Planet Technology ADE-4200 Network Router User Manual
Contents
1. 32kbps English Porta Rate Limit Disable C Enable 32kbps IPv4 TOS priority Control Disable Enable set high priority TOS Do Pe ei Peo Dss 758 Car 56 ss ss 53 sz Csi so Mas Mas Dar Ds Das Da Das Da Da Da Pos 738 Da Mos Pas Pas Mas Fa Pas Pso Pas Pas Oa Mas Mas Da Pa Da Pa Hz Pi Pis O17 M16 Pis Dis Pia Pre Pia Pi Fa Fe Dz Ce Fs r4 ra r2 r1 Fo Apply Port Connection Type Five options to choose from auto 10M half duplex 10M full duplex 100M half duplex or 100M full duplex Sometimes there are Ethernet compatibility problems with legacy Ethernet devices You can configure different types to solve the compatibility issues Port Rate Limit When it is enabled enter a rate value that is configured as multiple of 32kbps This function limits the inbound and outbound Ethernet throughput around the value that you specified IPv4 TOS priority Control TOS Type of Services is the 2 octet of IP packet The bits 6 7 of this octet are reserved and bit 0 5 are used to specify the priority of the packet The definition of these bits is listed blow Two bits reserved One bit high reliability One bit high throughput One bit No delay Three bits IP priority 0 to 7 This feature uses bits 0 5 to classify the packets priority If the packet is in high priority it will flow first and will not be constrained by the Rate Limit Therefore when this feature is enabled the embedded Ethernet switch IC will check the 22. pec RS M M Sep 18 20 32 23 houme gateway firewall info Blocked Protz1 8 0 202 103 100 243 gt lt 6 230 176 206 gt Port Filter Defense Destination Sep 18 20 32 25 home gateway firewall info Blocked Prot 1 8 0 61 230 228 193 gt 61 230 176 206 Port Filter Defense Sep 18 20 32 29 home gateway firewall info Blocked Prot 1 8 0 61 230 225 171 gt 61 230 176 206 Port Filter Defense Sep 18 20 32 42 home gateway firewall info Blocked Prot 1 8 0 61 229 69 166 gt 61 230 176 206 Port Filter Defense Sep 18 20 32 46 home gateway firewall info Blocked Prot 1 8 0 61 230 234 248 gt 61 230 176 206 Port Filter Defense Sep 18 20 33 08 home gateway firewall info Blocked Prot 1 8 0 61 134 32 214 gt 4 nan k n A af an Refresh Clear 3 Attacked by NetBIOS NAME SERVICE PORT packet from other source IP 43 PLANET ADSL VPN Firewall Router 200 68 76 177 to port 137 a netbios_ns port V Status Event Log ARP Table DHCP Table PPTP Status a a IPSec hits 61 230 176 206 Port Filter Defense NetBIOS NAME SERVICE PORT e gu Sen IR O0 36 0T WaukcertewavcbrrewalletuPac Blocked Protety 2D0 68 75 172 1008 cube oe gt 61 230 176 206 137 Default Defense o UPnP Portmap Sep 18 20 36 35 home ga seway firewall info Blocked Prot 1 8 0 61 231 202 46 gt o Quick Start 61 230 176 206 Port FilteMQefense A r Configuration netbios ns port id Sep 18 20 36 43 home
3. 2 Device IP Network settings in LAN site IP Address 192 168 1 254 Subnet Mask 255 255 255 0 3 ISP setting in WAN site PPPoE 4 DHCP server DHCP server is enabled Start IP Address 192 168 1 100 IP pool counts 100 3 4 1 Username and Password The default username and password are admin and admin respectively If you ever forget the password to log in you may press the RESET button to restore the factory default settings 16 3 4 2 LAN and WAN Port Addresses Chapter 3 Configuration The parameters of LAN and WAN ports are pre set in the factory The default values are shown below LAN Port m 192 168 1 254 255 255 255 0 DHCP server Enabled function IP addresses for 100 IP addresses continuing from distribution to PCs 192 168 1 100 through 192 168 1 199 Actually it can support up to 253 users 3 5 Information from the ISP The PPPoE function is enabled to automatically get the WAN port configuration from the ISP but you have to set the username and password first Before configuring this device you have to check with your ISP Internet Service Provider what kind of service is provided such as PPPoE PPPoA RFC1483 IPoA or PPTP to PPPoA Relaying Gather the information as illustrated in the following table and keep it for reference VPI VCI VC based LLC based multiplexing Username Password Service Name and Domain Name System DNS IP address it can be automatically a
4. 3 6 9 7 43 SNMP ACCESS CONO luar pitan MO ies 72 3 04 SAVE GONMMGUIATIONN to i am 72 TOS LOJO U fm Nr m A aus PTT 73 GHAPTER A TROUBLESHOOTING cistitis 74 APPENDIX A SPECIFICATION trei cue uE xEU du us a cu SUE iS 75 APPENDIX B PRODUCT SUPPONHLD cian 76 Chapter 1 Introduction 1 1 An Overview of the ADE 4200 ADW 4200 The ADE 4200 ADSL VPN Firewall Router and ADW 4200 ADSL Wireless VPN Firewall Router provide office and residential users the ideal solution for sharing a high speed ADSL broadband Internet connection on an 11Mbps wireless network or a 10 100Mbps Fast Ethernet backbone They can support downstream transmission rates of up to 8Mbps and upstream transmission rates of up to 1Mbps The products support PPPoA RFC 2364 PPP over AIM Adaptation Layer 5 RFC 1483 encapsulation over ATM bridged or routed PPP over Ethernet RFC 2516 and IPoA RFC1577 to establish a connection with ISP They also serve as an Internet firewall protecting your network from being accessed by outside users Not only provide the natural firewall function Network Address Translation NAT they also provide rich firewall features to secure a user s network All incoming data packets are monitored and filtered Besides they can also be configured to block internal users from accessing to the Internet Furthermore PPTP and IPSec VPN are also supported Utilizing 56 bit DES and 168 bit 3DES encryption header authentication and Internet K
5. e Networking amp Communication ADE 4200 ADW 4200 ADSL VPN Firewall Router User s Manual Copyright Copyright C 2003 PLANET Technology Corp All rights reserved The products and programs described in this User s Manual are licensed products of PLANET Technology This User s Manual contains proprietary information protected by copyright and this User s Manual and all accompanying hardware software and documentation are copyrighted No part of this User s Manual may be copied photocopied reproduced translated or reduced to any electronic medium or machine readable form by any means by electronic or mechanical Including photocopying recording or information storage and retrieval systems for any purpose other than the purchaser s personal use and without the prior express written permission of PLANET Technology Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications and makes no warranty and representation either implied or expressed with respect to the quality performance merchantability or fitness for a particular purpose PLANET has made every effort to ensure that this User s Manual is accurate PLANET disclaims liability for any inaccuracies or omissions that may have occurred Information in this User s Manual is subject to change without notice and does not represent a commitment on the part of PLANET PLANET assumes no responsibility for a
6. i tem 9 Ll H asza a C eM pe O C te E LOO bO hsi Enabla Application Protocol Port m IP Addrags mur T an 3 6 3 7 Advanced There are four items under the Advanced section Routing Table Dynamic DNS Checking Email and Device Management 3 6 3 7 1 Routing Table Click on the Routing Table and then choose Create Router to get the below figure to add a routing table b gt Status Create Route O Quick Start V Confiquration Destination Po n AR Netmask System E Firewall b gt VPN via Gateway fs or Interface B O Virtual Server V Advanced Routing Table eel Dynamic DNS Check Emails Device Management Save Config to FLASH O Logout Language English Destination Enter the destination subnet IP Netmask Subnet mask of destination IP addresses based on above destination subnet IP Gateway Enter the gateway IP address which the packet Is forwarded to 68 Chapter 3 Configuration Interface Enter the interface which the packet is forwarded to Cost This is the same meaning as Hop Usually leave it as 1 3 6 3 7 2 Dynamic DNS Click Dynamic DNS to get the below figure then check the Enable button to access the Dynamic DNS service gt Status Dynamic DNS O Quick Start Y Configuration O Enable Disable E LAN d c Dynamic DNS ww dyndns org dynamic al E Firewall Domain Marne E VPN U O Virtual Server SES
7. Status save Config to FLASH Quick Start Configuration Please confirm that you wish to save the configuration b gt LAN E gt WAN There will be a delay while saving as configuration information is written to FLASH chips gt System E Firewall cave E VPN O Virtual Server V Advanced Routing Table Dynamic DNS Check Emails Device Management Save Config to FLASH O Logout Language English E 3 6 5 Logout To exit the website choose Logout to exit completely Please ensure that you have saved the configuration settings before logout Be aware that the router is restricted to only one local PC accessing the configuration Web pages Once a current PC has logged onto the Web pages other PCs cannot get access except waiting for the current PC to log out of the page If the previous PC forgets to logout the second PC can access the page after 3 minutes 73 Chapter 4 Troubleshooting If the ADE 4200 ADW 4200 Wireless ADSL Router is not functioning properly you can refer first to this chapter for simple troubleshooting before contacting your service provider This could save you time and effort but if the symptoms persist then consult your service provider Problems Starting Up the ADE 4200 ADW 4200 Corrective Action Check the connection between the adapter and the on when you turn on ADE 4200 ADW 4200 If the error persists you may the ADE 4200 ADW have a hardware problem In this case you should
8. gateway firewall info Blocked Prot 17 81 74 46 190 21800 eee 61 230 176 206 137 Default Defense o Logout Sep 18 20 37 10 home gateway firewall info Blocked Prot 1 8 0 212 158 195 52 gt 61 230 176 206 Port Filter Defense Language English gt Sep 18 20 37 10 home gatewav firewall info Blocked Protz1 8 0 61 231 17 113 61 230 176 206 Port Filter Defense Sen 18 0 37 30 home oatewav firewall info Rilncked Pratzl R D Al 231 1865 715 gt s Refresh Clear 3 6 3 4 4 MAC Address Filter 44 When you click the MAC Address Filter you get the following figure gt Status MAC Address Filter O Quick Start V Configuration Enable 9 Disable LA E WAN System For LAN inbound ethernet frames V Firewall General Settings Packet Filter MAC Address Intrusion Detection URL Filter tt Pf O Virtual Server yid Pf L O Save Config to FLASH O Logout Po IO only the following Source MAC Address es are Allowed Blocked The MAC filtering function enables you to configure your router to block internal users MAC address from Internet access Enable Disable to enable or disable MAC Address Filter feature Allowed Blocked To allow or block the following MAC addresses to surf outside network only If you check Allowed please be sure your PC s MAC address is listed If you check Blocked please be sure your PC s MAC address is not listed Chapter 3 Configuration MAC Address There ar
9. octet of each IP packet If the value in the TOS field matches in the checked values in the table 0 to 63 this packet will treat it as high priority 23 PLANET ADSL VPN Firewall Router 3 6 3 1 4 DHCP Server When you click DHCP Server you get the following figure You can disable or enable the DHCP server or enable the DHCP relay functions D Status DHCP Server O Quick Start Y Configuration DHCP Server Mode Disable Ethernel DHCP Server Wireless Part Setting DHCP relay agent DHCP Server Next E WAN System E Firewall E VPN The DHCP server or relay is disabled O Virtual Server E Advanced Save Config to FLASH Logout Lanqua le English If you check Disabled and click Next then click Apply The DHCP server function is disabled Each PC in the LAN should assign a fixed IP address and set the PC s gateway to the ADSL router If you check DHCP Server and click Next you can configure parameters of the DHCP server including the IP pool starting IP address and ending IP address leased time for each assigned IP address DNS IP address Gateway IP address Those messages are sent to the DHCP client when it requests an IP address from the DHCP server Click Apply to enable this function If you check Use Router as a DNS Server the ADSL Router will find the IP address from the outside network automatically and forward it back to requesting PC in the LAN If you check DHCP Relay Agent and click
10. supports web based GUI for configuration and management It is user friendly with an on line help providing necessary information and assist user timing It also supports remote management capability for remote users to configure and manage this product Firmware Upgradeable the device can be upgraded to the latest firmware through the WEB based GUI Rich management interfaces Supports flexible management interfaces with local console port LAN port and WAN port Users can use terminal application through console port to configure and manage the device or Telnet WEB GUI and SNMP through LAN or WAN ports to configure and manage a device 1 4 ADE 4200 ADW 4200 Application Internet Connection with Firewall They are the perfect solution to connect a small group of PCs to a high speed broadband Internet connection Multi users can have high speed Internet access simultaneously With their policy based firewall and Intrusion detection function the internal network is secured from any hacker attack VPN Connectivity PLANET ADE 4200 ADW 4200 ADSL VPN Firewall Router The ADE 4200 and ADW 4200 VPN connectivity support client to VPN gateway and VPN LAN to LAN connections Using these connection capabilities mobile workers may attach to and access LAN resources from the public Internet while they are working at home or at branches abroad All corporate remote offices can deploy a ADE 4200 ADW 4200 and establish secure connection with h
11. y Default Tx Key Passphrase O e WEF Encryption Disable C wEPe4 C wEP128 Hex y Key O _ Key 1 CO key 2 CO Key 3 OO Hide SSID raise Reset raise Connected true Link speed 410000 Card type Prism 25 AP Firmware Version 2 0 4 Primary Firmware Version 1 0 7 Disable Trae 21 PLANET ADSL VPN Firewall Router ESSID Enter the unique ID given to the Access Point AP which is already built in to the wireless broadband firewall gateway To connect to this device your wireless clients must have the same ESSID as the device Regulation Domain There are five Regulation Domains for you to choose from including North America N America Europe France and Spain The Channel ID will be different based on this setting Channel ID Select the ID channel that you would like to use Default Tx Key Select the encryption key ID please refer to Key 0 3 below Passphrase This is used to generate WEP keys automatically by an input string and pre defined algorithm in WEP64 or WEP128 You can input the same string in both AP and Client card to generate same WEP keys Please note that you do not have to key in Key 0 3 as below when the Passphrase is enabled WEP Encryption To prevent unauthorized wireless stations from accessing data transmitted over the network the wireless broadband firewall gateway offers highly secure data encryption known as WEP If you require
12. 3 3 1 Time Zone 30 When you click Time Zone you get the following figure E Status O Quick Start V Configuration gt LAN E WAN V System Time Zone Remote Access Firmware Upgrade Backup Restore Restart Router User Management E Firewall E VPN O Virtual Server gt Advanced Save Config to FLASH O Logout Chapter 3 Configuration Time Zone Enable Disable Time Zone List By City By Time Difference Select a Mew Local Time Zane UTCAGMT time o GMT 01 00 Amsterdam Berlin Bern Rome Stockholm Vienna EJ Enter new SNTP Server IP Address 14016283 Automatically adjust clock for daylight saving changes Resync Poll Interval 1 minutes The router does not have a real time clock on board instead it uses the Simple Network Time Protocol SNTP to get the current time from the SNTP server from the outside network Please choose your local time zone click Enable and click the Apply button You will get the correct time information after you ready establish a connection to the Internet If you prefer to enter your own SNTP server please enter and use it as the first choice Resync Poll Interval in minutes is the periodical interval of routers SNTP client to update or re synchronize the current time with SNTP server after it synchronized with SNTP server 3 6 3 3 2 Remote Access When you click Remote Access input the time and then click Enable you may temporaril
13. 46 EE AN aeui b e tuf US pRcu aa su ae losa uada Lut RA 46 oro Bj gece 47 BHO MB 48 3 6 9 5 41 PPIP Tor Remote ACCESS naci iia 48 3 9 9 5 1 2 PP TPTODLEAN IO DAI olas 49 3 6 3 5 1 3 An Example of Configuring a Remote Access PPTP VPN Dial in Connection 50 3 6 3 5 1 4 An Example of Configuring a Remote Access PPTP VPN Dial out Connection 54 3 6 3 5 1 5 An Example of Configuring a LAN to LAN PPTP VPN Connection occcccccccncccnnccccconccnnncnnnnancnnnnnos 56 A SO uou ne A O EE E 58 3 9 9 5 2 T IPSEC COMPU AOI ssa urea eens each asus eus eine Ut cat in 58 3 6 3 5 2 2 An Example of Configuring a LAN to LAN IPSec VPN Connection eeeeeeeseeeeees 61 3030 MELIA SENE ge o a ai hc cies e Pe Sect ue a ON One a Se 63 3 6 3 6 1 An Example of Configuring a Web Server on the Local Network sese 65 3 6 3 6 2 An example of configuring the Web Server amp the Router to be accessible remotely 66 A OV AIC CO A A A tes beaut 68 0 fe ROUNO Ta repre es 68 A 69 3 6 9 7 2 1 Example of Configuring DDNS std sac cr 69 369 LS CMOCKING EMAS iu a 70 3 6 3 724 Device MAN ATEN a a eee ee 71 3 0 0 1 4 1 Embedded WebSite uaidn 71 2 50 09 24 2 UNWelsal Plug and Play quin ui a a a e dad 72
14. Encapsulation tunnel mode Support IKE authentication method pre shared key Security protocol ESP and AH Authentication MD5 SHA 1 Encryption DES 3DES AES Support PFS 222222 3 6 3 5 2 1 IPSec configuration When you click the IPSec you get the following figure E Status IPSec O Quick Start Y Configuration Enable Disable Name Local Subnet Remote Subnet Remote Gateway IPSec Proposal ll E LAN gt WAN Create O 7 System E Firewall V VPN Op O Virtual Server E Advanced O Save Config to FLASH O Logout Lanquage English Click Create 08 Chapter 3 Configuration E gt Status IPSec Quick Start C tion N V Configuration re E gt LAN Local E gt WAN NetWork gt System O Single Address IP Address c dicia C Subnet IP Address Netmask PPTP C IP Range IPAddess ERA RE Remote ee bo secure Gateway Address or Hostname E gt Advanced NetWork Save Config to FLASH Logout Single Address IP Address Subnet IP Address Netmask C IP Range IP Address End IP EN us Proposal English ESP C AH Authentication None y Authentication MwD5 y Encryption NULL Prefect Forward Secrecy None Pre shared Key Apply Advanced Options Connection Name Give a name for this connection Local Network Set the IP address subnet or address range of the local network Single Address The IP address of the local host S
15. Next then you will have to enter the IP address of the DHCP server which will assign an IP address back to the DHCP client in the LAN Click Apply to enable this function 3 6 3 2 WAN There are 2 items under the WAN section ISP and DNS 3 6 3 2 1 ISP 24 When you click ISP you will get the following screen Status Quick Start V Configuration E LAN V WAN ISP DNS System E Firewall E VPN O Virtual Server E Advanced O Save Config to FLASH O Logout Language Chapter 3 Configuration WAN connections WAN services currently defined Name Description Creator VPI VCI rfc1483 0 RFC 1483 routed mode wVeb amp dmin B 635 Edit Delete Create The factory default is rfc 1483 0 If your ISP uses the same access protocol please click Edit to input other parameters as below If your ISP does not use rfc 1483 0 you can delete it by clicking Delete Then you may click Create to create a connection to your ISP to surf the Internet The following page is then shown Status Quick Start V Configuration LAN V WAN EE DNS E System Firewall E VPN O Virtual Server E Advanced O Save Config to FLASH O Logout ISP Please select the type of service you wish to create ATM RFC 1483 routed O RFC 1483 bridged PPPoA routed IPoA routed PPPoE routed Quick Start O Select one of the access methods among the 5 listed items and click Next to configure the righ
16. OE REST AA 24 326032 WAN A A A A 24 o A ene nae ce essen ee 24 S39 32 o son t nner OU A E EM ed ee O 26 3 0 9 2 122 REG TABS DIOQO cu oe eee eee eee 26 op 2 Ws PPPOATOUIBO eec nents re geen ath ohn ae eeu eg oe ML DUM og Mad Me caue E d 27 S6 2 E TOM dsl i o TE ETE 28 935925 ee OE TOWO essere ch se samet etus a cEI E EU EE ce etas EM DDU IM cause cies 29 GAS UR IBI c THEM 30 2099 FOV A 30 e Peo Peo A Sa cosecha itin A ME M M I M M S MM M I MI IM III Nue ILE crede 30 30 03 3 2 Remote Acces Staind a all iaa carl bir s Lon sd ecru dl e e dc EUM Lo aan oM DEUM m Poir E 31 9 0 9 359 PIMA SLI OG IdE uisens decade issue Macri eoo ce once eiue ete aeterne ended ade ine Donde ltnied case tano cda degens 32 39 9 9 9 4 BaCHUD HOSIOEG 5o sace teet a a 32 Sy Va eI mio Ui 1 es TC TT TRE DN Pr 32 Saco NER User Management 33 a A HOO ve es pe LEICA TERE Sd II ICM dee ees 33 cu ons T Gencer SEMIN SENT PEE 34 Sio d o RIO x e eit cu ia sd to Lud ME EM intu LM LE uoa A A OMM A LUE 36 9 5 ud 2s Ol ENE Sose lee A p MM D me ED a xe L Mb UM cc E d 36 32053 452 2 Address File aia 37 3 6 3 4 2 9 Packetlilter example cet a anie eR Even De uM usto ahis un E a ecce ta cesa du pos 37 36349 o o 41 9 09 32 4 4 MAG Address PIE a i ee oci ve desee ei exuta items deesse epu tapa a EL eee es 44 CROP IRE NERO TTE UTERE 45 Oro c oM REYWO A EEIN e o aaa a
17. Specify an IP address Iz Eddress o S aonet asks IEEE spen Gateway EUER Advanced 3 3 3 For Windows 2000 1 Go to Start Settings Control Panel In the Control Panel double click on Network and Dial up Connections 2 Double click LAN Area Connection Local Area Connection Connection Network and Dial up Connections Local Area Connection Type LAN Connection Status Enabled hd 3 In the LAN Area Connection Status window click Properties 12 Chapter 3 Configuration Local Area Connection Status 3 1xj General Connection Status Connected Duratiory E 54 2 Speed 10 0 Mbps Activity Sent a Hecerved L ak Packets S00 138 Local Area Connection 2 Properties General Sharing Connect using BH Realtek RTL8138 5 PCI Fast Ethernet Adapter Components checked are used by this connection db NWLink IPX SPe NetBlOS Compatible Transport Proto d MetBELII Protocol Internet Protocol TCP ZIP 3 dh F 4 Install Uninstall Properties A Description Transmission Control Pratacal Interet Protocol The default Wide area network protocol that provides communication across diverse interconnected networks Show icon in taskbar when connected Ok Cancel 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons 6 Click OK to finish the configurati
18. The initiator of an attack will be blacklisted that is will be added to the blacklist Whenever the router receives a packet from the Internet it will check the blacklist first to see if the initiator is in the list If it is the packet will be dropped A configurable value is associated with each type of the attack the initiator will be removed from the list when it times out b gt Status Intrusion Detection Quick Start V Configuration Enable true gt LAN be WAN Use Blacklist true gt System Use Victim Protection true V Firewall General Settings Victim Protection Black Duration enn Setinde Packet Filter DOS Attack Block Durati Intrusion Detection red reco seconds MAC Address Filter Scan Attack Block Duration 86400 URL Filter OS E gt VPN Maximum TCP Open Handshaking Count 100 per second O Virtual Server E gt Advanced Maximum Ping Count E per second O Save Config to FLASH Maximum ICMP Count 100 per second Logout Apply Language English Clear Blacklist Enable select True to enable intrusion detection Strongly recommend to set TRUE for Use Blacklist and Use Victim Protection when enable Intrusion Detection Use Blacklist select True to use blacklist If enabled external host addresses will be saved into blacklist when the router detects the intrusion from these hosts Use Victim Protection select True to use Victim Protection If enabled the router will protect the intern
19. Type amp Dial nut Serer IP Address or Hostname eat 12 33 Er Sytem C3 Dial in Private IP Address Assigned to Dialin User E gt Firewall l HEBEL Password esaeaena o Virtual Server Ep OM gt Advanced fueling hep ete EN O Sows Config to FLASH Hata Encryption Auto i Rey Length Aura Bal Mode stateful w O Logout Idle tirne D minutas Language de English Refer also to PPTP VPN remote access dial in for the other parameters PPTP Status 99 PLANET ADSL VPN Firewall Router Y Status PPTP Status ARP Table EES ana VFh PFTP ID RET Seme Acca IF ac gts Lan f Email status Event Log Error Log 2 II VPN PPTP tor LAN el gt Cenfiguratinn Active Session Call o Save Config to FLASH Connactad Cannactad c Logout VPN PPTPH JF x eneryptien enabled mppe 128bits stateful mode Language English 3 6 3 5 1 5 An Example of Configuring a LAN to LAN PPTP VPN Connection Background of the Example The branch office establishes a PPTP VPN tunnel with the head office to connect two private networks by leveraging the Internet infrastructure The routers are installed in the head office and branch office accordingly Application Diagram Head Office 192 168 0 254 69 1 121 3 192 168 1 254 LAN side WAN side LAN side Router PPTP server VPN connection 192 168 0 0 24 PPTP VPN LAN to LAN Configuring PPTP VPN in the Head Office The
20. URL Filter E VPN O Virtual Server E Advanced Save Config to FLASH Logout internal Language English E You may configure to filter inbound incoming and outbound outgoing packets based on port or IP address If it is based on port click Port Filters for more options You may filter the packets based on PORT and packet type TCP or UDP or any For example the protocol number 1 means ICMP You may enter 1 to protocol number of Raw IP Filtering web page Port ranges are supported If it is based on IP address click Address Filters for more options You may enter the IP address and again to select the inbound or outbound packets For example to allow TCP packet port O to 1000 passing router between WAN and LAN and blocks host IP address 192 168 1 100 Then you have to configure the port filter add TCP filter gt 0 to 1000 and ALLOW in both direction Then click address filter t add address filter enter host IP 192 168 1 100 subnet mask 255 255 255 255 for this single host and both direction 3 6 3 4 2 1 Port Filters The pre defined port filter rules for high medium and low security level are listed below When user enables Firewall Security feature for high medium or low security level the Block WAN Request function Ping packet is enabled automatically Application Protocol Port Number Firewall High Firewall Medium _ Firewall Low Start End Inbound Outbound nbound Outbound Inbound Outboun
21. address manually The setting of this item is specified by your ISP 3 6 3 2 1 2 RFC 1483 bridged b gt Status WAN connections RFC 1483 bridged Quick Start V Configuration Description RFE 1483 bridged mode gt LAN l T WAN WPI lo ISP CI o DNS System Encapsulation method LicBridged E Firewall VPN O Virtual Server Apply Advanced Save Config to FLASH Logout Language English 26 Chapter 3 Configuration Description Give a name for this connection VPI and VCI Enter the information provided by your ISP Encapsulation method Select the protocol format the default is LlcBridged Select the one provided by your ISP 3 6 3 2 1 4 PPPoA routed gt Status WAN connections PPPoA routed O Quick Start V Configuration Description PPPoA Routed E LAN E V WAN VPI n ISP vel b DANS E System NAT Enable E Firewall T gt VPN sername O Virtual Server Password E Advanced O Save Config to FLASH Use the following IP address 0 0 0 0 means Obtain an IP address automatically Logout Authentication Protocol Chap Auto PPPoA Connection Always On ad Language User Idle Timeout fin minutes n English Apply Description Give a name for this connection VPI VCI Enter the information provided by your ISP NAT The NAT feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users in the L
22. alian n Fika E dip alan de Hot allowed for Inbound Es WAN ype Start End Inbound Outbound Intemet to LAN applic ation gt System Delete 3 Y Firewall Ang attinge 17 53 53 true rua Delete Packet Filter ntrusian Detection B 53 53 true true Delete q3 MAC Address Filter URL Filtar E 21 21 false true Delete 0 VPN e Avenced E 23 Zo false true Delete O Sore Config to FLASH b 25 45 false true Delete O Logout E MU 1110 false true Delete if B 118 119 false true Delete Language 17 FORO FORO true true Delete 1 A AS false true Delate q3 b 120 1720 true true Delete E 1803 1505 true true Delete b 22 22 true true Delete 17 139 113 false true Delete B 443 6449 false trug Delete 1 Click Packet Filter you will get the following figure Click P ort Filters Er Staium Packet Filter a Quick Start Configuration Typa Configuration Hote a axtemal Part Fili gs Addrass Fikars 1 By default all protocol types and TEP UDP pors ae hinckid E Sidon EG 2 Onty the listed IP addresses are blocked V Firrwali ne Tao aS MAC Addes Filler WAL Fitar Advanced CQ Save Config to FLASH a Logout 2 Click Port Filters the pre defined port filter rules screen of low security level is shown as below 38 Chapter 3 Configuration ce Status Port Filters Quick Start Y Configuration Pon Filters eee Type Start End Inbound Quibound gt WAN
23. amp 123 false inga Delete y 443 false irga Delete Add TCP Filter y 4 Click Add TCP Filter Add WOP Filter 4 Add Rave IP Filter Hatum 45 5 Input the port number and set the inbound amp outbound as Allow t iau Duck Start Y Configuration E LAN E WAH E System Y Firewall Ganeral Settings oson ete ce ion hoc Apndrags Filtar URL Filter E VPN E Advanced Save Config to FLASH O Logout Language 6 The port filter rule of HTTP is shown as below 40 Transport Pon Range Type Start dd Fatum 4 Firewall Add TCP Port Filter End Dira ctl on Inbound Outbound Input HTTP port number Select Allow Chapter 3 Configuration ri zi al ml E H LI UH LEILA qa E gt Status PRES A OEELA RSS AUR perser D Quick Start E E 23 fales truag Delete 3 Y Configuration b a 25 false true Delete amp E gt LAN E WAN 6 110 110 false true Delete A l gt 8 T 1T haut B 119 119 false true Delete q ePIBL eting l E 7 Seele m w Le da ue p Delete Intrusion Getaction MAC Address Filter f PAG RFA fales trua pH URL Filler IB 1720 1720 true true Delete gt VPN gt Acvanced E 1509 1503 true true Delete amp S Sava como FLASH 6 22 22 true trua Delete 3 Logout F 1r 125 1123 falEa trua Delet
24. either you registered the DDNS please refer to the DDNS section or you have a static IP with a domain name you can also use the Hostname instead of the IP address to reach the router gt Siotes Check Dial out PPTP LAN TO LAN oO Dulek Stari Head office router IP WAH side Y Configuration onisetign Mans PN PETP1 s E LAN l IWAN Type amp Dalou Sawer lP Address or Hostname IFB 1 121 3 gt Sa m Dinlin Private IP Address Assigned ta Dialin User Ex Firewall S 4 T 7 WE Peer Network IF 452 181 0 Medmask 255 355 255 n mr mm zT Lisamama usernama Tes aii st Goa Passard arenes Head office network Save Conflg to FLASH Au Tue Chap utn Logout Data Encryption auto pe Fey Length Auto Made eateful Idle tima D minutes Language English gt Apply Refer also to Configuring PPTP VPN in the Head Office for other parameters PPTP Status in the Head Office 57 PLANET ADSL VPN Firewall Router 7 Statue PPTP Status ARP UE APH PPTP for Remote Access Application Pano Saus Activa E Beaslon Call Encryption Email Status Connecte Suh mmm SER n Connaeted Connactad Error Log o Qukk Start p Ganfiguration p Save Config to F o Logout Language English 3 6 3 5 2 IPSec The router supports IPSec VPN to establish secure end to end private network connections over a public networking infrastructure The specification is as below
25. have access to other computers and networks g Creates a new connection dfistart w E d a Network and Dial up C Ra WE 10 02AM 2 Follow the step and select Connect to a private network through the Internet Network Connection Type ou can choose the type of network connection you want to create based on A pour network configuration and your networking needs C Dial up to private network Connect using my phone line modem or ISON C Dial up to the Internet Connect to the Internet using my phone line modern or ISOM Connect to a private network through the Internet Create a Virtual Private Network WPN connection ar tunnel through the Internet Accept incoming connections Let other computers connect to mine by phone line the Internet or direct cable C Connect directly to another computer Connect using my senal parallel or infrared port Back Cancel 3 Enter the IP address of the ADSL Router located in the office Chapter 3 Configuration Network Connection Wizard Destination Address What is the name or address of the destination Type the host name ar IP address of the computer or network to which you are connecting Host name ar IP address such as microsoft com ar 123 45 5 78 Back Cancel 4 Follow the step the following screen appears The setu is completed Network Connection Wizard 7 ihe TVA Completing the Network Connection Wi
26. high security in transmission there are two alternatives to select from WEP 40 and WEP 128 Key 0 3 Enter the key to encrypt wireless data To allow encrypted data transmission the WEP Encryption Key values on all wireless stations must be the same as the device There are four keys for your selection The input format is in HEX style 5 and 13 HEX codes are required for WEP64 and WEP128 respectively the separator is Take WEP64 case for example 11 22 33 44 55 is a valid key 1122334455 is invalid instead Hide SSID When enabled the Wireless AP is invisible from the site surveying by Wireless clients The wireless clients still can associate with this Wireless AP if entered with the same ESSID value Reset Heset the Wireless AP function 3 6 3 1 3 Port Setting 22 When you click Port Setting you get the following figure This allows you to configure the port setting to solve some of the compatibility problems while connecting to the Internet Chapter 3 Configuration L Status Port Setti n O Quick Start V Configuration Port Connection Type Auto Ethernet Port Connection Type Auto Wireless l Port Setting PESGGMIB OPES CS DHCP Server RAN Port4 Connection Type Auto E System Port Rate Limit Disable E Firewall E gt VPN Enable 32kb O Virtual Server B E Advanced Port2 Rate Limit Disable Save Config to FLASH Enable 32kbps Logout a Ports Rate Limit Disable T C Enable
27. in User address Chapter 3 Configuration Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto Data Encryption The data can be encrypted by MPPE algorithm Default is Auto it is negotiated when establishing a connection Key Length The data can be encrypted by MPPE algorithm with 40 bits or 128 bits Default is Auto it is negotiated when establishing a connection Mode You may select Stateful or Stateless mode The key will be changed in each 256 packets when you select Stateful mode If you select Stateless mode the key will not be changed in each packet Idle Time Auto disconnect the router when there is no activity on the line for a predetermined period of time O means this connection is always on Click Apply after setting 3 6 3 5 1 2 PPTP for LAN to LAN For the LAN to LAN application please refer to the figure below b gt Status PPTP LAN TO LAN O Quick Start V Configuration Connection Name ES LAN Type c Dial aut server IP Address for Hostname E WAN b System C Dial in Private IP Address Assigned to Dialin User Firewall V VPN Peer Network IP FP Netmask i PPTP Username IPSec Virtual Server Passwor
28. information please see IANA web http www iana org assignments port numbers Port Protocol Description Number 1 ICMP PING FTP Data FTP Control 22 TCP amp UDP SSH Remote Login Protocol Telnet 23 TCP _ Telnet 25 TCP J SMTP Simple Mail Transfer Protocol 63 PLANET ADSL VPN Firewall Router 69 UDP CST FTP Trivial File Transfer Protocol go CP World Wide Web HTTP SNMP 161 ICP SNMP Being a natural Internet firewall this network router protects your network from being accessed by outside users When it needs to allow outside users to access internal servers e g Web server FTP server E mail server or News server this modem can act as a virtual server You can set up a local server with specific a port number that stands for the service e g Web 80 FTP 21 Telnet 23 SMTP 25 POPS 110 When an incoming access request to the router for a specified port is received it will be forwarded to the corresponding internal server For example if you set the Service Port number 80 Web to be mapped to the IP Address 192 168 1 2 then all the http requests from outside users will be forwarded to the local server with IP address of 192 168 1 2 If the port is not listed as a predefined application you need to add it manually When you click Virtual Server you get the following figure b gt Status Virtual Server O Quick Start V Configuration Enable A
29. not want to have idle timeout 29 PLANET ADSL VPN Firewall Router 3 6 3 2 2 DNS The WAN DNS is shown as below Status DNS O Quick Start V Configuration E gt LAN Primary DNS IP Address ie secondary DNS IP Address gt System E Firewall E VPN O Virtual Server E Advanced O Save Config to FLASH Logout Language English E A Domain Name System DNS contains a mapping table for domain name and IP addresses In the Internet every host has a unique and friendly name such as www yahoo com and an IP address As the IP Address is hard to remember the DNS converts the friendly name into its equivalent IP Address You can obtain a Domain Name System DNS IP address automatically if your ISP has provided it when you logon Usually when you choose PPPoE or PPPoA as your WAN ISP protocol the ISP will provide the DNS IP address automatically You may leave it as blank Or your ISP may provide you with an IP address of their DNS If this is the case you must enter the DNS IP address If you choose one of the other three protocols RFC1483 routed bridged and IPoA Check with your ISP it may provide you with an IP address of DNS You must enter the DNS IP address if you set the DNS of your PC to the LAN IP address of this router 3 6 3 3 System There are six items under the System section Time Zone Remote Access Firmware Upgrade Backup Restore Restart Router and User Management 3 6
30. to setup a security channel between branch office and head office using LAN to LAN tunnel mode connection ESP with MD5 as the authentication protocol and AES as the encryption protocol is decided as the policy of security plan Pre shared key is defined as 8 characters 12345678 PT Eranen Office HeaiOfie 61 PLANET ADSL VPN Firewall Router 62 Configuring IPSec VPN in the Head Office The local subnet head office is set as 192 168 1 0 24 with netmask 255 255 255 0 while the remote subnet branch office is set as 192 168 0 0 with netmask 255 255 255 0 The IP address 69 1 121 30 in Secure Gateway Address field is the Public IP address of the router located in the branch office If you have a domain name assigned to this IP address either you registered the DDNS please refer to the DDNS section or you have a static IP with a domain name you can also use the Hostname instead of the IP address to reach the router Set Proposal as ESP MD5 AES PFS as None and pre shared key as as12345678 according the pre defined security plan Given a name of IPSec connection E Status IPSec E Bulek Start l H offi k V Configuration Pe SPM IP Sect en Ud E LAN Local gt WAH Maiork System Singla Address IP Address Subnet IP Addrees 12 458 1 0 hietmazk 255 255 265 0 CHP Range IP Address End IP O Virtual Server Remote di donncud Secure Gateway Addrezs or Ha sien Bp Eg 13 a C
31. 1 ma CA 11681 El O Check Enable Specify a port number for this application Select TCP Given a name of the application Protocol of Http remote access to router by Http Example 2 Configuring a Virtual Server 1 Set Web server IP address to a fixed IP 192 168 1 100 2 Set Remote Access as Enable User can access the router remotely through port 80 gt Sinus Remote Access amp Quick Start V Configuration E LAN From this page pou may temporarily permit remote administration of this network device Enable Remote Access Allow access Tor 357 inutes alte Oppa BR Restart Router User Management Acc ess time period from remote site Er Fireweall Cr VPH o Virtual Sarver Advanced Save Contig do FLASH Logoud Language English Check Enable 3 Since the port number 80 is used by the router the Web server port number needs to be changed 67 PLANET ADSL VPN Firewall Router Specify a port number for this applic ation Given a name of the application PARIEN Web server in local network Select TCP Protocol of Http IP address of Web server E Stas PPTR 1723 mU m 192 1681 V Configuration O 5P 5080 1921601 E LAN Er Systam X uM SIT O I Thee 1 mo nde Bi LH lpse M bogo Check Enable O MN tep F a A 4521681 Esque a OT pe m EL Jia jj H lw a
32. 4200 contact technical support None of the LEDs are Problems with the WAN Interface Corrective Action dE Eas Ensure that the cable is connected properly from the ona cid ds didis ADSL port to the wall jack The ADSL LED on the front panel of the ADE 4200 ADW 4200 should be on Check that your VPI VCI type of encapsulation and type of multiplexing settings are the same as what you collected from your telephone company and ISP Reboot the ADE 4200 ADW 4200 If you still have problems you may need to verify these variables with the telephone company and or ISP Problems with the LAN Interface Corrective Action Can t ping any station Check the Ethernet LEDs on the front panel The LED on the LAN should be on for a port that has a station connected If it is off check the cables between your ADE 4200 ADW 4200 and the station Make sure you have uninstalled any software firewall Verify that the IP address and the subnet mask are consistent between the ADE 4200 ADW 4200 and the workstations 74 Appendix A Specification ADSL VPN Firewall Router ADSL Wireless VPN Firewall Router ADE 4200A ADE 4200B ADW 4200A ADW 4200B lt Y Olo alo Oc O m L D o e ANSI T1 413 Issue 2 ITU G 992 1 G dmt including Annex A ADSL over POTS for ADE 3100A 4100A Annex B ADSL over ISDN for ADE 3100B 4100B G 992 2 Glite with fast retrain RFC 2364 PPP over ATM LLC VCMUX RFC 251
33. 6 PPP over Ethernet LLC VCMUX RFC 1577 Classic IP over ATM LLC VCMUX RFC 1483 Bridged IP over ATM LLC VCMUX RFC 1483 Routed IP over ATM LLC VCMUX Integrated ATM AAL5 support 255 VPI plus 65535 VCI address range Interoperability Interoperable with major DSLAM suppliers LAN 4 10Base T 100Base TX Auto Negotiation Auto MDI MDI X WAN 1 RJ 1 10 100Base TX Auto Negotiation PWR SYS LAN 1 to 4 MAIL PPP ADSL WLAN ADW 4200 only 1 for reset factory reset 1 x RS 232 Console 1 x ON OFF switch on rear panel F gt T D r o o Q O o 5 e Q Q Q gt lt U c LO LO O c Console wo r s C m o O O TI 15 Tl o O lt S 2 7 IP NAT PPTP ARP ICMP DHCP PPPoE PPPoA IPoA PPTP client RIP1 2 Native NAT firewall Enhanced policy based SPI firewall Intrusion Detection URL Filter Blocking log Virtual Server DMZ IPSec MD5 HMAC SHA1 HMAC Certificates authentication DES CBC 3DES CBC encryption Internet Key Exchange Manual Key Negotiation Web browser management telnet console SNMP Environment Specification Dimension W x D x H 210 mm x 147 mm x 33 mm 12V DC 1A Maximum 10W 34 BTU Temperature 0 45 degree C operating 10 70 degree C storage Humidity 596 95 non condensing EMI FOC part 15 CE og co SO Z O lt Z Z D D O D 3 D 5 e O D A O1 Appendix B Product Suppor
34. 60 DES Stands for Data Encryption Standard it uses 56 bits as an encryption method 3DES Stands for Triple Data Encryption Standard it uses 168 56 3 bits as an encryption method AES Stands for Advanced Encryption Standards it uses 128 bits as an encryption method Perfect Forward Secrecy Choose whether to enable PFS using Diffie Hellman public key cryptography to change encryption keys during the second phase of VPN negotiation This function will provide better security but extends the VPN negotiation time Diffie Hellman is a public key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel There are three modes MODP 768 bit MODP 1024 bit and MODP 1536 bit MODP stands for Modular Exponentiation Groups Pre shared Key This is for Internet Key Exchange IKE protocol a string from 4 to 128 characters Both sides should use the same key IKE is used to establish a shared security policy and authenticated keys for services such as IPSec that require key Before any IPSec traffic can be passed each router must be able to verify the identity of its peer This can be done by manually entering the pre shared key into both sides router or hosts Click Advanced Option to get the following figure b gt Status IPSec Quick Start SA Lifetime Phase 1 IKE V Configuration b gt LAN E gt WAN b gt System Phase 2 IPSec E gt Firewall V
35. ADSL telephone network Console Connect a PS2 or DB9 RS 232 cable to this port when connecting to a PC s RS 232 port 9 pin serial port Please note that console cable is not provided on standard package LAN 1 4 Connect an UTP Ethernet cable to one of the four RJ 45 LAN ports when connecting to a PC or an connector office home network of 10Mbps or 100Mbps After the device is powered on press it to reset the device or restore to factory default settings The operation is as below 0 3 seconds reset the device 3 6 seconds no action 6 seconds or above restore to factory default settings this is used when you can not login to the router e g forgot the password Connect the supplied power adapter to this jack Power Switch Power ON OFF switch 2 4 Cabling The most common problem is bad cabling or ADSL line Make sure that all connected devices are turned on On the front of the product is a bank of LEDs As a first check verify that the LAN Link and ADSL line LEDs are lit If they are not verify that you are using the proper cables Chapter 3 Configuration The ADE 4200 ADW 4200 can be configured with your Web browser The web browser is included as a standard application in the following operation systems UNIX Linux Mac OS Windows 98 NT 2000 Me etc The product provides a very easy and user friendly interface for configuration 3 1 Before Configuration This section describes the configuration requir
36. AN site have public IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alohanumeric characters case sensitive Password Enter the password provided by your ISP You can input up to 128 alohanumeric characters case sensitive Service Name This item is for identification purpose If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters Use the following IP address If your ISP gives you a fixed IP address through PPPOA input the IP address on this field Authentication Protocol Type Default is Auto PPPoA connection his item provides 2 options Always on if you want to establish a PPPoA session when starting up It will 21 PLANET ADSL VPN Firewall Router also automatically re establish the PPPoA session when disconnected by the ISP Connect to Demand if you want to establish a PPPoA session only when there is a packet requesting access to the Internet User Idle Timeout in minutes Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Input O if you do not want to have idle timeout 3 6 3 2 1 4 IPoA routed 28 Status OUI SU WAN connections IPoA routed V Configuration M gt LAN Description IPoA routed V WAN VPI RN DNS VICI n System E gt Firewall MAT Enable
37. Area Connection Properties General Authentication Advanced Connect using B3 Realtek RTL8133 Family PCI Fast Ethernet MIC L l Configure This connection uses the following items v ml Client For Microsoft Networks v File and Printer Sharing For Microsoft Networks E pinternet Protocol TCP IP L PEEL RE ET A EN Install Uninstall Properties Description Transmission Control Protacal Intermet Protocol The default Wide area network protocol that provides communication actos diverse interconnected networks Show icon in notification area when connected Close 5 Select the Obtain an IP address automatically and the Obtain DNS server address automatically radio buttons 15 PLANET ADSL VPN Firewall Router Internet Protocol TCP IP Properties General Altemate Configuration You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator For the appropriate IP settings Ge Obtain an IP address automatically C5 Use the following IP address Ce Obtain ONS server address automatically C Use the following ONS server addresses EN AAA 6 Click OK to finish the configuration 3 4 Factory Default Settings Before configurating this ADE 4200 ADW 4200 you need to know the following default settings 1 Web Configurator Username admin Password admin
38. E VPN Virtual Server Obtain an IP address automatically via DHCP client E Advanced Use the following IP address O Save Config ta FLASH IP Address O Logout Netmask Gateway Language English Apply Description Give a name for this connection VPI VCI Enter the information provided by your ISP NAT The NAT feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users in the LAN site have public IP addresses and can access the Internet directly the NAT function can be disabled Obtain an IP address automatically via DHCP client If your ISP give you an IP address dynamically with IPoA please select this item Use the following IP address If your ISP give you an fixed IP address through IPoA please select this item and manually configure the IP address subnet mask and default gateway IP address Chapter 3 Configuration 3 6 3 2 1 5 PPPoE routed b gt Status WAN connections PPPoE routed Quick Start V Configuration Description PPPoE Routed b gt LAN vni Y WAN 0 ISP VCI 0 DNS b gt System NAT Enable E E gt Firewall Username Virtual Server b gt Advanced Save Config to FLASH Service name Logout Use the following IP address Password 0 0 0 0 means Obtain an IP address automatically Authentication ProtocolAuthentication Protocol Chap Auto E l PPPoE Connection Always On M Engst ad U
39. IP 64 152 73 206 V Status ARP Table DHCP Table PPTP Status IPSec Status Email Status Event Log Error Log o UPnP Portmap o Quick Start t Configuration o Save Config to FLASH o Logout Language English Event Log T system log buffer head Existing Session Somebody want to communicate with Router 31 30 home gateway firewall info Blocked Prot 6 64 152 73 ini 0 176 206 1052 AF Seq 777651151 Ack 490416013 No Existing Session Sep 18 20 31 30 home gateway firewall info Blocked Prot 1 8 0 61 230 213 27 gt 61 230 176 206 Port Filter Defense Sep 18 20 31 31 home gateway firewall info Blocked Prot 6 64 152 73 206 80 gt 61 230 176 206 1052 AF Seq 777651151 Ack 490416013 No Existing Session Sep 18 20 31 33 home gateway firewall info Blocked Prot 6 64 152 73 206 80 gt 61 230 176 206 1052 AF Seq 777651151 Ack 490416013 No Existing Session Sep 18 20 31 37 home gateway firewall info Blocked Prot 6 64 152 73 206 80 gt 61 230 176 206 1052 AF Seg 777651151 Ack 490416013 No Existing Session Refresh Clear 2 Attacked by ICMP PING request V Status ARP Table DHCP Table PPTP Status IPSec Status Email Status Event Log Error Log o UPnP Portmap o Quick Start b gt Configuration o Save Config to FLASF o Logout Language English Event Log eg Somebody ping The Router No Existing Session ICMP packet Source IP
40. IP Addraaz End IP O Virtual server fie mne i l gt Advanced Secure Gateway Andrae for Hastname ga 1 121 3 A Head office router IP WAN side r Mat n rk COUTE l O Save Config 10 FLASH O Single Address P Addes acd Subnet P Addresa Joz 11 0 Netmask Qs 2552550 CHF FEE IP Addresas End IF Language Deor cum 3 Engliah 2 CAH Authentication TOS Authentication pags Head offic e network Encryption AES Prefact Farward Secrecy Mane Pre shared Key 17345878 Apply k Ey Security plan 3 6 3 6 Virtual Server In TCP IP and UDP networks a port is a 16 bit number used by the host to host protocol to identify to which application program it must deliver incoming messages oome ports have numbers that are pre assigned to them by the IANA and these are known as well known ports Servers follow the well know port assignments so clients can locate them The Internet Assigned Numbers Authority IANA is the central coordinator for the assignment of unique parameter values for Internet protocols Port numbers range from O to 65536 but only ports numbers O to 1024 are reserved for privileged services and designated as well known ports The registered ports are numbered from 1024 through 49151 The remaining ports referred to as dynamic ports or private ports are numbered from 49152 through 65535 Examples of well known and registered port numbers are as below for further
41. LAN For example when you select High the Port Filters of the Packet Filter screen will be set automatically according to High security level settings Firewall Logging When both the Firewall Security and Firewall Logging are enabled the device will detect the blocked and or intrusion packets once the setting has been configured Then the router will log the corresponding blocking or intrusion detection logs into the Event Log under Status Select the Apply button to save the setting Please note that the enabling of Firewall Security amp selection of Firewall policy is belong to the second level of Firewall as described above it blocks and redirects certain ports to limit the services that outside users can access with Port and Address Filter features Please refer to Intrusion Detection section for security level 3 protection to prevent your local area network LAN from malicious attacks for example port scan and Denial of Service DoS 35 PLANET ADSL VPN Firewall Router 3 6 3 4 2 Packet Filter When you click Packet Filter you get the following figure gt Status Packet Filter O Quick Start V Configuration Type Configuration Note E LAN external Port Filters 9 Address Filters 3 1 By default all protocol types and TCP UDP parts are blocked lt gt WAN 2 Only the listed IP addresses are blocked E System V Firewall General Settings Packet Filter Intrusion Detection MAC Address Filter
42. S pouting Tat iu 1d EEENEMMNEEEFEEREE W Routing Table Dynamic DNS Period 28 Davis M Check Emails 28 Day s E Device Management Save Config to FLASH Apply Logout The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname This dynamic IP address is the WAN IP address For example to use the service you must first apply for an account from their Web server http Awww dyndns org There are several DDNS servers supported Please first browse the website to apply an account then configure the Dynamic DNS settings on this page Enable Disable Enable or disable the Dynamic DNS function Dynamic DNS Select the registered DDNS server You have to first browse their website to apply username and password Domain Name Username and Password Enter the registered domain name username and password Period Set the time period for the Router to exchange information with the DDNS server In addition to update periodically according to this period setting the Router will take the same action automatically whenever the assigned IP changes 3 6 3 7 2 1 Example of Configuring DDNS Background of the Example Setup a Web server in the office that can be accessed via Domain Name instead of the dynamic IP address 69 PLANET ADSL VPN Firewall Router Configuring DDNS 1 2 Set the Web server and FTP server IP address as described in section Virtual Server Apply an account from this free We
43. VPN Change Reset PPTP IPSec O Virtual Server b gt Advanced Save Config to FLASH Logout Lanquage English SA Lifetime Specify the number of minutes that a Security Association SA will stay active before new encryption and authentication key will be exchanged There are two kinds of SAs IKE and IPSec IKE negotiates and establishes SA on behalf of IPSec an IKE SA is used by IKE Phase 1 IKE To issue an initial connection request for a new VPN tunnel Default 240 minutes range from 5 to 15 000 minutes Phase 2 IPSec To negotiate and establish secure authentication Default 60 minutes range from 5 to 15 000 minutes A short SA time increases the security by forcing two parties to update the keys However every time the VPN tunnel re negotiates the access through tunnel will be Chapter 3 Configuration temporarily disconnected 3 6 3 5 2 2 An Example of Configuring a LAN to LAN IPSec VPN Connection Background of the Example The branch office establishes an IPSec VPN tunnel with the head office to connect two private networks by leveraging the Internet infrastructure The routers are installed in the head office and branch office accordingly Application Diagram Branch Office Head Office TAN a 69 1 121 30 69 1 121 3 192 168 1 254 Router Router IP Sec IP Sec VPN connection 192 168 0 0 24 192 168 1 0 24 IPSec VPN LAN to LAN Network Configuration and Security Plan We want
44. al host the host is the victim at this moment from suspicious attacks Victim Protection Duration after the router has detected that an internal host has been attacked the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit in order to protect the host DoS Attack Block Duration after a DoS attack is detected the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit Scan Attack Block Duration after a Scan attack is detected the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit Maximum TCP Open Handshaking Count set the maximum number of unfinished TCP handshaking session per second Once the maximum of unfinished TCP Chapter 3 Configuration handshaking session per second is reached the router will consider the SYN flood attack occurs Maximum Ping Count set the maximum number of PING packets per second Once the maximum number of PING per second is reached the router will assume that an Echo storm attack has occurred Maximum ICMP Count set the maximum number of ICMP packet per second Once the maximum number of ICMP packet per second is reached the router will consider that an ICMP flood attack has occurred some pictures are shown below which show the router attacked by others 1 Attacked by other with TCP packet Port 1052 from source
45. b server http www dyndns org There are more than 5 DDNS services supported by this router Configure DDNS as the following b gt Status Cre ibi Dynamic DNS Quick Start Y Configuration Enable Disable gt LAN E oro Dynamic ONS wan dy nidis arg dio lt S elect the registered DDNS server E Heyden Porai Harag domain prefix dyndns QrH a Input the registered domain name a Virtual Server Lea inane USB Mame Input the registered usemame amp Y Advanced Pase poe 4 password C Dynamic ONS gt Period Input the period of time for router Ema ES Davis to exchange information with the via VAAN Interface lima se DDNS server The router will Save Config to FLASH E update with the DONS serve A Lagout whenever the router IP address Apply WAM side changes Language S elect the name of the WAH connection This is applicable when you create two or more WAM connections English 3 6 3 7 3 Checking Emails Click Checking Emails to get the below figure then check the Enable button to access the service E V Status Check Emails Quick 5tart Confiquration O Enable Disable E LAN E WAN Account Mame gt System Password E Firewall l E VPN POPS Mail Server Virtual V iene us ou minutes Routing Table Automatically dial out for checking emails Dynamic DNS Check Emails Device Management Save Config to FLASH Logout Language E
46. cked then drop this packet 3 Ifthe packet is not matched with above two items the send it to outside world To add a domain name enter its host name such as www bad site com into the text field under Domain and select either Trusted Domain or Forbidden Domain then click Apply The specified domain will be shown in the Domain List DO NOT include http ONLY the sub domain is allowed For instance taking yahoo com as the trusted domain means that www yahoo com my yahoo com and sports yahoo com will also be trusted To remove a site that was previously added select its name in the list box and click the Delete button to eliminate it from the list 3 6 3 5 VPN The router supports VPN to establish secure end to end private network connections over a public networking infrastructure There are two types of VPN connections the remote access and LAN to LAN VPN Deploying a remote access VPN enables users to reduce the cost by leveraging the local dial up infrastructures of the ISP in addition 47 PLANET ADSL VPN Firewall Router transmitting data over a secure VPN tunnel LAN to LAN VPN is an alternative WAN infrastructure that is used to connect offices and home offices to share network resources with each other over a secure VPN tunnel This router supports two kinds of VPN standards Point to Point Tunneling Protocol PPTP and Internet Security Protocol IPSec 3 6 3 5 1 PPTP There are two applications provi
47. configuring the Web Server amp the Router to be accessible remotely 66 Background of the Example setup the Web server in the office that can be visible to the outside network In the meantime set the router to be accessible remotely through HTTP Since they use the same protocol TCP we have to change the port number of either application to make these two services available Please note the access method to the Web server and router is different in case 1 amp 2 this is particularly related to port number setting refer below for details Example 1 Configuring a Virtual Server 1 Set Web server IP address to a fixed IP this is the IP of the PC running your web server software e g 192 168 1 100 2 Change the embedded web server s HTTP port to 8080 by select Configuration gt Advanced gt Device Management 3 Configure the Virtual Server as the following Chapter 3 Configuration Check Enable IP address of Web server LJ tf Status C Quick Start O Y Configuration m E LAN gt WAH eg O POF TCP 110 12161 E Firewall NNTP TCP 119 182 1E 1 T D Mirlual Server O NTP UDP 133 101681 o Save Config 10 FLASH g HTTPS TOP 443 192168 1 Logout i O IKE UDP 500 1001001 Language 71 120 TEF 1503 English s E 192 158 1 g nz TCP 1720 10021681 O PRTP TCR 1223 E IP address of router O SIF TCPIUDP 5060 102 188 1 O CUSeehe AAA 7648 100168
48. d Advanced O Save Config to FLASH Surh Types Chap Auto y O Logout Data Encryption Auto Key Length Auto Mode stateful Idle tima b minutes Lanquage English Apply Connection Name Give a name for this connection Type Check Dial Out to be a client check Dial In to be a server When this network router acts as a client please input the remote Server IP Address or Hostname to establish a connection When this network router acts as a server please input the Private IP Address Assigned to Dial in User address Peer Network IP Enter Peer network IP address 49 PLANET ADSL VPN Firewall Router Netmask Enter the subnet mask of peer network based on above Peer Network IP setting Username If you are a Dial Out user client enter the username provided by your Host If you are a Dial In user server enter your own username Password If you are a Dial Out user client enter the password provided by your Host If you are a Dial In user server enter your own password PPP Authentication Type Default is Auto Data Encryption The data can be encrypted by MPPE algorithm Default is Auto it is negotiated when establishing a connection Key Length The data can be encrypted by MPPE algorithm with 40 bits or 128 bits Default is Auto it is negotiated when establish a connection Mode You may select Stateful or Stateless mode The key will be changed in each 256 packets when you select Stateful mo
49. d HTTP 80 TCP 6 80 80 NO YES NO YES JO o YES POP3 110 TCP 6 36 Chapter 3 Configuration NEWS 119 RealAudio n m NO NO YES YES YES YES 7070 PING E H aw sea Tee ve gn NO ho No YES MS yes ICQ 5190 TCP 6 5190 5190 NO NO NO NOYES YES Note Inbound Internet to LAN Outbound LAN to Internet 3 6 3 4 2 2 Adaress Filters There are no pre defined address filter rules you can add the filter rules to meet your requirements There are two kinds of address filters one is inbound the other is outbound The rules can be set to prevent unauthorized users hosts or network to access the Internet from LAN outbound and or access LAN from the Internet inbound 3 6 3 4 2 3 Packet filter example The following provides an example of configuring a web server in LAN when the firewall policy is set to High Medium or Low security level The pre defined port filter rule for HTTP is the same no matter if it is a high medium or low security level The default setting is allowed for outbound access not allowed for inbound access To setup a Web server located on the local network when the firewall policy is set you have to configure the Port Filters setting first When the firewall policy is set the port filters screenshot is as below the inbound HTTP access is not allowed 3 PLANET ADSL VPN Firewall Router ce Status HTTP application Port Filters Quick Start
50. d Play UPnP Disable Check to disable UPnP function Enable Check to enable UPnP function UPnP Port Its default setting is 2800 It is highly recommended for users to use this port value You may wish to modify this port value only if this value conflicts with other ports already being used 3 6 3 7 4 3 SNMP Access Control Read Community Specify a name in any string to be identified as the Read Community and an optional IP address This community string will be checked against the string entered in the configuration file Once the string name is matched user with this IP address will be able to view the data Write Community Specify a name in any string to be identified as the Write Community and an optional IP address This community string will be checked against the string entered in the configuration file Once the string name is matched user with this IP address will be able to view and modify the data Trap Community Specify a name in any string to be identified as the Trap Community and an IP address This community string will be checked against the string entered in the configuration file Once the string name is matched user with this IP address will be notified Traps Please note SNMP software is required in order to utilize this section 3 6 4 Save Configuration to Flash 72 After configuring this network router you have to save all of the configuration parameters to FLASH Chapter 3 Configuration b gt
51. de If you select Stateless mode the key will be changed in each packet Idle Time Auto disconnect the ADSL router when there is no activity on the line for a predetermined period of time O means this connection is always on Click Apply after setting 3 6 3 5 1 3 An Example of Configuring a Remote Access PPTP VPN Dial in Connection 90 Background of the Example A remote worker establishes a PPTP VPN connection with the head office using Microsoft s VPN Adapter a piece of software included with Windows 2000 ME etc The router is installed in the head office connected to a couple of PCs and Servers Application Diagram Chapter 3 Configuration Office LAN Remote worker Public IP 192 168 1 254 Router PP TP client _ ________ J o lt lt z lt lt lt PPTP server VPN connection 192 168 1 0 24 PPTP VPN remote access dial in Configuring PPTP VPN in the Office The input IP address 192 168 1 200 will be assigned to the remote worker please make sure this IP is not used in the Office LAN Given a name of PPTP connection D Sirius EET cere PPTP Remote Access Connaction S Qulek Start E Y Configuration nection Name FN_PPTR IP acklress assigned to remote worker i Type oO Dial pul J Gener IP Address or Hnstngre pee Er System c Dial in Privete IP Address Assigned to Diglin User 409 168 1 x AE Firewall 1 i ME Lissmarne mam Input username a
52. ded in PPTP Remote Access and LAN to LAN please refer below for more information Click Create to select one of applications to continually setup E Status PPTP O Quick Start T Mia VPN PPTP for Remote Access Application E LAN Enable Disable Name Type Status E WAN i S gis VPN PPTP for LAN to LAN Application V e Enable Disable Name Type Status PETE IPsec Create O O Virtual Server E Advanced O Save Config to FLASH Apply O Logout Lanquage English 3 6 3 5 1 1 PPTP for Remote Access 48 For the Remote Access Application please refer to the figure below b gt Status PPTP Remote Access Connection Quick Start Y Configuration Connection Mame E gt LAN Type v Dial out server IP Address for Hostname E WAN E System Dial in Private IP Address Assigned to Dialin User gt Firewall Y VPN Username RETE IPSec Password Virtual Server Auth Tepe E T yp Chapi uto O Save Config to FLASH Data Encryption Auto Key Length Auto Mode stateful O Logout Idle time n minutes Lanquage Apply English Connection Name Give a name for this connection Type Check Dial Out to be a client check Dial In to be a server When this network router acts as a client please input the remote Server IP Address or Hostname to establish a connection When this network router acts as a server please input the Private IP Address Assigned to Dial
53. e 3 Toe E 443 443 false true Delete i E HI BO true true Delete Add TCP Filler y M Add UDP Filter q HTTP inbound amp outbound application Add Haw IP Filter 3 Return 3 7 Configure the Virtual Server to enable the HTTP service in the virtual server setting and input the WEB server s IP address If you try to setup a remote management of router permanently you may enter router s IP instead Virtual Server Enable Application Protocol Port IP Address o ler ltcp Iz 124682 m Telnet er 23 IA O SMTP mee 19216821 E HrrP tcp amp 0 isz1652 7 F POP3 tee 110 4924682 NNTP ie ng E or NP lupe hz 19216882 mo HTTPS tcp 448 192168 2 r fke upp 500 924682 r T4120 Tree 1503 Dope m H323 hee 720 1021682 3 6 3 4 3 Intrusion Detection 41 PLANET ADSL VPN Firewall Router 42 The Intrusion Detection allows you to prevent your local area network LAN from malicious attacks for example port scan and Denial of Service DoS The purpose of such attacks is either to consume the computing resources of your router or even to bring down the router and network The Intrusion Detection also supports the blacklisting feature to minimize system overhead that could be consumed in an attack as well as protecting the network in the meantime The blacklist is empty initially when the firewall enabled
54. e 10 entries to enter the MAC addresses you want manage If you select Blocked the packet with the MAC address in the table will be dropped and others will be forwarded If you select Allowed the packet with the MAC address in the table will be forwarded and others will be dropped Then select the Apply button to save the setting 3 6 3 4 5 URL Filter When you click the URL Filter you get the following figure There are no pre defined URL filter rules you can add the filter rules to meet your requirement Status URL Filter O Quick Start V Configuration p PAR QEnable 9 Disable E gt WAN 9 Always Block 7 Sys nn m eal Block from og e i o E General Settings Sunday E to Sunday Facket Filter Intrusion Detection MAC Address Filter Ol Keywords Filtering Details URL Filt l VPN xe O Domains Filtering Details O Virtual Server Disable all VVEB traffic except for Trusted Damains E Ad d inii Enable Blocking Log O Save Config to FLASH O Logout Language English E The URL filtering function enables you to block unwanted websites from accessing inappropriate material from the entire enterprise Enable Disable Check Enable Disable radio button to activate or deactivate the URL filter function Always Block Check this button if you wish not to access this website through out the entire time Or choose Block from Check this button if you onl
55. e Disable DNS radio button and click OK to finish the configuration TCP IP Properties Funding Advanced NetBIOS ONS Configuration M Gateway WINS Configuration IP Address DAS Server Search Order a EOE Remove Doman Surfin Search Order as Add Remove Cancel 10 Chapter 3 Configuration 3 3 2 For Windows NT4 0 1 Go to Start Settings Control Panel In the Control Panel double click on Network and choose the Protocols tab 2 Select TCP IP Protocol and click Properties Network 20x Identification Services Protocols Adapters Bindings Network Protocols Y NetBEUI Protocol Y NWLink IPX SPX Compatible Transport Y NwLink NetBIOS TCP IP Protocol Add Remove CEroperies 73 Update Description Transport Control Protocol Internet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Cancel 3 Select the Obtain an IP address from a DHCP server radio button and click OK 11 PLANET ADSL VPN Firewall Router Microsoft TCP IP Properties IP Address DNS WINS Address Routing An F address can be automatically assigned to this network card bv a DHCP server f vaur network does not have a DHCP server ask your network administrator for an address and then type it in the space below Adapter f Obtain an IP address from a DHCP server C
56. eI Im III meten remet reteteetetetretetriretet rire ri ris 5 22 E TOP PANELLED scusate a di EII OP EE MAD OS LM 5 23 AE REAR OR US sdiasccenisstescetutadu ene sesdey ted O a CHAPTER 3 CONFIGURATION iii s 8 9 1 BEFORE CONFIGURACION TT TEE 8 3 2 CONNECTING THE ADE 4200 ADW 4200 rraian aa il dada 8 3 39 CONFIGURING PE INWINDOWS UNE UTE 8 3 5 1 TOF WIBOOWS 95 ME tete A A O 8 C BO D O Y llo e AAA E eae eps ee 11 9 9X JOLF VVINOOWS OD o e eta o o LS e 12 SoA FOF WIBOOWS APR ad a a e e ad esa la Erde 14 SA FACTORY DEFAULT SETTINGS serer eaa A A A A oi 16 o4 1 Usermanme a NS SS VO e ter Cod or elias e a Pet Ed 16 3 4 2 LAN and WAN Port Addresses cccccccccccucececccucoesucssscneossecnesenneaenensenenseaenenseaenneaesansensssensnscnensnscnens 17 S O INFORMATION FROM THE lO Por A A a duse Alia co E DOR PE aat 17 3 6 CONFIGURING WITH THE WEB BROWSER 0ccecccececeeeecececececucaececececucuenenecececucueaeaecesececueaeaesecesecueaeaeaeeeneeueass 17 vow DAD eee ee ene ees E ee ee ee eee ae E eee ee mee eae eee 19 9 52 US VE ere ne eee eee nee a Tee eee eee ene ene eee ene a Tet eee eee eee ord 20 9 0 0 CONN OUIAUOM es 20 30S cT LAN C i onan Pe A uL oR Mey ert een UM Lene Mem el p Mate tA er Meer qun 20 EO Sol Ab TIMOR OT ERR RTT 20 3 5 9 a PAA A Gos OSE de ted scent cu ed ei ie UO Cee AM a MEE 21 AM Ohl Se MING MENTRRER OE TERN OO OMM IDEE TER 22 ca EOM DHCP SEVE E T EX O a
57. eadquarters and share resources and information through the Internet in a safe and secure way Chapter 2 Using the Router 2 1 Cautions for using the ADE 4200 ADW 4200 Do not place the ADE 4200 ADW 4200 under high humidity and high temperature Do not use the same power source for ADE 4200 ADW 4200 with other equipment Do not open or repair the case yourself If the ADE 4200 ADW 4200 is too hot turn off the power immediately and have a qualified serviceman repair it D Place the ADE 4200 ADW 4200 on a stable surface Only use the power adapter that comes with the package 2 2 The Top Panel LEDs ADE 4200 ADSL VPN Firewall Router ADE 4200 PLANET ADE 4200 ADW 4200 ADSL VPN Firewall Router ADW 4200 ADSL Wireless VPN Firewall Router ADW 4200 iD Meng Lit when power ON Lit when system is ready Y LAN port Lit when connected to Ethernet device 1 4 Green for 100Mbps Orange for 10Mbps Blinking when data transmit received Lit green when the wireless connection is ADW 4200 only established Flashes when sending or recelving data MAIL Lit when there is email in the email account Lit when there is a PPPoA PPPoE connection ADSL Lit when successfully connected to an ADSL DSLAM 2 3 The Rear Ports Console LAN a p pa Ke 9600 N 8 1 4 3 ADW 4200 Chapter 2 Using ADE 4200 ADW 4200 ADSL Connect the supplied RJ 11 cable to this port when connecting to the
58. ed by LAN attached PCs that communicate with the ADE 4200 ADW 4200 either to configure the device or for network access These PCs must have an Ethernet interface installed properly be connected to the ADE 4200 ADW 4200 either directly or through an external repeater hub and have TCP IP installed and configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet of the ADE 4200 ADW 4200 The default IP address of the ADE 4200 ADW 4200 Is 192 168 1 254 and subnet mask is 255 255 255 0 The best and easy way is to configure the PC to get an IP address from the ADE 4200 ADW 4200 Also make sure you have UNINSTALLED any kind of software firewall that can cause problems accessing the 192 168 1 254 IP address of the router Please follow the steps below for PC s network environment installation First of all please check your PC s network components The TCP IP protocol stack and Ethernet network adapter must be installed If not please refer to MS Windows related manuals A ort Any TCP IP capable workstation can be used to communicate with or through the ADE 4200 ADW 4200 To configure other types of workstations please consult the manufacturer s documentation 3 2 Connecting the ADE 4200 ADW 4200 1 Connect the Router to a LAN Local Area Network and the ADSL telephone network 2 Power on the device 3 Make sure the PWR and SYS LEDs are lit steady amp LAN LED is lit 4 Before proce
59. eding to the next step make sure you have uninstalled any software firewall 3 3 Configuring PC in Windows 3 3 1 For Windows 98 ME 1 Goto Start Settings Control Panel In the Control Panel double click on Network and choose the Configuration tab Chapter 3 Configuration 2 Select TCP IP gt NE2000 Compatible or the name of any Network Interface Card NIC in your PC 3 Click Properties Network Configuration Identification Access Control The following network components are installed Sf WE 2000 Compatible NetBEUI gt Dial Up Adapter NetBEUI NE2000 Compatible TCP IP gt E e eds Y TLP P i File zd mis em for vemm Networks an Remove Properties lt Primary Maetwork Logor Client For Microsoft Hetwork File and Print Sharing Description TCP IP is the protocol you use to connect to the Internet and wide area networks 4 Select the IP Address tab In this page click the Obtain an IP address automatically radio button PLANET ADSL VPN Firewall Router TCP IP Properties El x Bindings Advanced NetBIC DNS Configuration Gateway WINS Configuration amp IP Address An F address can be automatically assigned to this computer IF your network does not automatically assign IP addresses ask pour network administrator for ari address and then type it in the space below 5 Then select the DNS Configuration tab 6 Select th
60. ess E http 7192 168 1 254 Go Links gt PLANET PLANET ADE 4200 ADSL VPN Firewall Router We utctco b Comrrevication b gt Status Status O Quick Start l b gt Configuration Host Name Set Host Name O id Time CREE 06 36 26 Set Time Logout arasan Version ADSL GE A v1 00 He100 2xx CSP v2 3 Software Version 4 23 Lusdisun MAC Address 00 04 ED 04 10 9E English y Home URL PLANET Technology Corporation o y gt LAN u gt IP Address 192 168 1 254 LAN Settings O SubNetmask 255 255 255 0 DHCP Server Yes DHCP Server Settings Q WAN QS PPPoE WAN Settings Q VPI VCI 0 33 PPPoE Connection Cable disconnected IP Address 0 0 0 0 SubNetmask 0 0 0 0 Primary DNS 1 39 175 55 244 DNS Settings Q Port Status Port Type Connected Line State Ethernet ethernet Y Al adsl x Defined Interfaces QS WAN adsl Rx 0 0 Tx 8577 0 Ethernet Rx 369080 0 Tx 9692 0 At the configuration homepage the left navigation pane where bookmarks are provided links you directly to the desired setup page including n Status ARP Table PPTP Status IPSec Status Email Status Event Log Error Log and UPnP Portmap n Quick Start n Configuration LAN WAN System Firewall VPN Virtual Server amp Advanced 18 Chapter 3 Configuration n Save Config to FLASH n Logout n Language provides user interface in English language Click on the desired item to expand the page in the main navigation
61. ey Exchange IKE access control their full IPSec VPN virtual Private Network capability provides complete data security and privacy for access and exchange of sensitive data The PLANET ADE 4200 and ADW 4200 offer the security and flexibility to make fast and simple secure ADSL network connections 1 2 Package Contents One ADSL VPN Firewall Router One CD ROM containing the on line manual One RJ 11 ADSL telephone cable One straight through CAT 5 Ethernet cable One AC DC power adapter output 12V DC 1A One Quick Start Guide DI E LE er IN 1 3 ADE 4200 ADW 4200 Features ADE 4200 ADW 4200 provides the following features ADSL Multi Mode Standard Supports downstream transmission rates of up to 8Mbps and upstream transmission rates of up to 1024Kbps It also supports rate management that allows ADSL subscribers to select an Internet access speed suiting their needs and budgets It is compliant with Multi Mode standard ANSI T1 413 Issue 2 Gdmt G 992 1 Glite G992 2 Wireless Ethernet 802 11b access point ADW 4200 Provides a wireless Ethernet PLANET ADE 4200 ADW 4200 ADSL VPN Firewall Router 802 11b access point for extending the communication media to WLAN Fast Ethernet Switch A 4 port 10 100Mbps fast Ethernet switch is supported in the LAN site and automatic switching between MDI and MDI X for 10Base T and 100Base TX ports is supported An Ethernet straight or crossover cable can be used directly this fast Ethernet s
62. ient the receiving radio or TV antenna where this may be done safely w To the extent possible relocate the radio TV or other receiver away from the Switch w Plug the Ethernet Switch into a different power outlet so that the Switch and the receiver are on different branch circuits If necessary you should consult the place of purchase or an experienced radio television technician for additional suggestions CE mark Warning The is a class B device In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Trademarks The PLANET logo is a trademark of PLANET Technology This documentation may refer to numerous hardware and software products by their trade names In most if not all cases these designations are claimed as trademarks or registered trademarks by their respective companies Revision User s Manual for PLANET ADSL VPN Firewall Router Model ADE 4200A B ADW 4200A B Rev 1 0 October 2003 Part No EM AD4200 Table of Contents CHAPTER INTRODUCTION iico a td RA REPE CERES 1 1 AN OVERVIEW OF THE ADE 4200 ADW 4200 1 2 PACKAGE CONTENTS Le OADE 4200 ADW 4200 FEATURES AADE 4200 ADW 24200 APPLICATION 2 cutus mue a a tu FM ceu ic 3 CHAPTER 2 USING THE ROUT A c cacagcs eu qu Dove iade davOn cus cadeboauE Qus Cur ue uode dus udex ua quomo a aevo UoevEEo wo baee eveD oue 5 2 1 CAUTIONS FOR USING THE ADE 4200 ADW 4200 cesssesesesenen
63. input IP address 192 168 1 201 will be assigned to the router located in the branch office Please make sure this IP is not used in the head office LAN 96 Chapter 3 Configuration Given a name of PPTP connection gt Status PPTP LAN TO LAN Check Dial in O Quick Start Branch office network E Conna rti Mame vpn i Configuration VEN FFTPT IP address assigned to branch office network e LAN Typa O Dial nut server P Addrase or Hosina ms gt System x Dial in Privata Ae Address Assigned ta Dialimlagr 192 15B 1 201 E Firewall 4 A Peer Matwork IP 192 468 0 0 Neimask o 255 255 A aa Username B e 1 i Inputusename amp passw onto pEsetnanmte authenticate branch offic e network 3 Virtual Sener puse E Advanced mnm a Save Conflg to FLASH Chapihuta a Logo Data Encryption Auto Kay Length Auta v Moda stateful m Idle tira nm minuteE Language English Keep as default value in most of the cases PPTP server amp client will determine the value automatically Refer to manual for details if you want To change the setting The connection will be disconnected when there is no traffic in a predefined period of time Idle time o means the connection Is always on Configuring PPTP VPN in the Branch Office The input IP address 69 1 121 3 is the Public IP address of the router located in the head office If you have a domain name assigned to this IP address
64. ith timestamp in the security logging area More firewall features will be added continually please visit our web site to download latest firmware Domain Name System DNS relay provides an easy way to map the domain name a friendly name for users such as www yahoo com and IP address When a local machine sets its DNS server with this router s IP address then every DNS conversion requests packet from the PC to this router will be forwarded to the real DNS in the outside network After the router gets the reply then forwards it back to the PC Dynamic Domain Name System DDNS The Dynamic DNS service allows you to alias a dynamic IP address to a static hostname This dynamic IP address is the WAN IP address For example to use the service you must first apply an account from this free Web server http www dyndns org There are more than 5 DDNS servers supported Virtual Private Network VPN Allows a user to make a tunnel with a remote site directly to secure the data transmission among the connection Users can use embedded PPTP client server and IPSec supported by this router to make a VPN tunnel or the user can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer Chapter 1 Introduction PPP over Ethernet PPPoE Provide embedded PPPoE client function to establish a connection Users can get greate
65. lt HTTP port b gt WAN System Management IP Address 0000 0 0 0 0 means Any E gt Firewall b gt VPN Expire to auto logout 180 seconds O Virtual Server l V Advanced Routing Table Universal Plug and Play UPnP Dynamic DNS Check Emails O Enable Disable Device Management UPnP Port 2800 O Save Config to FLASH O Logout SNMP Access Control Read Community public IP Address 0000 Language English Ed Write Community password IP Address 0 0 0 0 Trap Community IP Address This setting will become effective after you save to flash and restart the router 3 6 3 7 4 1 Embedded Web Server HTTP Port Default value for HTTP port is 80 A desired value is also allowed Simply specify a user defined port number Management IP Address Specify an IP address allowed to logon and access the router s web server Note IP 0 0 0 0 indicates all users who are connected to this 71 PLANET ADSL VPN Firewall Router router are allowed to logon the device and modify data Expire to auto logout Specify a time frame for the system to auto logout the device For Example User A changes HTTP port number to 100 specified its own IP address to be 192 168 1 55 and set the logout time to be 50 seconds Device will only allow User A which IP address is 192 168 1 55 to logon to the Web GUI by typing 192 168 1 254 100 After 50 seconds the device will automatically logout User A 3 6 3 7 4 2 Universal Plug an
66. mp password to M Bossa BIER authenticate remote worker o Wiriunl Server Chapihuta amp uth Typ E Adwancad L e Sawa Config tc FLASH Data Encryption hao 8 Key Length Auto 9 Moda stateful Logout Idle time TT Language Poly Engish v Keep as default value in most of the cases PPTP server amp client will determine the value automatically Refer to manual for details if you want To change the setting The connection will be disconnected when there is no traffic in a predefined period of time Idle time o means the connection Is always on Configuring PPTP VPN in Remote Side You can configure VPN client with commercial VPN client software package e g SSH or the Dial up Adaptor in Windows Please follow the steps below if you are a Windows 2000 user 1 Click Network and Dial up Connection and Make new connection 51 PLANET ADSL VPN Firewall Router 92 Network Connection Wizard vate ES network and Dialup Connections OOOO 8199 File Edit View Favorites Tools Advanced Help EJ f Back Qsearch Folders Ghistory US GS Xx x E Address ay Network and Dial up Connections Go Ep L a NS Network and Dial up Connections Make New Local Area Connec New Connection Create Shortcut Make New Connection The Network Connection wizard helps vou create a new connection so that your computer can
67. nglish Disable Check to disable the ADSL router from getting the email Enable Check to enable the ADSL router to get the email by providing the required information Hence the following fields will be activated and required 70 Chapter 3 Configuration Account Name Enter the name of the account to which you have the POP access Normally it is the text in your email address before the symbol If you have trouble with it please contact your ISP Password Enter the password of the account POP3 Mail Server Enter your POP mail server name If you have trouble with it you would want to contact your ISP or your external mail server s administrator For further assistance in tracking down this information you will need to contact your Internet Service Provider or Network Administrator Interval Enter the value in minutes to check your email account periodically Automatically dial out for checking emails When the function is enabled your ADSL router will connect to your ISP automatically to check emails if your Internet connection dropped Please be careful when using this feature if your ADSL service is charged by time 3 6 3 7 4 Device Management Click Device Management to protect and obtain system control while allowing device monitoring This in turn provides enhanced security of the device b gt Status Device Management O Quick Start V Configuration Embedded Web Server b gt LAN HTTP Port an 80 is defau
68. ny inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find information in this manual that is incorrect misleading or incomplete we would appreciate your comments and suggestions FCC Compliance Statement This equipment generates and uses radio frequency energy and if not installed and used properly that is in strict accordance with the instructions provided with the equipment may cause interference to radio and TV communication The equipment has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules which are designed to provide reasonable protection against such interference in a residential installation However there is no guarantee that interference will not occur in a particular installation If you suspect this equipment is causing interference turn your Ethernet Switch on and off while your radio or TV is showing interference if the interference disappears when you turn your Ethernet Switch off and reappears when you turn it back on there is interference being caused by the Ethernet Switch You can try to correct the interference by one or more of the following measures w Reor
69. oL Branch office router IP WAN side Mai ork Conflg to FLASH O Single Address IP Address a t L gem Bubnat P Addis liga ien00 _Netmask 255255 265 0 CE Benue IPAddrmBEs End iP T Language ee English ESP AH Authentication MD5 al Authentication WoS as Branch office network Encryption AEB w Prafecd Forward Secracy Aone ad 42845678 Secunty plan Configuring IPSec VPN in the Branch Office The local subnet branch office is set as 192 168 0 0 24 with netmask 255 255 255 0 while the remote subnet head office is set as 192 168 1 0 with netmask 255 255 255 0 The IP address 69 1 121 3 in Secure Gateway Address field is the Public IP address of the router located in the head office If you have a domain name assigned to this IP address either you registered the DDNS please refer to the DDNS section or you have a static IP with a domain name you can also use the Hostname instead of the IP address to reach the router Set Proposal as ESP MD5 AES PFS as None and pre shared key as as12345678 according the pre defined security plan Chapter 3 Configuration Given a name of IPSec connection Er Staus IPSec O Quick Start j Branch offi EREN v Configuration Connection Mama VPHIPSect ranch office networ gt LAN Local Ex WAH Meco th b gt System C Singla Address IP Addmss V VPN Subnet IP Address 183 168 0 0 MMe mark ant 255 255 n a OUP Renge
70. on 13 PLANET ADSL VPN Firewall Router Internet Protocol TCP IP Properties x General ou can get IP settings assigned automatically if pour network supports this capability Othenvise you need to ask your network administrator for the appropriate IP settings C Use the following IF address IP address subnetmask Default gatewat Obtain DAS server address automatically C Use the following DNS server addresses Prefered PHS gener Alternate CHS server 3 3 4 For Windows XP 1 Go to Start Control Panel in Classic View In the Control Panel double click on Network Connections 2 Double click Local Area Connection E Control Panel File Edit View Favorites Tools Help ul Baig i 5 JJ Search is Folders EBk Address epee i al dA m ig Control Panel e Mebwark Phone and Power Options ES Switch to Category view E Modem Ss e See Also qa 5 Printers and Regional and Scanners and EC Windows Update Faxes Language Cameras 9 Help and Support 4 a Eg Scheduled Sounds and Speech Tasks audio Devices Me 3 Inthe LAN Area Connection Status window click Properties 14 Chapter 3 Configuration Local Area Connection Status General Support Connection Status Connected Duration 00 05 34 Speed 100 0 Mbps Activity Recelwed Bytes 1 743 A Local
71. onfiguration file in the PC and click the Restore button to save it back b gt Status Configuration Backup Restore O Quick Start V Configuration b gt LAN b gt WAN V System Time Zone Remote Access This page allows you to backup the configuration settings to your computer or restore configuration from your computer Backup Configuration Backup configuration to your computer m M N User Management E gt Firewall gt VPN Restore Configuration O Virtual Server gt Advanced Restore configuration from a previously saved file O Save Config to FLASH Configuration File Browse O Logout Restore will overwrite the current configuration and restart the device ff you want to keep the current configuration please use Backup first to save current configuration Language English Restore 3 6 3 3 5 Restart Router When you click Restart Router you have two functions One is to restart it with current settings and the other is to restart it with factory default settings if you check Reset to 32 factory default settings E Status O Quick Start V Configuration gt LAN E WAN V System Time Zone Remote Access Firmware Upgrade Backup Restore Restart Router User Management E Firewall E VPH O Virtual Server E gt Advanced O Save Config to FLASH O Logout Language English 3 6 3 3 6 User Management Chapter 3 Configuration Restart Router Fram this page you may res
72. ort Setting and DHCP Server 3 6 3 1 1 Ethernet 20 When you click the Ethernet you get the following figure Status O Quick Start V Configuration V LAN Ethernet Wireless Port Setting DHCP Server E WAN E System E Firewall E VPN O Virtual Server E Advanced O Save Config to FLASH Logout Language Chapter 3 Configuration Ethernet Primary IP Address IP Address 497 ba 54 subMetmask 25 255 55 Secondary IP Address IP Address JU BE JU BL d Oe UL cubMetmask Advanced Options It supports two Ethernet IP addresses in the LAN With this function the ADSL router can support two different LAN subnets to access the Internet at the same time Usually there is only one subnet in LAN there is no need to configure a Secondary IP address The 192 168 1 254 is the default IP address for this ADSL router The Advanced Options will allow you to configure the routing protocol RIP version 1 or version 2 in receiving and sending direction 3 6 3 1 2 Wireless When you click Wireless you will get the following figure This option is only available for ADW 4200 E Status O Quick Start V Configuration V LAN Ethernet Wireless Port Setting DIHCP Server E WAN E System E Firewall E VPN O Virtual Server b gt Advanced Save Config to FLASH Logout Language English Wireless ESS amo Regulation Domain NAmerica Channel ID Channel 1 2 412 GHz
73. our network This natural firewall is on when NAT function is enabled Firewall Security and Policy General Settings inbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the local network Intrusion Detection Enable Intrusion Detection to detect prevent and log malicious attacks 2 Access Control prevent access from a local network Firewall Security and Policy General Settings outbound direction of Packet Filter rules to prevent unauthorized computers or applications accessing the Internet MAC Filter rules to prevent unauthorized computers accessing the Internet URL Filter to block the unwanted websites from accessing inappropriate material from the local network To prevent unauthorized computers access to the Internet and local network you can either choose not to enable Firewall add the MAC address and URL filter rules by yourself or enable the Firewall and modify the packet filter rules if required The Packet Filter is categorized as Port Filters and Address Filters configured to filter the packets based on Applications Port and IP addresses of the computers respectively There are five items under the Firewall section General Settings Packet Filter Intrusion Detection MAC Address Filter and URL Filter 3 6 3 4 1 General Settings 34 When you click General Settings you get the following figure Chapter 3 Configuration b gt Status General Se
74. pane 3 6 1 STATUS The Status section provides and contains many items including device H W and S W information LAN WAN Port status and all defined interfaces It also provides useful information for users to review the status of the device ARP Table you will see the data of the IP address of each PC in your LAN as well as its associated MAC address V Status ARP Table ARP Table RU PPTP Status IPSec Status Email Status IP ARP entries Event Log Error Lo p o UPnP Barna IP Address MAC Address Interface Static Quick Start 182 168 1248 00 e0 18 fd 80 5a plan no L Configuration Save Config to FLASH O Logout Language English PPTP Status it gives you a quick overview of the PPTP connection status IPSec Status it gives you a quick overview of the IPSec connection status Email Status it gives you a quick view to know if there is email in your pre defined email account You will see the unread emails in the email server once you have successfully configured the Check Emails in Configuration Advance Event Log it displays valuable system event logging information and status after the power is turned on such as ADSL line WAN port SNTP Firewall and etc Error Log it shows the error message log When you face a problem please send this error log to support for quick feedback UPnP Portmap it displays the Virtual Servers or Port Mappings that created by UPnP p
75. pplication Protocol Port IP Address b gt LAN b gt WAN O FTP TCP 21 192 168 1 E gt System O b gt Firewall O Telnet TCP EE 192 168 1 b gt VPN O Virtual Server O SMTP TCP 25 192 168 1 b gt Advanced aoe Save Config to FLASH O HTTP TCP 50 192 168 1 O Logout O POP3 TCP 110 199 168 4 Language O ANTE TCP 113 192 166 1 English ia NTP UDP 123 1921691 O HTTPS TCP 443 192 168 1 O KE UDP 500 192 168 1 O 1120 TCP 1503 192 168 1 Enable Enable or disable this Virtual Server port Application Input the application name for the port you define This product provides 64 Chapter 3 Configuration several pre defined popular application and their port number Protocol Select the properly protocol for the application Port Input the port number for the application IP Address Input the IP address that you want to allow accessing from outside users DMZ The DMZ Host is a local computer exposed to the Internet Therefore an incoming packet will be checked by the Firewall and NAT algorithms then passed to the DMZ host when a packet is not sent by a hacker and not limited by the virtual server list If you have disabled the NAT option in the WAN ISP section this Virtual m Server function will hence be invalid If the DHCP server option is enabled you have to be very careful in assigning the IP addresses of the virtual servers in order to avoid conflicts The easy way is that the IP address assigned to each vir
76. r access speed without changing the operation concept sharing the same ISP account and paying for one access account No PPPoE client software is required for the local computer The Always ON Dial On Demand and auto disconnection Idle Timer functions are provided too Virtual Server Users can specify some services to be visible from outside users The router can detect incoming service request and forward it to the specific local computer to handle it For example users can assign a PC in a LAN acting as a WEB server inside and expose it to the outside network Outside users can browse an inside web server directly while it is protected by NAT A DMZ host setting is also provided to a local computer exposed to the outside network Internet Rich Packet Filtering Not only filters the packet based on IP address but also based on Port numbers Dynamic Host Control Protocol DHCP client and server In the WAN site the DHCP client can get an IP address from the Internet Server Provider ISP automatically In the LAN site the DHCP server can allocate up to 253 client IP addresses and distribute them including IP address subnet mask as well as DNS IP address to local computers It provides an easy way to manage the local IP network Static and RIP1 2 Routing Supports an easy static table or RIP1 2 routing protocol to support routing capability SNTP An easy way to get the network real time information from an SNTP server Web based GUI
77. rotocol implemented in Windows PLANET ADSL VPN Firewall Router 3 6 2 Quick Start E o E gt oO O Status Quick Start Quick Start Configuration Encapsulation PPPoE ej Scan Save Config to FLASH PI 1483 Routed IP VC Mux 1483 Routed IP LLC VIET MAT 41405 LLC MER EME Classical IP 1577 English 1483 Bridged IP VC Mux IP Address 1483 Bridged IP LLE Pure Bridged VC Mux Jumaa Pure Bridged LLC subMetmask mmm Default Gateway Free DNS Primary ONS secondary ONS PPP o o Passwd Cancel If you use this device to access the Internet through the ISP this web page is enough for you to configure this router and access the Internet without a problem Please check Chapter 3 5 Information from the ISP then enter the proper values into this web page click the Apply button and then Save Config to FLASH in the left panel After the router reboot you may check the Status web page to check whether the router is connected to the ISP or not In most cases you can access the Internet immediately If not please refer to the sections below for more information Logout 3 6 3 Configuration When you click this item you get following sub items to configure the ADSL router LAN WAN System Firewall VPN Virtual Server and Advanced These functions are described below in the following sections 3 6 3 1 LAN There are four items under the LAN section Ethernet Wireless P
78. ser Idle Timeout in minutes D Apply Description Give a name for this connection VPI VCI Enter the information provided by your ISP NAT The NAT feature allows multiple users to access the Internet through a single IP account sharing the single IP address If users in the LAN site have public IP addresses and can access the Internet directly the NAT function can be disabled Username Enter the username provided by your ISP You can input up to 128 alphanumeric characters case sensitive Password Enter the password provided by your ISP You can input up to 128 alphanumeric characters case sensitive Service Name This item is for identification purpose If it is required your ISP will provide you the information Maximum input is 20 alphanumeric characters Use the following IP address If your ISP gives you a fixed IP address through PPPoE input the IP address on this field Authentication Protocol Type Default is Auto PPPoE connection This item provides 2 options Always on if you want to establish a PPPoE session when starting up It will also automatically re establish the PPPoE session when disconnected by the ISP Connect to Demand if you want to establish a PPPoE session only when there is a packet requesting access to the Internet User Idle Timeout in minutes Auto disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time Input O if you do
79. ssigned from ISP or be set fixed VPI VCI VC based LLC based multiplexing Username Password and Domain Name System DNS IP address it can be automatically assigned from ISP or be set fixed RFC1483 Bridged VPI VCI VC based LLC based multiplexing and configure this product into BRIDGE Mode RFC1483 Routed VPI VCI VC based LLC based multiplexing IP address subnet mask Gateway address and Domain Name System DNS IP address it is fixed IP address VPI VCI IP address Subnet mask Gateway address and Domain Name System DNS IP address it is fixed IP address 3 6 Configuring with the Web Browser Open the web browser enter the local port IP address of this ADE 4200 ADW 4200 which defaults at 192 168 1 254 and click Go a user name and password window prompt will appear The default username and password are admin and admin 17 PLANET ADSL VPN Firewall Router Enter Network Password qo Please bape your user name and password Site 192 166 171 254 Realm UserName Pewod Sare this passwoed in your passmoid fet ok ces You will get a status report web page when login successfully E A e A Microsoft Internet Explorer File Edit Vier Favorites Toole Help A EEE E A gt g e XA a 4 E 3 ww Back Pirie Stop Refresh Home Search Favorites History Mail Frint Edit md Addr
80. t Most problems can be solved by using the Troubleshooting in Chapter 4 If you cannot resolve the problem with the Troubleshooting Chapter please contact the dealer where you purchased this product For any other questions please contact PLANET directly at the following email address support planet com tw You can also download upgraded driver or software utilities for free from PLANET s website at http www planet com tw 76
81. t connection method Please refer to the following description and Section 3 5 Information from ISP Quick Start isa shortcut to the Quick Start page 25 PLANET ADSL VPN Firewall Router 3 6 3 2 1 1 RFC 1483 routed gt Status WAN connections RFC 1483 routed O Quick Start V Configuration Description RFC 1483 routed mode LAN V WAN VPI 0 ISP Cl n DNS System MAT Enable id E gt Firewall VPN Encapsulation method cBridged vw worse iss een an IP address automatically via DHCP client C2 Use the following IP add O Save Config to FLASH d ME IP Address O Logout Metmask Language Gateway English Anh Description Give a name for this connection VPI and VCI Enter the information provided by your ISP NAT The NAT feature allows multiple users to access the Internet through a single IP account sharing the single IP address lf users in the LAN site have public IP addresses and can access the Internet directly the NAT function can be disabled Encapsulation method Select the protocol format the default is LIcBridged Select the one provided by your ISP DHCP client Enable or disable the DHCP client specify if the Router can get an IP address from the Internet Server Provider ISP automatically or not Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function and specify the IP
82. tart your router After restarting please wait for several seconds to let the system come up If you would like to reset all configuration to factory default settings please check the following box Reset to factory default settings Festart Router When you click User Management you are able to edit existing user s database or to create other user accessing this device E Status Quick Start V Configuration E LAN E WAN Y System Time Zone Remote 4ccess Firmware Upgrade Backup Restore Restart Router e eee Firewall E VPH O Virtual Server Advanced O Save Config to FLASH O Logout Lanquage English 3 6 3 4 Firewall User Management Currently Defined Users Valid User Comment tue admin Default admin user Edit 0 Create This product also serves as an Internet firewall not only does it provide a natural firewall function Network Address Translation NAT but it also provides rich firewall features to secure a user s network Besides it can also be configured to block internal 33 PLANET ADSL VPN Firewall Router users from accessing the Internet The functions include 1 Firewall prevent access from an outside network the router provides three levels of security Support NAT natural firewall it masks LAN users IP addresses which are invisible to outside users on the Internet making it much more difficult for a hacker to target a machine on y
83. ttings Quick Start V Configuration Firewall Security Disable E gt LAN i b gt WAN Enable E gt System V Firewall Firewall Policy General Settings All blocked User defined Packet Filter High security level Intrusion Detection MAC Address Filter Medium security level URL Filter Low security level E gt VPN O Virtual Server A If some applications cannot work after enabling Firewall please check the Packet Filter b gt Advanced especially Port Filter rules For example adding TCP 443 outbound allowed will let HTTPS data O Save Config to FLASH go through Firewall O Logout Languaga Firewall Logging 7 Enable Blocking Log English hs Enable Intrusion Log Firewall Security When you enable the Firewall security function you can select one of the firewall security policies By default the firewall is set to disabled Firewall Policy Select either All blocked User defined High Medium or Low security level to enable the Firewall The different among these three security levels is the pre setting of port filter rules in the Packet Filter All blocked User defined no pre defined port or address filter rule by default it means all inbound Internet to LAN and outbound LAN to Internet packets will be blocked Users have to add their own filter rules for further access to the Internet High Medium and Low security level By default your system uses High Medium and Low firewall security levels between the WAN and
84. tual server should not fall into the range of IP addresses that are to be issued by the DHCP server You can configure the virtual server IP address manually but it is still in the same subnet with the router 3 6 3 6 1 An Example of Configuring a Web Server on the Local Network To save time to configure this router has listed the well known protocol and port number that stands for the most popular applications on the Virtual Server table e g Web TCP 80 FTP TCP 21 Telnet TCP 23 SMTP TCP 25 POP3 TCP 110 IKE UDP 500 etc This is an example to configure a Web server just check Enable and input the IP address of the Web server Background of the Example Setup the Web server in the office that can be visible to the outside network Configuring a Virtual Server 1 Set Web server IP address to a fixed IP 192 168 1 100 2 Configure the Virtual Server 65 PLANET ADSL VPN Firewall Router Check Enable IP address of Web server gt State Enable Application Protocol Pori IP Address Quick Start i FF TCA 11 V Confiqurat 192 1E8 1 LAN E Talnet TEP 23 1921081 E O Save Config ia FLASH eye B ro Logoul O NNTP TCR 118 1921684 O MTF UDF 123 9314 O HTTPS Top 443 hawa O kE UDP 500 19246884 O Tim TCP 1503 023383 O Ha TCR 1720 imi O PPT TCP 1723 192 458 4 Se O SP TCPAJDA 5060 arm CUsaehts TCR B4B mami 3 6 3 6 2 An example of
85. ubnet The subnet of the local network For example IP 192 168 1 0 with netmask 255 255 255 0 specifies one class C subnet starting from 192 168 1 1 IP Range The IP address range of the local network For example IP 192 168 1 1 end IP 192 168 1 10 Remote Secure Gateway Address or hostname The IP address or hostname of remote VPN device that is connected and establishes a VPN tunnel Remote Network Set the IP address subnet or address range of the remote network Proposal Select the IPSec security method There are two methods to check the authentication information AH authentication header and ESP Encapsulating Security Payload Check ESP for a higher security data will be encrypted and authenticated Check AH data will be authenticated but not encrypted Authentication Authentication establishes the integrity of datagram and ensures it is not tampered with in transmit There are three options Message Digest 5 MD5 secure Hash Algorithm SHA 1 or NONE SHA 1 is more resistant to brute force attacks than MD5 but it is slower 8 MD5 A one way hashing algorithm that produces a 128 bit hash 8 SHA 1 A one way hashing algorithm that produces a 160 bit hash Encryption Select the encryption method from the pull down menu There are four options DES 3DES AES and NONE The NONE means it is a tunnel only no encryption 3DES and AES are more powerful but increases latency 99 PLANET ADSL VPN Firewall Router
86. witch will detect it automatically Multi Protocol to Establish A Connection Supports PPPoA RFC 2364 PPP over ATM Adaptation Layer 5 RFC 1483 encapsulation over ATM bridged or routed PPP over Ethernet RFC 2516 and IPoA RFC1577 to establish a connection with the ISP The product also supports VC based and LLC based multiplexing Quick Installation Wizard Supports a WEB GUI page to install this device quickly With this wizard an end user can enter the information easily which they from the ISP then surf the Internet immediately Universal Plug and Play UPnP and UPnP NAT Traversal This protocol is used to enable simple and robust connectivity among stand alone devices and PCs from many different vendors It makes network simple and affordable for users UPnP architecture leverages TCP IP and the Web to enable seamless proximity networking in addition to control and data transfer among networked devices Network Address Translation NAT Allows multi users to access outside resource such as Internet simultaneously with one IP address one Internet access account Besides many application layer gateway ALG are supported such as web browser ICQ FTP Telnet E mail News Net2phone Ping NetMeeting and others Firewall Supports SOHO firewall with NAT technology Automatically detects and blocks the Denial of Service DoS attack The packet filtering and SPI are also supported The hacker s attack will be recorded associated w
87. xxx is listed the URL http www new site com xxx html would be blocked even if it is not included in the domain filtering list Keywords presented as site name are also blocked that is http www xxxsite com can not be accessed from the LAN To add a keyword enter it in the Keyword field and click Apply 3 5 3 4 5 2 Domain Filtering 46 Chapter 3 Configuration gt gt Status URL Filter Domains Filtering O Quick Start Y Configuration Trusted Domain E LAN E WAN Name Domain E System V Firewall General Settings Parkat Filter 3 Forbidden Domain Intrusion Detection MAC Address Filter Name Domain URL Filter E VPN O Virtual Server Create E Advanced Save Config to FLASH Return Logout Language lf the router is configured to allow internal users to access only certain specified domains check add the domain name into the Trusted Domain list If the router is configured to allow internal users to access all websites except for some forbidden domains add the forbidden domain name into the Forbidden Domain list These Forbidden Domains will be blocked and users will no longer be able to access the websites from the LAN The checking procedure is like these steps 1 Check the domain in the URLs string if it is in the trusted list If yes send it to outside world 2 If not check if it is listed in the forbidden list or the function disable all WEB traffic except Trusted Domains is che
88. y permit remote administration of the ADE 4200 ADW 4200 The maximum time is 120 minutes Status O Quick Start V Configuration E LAN E WAN Y System Time Zone Remote Access Firmware Upgrade Backup Restare Restart Router User Management E gt Firewall E VPN O Virtual Server E Advanced O Save Config to FLASH O Logout Language English Remote Access Fram this page you may temporarily permit remote administration of this network device Enable Remote Access Allow access for n minutes Enable 31 PLANET ADSL VPN Firewall Router 3 6 3 3 3 Firmware Upgrade When you click Firmware Upgrade it allows you to input the location of firmware stored on your PC and click the Upgrade button to upgrade to the new firmware b Status Firmware Upgrade Quick Start Configuration Fram this page you may upgrade the system software on your network device E LAN b gt WAN l V System Select Update File Time Zane Mew Firmware Image Browse Remote Access Firmware Upgrade Backup Restore Upgrade Restart Router User Management E Firewall E VPM O Virtual Server E Advanced O Save Config to FLASH Logout Language English 3 6 3 3 4 Backup Restore When you click Backup Restore it allows you to save your current settings into a file on your PC You can click the Backup to store the current settings on a file If you like to restore it back please input the location of this c
89. y wish to block a URL in a specific time interval For example if you wish to temporarily block a URL from Monday 8 00am until Wednesday night at 7 40pm in the space provided above you should select 08 00 Monday to 19 40 Wednesday Keyword Filtering Check if you want to enable the Keyword Filtering function and click Details button for further configuration options Please refer below for more information Domain Filtering Check if you want to enable the Domain Filtering function and click Detail button for further configuration options Please refer below for more information 45 PLANET ADSL VPN Firewall Router Disable All WEB traffic except for Trusted Domain It allows internal users to access only the specified trusted domain Please refer to the Domain Filtering section first before checking this option Enable Blocking Log Check this button to log the corresponding logs into the Event Log under Status Select the Apply button to save the setting 3 5 3 4 5 1 Keyword Filtering gt Status URL Filter Keywords Filtering O Quick Start V Configuration Keyword E LAN E WAN gt System V Firewall General Settings Packet Filter Intrusion Detection MAC Address Filter URL Filter E VPN O Virtual Server E Advanced Save Config to FLASH Logout Lanquage The ADSL Router allows the administrator to block some WEB URLs containing certain keywords in this page For example if the keyword
90. yp dud gt System E 50 60 falsa true Delete M Click Delete Y Firewall Genaral Sattinge 17 53 53 tm true Dial atp a Packet Filter Intrusion Detection B 53 53 tue true Delete Q3 MAC Address Filter URL Filtar b 2 J false true Delete Es VPH gt Advanced b J3 Za false true Delete amp O Seve Config to FLASH b 25 25 false true Delete O Logout E 1 110 false true Delete E 119 1119 false trug Dial etg Language 17 00 FOO true true ial atB a 1 Rh MAS false true Delete qi b Tran 1720 true true Delete E 1803 1503 true true Delete b 22 z2 true true Delete 17 123 125 false true Delete E 449 443 false true Delete 3 Click Delete to delete the HTTP rule 4 Click Add TCP Filter 39 PLANET ADSL VPN Firewall Router Oulek Stan Y Configuration Pr LAN gt WAN E System V Firewall General Sattings Packet Filter Tfruerrm Eergectiun MAC Adorees Filter URL Filler VPH gt Advanced Save Config to FLASH Logout Language English h ad b zl b 23 E 25 E 110 E 113 12 FORO 1 ALE E 17 b 181 E ee 17 143 E 445 39 true rue Delete G J false rue Delete i JJ false rue Delete d J5 false ima Delete i 110 false ima Delete i 119 false ima Delete OD true ima Delete MA false ire Delete 1720 true rue Delete 1503 true irua Delete d Ji true rug Delete
91. zard Type the name you want to use for this connection To create this connection and save tt in the Network and Dial up Connections folder click Finish To edit this connection in the Network and Dial up Connections folder select it click File and then click Properties Add a shortcut to my desktop Back Cancel 5 To make the connection click the Virtual Private Connection icon in Dial up Networking Group and input the username amp password set in ADSL Router 53 PLANET ADSL VPN Firewall Router Connect irtual Private Connection User name username W Save Password Cancel Properties Help 3 6 3 5 1 4 An Example of Configuring a Remote Access PPTP VPN Dial out Connection Background of the Example Corporate establishes a PPTP VPN connection with the file server located in the remote side The router is installed in the office connected with a couple of PCs and Servers Application Diagram 54 Chapter 3 Configuration Office LAN 192 168 1 254 IP 69 121 1 33 Server PPTP client PP TP server VPN connection Router 192 168 1 0 24 PPTP VPN remote access dial out Configuring PPTP VPN in the Office You can either input the IP address 69 1 121 33 in this case or hostname to reach the Server b Stute reum PPTP Remote Access Connection C Quick Stari MELLE Dialed sever IP V Configuration on Maia WAM PRTPO 3 E LAN
Download Pdf Manuals
Related Search