP table entries Q yes for static ARP table entries added by the user 19 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Wireless Association 7560G Only Wireless Association Table Wireless client s MAC address and the corresponding IP address IP Address MAL 192 166 1 100 00 04 43 73 9a 86 IP Address Itis IP address of wireless client that joins this network MAC The MAC address of wireless client Chapter 4 Configuration 20 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Routing Table Routing Table Routing Table Walid Destination Metmask Gateway Interface Cost RIP Routing Table Destination Metmask Gateway Cost Routing Table Valid It indicates a successful routing status Destination The IP address of the destination network Netmask The destination netmask address Gateway Interface The IP address
70. ine 802 11g ADSL VPN Firewall Router Firewall and Access Control Your router includes a full SPI Stateful Packet Inspection firewall for controlling Internet access from your LAN as well as helping to prevent attacks from hackers In addition to this when using NAT Network Address Translation Please see the WAN configuration section for more details on NAT the router acts as a natural Internet firewall as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet I t P PUT Router Access Control P NAT 4 Packetfllter packet filter MAC filter URL filter Unauthorized users amp applications Malicious attacks Unauthorized users amp applications Unwanted website access Intrusion Detection Blacklisting Firewall amp Filter Firewall Prevents access from outside your network The router provides three levels of security support NAT natural firewall This masks LAN users IP addresses which are invisible to outside users on the Internet making it much more difficult for a hacker to target a machine on your network This natural firewall is on when NAT function is enabled AV OFF When using Virtual Servers your PCs will be exposed to the degree specified in your Virtual Server settings provided the ports specified are opened in your firewall packet filter settings Firewall Security and Policy Gen
71. ion ceceeeeeccceeeeeesneeeeeeeseeesneeeeeeeeeesnneeeeeeeeeeesneeeeeeeeeeas 81 Table of Contents ii E L2TP82 Os OUI IM 107 E Prioritization eeennnnnnnnnnnennnnnne enas 108 BE IP Throttling eesesesssssenene nnne 109 Virtual Server Port Forwarding cocer ora MEME OIHII DATEN SUO R SE IE I EE UE UE cS RU EHMUA 110 AO UB MC es cess cova ume edpn enya E EEA A sun DEDI A A REO LVEDUEE A E dente 113 iibi rudem 113 EK Dynamic DNS seeenmm eene nnm n nennen scit 114 E Check Emails eene 115 EK Device Management sssseeeennmeneeennnmee enne nnn 116 SAVE CONFIGURATION TO PEASH cieecxacvinxixiaa xd bcn co a rr n E D OP E Y En 120 LOGOUT caewa cae tesa AEEA A S 121 CHAPTER 5 TROUBLESHOOTING en 122 PROBLEMS STARTING UP THE ROUTER nnrnnn niai ii ii 122 PROBLEMS WITH THE WAN INTERFACE rrnnnn nnn 122 PROBLEMS WITH THE LAN INTERFACE nnn 123 APPENDIX A PRODUCT SUPPORT AND CONTACT INFORMATION 124 Table of Contents IH Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 1 Introduction Introduction to your BIPAC 7560 G Router Welcome to the Billion BIPAC 7560 G Powerline 802 11g Router Your Billion router is an all in one unit combining an ADSL modem ADSL router and Ethernet network sw
72. ion Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a server When using PAP the password is sent unencrypted whilst CHAP encrypts the password before sending and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder Data Encryption Data sent over the VPN connection can be encrypted by an MPPE algorithm Default is Auto so that this setting is negotiated when establishing a connection or else you can manually Enable or Disable encryption Key Length The data can be encrypted by MPPE algorithm with 40 bits or 128 bits Default is Auto it is negotiated when establishing a connection 128 bit keys provide stronger encryption than 40 bit keys 14 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Mode You may select Stateful or Stateless mode The key will be changed every 256 packets when you select Stateful mode If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply after changing settings 195 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall R
73. irewall Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router Users who do not understand the features should not attempt to reconfigure their router unless advised to do so by support staff There are four items within the Advanced section Static Route Dynamic DNS Checking Email and Device Management E Static Routing Click on Routing Table and then choose Create Route add a routing table Static Route Create Destination This is the destination subnet IP address Netmask Subnet mask of the destination IP addresses based on above destination subnet IP Gateway This is the gateway IP address to which packets are to be forwarded Interface Select the interface through which packets are to be forwarded Cost This is the same meaning as Hop This should usually be left at 1 13 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Dynamic DNS Dynamic DNS Parameters Dynamic DNS CO Enable Disable Dynamic DMS Server www dyndns org dynamic Period Davis The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname allowing users whose ISP does not assign them a static IP address to use a domain name This is especially useful for hosting servers via your ADSL connection so that anyone wishing to connect to you may use your domain name
74. itch providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection With features such as an ADSL Quick Start wizard and DHCP Server you can be online in no time at all and with a minimum of fuss and configuration catering for first time users to the guru requiring advanced features and control over their Internet connection and network Features ADSL Multi Mode Standard Supports downstream transmission rates of up to 8Mbps and upstream transmission rates of up to 1024Kbps It also supports rate management that allows ADSL subscribers to select an Internet access speed suiting their needs and budgets It is compliant with Multi Mode standard ANSI T1 413 Issue 2 G dmt G 992 1 G lite G992 2 The Annex A and B are supported in different H W platforms Wireless Ethernet 802 119 7560G Only With built in 802 11g access point for extending the communication media to WLAN while providing the WEP and WPA for securing your wireless networks This Router has included the first solution for turbo charging 802 11g systems called PRISM Nitro It provides up to 50 greater throughput performance in homogenous 802 11g networks and enhanced protection mechanisms to significantly increase mixed mode network performance Powerline Integrated HomePlug 1 0 interface with date rates up to 14Mbps It is an emerging LAN technology targeted to run with existent power circuit at home offic
75. logon Usually when you choose PPPoE or PPPoA as your WAN ISP protocol the ISP will provide the DNS IP address automatically You may leave the configuration field blank Alternatively your ISP may provide you with an IP address of their DNS If this is the case you must enter the DNS IP address If you choose one of the other three protocols RFC1483 Routed Bridged and IPoA check with your ISP it may provide you with an IP address for their DNS server You must enter the DNS IP address if you set the DNS of your PC to the LAN IP address of this router 49 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E ADSL ADSL Parameters Connect Made Activate Line Coding Gain Tx Attenuation l DSP Firmwarewersion Aar Connected true Operational Mlode 5 Dimt Annex Type Annex ostream 128000 Downstream Ln Connect Mode The default is Multimode it will detect the ADSL line code G dmt G lite and T1 413 automatically But in some area it cannot detect the ADSL line code well At this time please adjust the ADSL line code to G dmt or 11 413 first If it still fails please try the other values such as ALCTL ADI etc Activate Line Aborting false your ADSL line and making it active true again for taking effect with setting of Connect Mode Coding Gain Configure the ADSL coding gain from O dB to 7dB or automatic Tx Attenuation Setting ADSL transmission gain the value is
76. ly saved backup This is useful if you wish to experiment with different settings knowing that you have a backup handy in the case of any mistakes It is advisable to backup your router s settings before making any significant changes to your router s configuration Press Backup to select where on your local PC to save the settings file You may also change the name of the file when saving if you wish to keep multiple backups Press Browse to select a file from your PC to restore You should only restore settings files that have been generated by the Backup function and that were created when using the current version of the router s firmware Settings files saved to your PC should not be manually edited in any way After selecting the settings file you wish to use pressing Restore will load those settings into the router 54 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Restart Router Click Restart with option Current Settings to reboot your router and restore your last saved configuration Restart Router After restarting Please wait for several seconds to let the system Current Settings O Factory Default Settings Restart Router with If you wish to restart the router using the factory default settings for example after a firmware upgrade or if you have saved an incorrect configuration select Factory Default Settings to reset to factory default settings You may also
77. ms accessing the router s web interface it may also be advisable to uninstall any kind of software firewall on your PCs as they can cause problems accessing the 192 168 1 254 IP address of the router Users should make their own decisions on how to best protect their network Please follow the steps below for your PC s network environment installation First of all please check your PC s network components The TCP IP protocol stack and Ethernet network adapter must be installed If not please refer to your Windows related or other operating system manuals A OTi E Any TCP IP capable workstation can be used to communicate with or through the BIPAC 7560G To configure other types of workstations please consult the manufacturer s documentation Connecting your router 1 Connect the Router to a LAN Local Area Network and the ADSL telephone network 2 Power on the device 3 Make sure the PWR SYS and WLAN LEDs are lit steadily and that the relevant LAN LED is lit Chapter 3 Basic Installation Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring PCs in Windows amp Control Panel m File Edit View Favorites Tools Help ae For Windows XP E Q X Renee e Control Panel A E 1 Go to Start Control Panel in Classic View In the m rem Control Panel double click Network Connections eps s 3 Printers and Regional and Scanners and A Windows Update Faxes Cameras Language am Q9 Help a
78. n can be disabled DHCP client Enable or disable the DHCP client specifying if the router can obtain an IP address from the Internet Service Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP address manually The setting of this item is specified by your ISP RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface 48 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E DNS DNS Parameters A Domain Name System DNS contains a mapping table for domain name and IP addresses On the Internet every host has a unique and user friendly name domain name such as www billion com and an IP address An IP address is a 32 bit number in the form of xxx xxx xxx xxx for example 192 168 1 254 You can think of an IP address as a telephone number for devices on the Internet and the DNS will allow you to find the telephone number for any particular domain name As an IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP has provided it when you
79. nced section of this manual for details on this function Email Status Email Account Account Mame username POPS Mail Server popa mall com Email Status Ma mail Chapter 4 Configuration 26 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Event Log This page displays the router s Event Log entries Major events are logged to this window such as when the routers ADSL connection is disconnected as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration Firewall section of the interface Please see the Firewall section of this manual for more details on how to enable Firewall logging Event Log Error Logging Any errors encountered by the router e g invalid names given to entries are logged to this window Error Log Error Log times are in seconds since fast reboot When Process Error Log 2 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router NAT Sessions This section lists all current NAT sessions between interface of types external WAN and internal LAN NAT Sessions WAT sesslons between interface of types external and internal Local IP Port lacal public Idle sec 11107 1110 110 12 1982r 1982 108 12 5 19797 1979 178 239 40117 2011 107 27 1166 1166 106 90 19697 1969 107 22 siar 3512 4 211 sesslons sesslons sesslons sesslons
80. ncryption Data PPTP Client mm PPTP Server VPN Connection Internet AM Router Dial in 192 168 0 0 24 PPTP VPN Remote Access Dial in 87 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring PPTP VPN in the Office The input IP address 192 168 1 200 will be assigned to the remote worker Please make sure this IP is not used in the Office LAN PPTP Hemote Access Connection Connection Mame wv FN PPFTP e C Dial nut Server IP Address or Hostname NEN Type Dial in Private IP Address Assigned to Dialin User 192 166 1200 ey Username Password X Auth Type Data Encryption key Length Mode 4 Idle Timeout O minutes s Item Function a1 Connection Name VPN PPTP Given a name of PPTP connection Check Dial in Private IP Address Assigned 192 168 1 200 An assigned IP address for the remote worker to Dialing User E Username username Input username amp password to authenticate Password 123456 remote worker Chap Auto Data Encryption Auto Keep as default value in most of the cases Key Length Auto PPTP server amp client will determine the value automatically Refer to manual for details if you Mode stateful want to change the setting Idle Time 0 The connection will be disconnected when there is no traffic in a predefined period of time Idle time 0 means the connection is always on 88 Chapter 4 Configuration Billion B
81. nd Support A O 2 Scheduled Sounds and Speech Audio Devices Address Control Panel 2 Double click Local Area Connection See Figure 3 1 3 In the LAN Area Connection Status window Click General Support Properties See Figure 3 2 L Conecicn Status Connected Duration 00 05 34 Speed 100 0 Mbps 4 Select Internet Protocol TCP IP and click Properties See Figure 3 3 ee 8 Butes l 1 749 Receiwed 5 Select the Obtain an IP address automatically and i Obtain DNS server address automatically radio o merum buttons See Figure 3 4 6 Click OK to finish the configuration General Authentication Advanced Connect using Hg ASUSTeK Broadcom 440x 10 100 Integrated Controller This connection uses the following items E Client for Microsoft Networks m r File and Printer Sharing for Microsoft Networks F QoS Packet Scheduler Iv Internet Protocol TCP IP Description Transmission Control Protocol Internet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks C Show icon in notification area when connected Figure 3 3 TCP IP Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate I
82. nd device monitoring features Device Management Device Host Name Host Mame Embedded Web Server HTTP Port BO is default HTTP port Management IP Address U 0 0 0 means Any Expire ta auto logout seconds Universal Plug and Play UPnP UPnP Enable Disable UPnP Pon oNMP Access Control SNMP Y1 and Y2 Read Community IP Address Write Community IP Address Trap Community Po IP Address SNMP 3 Username Po Password Access Right Read ReadVYyrite IP Address t Fus setting will become effective after you save to Hash and restart the router Embedded Web Server HTTP Port This is the port number the routers embedded web server for web based configuration will use The default value is the standard HTTP port 80 Users may specify an alternative if for example they are running a web server on a PC within their LAN Management IP Address You may specify an IP address allowed to logon and access the routers web server Setting the IP address to 0 0 0 0 will disable IP address restrictions allowing users to login from any IP address Expire to auto logout Specify a time frame for the system to auto logout the user s configuration session For Example User A changes HTTP port number to 100 specifies their own IP address of 192 168 1 55 and sets the logout time to be 100 seconds The router will only allow User A access from the IP address 192 168 1 55 to logon to the Web GUI by typing 16 Chapter 4 Configuration B
83. ne Pre shared Key 12345678 Security plan Encryption Prefer Forward Security Pre shared Key 95 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring IPSec VPN in the Branch Office IPSec Edit Connection Name IPSec Branch ffice e Local O Single Address IP Address Ps Netvvork 9 Subnet IP Address Netmask 2552552550 2 OIP Range IP Address NEN End IP oo Remote secure Gateway Addressfor Hostname 51 121 1 3 Cy O Single Address IP Address 00 0 NetWork Subnet IP Address Netmask 255 255 2550 4 OIF Range IP Address NEN End IP D Popes loj SNR SN pris Authentication MDS wo A Encryption IDES v CO AH Authentication Description Connection Name ER Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192 168 0 0 Branch office network 255 255 255 0 ida Gateway Address 69 121 13 IP address of the head office router in or Hostname WAN side p Check Subnet radio button P Address 192 168 1 0 Head office network 255 255 255 0 ESP Check ESP radio button m 9 Encryption 3DES Secunia Prefer Forward Security Pre shared Key 12345678 96 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a IPSec Host to LAN VPN Connection Branch Office Head Office Public IP Public IP j 192 168 0
84. nection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network When your router needs to allow outside users to access internal servers e g a web server FIP server Email server or game server the router can act as a virtual server You can set up a local server with a specific port number for the service to use e g web HTTP port 80 FTP port 21 Telnet port 23 SMTP port 25 or POP3 port 110 When an incoming access request to the router for a specified port is received it will be forwarded to the corresponding internal server For example if you set the port number 80 Web HTTP to be mapped to the IP Address 192 168 1 2 then all incoming HTTP requests from outside users will be forwarded to the local server PC with the IP address of 192 168 1 2 If the port is not listed as a predefined application you need to add it manually 11 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router In addition to specifying the port number to be used you will also need to specify the protocol used The protocol used is determined by the particular application Most applications will use TCP or UDP however you can specify other protocols using the drop down Protocol menu oetting the protocol to all will cause all incoming connection attempts using all protocols on all port numbers to be forwarded to the specifi
85. nes on the Internet that are outside your local network or any application that can accept incoming connections e g Peer to peer P2P software such as instant messaging applications and P2P file sharing applications and are using NAT Network Address Translation then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application You will also need to use port forwarding if you want to host an online game server The reason for this is that when using NAT your publicly accessible IP address will be used by and point to your router which then needs to deliver all traffic to the private IP addresses used by your PCs Please see the WAN configuration section of this manual for more information on NAT The Internet Assigned Numbers Authority IANA is the central coordinator for the assignment of unique parameter values for Internet protocols Port numbers range from 0 to 65535 but only ports numbers 0 to 1023 are reserved for privileged services and are designated as well known ports The registered ports are numbered from 1024 through 49151 The remaining ports referred to as dynamic ports or private ports are numbered from 49152 through 65535 Examples of well known and registered port numbers are shown in Table 4 for further information please see IANA s website at http www iana org assignments port numbers For help on determining whi
86. ng can discover the Access Point AP in question Regulation Domain There are five Regulation Domains for you to choose from including North America N America Europe France etc The Channel ID will be different based on this setting Channel ID Select the ID channel that you would like to use Reset Reset the Access Point AP which is already built in to the router s wireless interface Connected true or false That it is the connection status between the system and the build in wireless card C Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router AP Firmware Version The Access Point firmware version E Wireless Security 7560G Only You can disable or enable with WPA or WEP for protecting wireless network The default mode of wireless security is disabled Wireless Security Parameters Security Mode Apply WPA Pre Shared Key Wireless Security Parameters security Mode WPA Pre Shared Key WPA Alganthms TKIP WPA Algorithms TKIP Temporal Key Integrity Protocol utilizes a stronger encryption method and incorporates Message Integrity Code MIC to provide protection against hackers WPA Shared Key The key for network authentication The input format is in character style and key size should be in the range between 8 and 63 characters Group Key Renewal The period of renewal time for changing the
87. ng enables disables whether the primary secondary NBNS server address is requested from a remote PPP peer using IPCP The default setting for this command is disabled Discover Subnet Mask Specifies if the subnet mask given by IPCP negotiation process is to be used Give Subnet Mask To DHCP Server Enable to change your DHCP Server settings by using the given information in IPCP negotiation process 43 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router RFC 1483 Bridged Connections WAN Connection RFC 1483 Bridged Description RFC 1483 bridged mode ATM Class Encapsulation Method Ether Filter Type All v spanning Bridge Interface 9 Enable C Disable VPI and VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer Encapsulation method Select the encapsulation format this is provided by your ISP Ether Filter Type Specify the type of ethernet filtering performed by the named bridge interface All Allows all types of ethernet packets through the port Allows only IP ARP types of ethernet packets through the port Allows only PPPoE types of ethernet packets through the port Spanning Bridge Interface Enable Disable spanning tree function of modem 44 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router PPPoA Routed Connections WAN Connection PPPoA Routed Description ATM Class W
88. not Default value is 100 TCP SYN per seconds 66 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Max PING Count This is a threshold value to decide whether an CMP Echo Storm is occurring or not Default value is 15 ICMP Echo Requests PING per second Max ICMP Count This is a threshold to decide whether an CMP flood is occurring or not Default value is 100 ICMP packets per seconds except ICMP Echo Requests PING For SYN Flood ICMP Echo Storm and ICMP flood IDS will just warn the user in the Event Log It cannot protect against such attacks Table 2 Hacker attack types recognized by the IDS Type of Intrusion Name _ Detect Parameter Blacklist Block Duration Ascend Kill Ascend Kill data Src IP DoS Yes Yes TCP WinNuke Port 135 137 139 DoS Yes Yes Flag URG ICMP type 8 Victim Des IP is broadcast Protection Land attack SrcIP DstIP UDP Echo Port and Echo CharGen Scan CharGen Port UDP Dst Port Echo 7 UDP Dst Port CharGen Scan CharGen 19 TCP Flag X mas IMAP TCP Flag SYN FIN SYN FIN Scan DstPort IMAP 143 SrcPort 0 or 65535 TCP SYN FIN RST ACK No Existing session And Scan Hosts more than five TCP No Existing session DstPort Net Bus 12345 12346 3456 T UDP DstPort Back Orifice Scan Orifice Port 31337 Max TCP Open SYN Flood Handshaking Count Default 100 c sec Max ICMP Count ICMP Flood Default 100 c sec Max PING
89. nterface Card NIC in your PC See Figure 3 9 Click Properties Select the IP Address tab In this page click the Obtain an IP address automatically radio button See Figure 3 10 Then select the DNS Configuration tab See Figure 3 11 Select the Disable DNS radio button and click OK to finish the configuration Chapter 3 Basic Installation Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Network 2 x Configuration Identification Access Control The following network components are installed I ll Microsoft Family Logon a SLISTeK Broadcom 440x 10 100 Integrated Controller 2 Dial Up Adapter Y TCP IP gt amp SUSTeK Broadcom 440 10 100 Integrated b TCP IP gt Dial Up Adapter Add Remove d Primary Network Logon Microsoft Family Logon Eile and Print Sharing Description TCP IP is the protocol you use to connect to the Internet and wide area networks OK Cancel Figure 3 9 TCP IP TCP IP Properties 7 X Bindings Advanced NetBIOS DNS Configuration Gateway WINS Configuration P Address n IP address can be automatically assigned to this computer If your network does not automatically assign IP addresses ask your network administrator for an address and then type it in the space below C Specify an IP address L rrr CY rr IF 2xddress suner Bs Cancel Figure
90. o save the configuration There wil be a delay while saving as configuration information is written to FLASH chins 20 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Logout To exit the routers web interface choose Logout Please ensure that you have saved the configuration settings before you logout Be aware that the router is restricted to only one PC accessing the configuration web pages at a time Once a PC has logged into the web interface other PCs cannot get access until the current PC has logged out of the web interface If the previous PC forgets to logout the second PC can access the page after a user defined period by default 3 minutes You can modify this value using the Advanced Device Management section of the web interface Please see the Advanced section of this manual for more information 21 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Chapter 5 Troubleshooting If the router is not functioning properly first check this chapter for simple troubleshooting before contacting your service provider or Billion support Problems starting up the router None of the LEDs are Check the connection between the adapter and the router If the error on when you turn on persists you may have a hardware problem In this case you should the router contact technical support You have forgotten Try the default
91. of the gateway or existing interface that this route will use Cost The number of hops counted as the cost of the route RIP Routing Table Destination The IP address of the destination network Netmask The destination netmask address Gateway The IP address of the gateway that this route will use Cost The number of hops counted as the cost of the route 21 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router DHCP Table DHCP Table Type Leased Expired Permanent Leased The DHCP assigned IP addresses information IP Address A list of IP addresses of devices on your LAN Local Area Network Expired The expired IP addresses information Permanent The fixed host mapping information E Leased Table Leased Table IP Address MAC Address Client Hast Mame Expiry IP Address The IP address that assigned to client Client UID hw addr The MAC address of client Client Host Name The Host Name Computer Name of client Expiry The current lease time of client E Expired Table Expired Table IP Address MAC Address Client Hast Name Expiry Please refer the Leased Table E Permanent Table Permanent Table Name IP Address MAC Address Maximum Lease Time Name The name you assigned to the Permanent configuration IP Address The fixed IP address for the specify client MAC Address The MAC Address that you want to assign the fixed IP address 22 Chapter 4 Configu
92. ommunity Specify a name to be identified as the Read Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched user obtains this IP address will be able to view the data Write Community Specify a name to be identified as the Write Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched users from this IP address will be able to view and modify the data Trap Community Specify a name to be identified as the Trap Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched users from this IP address will be sent SNMP Traps SNMP V3 Specify a name and password for authentication And define the access right from identified IP address Once the authentication has succeeded users from this IP address will be able to view and modify the data 17 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router 9 SNMP Version SNMPv2c and SNMPv3 SNMPv2c is the combination of the enhanced protocol features of SNMPv2 without the SNMPv2 security The c comes from the fact that SNMPv2c uses the SNMPv1 community string paradigm for security but is widely accepted as the SNMPv2 standard SNMPv3 is a strong authentication mech
93. orward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts 86 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring a Remote Access PPTP VPN Dial in Connection A remote worker establishes a PPTP VPN connection with the head office using Microsoft s VPN Adapter included with Windows 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Office LAM Public IP 61 56 158 112 192 168 0 254 Remote Worker ume E
94. outer LAN to LAN PPTP Connection PPTP LAN to LAN Connection Mame s Dial out Server IP Address for Hostname Y Pe C Dial in Private IP Address Assigned to Dialin User fF O Peer Network IP Metmask NEN Username Password Auth Type Chapi amp uta ata Encryption Key Length Mode Idle Timeout 0 minutes Apply Connection Name A user define description of the connection ll Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office server check Dial In operates as a VPN server When configuring your router establish the connection to a remote LAN enter the remote Server IP Address or Hostname you wish to connection to When configuring your router as a server to accept incoming connections enter the Private IP Address Assigned to Dial in User address Peer Network IP Enter Peer network IP address Netmask Enter the subnet mask of peer network based on the Peer Network IP setting Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge H
95. r to establish a PPPoA session when starting up and to automatically re establish the PPPoA session when disconnected by the ISP Connect to Demand If you want to establish a PPPoA session only when there is a packet requesting access to the Internet i e when a program on your computer attempts to access the Internet Idle Timeout Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Detail You can define the destination port and packet type TCP UDP without checking by timer It allows you to set which outgoing traffic will not trigger and reset the idle timer RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function MTU Maximum Transmission Unit The size of the largest datagram excluding media specific headers that IP will attempt to send through the interface Advanced Options PPPoA LLC Header Selects encapsulation mode true for using LLC or false for using VC Mux Create Route This setting specifies whether a route is added to the system after IPCP Internet Protocol Control Protocol negotiation is completed If set to enabled a route will be created which directs packets to the remote end of the PPP link Specific Route Specifies whether the route created when a PPP link comes up is a specific or default route If set to enabled the route created will only apply to packets for the subnet at the remote end of the PPP link The a
96. rather than having to use your dynamic IP address which changes from time to time This dynamic IP address is the WAN IP address of the router which is assigned to you by your ISP You will first need to register and establish an account with the Dynamic DNS provider using their website for example http www dyndns org There are more than 5 DDNS services supported Disable Check to disable the Dynamic DNS function Enable Check to enable the Dynamic DNS function The following fields will be activated and required Dynamic DNS Server Select the DDNS service you have established an account with Domain Name Username and Password Enter your registered domain name and your username and password for this service Period Set the time period between updates for the Router to exchange information with the DDNS server In addition to updating periodically as per your settings the router will perform an update when your dynamic IP address changes Via WAN Interface Decide which WAN interface you want to use for sending DDNS request 14 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Check Emails Check Email Parameters Check Email O Enable Disable Account Mame Po POPS Mail Server Po Period minutes Dial out far Checking Emails Automatic This function allows you to have the router check your POP3 mailbox for new Email messages The Mail LED on your rout
97. ration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Maximum Lease Time The maximum lease time interval you allow to clients PPTP Status This shows details of your configured PPTP VPN Connections PPTP Status VPN PPIP for Remote Access Application Tunnel Call Mame Type Enable Active NM S n Encryption VPNIPPIP for LAN to LAN Application Tunnel Call Mame Type Enable Active eee I eee Encryption Name The name you assigned to the particular PPTP connection in your VPN configuration Type The type of connection dial in dial out Enable Whether the connection is currently enabled Active Whether the connection is currently active Tunnel Connected Whether the VPN Tunnel is currently connected Call Connected If the Call for this VPN entry is currently connected Encryption The encryption type used for this VPN connection Chapter 4 Configuration 23 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router IPSec Status This shows details of your configured IPSec VPN Connections IPSec Status YPN Tunnels Mame Actve Connection state Statistics Local subnet Remote Subnet Remote Gateway SA Name The name you assigned to the particular VPN entry Active Whether the VPN Connection is currently Active Connection State Whether the VPN is Connected or Disconnected Statistics Statistics for this VPN Connection Local Subnet The local IP Address or Subnet used Remote Su
98. ress and uses the same subnet Mask P Address o jo jo ib The router supports two Ethernet IP addresses in the LAN and two different LAN subnets through which you can access the Internet at the same time Users usually only have one subnet in their LAN so there is no need to configure a Secondary IP address The default IP address for the router is 192 168 1 254 RIP RIP v1 RIP v2 and RIP v2 Multicast Check to enable RIP function 31 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Wireless 560G Only Wireless Parameters WLAM Service Enable Disable Made Nitro Mode Enable Disable ESSID mM ESSID Braadcast Enable Disable Regulation Domain Channel ID Channel 1 2412 GHz Connected true AP Firmware yersian 1 2 1 0 WLAN Service Default setting is set to Enable Mode 802 11b g Mixed mode 802 11b and 802 11g The factory default is 802 11b g Nitro Mode Default is enabled for increasing performance in mixed 802 11b and 802 11g wireless networks ESSID Enter the unique ID given to the Access Point AP which is already built in to the router s wireless interface To connect to this device your wireless clients must have the same ESSID as the device ESSID Broadcast Disable Any client that using the any setting cannot discover the Access Point AP in question Enable Any client that using the any setti
99. s are required for WEP64 and WEP 128 respectively the separator is For example using WEP64 11 22 33 44 55 is a valid key whilst 1122334455 is invalid 34 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Powerline This section allows you to configure the settings for the security of Powerline network The network only works with the same network password The other Powerline devices on the network will have a unique device password in the format XXXX XXXX XXXX XXXX printed on either the box itself or in the documentation Find the password for all devices you want to manage and type them one by one into the Device Password text box And then click Set Network Password to List to connect with others Powerline Parameters PowerLine 9 Enable Disable Network Password HomePlug HbB8G 257 5 RkS58 Bv SZ Device Password List set Network Password ta List Powerline Enable or disable Powerline function Reset Reset the built in Powerline module Network Password Enter your own private network password on the Powerline network And you will need to setup each device on your Powerline network with the same network password Device Password Input the unique device password of the other Powerline devices on the Powerline network you want to manage For example ADQJ GE36 96FW 3Q62 Device Password List The list of the password that you have added 35 Chapter
100. ss it automatically gives the address to the local DNS client so that a connection can be established Give DNSto DHCP Server Similar to the above but gives the DNS server address to the DHCP server Discover Primary NBNS Discover Secondary NBNS This setting enables disables whether the primary secondary NBNS server address is requested from a remote PPP peer using IPCP The default setting for this command is disabled Discover Subnet Mask Specifies if the subnet mask given by IPCP negotiation process is to be used Give Subnet Mask To DHCP Server Enable to change your DHCP Server settings by using the given information in IPCP negotiation process 4T Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router IPoA Routed Connections WAN Connection IPoA Routed Description ATM Class UBF v NAT Enable Disable Obtain an IP address automatically via DHCP client O Use the following IP address IP Assignment IP Address Po RIP LI RIP v1 L RIF 2 L RIP v2 Multicast MTU 1500 Description User definable name for the connection VPI VCI Enter the information provided by your ISP ATM Class The Quality of Service for ATM layer NAT The NAT Network Address Translation feature allows multiple users to access the Internet through a single IP account sharing a single IP address If users on your LAN have public IP addresses and can access the Internet directly the NAT functio
101. t You can then configure parameters of the DHCP Server including the IP pool starting IP address and ending IP address to be allocated to PCs on your network lease time for each assigned IP address the period of time the IP address assigned will be valid DNS IP address and the gateway IP address These details are sent to the DHCP client i e your PC when it requests an IP address from the DHCP server Click Apply to enable this function If you check Use Router as a DNS Server the ADSL Router will perform the domain name lookup find the IP address from the outside network automatically and forward it back to the requesting PC in the LAN your Local Area Network 3 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router If you check DHCP Relay Agent and click Next then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN Use this function only if advised to do so by your network administrator or ISP Click Apply to enable this function 38 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router WAN Wide Area Network WAN refers to your Wide Area Network connection i e your router s connection to your ISP and the Internet There are two items within the WAN section ISP DNS and ADSL E ISP WAN Connection WAN Services lable Mame Description Creator FI vL wanlink PP
102. t from Internet such as hacker attack NOTE Any remote user who is attempting to perform this action may result in blocking all the accesses to configure and manage of the device from the Internet Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Packet Filter Packet Filter Firewall Security Type Configuration Mote SHUI Port Filters Address Filters 1 By default all protocol types and TCP UDP ports are blocked EM 2 Only the listed IP addresses are blocked d MM MH MM M MM MM Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Port Filters The pre defined port filter rules for High Medium and Low security levels are listed See Table 1 Table 1 Pre defined Port Filter Port Number Firewall High Firewall Medium Firewall Low Application Protocol Start End Inbound Outbound Inbound JOutbound jinbound Outbound HT TP 80 TCP 6 80 80 NO YES NO YES NO YES 2 s wo vs wo ve ves ves ee ee eu m m pe pr pe Telnet 23 Ce E NR NE E ms ow pe E T E 9 9 RealAudio UDP 17 7070 H 323 1720 TCP 6 1720 1720 YES YES YES T 120 1503 1503 1503 YES YES YES YES e ee em oen s s HTTPS ee 443 EIE ICQ 5190 5190 Inbound Internet to LAN Outbound LAN to Internet 61 Chapter 4 Configuration Billion BIP
103. tempts from the Internet If the IDS function of the firewall is enabled inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks intrusion attempts or other connections that the router determines to be suspicious Blacklist If the router detects a possible attack the source IP or destination IP address will be added to the Blacklist Any further attempts using this IP address will be blocked for the time period specified as the Block Duration The default setting for this function is false disabled Some attack types are denied immediately without using the Blacklist function such as Land attack and Echo CharGen scan Block Duration DoS Attack Block Duration This is the duration for blocking hosts that attempt a possible Denial of Service DoS attack Possible DoS attacks this attempts to block include Ascend Kill and WinNuke Default value is 1800 seconds Q Scan Attack Block Duration This is the duration for blocking hosts that attempt a possible Scan attack Scan attack types include X mas scan IMAP SYN FIN scan and similar attempts Default value is 86400 seconds Q Victim Protection Block Duration This is the duration for blocking Smurf attacks Default value is 600 seconds Victim Protection If enabled IDS will block Smurf attack attempts Default is false Max TCP Open Handshaking Count This is a threshold value to decide whether a SYN Flood attempt is occurring or
104. th Type Chap Auto Keep as default value in most of the cases The connection will be disconnected when Idle Timeout there Is no traffic in a predefined period of time Idle time 0 means the connection is always on Enable for enhancing your L2TP VPN security Authentication MD5 Encryption 3DES Perfect Forward None Both sites should use the same value None Secrecy Pre shared Key 12345678 02 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring your Router to Dial in to the Server Currently Microsoft Windows operation system does not support L2TP incoming service Additional software may be required to set up your L2TP incoming service 03 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Example Configuring LAN to LAN L2TP VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet The routers are installed in the head office and branch office accordingly Branch Office Head Office Public IP 192 168 0 254 69 121 1 53 192 168 1 254 Router Router mE Encryption Data L21P Client m TP Server VPH Connection 192 168 0 0 24 192 168 1 0 24 L2TP VPN LAN to LAN Both office LAN networks MUST in different subnet with LAN to LAN application Functions of Pre shared Key VPN Connection Type and Security
105. the IP address subnet or address range of the remote network Proposal Proposal Select the IPSec security method There are two methods of checking the authentication information AH authentication header and ESP Encapsulating Security Payload Use ESP for greater security so that data will be encrypted and authenticated Using AH data will be authenticated but not encrypted 19 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Authentication Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit There are three options Message Digest 5 MD5 Secure Hash Algorithm SHA 1 or NONE SHA 1 is more resistant to brute force attacks than MD5 however itis slower MD5 A one way hashing algorithm that produces a 128 bit hash SHA 1 A one way hashing algorithm that produces a 160 bit hash Encryption Select the encryption method from the pull down menu There are four options DES 3DES AES and NONE NONE means it is a tunnel only with no encryption 3DES and AES are more powerful but increase latency DES Stands for Data Encryption Standard it uses 56 bits as an encryption method 3DES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS
106. using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel i e over the Internet There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for the Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require a key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts Select the Save button to save the setting 80 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E Advanced Option Click Advanced Option to change the following settings IPSec IPSec Configuration KE Mode Local ID Type Remote ID Type Identifier SY cA Lifetime Phase 1 IKE 240 Phase IP Sec IKE Mode Select IKE mode to Main mode or Aggressive mode Local ID Type Specify local ID type Content Input ID s information like domain name w
107. ver Specily an IP addes PsHregs Figure 3 13 IP Address 13 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Factory Default Settings Before configuring your you need to know the following default settings Q Web Interface X Username admin X Password admin Q LAN Device IP Settings X IP Address 192 168 1 254 Subnet Mask 255 255 255 0 Q ISP setting in WAN site X PPPoE Q DHCP server X DHCP server is enabled X Start IP Address 192 168 1 100 X P pool counts 100 Q Powerline X Network Password HomePlug Chapter 3 Basic Installation 14 Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Username and Password The default username and password are admin and admin respectively gt If you ever forget the password to log in you may press the RESET button to restore the factory default settings Attantinn LAN and WAN Port Addresses The parameters of LAN and WAN ports are pre set in the factory The default values are shown below IP a 192 168 1 254 The PPPoE function is enabled to automatically get the WAN Subnet Mask 255 255 255 0 port configuration from the ISP DHCP server function Enabled but you have to set the uername and password first IP addresses for 100 IP addresses continuing from distribution to PCs 192 168 1 100 through 192 168 1 199 15 Chapter 3 Basic Installation Billion BIPAC 75
108. ways on IPSec Enable for enhancing your L2TP VPN security Authentication 7 Encryption 3DES Perfect Forward Both sites should use the same value Secrecy DONE Pre shared Key 12345678 05 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Configuring L2TP VPN in the Branch Office The IP address 69 1 121 30 is the Public IP address of the router located in head office If you registered the DDNS please refer to the DDNS section of this manual you can also use the domain name instead of the IP address to reach the router L2TP LAN to LAN Connection Mame Branch fice e Dial out Server IP Address ar Hostname 89121133 2 Type C Dial in Private IP Address Assigned ta Dialin User fs Peer Network IP 182 158 1 0 Netmask Username USe rare e Password Auth Type Chapi amp uta Idle Timeout O minutes Co IPSec ae ee TERT uus z A temi cin MDS EBENE 2 Encryption 3DES CG Perfect Farward Secrecy E Pre shared Key 12345679 BranchOffice Given a name of L2TP connection Dial out CheckDialout server IP Address 69 121 1 33 IP address of the head office router in WAN side or Hostname 3 Hsec office tietwork 255 255 255 0 a ROME CAR Input username amp password to authenticate branch office nene 5 AuthType jChap Auto Keep as default value in most of the cases The connection will be disconnected when ther
109. ww ipsectest com Remote ID Type Specify Remote ID type Identifier Input remote ID s information like domain name www ipsectest com SA Lifetime Specify the number of minutes that a Security Association SA will stay active before new encryption and authentication key will be exchanged There are two kinds of SAs IKE and IPSec IKE negotiates and establishes SA on behalf of IPSec an IKE SA is used by IKE Phase 1 IKE To issue an initial connection request for a new VPN tunnel The range can be from 5 to 15 000 minutes and the default is 240 minutes Phase 2 IPSec To negotiate and establish secure authentication The range can be from 5 to 15 000 minutes and the default is 60 minutes A short SA time increases security by forcing the two parties to update the keys However every time the VPN tunnel re negotiates access through the tunnel will be temporarily disconnected Select the Apply button to update the settings 81 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router E L2TP There are two types of L2TP VPN supported Remote Access and LAN to LAN please refer below for more information Click Create to configure a new VPN connection 82 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Remote Access L2TP Connection L2TP Remote Access Connection Dial out Server IP Address or Hostname Po
110. ypted whilst CHAP encrypts the password before sending and also allows for challenges at different periods to ensure that the client has not been replaced by an intruder 85 Chapter 4 Configuration Billion BIPAC 7560 7560G Powerline 802 11g ADSL VPN Firewall Router Idle Time Auto disconnect the VPN connection when there is no activity on the connection for a predetermined period of time 0 means this connection is always on Click Apply after changing settings IPSec Enable for enhancing your LT2P VPN security Authentication Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit There are three options Message Digest 5 MD5 Secure Hash Algorithm SHA 1 or NONE SHA 1 is more resistant to brute force attacks than MD5 however it is slower MD5 A one way hashing algorithm that produces a 128 bit hash SHA 1 A one way hashing algorithm that produces a 160 bit hash Encryption Select the encryption method from the pull down menu There are four options DES 3DES AES and NONE NONE means it is a tunnel only with no encryption 3DES and AES are more powerful but increase latency DES Stands for Data Encryption Standard it uses 56 bits as an encryption method 3SDES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect F
111. yption MULL w Ferect Forward Secrecy Mone l Pre shared Key Connection Name A user define description of the connection Type Check Dial Out if you want your router to operate as a client connecting to a remote VPN server e g your office server check Dial In operates as a VPN server When configuring your router establish the connection to a remote LAN enter the remote Server IP Address or Hostname you wish to connection to When configuring your router as a server to accept incoming connections enter the Private IP Address Assigned to Dial in User address Peer Network IP Enter Peer network IP address Netmask Enter the subnet mask of peer network based on the Peer Network IP setting Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by the your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto if you want the router to determine the authentication type to use or else manually specify CHAP Challenge Handshake Authentication Protocol or PAP Password Authentication Protocol if you know which type the server is using when acting as a client or else the authentication type you want clients connecting to you to use when acting as a server When using PAP the password is sent unencr
Download Pdf Manuals
Related Search