3Com 3CB9EF Computer Hardware User Manual
Contents
1. Note The Gateway automatically synchronised its system time with an Internet clock H LOG OUT 62 The Gateway reads the correct time from NTP servers on the Internet and sets its system clock accordingly The Daylight Savings option automatically adjusts the clock to daylight savings time as appropriate to your time zone Loading and Saving the Gateway Configuration Figure 61 Configuration Screen k ix DE OfficeConnect Cable DSL Secure Gateway Backup Configuration Click the Backup button to save configuration data to your PC BACKUP Note The configuration file shauld be kept in a safe place as it contains sensitive information Welcome LAN Settings Help Internet Settings Firewall VPN Restore Configuration Data Select the location of a previously backed up configuration file on your PC using the browse tton ea button below then click the Restore but Browse RESTORE Note You need to make sure the Files of type is set to All files to see the file Reset to Factory Default Please press the Reset button to restore configuration to factory default RESET Status and Logs Support Feedback LOG OUT Note All current configuration will be lost Status Ready Select the Configuration tab to display the Configuration screen Figure 61 m Click BACKUP to save the current configurations of the OfficeConnect Cable DSL Secure Gateway2. These addresses must be within the Gateway s LAN subnet and must not form part of the DHCP pool Click Apply to save your changes 55 Viewing VPN Connections The VPN Connections Screen shows information about the IPSec L2TP over IPSec and PPTP connections made by the Gateway It also allows you to add delete edit and temporarily disable these connections Figure 52 VPN Connections Screen For each connection configured for the Gateway a row is added to the table Each row contains the following items m Delete button deletes the VPN connection on that row This will prevent the device or user from establishing a secure connection with the Gateway in future m Name Identifies the tunnel Clicking the name of a connection displays the Edit VPN Connection screen See Adding and Editing VPN Connections below m Description A text description that enables you to identify a connection This field in the table additionally displays whether the connection is currently active m Type Indicates the type of connection m Enabled This check box allows you to enable or disable a connection without deleting it and thus losing the connection details Check this box to enable a connection Clear this box to disable the connection If the connection is active it will be disconnected Additionally there are three buttons outside the table m Help displays the online hel
3. amp A Qsearch Favorites History Address http 192 168 1 23 5 Figure 11 Welcome Screen Fie Edt View Favorites Tools Help Welcome LAN Settings Internet Settings VPN System Tools Status and Logs Support Feedback 106 our If the Wizard does not launch automatically this may occur if the Gateway has been powered up or configured previously you can launch the Wizard manually To launch the Wizard manually click on the Setup Wizard tab in the welcome screen followed by the WIZARD button 24 Figure 12 Wizard Screen A OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft ox The Setup Wizard will help you quickly craque your Gateway so that you can access your Internet connection Once completed you can use the Web Management Interface for more configuration options Please see the User Guide for further details To complete the Internet settings you will need to have all of the information provided to you by your ISP available If you do not have any of the information that the Setup Wizard requests please contact your ISP Click Next to continue You will now be guided through the setup of your Gateway Setting the Password gt When the Change Administration Password screen Figure 13 appears type the Old Password then a new password in both the New Password and Confirm Password fields The default password for the Gateway is admin It is c
4. Type Two In larger networks where there are more devices the IP address of 192 168 100 8 is again split into two parts but is structured differently m Part one 192 168 identifies the network on which the device resides m Part two 100 8 identifies the device within the network This type of IP Address operates on a subnet mask of 255 255 0 0 See Table 4 for an example about how a network only four PCs represented and a Cable DSL Secure Gateway might be configured Table 4 IP Addressing and Subnet Masking in a Large Network Device IP Address Subnet Mask PC 1 192 168 100 8 255 255 0 0 PC2 192 168 201 30 255 255 0 0 PC 3 192 168 113 155 255 255 0 0 PC 4 192 168 2 230 255 255 0 0 Cable DSL Secure 192 168 2 72 255 255 0 0 Gateway How does a Device Obtain an IP Address and Subnet Mask There are three different ways to obtain an IP address and the subnet mask These are m Dynamic Host Configuration Protocol DHCP Addressing m Static Addressing m Automatic Addressing Auto IP Addressing DHCP Addressing The Cable DSL Secure Gateway contains a DHCP server which allows computers on your network to obtain an IP address and subnet mask automatically DHCP assigns a temporary IP address and subnet mask which gets reallocated once you disconnect from the network DHCP will work on any client Operating System such as Windows 95 Windows 98 or Windows NT 4 0 Also using DHCP means that th
5. Figure 32 Fixed DHCP Mapping Screen E DHCP Fixed Mapping Setup Microsoft Internet Explorer Add Fixed DHCP Mapping MAC Address of client IP Address for client Internet Settings WWW Before you can configure the Gateway you need to know the IP information allocation method used by your ISP There are four different ways that ISPs can allocate IP information as described below When you install the Gateway you will not need to use the PPPoE software on your PC When you install the Gateway you will not need to use the dialup VPN on your PC anymore The Gateway will automatically dial on demand PPPoE or PPTP and obtain data time via NTP Static IP Address DSL or Cable The ISP provides the IP addressing information for you to enter manually To configure the Gateway you will need to know the following m P Address m Subnet Mask 38 m ISP Gateway m DNS address es Dynamic IP Address DSL or Cable Dynamic IP addressing or DHCP automatically assigns the Gateway IP information This method is popular with Cable providers This method is also used if your modem has a built in DHCP server PPPOE DSL only If the installation instructions that accompany your modem ask you to install a PPPoE client on your PC then select this option To configure the Gateway you will need to know the following m Username m Password m Service Name if required by your ISP PPTP DSL or Cable PPTP is mai
6. Getting Help On every screen a Help button is available that provides access to the context sensitive online help system Click this button for further assistance and guidance relating to the current screen Welcome Screen The Welcome section allows you to view the Notice board and to change your Password You can also gain access to the Configuration Wizard See Accessing the Wizard on page 23 for details Viewing the Notice Board The Notice Board shown in Figure 27 below is used to display important messages For example you would be warned if you had disabled the Firewall or if the LAN and Internet addresses or subnets conflicted Figure 27 Notice Board Screen A 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer laj x Fle Edit View Favorites Tools Help Hack O A A serch jravortes Breda A Ae AR El Ez 7 3 OfficeConnect Cable DSL Secure Gateway 0 Notice noard PASSE Setup Wizard Welcome to the OfficeConnect Cable DSL Secure Gatewa A COM y ETA Please select an option in the left column or go to tab Password to change your password 34 EEE Changing the Administration Password You should change the password to prevent unauthorized access to the Administration System Figure 28 Password Screen A 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer E eis Fle Edt vew fens Teds mb E Heak DA Bsearch Fa
7. IP Address IPSec ISP Internet Protocol Address A unique identifier for a device attached to a network using TCP IP The address is written as four octets separated with periods full stops and is made up of a network section an optional subnet section and a host section IPSec Internet Protocol Security is a VPN encryption protocol based on TCP IP It is a flexible protocol with a wide range of encryption options IPSec is commonly used for both connections between separate private networks and for connections between remote PCs and private networks Internet Service Provider An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations 89 LAN Local Area Network A network of end stations such as PCs printers servers and network devices hubs and switches that cover a relatively small geographic area usually not larger than a floor or building LANs are characterized by high transmission speeds over short distances up to 1000 metres L2TP over IPSec L2TP over IPSec is a combination of protocols commonly used to authenticate a user L2TP and encrypt data using IPSec MAC Media Access Control A protocol specified by the IEEE for determining which devices have access to a network at any one time MAC Address Media Access Control Address Also called the hardware physical or Ethernet address A layer 2 address associated with a particular ne
8. IP Mode Screen y Setup Wizard Microsoft Internet Explorer Je el E Internet Settings Static IP Mode Please enter your settings as provided by your ISP below IP Address 172 16 57 52 Subnet Mask 255 255 255 0 Internet ISP Gateway Address 1172 16 57 1 Primary DNS Address 1172 16 57 2 Secondary DNS Address optional can mu Een Enter your IP Address in the P Address text box Enter your subnet mask in the Subnet Mask text box Enter your ISP gateway address in the nternet ISP Gateway Address text box Enter your primary DNS address in the Primary DNS Address text box If your ISP provides a secondary DNS address enter it in the Secondary DNS Address text box otherwise leave the box blank Click Next to continue 27 Dynamic IP Address Mode To setup the Gateway for use with a dynamic IP address connection Figure 18 Hostname Screen 3 OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft Internet EMpIonen et el ES Internet Settings Hostname Some ISPs particularly those offering Cable use the Hostname of the device connected to their service to identify them If you do not have a hostname leave this field blank optional optional optional Primary DNS Address Secondary DNS Address Host Name ECS EI If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secondary D
9. If your country permits its use it can be downloaded from the 3Com web site at http www 3com com To set up the Gateway for L2TP over IPSec you must allocate IP addresses from the Gateway s LAN for use with L2TP over IPSec The connections made by L2TP over IPSec will appear to come from these addresses The addresses must be in a continuous range In the Adaress Pool for PPTP and L2TP clients field enter m The first LAN address you wish to reserve for L2TP over IPSec in the First Remote IP Address field m The last LAN address you wish to reserve for L2TP over IPSec in the Last Remote IP Address field If PPTP mode is selected then the Address Pool is the same for PPTP and L2TP over IPSec clients These addresses must be within the Gateway s LAN subnet and must not form part of the DHCP pool Click Apply to save your changes PPTP Configuration To set up the Gateway for PPTP you must allocate IP addresses from the Gateway s LAN for use with PPTP The connections made by PPTP will appear to come from these addresses The addresses must be in a continuous range In the Address Pool for PPTP and L2TP clients field enter m The first LAN address you wish to reserve for PPTP clients in the First Remote IP Address field and m The last LAN address you wish to reserve for PPTP clients in the Last Remote IP Address field If L2TP mode is selected then the Address Pool is the same for PPTP and L2TP over IPSec clients
10. Next to continue Continue at Choosing your LAN Settings on page 30 PPPoE Mode To setup the gateway for use with a PPP over Ethernet PPPoE connection use the following procedure Figure 20 PPPoE Screen Internet Settings PPPoE Please enter your PPPoE settings as provided by your ISP below If you have not been provided with a PPPoE Service Name leave this field blank m optional optional Secondary DNS Address TF optiona Host Name IT optional PPPoE User Name PPPoE Password PPPoE Service Name Primary DNS Address Enter your PPP over Ethernet user name in the PPPoE User Name text box Enter your PPP over Ethernet password in the PPPoE Password text box If your ISP does not require one of the fields to be filled in then leave it blank This indicates to the Gateway that there is no server If your ISP requires you to supply a PPPoE service name enter it in the PPPoE Service Name text box 4 1 If your ISP requires the addresses of a Primary and Secondary DNS Server then enter them in the fields labelled Primary DNS Address and Secondary DNS Address If your ISP requires you to supply a host name enter it in the Host Name box otherwise leave the box blank Click Next to continue Continue at Choosing your LAN Settings on page 30 PPTP Mode To setup the gateway for use with a PPTP connection use the following procedure Figure 21 PPTP Screen nect Cable D
11. Password If you can browse to the Gateway configuration screen but cannot log on because you do not know or have forgotten the password follow the steps below to reset the Gateway to it s factory default configuration Warning all your configuration changes will be lost and you will need to run the configuration wizard again before you can re establish your Gateway connection to the Internet Also other computer users will lose their network connections whilst this process is taking place so choose a time when this would be convenient Remove power from the Gateway Disconnect all your computers and the cable DSL modem from the Gateway Using an Ethernet cable connect the Ethernet Cable DSL port on the rear of the Gateway to any one of the LAN ports Re apply power to the Gateway The Alert LED will flash as the Gateway starts up and after approximately 30 seconds will start to flash more slowly typically 2 seconds on 2 seconds off Once the Alert LED has started to flash slowly remove power from the Gateway Remove the cable connecting the Cable DSL port to the LAN port and reconnect one of your computers to one of the Gateway LAN ports Re apply power to the Gateway and when the start up sequence has completed browse to http 192 168 1 1 and run the configuration wizard You may need to restart your computer before you attempt this When the configuration wizard has completed you may reconnect your networ
12. Z 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer 3com Feedback Support Welcome Feedback LAN Settings S Com is always looking for product improvements If you d like to help us Internet Settings by providing feedback you can do so by dicking on the button below which will connect you to 3Com s website Firewall von None of the fields are mandatory just provide the information you wish System Tels Please do not use this link for Technical Support If you need assistance dick on the Support option at the top of the page a ME Support Feedback Status Ready 66 TROUBLESHOOTING Basic Connection Checks m Check that the Gateway is connected to your computers and to the Cable DSL modem and that all the equipment is powered on Check that the LAN and Cable DSL port link status LEDs on the Gateway are illuminated and that any corresponding LEDs on the Cable DSL modem and the NIC are also illuminated Ensure that the computers have completed their start up procedure and are ready for use Some network interfaces may not be correctly initialized until the start up procedure has completed If the link status LED does not illuminate for a port that is connected check that you do not have a faulty cable Try a different cable Ensure that you have configured your computer as described in Setting Up Your Computers on page 19 Restart your computer while it is connected to the Gat
13. clicking on the check box so that a tick can be seen and then selecting Apply 3Com recommends that you leave Allow PING from the Internet disabled as this provides greater security Disable Firewall The Gateway contains a firewall that detects attack patterns used by hackers on the Internet and once detected will block their access to your network The Firewall is disabled by clicking on the check box so that a tick can be seen and then clicking Apply 3Com recommends that you leave the firewall enabled checkbox cleared for normal use You may wish to turn it off for diagnostic purposes Configuring VPNs gt A Virtual Private Network VPN is a secure tunnel between networks or between a network and a user The Gateway supports both network to network connections and network to remote client connections The Gateway supports IPSec tunnels L2TP over IPSec and PPTP connections and allows VPN pass through to enable other secure devices on your network to set up their own secure connections Your Cable DSL modem and your ISP must support IPSec pass through L2TP over IPSec pass through or PPTP pass through for you to be able to use these protocols See The Virtual Servers Menu on page 45 for details to configure pass through protocols Setting the VPN Mode The Gateway supports three modes of VPN operation m PSec Enabled IPSec Internet Protocol Security is a complex secure protocol with a variety o
14. duplex 100BASE TX half duplex 10BASE T full duplex and 10BASE T half duplex Auto negotiation is defined in the IEEE 802 3 standard for Ethernet and is an operation that takes place in a few milliseconds Bandwidth The information capacity measured in bits per second that a channel can transmit The bandwidth of Ethernet is 10 Mbps the bandwidth of Fast Ethernet is 100 Mbps 87 Category 3 Cables One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 3 is voice grade cable and can only be used in Ethernet networks 10BASE T to transmit data at speeds of up to 10 Mbps Category 5 Cables One of five grades of Twisted Pair TP cabling defined by the EIA TIA 586 standard Category 5 can be used in Ethernet 10BASE T and Fast Ethernet networks 100BASE TX and can transmit data up to speeds of 100 Mbps Category 5 cabling is better to use for network cabling than Category 3 because it supports both Ethernet 10 Mbps and Fast Ethernet 100 Mbps speeds Client The term used to described the desktop PC that is connected to your network DES Data Encryption Standard DES is one of the encryption protocols that can be used by an IPSec Virtual Private Network It is a strong encryption standard only currently exceeded in security by 3DES DHCP Dynamic Host Configuration Protocol This protocol automatically assigns an IP address for every computer on your network Windows 95 W
15. example Discovered Devices screen Highlight the Cable DSL Secure Gateway by clicking on it and press Next Figure 69 Discovery Finish Screen 3Com OfficeConnect Gateway Discovery 4 04 xl Completing the OfficeConnect Gateway Discovery Application You have successfully completed the OfficeConnect Gateway Discovery Application Summary of tasks still to be completed Configure the Device using its Web Wizard To exit the application and launch the Web Wizard for your Device click Finish 4 Click on Finish to launch a web browser and display the login page for the Gateway 72 IP ADDRESSING The Internet Protocol Suite The Internet protocol suite consists of a well defined set of communications protocols and several standard application protocols Transmission Control Protocol Internet Protocol TCP IP is probably the most widely known and is a combination of two of the protocols IP and TCP working together TCP IP is an The only value that will be different is the specific host device number This value must always be unique An example IP address is 192 168 100 8 However the size of the network determines the structure of this IP Address In using the Gateway you will probably only encounter two types of IP Address and subnet mask structures internationally adopted and supported networking standard that Type One provides connectivity between equipment from many vendors i Ger over a wide
16. modem This port will automatically adjust for the correct speed duplex and cable type You can connect your Cable DSL modem using either straight through or crossover cables 7 Four 10 100 LAN ports Use suitable cable with RJ 45 connectors You can connect your Gateway to a computer or to any other piece of equipment that has an Ethernet connection for example a hub or a switch All ports will automatically adjust for the correct speed duplex and cable type You can connect your Ethernet devices using either straight through or crossover cables 5 z 14 INSTALLING THE GATEWAY Introduction This chapter will guide you through a basic installation of the OfficeConnect Cable DSL Secure Gateway including m Connecting the Gateway to the Internet m Connecting the Gateway to your network Positioning the Gateway You should place the Cable DSL Secure Gateway in a location that m is conveniently located for connection to the cable or DSL modem that will be used to connect to the Internet m allows convenient connection to the computers that are to be connected to the four LAN ports on the rear panel m allows easy viewing of the front panel LED indicator lights and access to the rear panel connectors if necessary Safety Information AN AN AN WARNING Please read the Important Safety Information sec
17. panel of the Gateway contains a series of indicator lights LEDs that help describe the state of various networking and connection operations On for 2 seconds and then off The Gateway has detected and prevented a hacker from attacking your network from the Internet Figure 3 Cable DSL Secure Gateway Front Panel Continuously on A fault has been detected with your 1 Gateway during the start up process See Troubleshooting on page 67 i gt The Alert LED will be on for a period of between three and five seconds during the power on self test This is normal and no 1 Alert LED Orange cause for alarm 2 Power LED Green O p0 El o 3CR856 95 m LAN Status ST Cable DSL DI Green 100M Yellow 10M Flash Activity OfficeConnect Cable DSL Secure Gateway Indicates a number of different conditions as described below Indicates that the Gateway is powered on 3 Four LAN Status LEDs Off The Gateway is operating normally Flashing quickly Indicates one of the following conditions m The Gateway has just been started up and is running a Green 100 Mbps link Yellow 10 Mbps link self test routine Indicates a number of different conditions as described below m The system software is in the process of being upgraded On The link between the port and the next piece of network In each of these cases wait until the Gateway has completed the equipment is OK current operation and
18. that no settings are saved until you click on the Finish button to go back and make any changes click Back To exit without saving the changes click Cancel When you click Anish the Gateway will reboot to update all the settings 3Com recommends that you print the Configuration Summary screen for your records If you have changed the IP address of your Gateway your computer will need to change its IP address to communicate with the Gateway Reboot your computer once the Gateway has restarted to get a new address If want to make changes click the Back button until you reach the screen which contains the settings you want to change and follow the instructions from that point Your Gateway is now configured You can start using your Gateway straight away or further configure your Gateway see Gateway Configuration on page 33 32 GATEWAY CONFIGURATION This chapter describes all the options available through the Gateway configuration pages and is provided as a reference Navigating Through the Gateway Configuration Pages To get to the configuration pages browse to the Gateway by entering the URL in the location bar of your browser The default URL is http 192 168 1 1 If you changed the Gateway LAN IP address during initial configuration use the new IP address instead When you have browsed to the Gateway log in using your system password The default password is admin Main Menu At the left s
19. that one IP address during a session or responds from an address different to the one you use to start the special application then you must ensure that the Multiple Hosts Allowed box is checked Otherwise leave it clear Your application provider can provide you with this information 51 Advanced Select Advanced to display the Advanced Settings screen See Figure 50 below Figure 50 Advanced Settings Screen Back A A Aeh rage Queda Hr a BR A Links 0 Firewall Allow PING from the Internet I Disable Firewall Apply LOG OUT The Internet connects millions of computer users throughout the world The vast majority of the computer users on the Internet are friendly and have no intention of breaking into stealing from or damaging your network However there are hackers who may try to break into your network 52 gt The options on this screen enable you to allow PING from the internet and to disable the firewall as shown below m Allow PING from the Internet PING is a utility which is used to determine whether a device is active at the specified IP address PING is normally used to test the physical connection between two devices to ensure that everything is working correctly By default the Gateway has PING disabled so that it does not respond to PING requests This makes the device more diffi cult to find on the Internet and less prone to attack This feature is enabled by
20. to Many NAT This is very easy to set up and the Gateway s default mode It works with any IP Allocation Mode and will map all the addresses on your LAN to the Internet address of your Gateway To set up One to Many NAT Select One to Many NAT from the NAT Mode drop down box Click Apply to save your changes Setting up One to One NAT The following criteria must be met to be able to use One to One NAT m You must have a static Internet IP address for every computer on your network plus one for the Gateway itself m The addresses must be in one continuous block in the same subnet m You must have selected Static IP Address as your IP Allocation Mode and have given your Gateway the first of the Internet addresses allocated by your ISP Figure 40 One to One NAT Screen Network Address Translation NAT Mode Oneto oneNAT First IP Address in ISP Pool 72168752 First IP Address in LAN Pool 192 168 1 100 Pool Size E 45 To set up One to One NAT Select One to One NAT from the NAT Mode drop down box Enter the second address of your Internet range of addresses in the First IP Address in ISP Pool field Enter the first address in your LAN range of addresses to which you want to map this range in the First IP Address in LAN Pool field 3Com recommends that you set your DHCP pool to the same as the range of LAN addresses used as your LAN pool Enter the number of addresses in the range into the Pool Size f
21. user serviceable parts inside the Gateway If you have a physical problem with the unit that cannot be solved with 79 AN A problem solving actions in this guide contact your supplier WARNING Disconnect the power adapter before moving the unit WARNING RJ 45 ports These are shielded RJ 45 data sockets They cannot be used as telephone sockets Only connect RJ 45 data connectors to these sockets Wichtige Sicherheitshinweise A gt VORSICHT Warnhinweise enthalten Anweisungen die Sie zu Ihrer eigenen Sicherheit befolgen m ssen Alle Anweisungen sind sorgf ltig zu befolgen Sie m ssen die folgenden Sicherheitsinformationen sorgf ltig durchlesen bevor Sie das Ger ts installieren oder ausbauen VORSICHT Bei der Installation und beim Ausbau des Ger ts ist mit h chster Vorsicht vorzugehen VORSICHT Stapeln Sie das Ger ts nur mit anderen OfficeConnect Ger tes zusammen VORSICHT Aufgrund von internationalen Sicherheitsnormen darf das Ger t nur mit dem mitgelieferten Netzadapter verwendet werden VORSICHT Die Netzsteckdose mu in der N he des Ger ts und leicht zug nglich sein Die Stromversorgung des Ger ts kann nur durch Herausziehen des Ger tenetzkabels aus der Netzsteckdose unterbrochen werden VORSICHT Der Betrieb dieses Ger ts erfolgt unter den SELV Bedingungen Sicherheitskleinstspannung gem IEC 60950 Diese Bedingungen sind nur gegeben wenn auch die an das Ger t angeschlossen
22. will need to disable it To do this From the Windows Start menu select Settings gt Control Panel Double click on nternet Options Select the Connections Tab A screen similar to Figure 8 should be displayed Select the Never Dial a Connection option and click OK Figure 8 Internet Properties KEE General Security Content Connections programs Advanced m Use the Internet Connection Wizard to Esso Ma EE p Dial up settings Remove _ settings Never dial a connection Dial whenever a network connection is not present Always dial my default connection Current Dial up Connection EEL DESI Local Area Network LAN settings LAN Settings OK Cancel Apply You may wish to remove the PPPoE client software from your computer to free resources as it is not required for use with the Gateway Disabling Web Proxy Ensure that you do not have a web proxy enabled on your computer Go to the Control Panel and click on Internet Options Select the Connections tab and click on LAN Settings at the bottom Make sure that the Use Proxy Server option is unchecked 21 22 RUNNING THE SETUP WIZARD If the Gateway needs to be configured for example if it has not yet been used or has been reset it will run the Setup Wizard The Login screen as shown in Figure 10 should appear in your browser If it does not refer to Troubleshooting on page 67 automat
23. 000 This product contains encryption and may require U S and or local government authorisation prior to export or import to another country 84 ISP INFORMATION Information Regarding Popular ISPs Internet Characteristics Popular ISPs Internet Characteristics Popular ISPs Connection Connection Types Types Dynamic IP Cable modem ISP MediaOne PPTP Cable or DSL always on KPN Netherlands Clone MAC non hostname based Need RoadRunner Optimum Some European ISPs require Austria Telecom to clone MAC in the DHCP Online Time Warner a PPTP tunnel to page of router Charter and Adelphia authenticate their network Metrocast RCN Static DSL Modem always on CableSpeed Cnet Dynamic IP Cable ISP Requires Home Network DSL Need to enter ALL IP Direct Link Drizzle DSL Hostname Hostname to authenticate Cogoco ComCast information from ISP in the Extreme Earthlink Le cx213818 B Need to Cox Excite Rogers Static IP section of the Wireless Fast Point enter the hostname in the Shaw Insight Gateway Flashcom DHCP page of the router Videotron GTE WhirlWind exactly as it appears in your Heavenet HSA Corp documentation 1 55 InterAccess LinkLine Mission PPPoE Usually special software Bell Century Tel Nauticom NAS Omitel DSL installed on PC Citizens Primus Onterra Phatpipe MacPOET WinPOET Prodigy Snet Sprint FC Rhythms Speakeasy EnterNet 300 The Verizon First World S
24. 6 TECHNICAL SPECIFICATIONS This section lists the technical specifications for the OfficeConnect Cable DSL Secure Gateway Interfaces Cable or DSL modem connection one 10 100 Mbps Ethernet port 10BASE T 100BASE TX with auto MDIX LAN connection four 10 100 Mbps Ethernet ports 10BASE T 100BASE TX with auto MDIX Operating Temperature 0 C to 40 C 32 F to 105 F Power 7 W power dissipated Humidity 0 to 90 non condensing humidity Dimensions Width 220 mm 8 7 in Depth 135 mm 5 3 in Height 36 mm 1 4 in Weight Approximately 537 g 1 18 lbs 77 Standards Functional ISO 8802 3 IEEE 802 3 Safety UL 60950 EN 60950 CSA 22 2 60950 IEC 60950 EMC EN 55022 Class Bt EN 55024 AS NZS 3548 Bt FCC Part 15 Class Bin ICES 003 Class Bt VCCI Class Bt CNS 13438 Class A Environmental EN 60068 IEC 68 Category 5 screened cables must be used to ensure compliance with the Class B requirements of this standard The use of unscreened cables Category 3 or Category 5 complies with the Class A requirements Category 5 cables must be used if you are connecting to 100 Mbps devices See Safety Information on page 79 for conditions of operation System Requirements Operating Systems The Cable DSL Secure Gateway will support the following Operating Systems Windows 95 98 Me Windows NT 4 0 Windows 2000 Windows XP Mac OS 8 5 or higher Unix Ethernet Pe
25. CoN AU OfficeConnect Cable DSL Secure Gateway 3CR856 95 3Com Corporation 5400 Bayfront Plaza Santa Clara California 95052 8145 Copyright 2002 3Com Corporation All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from 3Com Technologies 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this documentation at any time If there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the hard copy documentation or on the removable media in a directory file named LICENSE TXT or ILICENSE TXT If you are unable to locate a copy please contact 3Com and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United Stat
26. Firewall popup clientPrivileges Microsoft Internet Explorer PC Privileges PC s IP Address 192 168 1 1 Select services authorised from this PC F HTTP 80 HTTPS 443 Web browsing E Web Proxy 8080 F SMTP 25 F POP3 110 eMail IMAP 143 C FTP 21 TC News 119 Other E Telnet 23 Black or Allow other services Allow Al other services except specify ports 8080 5 Either VPN connections to other networks are unaffected by settings in PC Privileges To allow or deny VPN connections to other m Enter the additional services that you wish to allow in the teen X networks see Configuring VPNs on page 53 except specify ports box and set the drop down box to Allow Special Applications m Enter the services that you wish to deny in the except specify Select Special Applications tab to display the Authorized ports box and set the drop down box to Deny Application setup screen See Figure 47 below Enter multiple ports as either a comma separated list e g 101 Stones 105 107 or as a range e g 101 107 Figure 47 Special Applications Screen 6 Click Apply to save the settings Example Allowing only web and E mail access OfficeConnect Cable DSL Secure Gateway Firewall To allow web and E mail access and block all other services across the Gateways firewall e Authorised Applications Trigger Port me m Ensure that the Control PC Access to the Internet
27. L2TP over IPSec or PPTP connection then there is no need to create a connection for a remote user on that site If you configure an IPSec connection for a remote computer then that computer will require software that supports IPSec If you configure an L2TP over IPSec or PPTP connection for a remote computer then you should contact Microsoft for information on whether an upgrade is required m Tunnel Type Choose either IPSec either Remote User Access or Gateway to Gateway L2TP over IPSec or PPTP Depending on which Tunnel Type you have selected choose from the following to edit or add the remaining fields m IPSec Connections using Remote User Access on page 57 m IPSec Connections using Gateway to Gateway on page 57 m L2TP over IPSec Connections on page 59 m PPTP Connections on page 60 IPSec Connections using Remote User Access If you have selected IPSec as a Tunnel Type and Remote User Access as a Connection Type enter the following values m Remote User ID Enter the Remote User ID This must be entered identically on the IPSec software installed on the client s machine m Tunnel Shared Key this is the password for the connection and is a combination of letters numbers and punctuation and can be up to 64 characters in length Figure 53 IPSec Connection Remote User Access 3 YPN Connection Setup Microsoft Internet Explorer VPN Tunnel Configuration Connection Name D
28. LIMITED WARRANTIES AND LIMITATION OF LIABILITY All warranties and limitations of liability applicable to the Software are as stated on the Limited Warranty Card or in the product manual whether in paper or electronic form accompanying the Software Such warranties and limitations of liability are incorporated herein in their entirety by this reference GOVERNING LAW This Agreement shall be governed by the laws of the State of California U S A excluding its conflicts of laws principles and excluding the United Nations Convention on Contracts for the International Sale of Goods SEVERABILITY In the event any provision of this Agreement is found to be invalid illegal or unenforceable the validity legality and enforceability of any of the remaining provisions shall not in any way be affected or impaired and a valid legal and enforceable provision of similar intent and economic impact shall be substituted therefor ENTIRE AGREEMENT This Agreement sets forth the entire understanding and agreement between you and 3Com and supersedes all prior agreements whether written or oral with respect to the Software and Documentation and may be amended only in a writing signed by both parties Should you have any questions concerning this Agreement or if you desire to contact 3Com for any reason please contact the 3Com subsidiary serving your country or write 3Com Corporation 5400 Bayfront Plaza P O Box 58145 Santa Clara CA 95052 8145 408 326 5
29. MS AND CONDITIONS OF THIS AGREEMENT DO NOT DOWNLOAD INSTALL OR OTHERWISE USE THE SOFTWARE OR DOCUMENTATION DO NOT CLICK ON THE AGREE OR SIMILAR BUTTON AND IF YOU HAVE RECEIVED THE SOFTWARE AND DOCUMENTATION ON PHYSICAL MEDIA RETURN THE ENTIRE PRODUCT WITH THE SOFTWARE AND DOCUMENTATION UNUSED TO THE SUPPLIER WHERE YOU OBTAINED IT LICENSE 3Com grants you a nonexclusive nontransferable except as specified herein license to use the accompanying software program s in executable form the Software and accompanying documentation the Documentation subject to the terms and restrictions set forth in this Agreement You are not permitted to lease rent distribute or sublicense except as specified herein the Software or Documentation or to use the Software or Documentation in a time sharing arrangement or in any other unauthorized manner Further no license is granted to you in the human readable code of the Software source code Except as provided below this Agreement does not grant you any rights to patents copyrights trade secrets trademarks or any other rights with respect to the Software or Documentation Subject to the restrictions set forth herein the Software is licensed to be used on any workstation or any network server owned by or leased to you for your internal use provided that the Software is used only in connection with this 3Com product You may reproduce and provide one 1 copy of the Software and Documentati
30. N 53 connecting the cable DSL modem 17 connecting to the Internet 38 Consignes importantes de s curit 80 creating a virtual server 46 CSA statement 99 D data encryption standard 87 daylight saving 62 DES 87 DHCP 87 recording settings 16 wizard 30 DHCP Internet settings 41 DHCP server configuring 36 DHCP settings Macintosh OS 8 5 9 x 20 Windows 2000 XP 19 Windows 95 98 ME 20 diagram front panel 12 rear panel 13 sample network 9 digital subscriber line 88 disabling IPSec 56 disabling PPPoE client software 20 disabling the firewall 52 disabling web proxies 21 discovery application 71 DMZ virtual 46 DNS 88 domain name system 88 DSL 88 DSL Ethernet port 13 DSL modem 88 DSL status LED 13 dynamic host control protocol 87 E End User Software Licence Agreement 83 Ethernet 88 Ethernet port cable DSL 13 LAN 13 F Fast Ethernet 88 FCC statement 99 feedback 8 finding the Gateway 71 firewall 9 defined 88 disabling 52 settings 45 firmware 94 upgrading 63 front panel diagram 12 full duplex 88 G Gateway changing the password 34 connecting the cable DSL modem 17 defined 88 firewall 9 installation information 15 positioning 15 powering up 17 restarting 61 Gateway configuration 33 Gateway to Gateway connection 58 getting help 33 giving feedback 8 H half duplex 88 help menu 33 hub 88 l IEEE 88 IETF 89 installation information 15 Internet protocol 73 Internet Settings PP
31. NS Address If your ISP does not require one of the fields to be filled in then leave it blank This indicates to the Gateway that there is no server If your ISP requires you to supply a host name enter it in the Host Name box otherwise leave the box blank Click Next to continue to the Clone MAC Address screen shown in Figure 19 below 4 Figure 19 Clone MAC Address Screen 3 OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft Internet ENpIOneE se f JE Clone MAC Address Some ISP s particularly those offering Cable require you to register your MAC address with them If you have done this the MAC address of the Gateway must be changed to the MAC address that you supplied to your ISP Does your ISP require this No Yes please clone the MAC address from the PC I m currently using 01 23 45 67 89 AB Yes I would like to enter a MAC address manually by po hn hp Er ba Valid characters are 0 9 and A F If your ISP requires an assigned MAC address select the appropriate radio button m Yes please clone the MAC address from the PC I m currently using if the computer you are using now is the one that was previously connected directly to the cable or DSL modem m Yes would like to enter a MAC address manually and manually enter the values for a MAC address if the computer you are using now was not previously connected directly to the cable or DSL modem Otherwise click No Click
32. SL Secure Gateway Setup Wizard Microsoft Internet Explorer set E3 Internet Settings PPTP Mode Please enter your PPTP account settings as provided by your ISP below The PPTP Server is typically located in your DSL modem In the case of an Alcatel Speed Touch modem its default address is 10 0 0 138 PPTP Server Address 10 0 0 138 PPTP User Name Da DD optional optional PPTP Password Primary DNS Address Secondary DNS Address Enter your PPTP server address in the PPTP Server Address text box 29 Enter your PPTP user name in the PPTP User Name text box Enter your PPTP password in the PPTP Password text box Enter your primary DNS address in the Primary DNS Address text box If your ISP provides a secondary DNS address enter it in the Secondary DNS Address text box otherwise leave the box blank Check all your settings and then click Next Figure 22 displays Click Next to continue Figure 22 PPTP IP Settings t Cable DSL Secure Gateway Setup Wizard Microsoft Internet oj ES Internet Settings PPTP Mode You must specify some IP settings to be used when establishing the PPTP connection If your ISP has provided you with these settings then you should use them Otherwise if the PPTP server is located in your DSL modem you can Use the Suggest button to generate suitable values for you az Initial IP Address Initial Subnet Mask IP settings must be used when establishing a PPTP co
33. TP 43 Internet settings blocking access 48 configuring 38 DHCP 41 PPPoE 42 static address 40 wizard 26 inventory 11 IP address 73 IP defined 89 IPSec defined 89 IPSec Routes editing 60 ISP defined 89 ISP Information 85 L L2TP 53 editing 59 LAN defined 89 LAN Ethernet port 13 LAN settings configuring 35 wizard 30 LAN status LED 12 LED alert 12 cable DSL status 13 LAN status 12 power 12 loading Gateway configuration 62 local area network 89 login screen 23 95 logs viewing 64 M MAC address 89 Macintosh OS 8 5 9 x setting up 20 main menu accessing 33 media access control 89 multiple hosts 51 N NAT configuring 43 defined 89 network address remote 57 network address translation 43 89 network defined 90 network interface card defined 90 NIC defined 90 notice board 34 NTP server 62 O one to many NAT configuring 44 one to one NAT configuring 45 P package contents 11 password changing 34 system 23 wizard 24 PC privileges setting 47 PING allowing 52 port cable DSL Ethernet 13 LAN Ethernet 13 positioning the Gateway 15 power adapter socket 13 power cycle 61 power LED 12 powering up the Gateway 17 PPPOE changing the password 38 defined 90 disabling 20 disabling client software 20 Internet settings 42 recording settings 16 PPTP defined 90 disabling 20 editing 60 Internet Settings 43 recording settings 16 users 53 private IP addresses 75 privileg
34. This Gateway ID as an Internet IP address or name of the Gateway that you are configuring This value is common across all IPSec connections but does not apply to PPTP connections If PPTP only is enabled This Gateway s ID field does not appear If you require main mode IPSec connections then this value must be the public IP address of the Gateway VPN Mode Screen Figure 51 L2TP Configuration If you have enabled L2TP over IPSec you must enter the following items In the IPSec Configuration field enter This Gateway ID as an Internet IP address or name of the Gateway that you are configuring This value is common across all IPSec connections but does not apply to PPTP connections If PPTP only is enabled This Gateway s ID field disappears In the L2TP Configuration field enter m the Domain Name as an IP address A Domain Name locates a website on the Internet 54 gt 4 m The PSec Shared Key This is the key for the connection and is a combination of letters numbers and punctuation and can be up to 64 characters in length 3Com recommends that the key and password are not the same The user will need to know the IPSec Shared Key to enable connection m In the Encryption Level field choose either Allow DES tunnels or Allow 3DES tunnels 3DES is more secure but may take longer to encrypt and decrypt 3DES is not shipped with the Gateway as standard due to international restrictions on encryption
35. You will be prompted to download and save a file to disk m f you want to reinstate the configuration settings previously saved to a file click Browse to locate the backup file on your computer and then RESTORE to copy the configuration back to the Gateway For security purposes restoring the configuration does not change the password m If you want to reset the settings on your Gateway to those that were loaded at the factory click RESET You will lose all your configuration changes The Gateway LAN IP address will revert to 192 168 1 1 and the DHCP server on the LAN will be enabled You may need to reconfigure and restart your computer to re establish communication with the Gateway Upgrading the Firmware of your Gateway i gt The Upgrade facility allows you to install on the Gateway any new releases of system software that 3Com may make available 3DES encryption is not shipped with the Gateway as standard due to international restrictions on encryption If your country permits its use it can be downloaded from the 3Com web site at http www 3com com 63 Figure 62 Upgrade Screen System Tools Upgrade Firmware upgrade the software installed on this unit to a new version downloaded from the 3Com Please select the location of the software upgrade file on your PC using the browse button below then press the Apply button PA Boe You need to make sure the Files of type is set to All files to s
36. a week USING DISCOVERY Running the Discovery Application 3Com provides a user friendly Discovery application for detecting the OfficeConnect Cable DSL Secure Gateway on the network Windows Installation 95 98 2000 Me NT 1 p gt 3Com OfficeConnect Gateway Discovery 4 05 3 x Insert the Gateway CD ROM in the CD ROM drive on your computer A menu will appear select Gateway Discovery Discovery will find the Gateway even if it is unconfigured or misconfigured Figure 67 Discovery Welcome Screen Welcome This application will help you to find and configure your OfficeConnect products of the following type H Cable DSL Gateway H Cable DSL Secure Gateway H Wireless Cable DSL Gateway Click Next to discover a device on your network Copyright 3Com Corporation All rights reserved Back Cancel 71 When the Welcome screen is displayed click on Next and wait until the application discovers the Gateways connected to your LAN Figure 68 Discovered Gateway 3Com OfficeConnect Gateway Discovery 4 05 x Discovered Devices The following list contains the OfficeConnect Gateway devices found on your local network Please choose a device to configure Serial Number IP Address 192 168 10 1 Cable DS Devices that require configuration are displayed with grayed out icons In Figure 68 the serial number of the unit has been replaced with XXXXXX 3 Figure 68 shows an
37. area network 91 Windows 2000 XP setting up 19 Windows 95 98 ME setting up 20 wizard auto configuration 26 defined 91 DHCP 30 Internet settings 26 LAN settings 30 launching manually 24 setup 23 summary 31 world time UTC 25 98 REGULATORY NOTICES FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules and the Canadian Department of Communications Equipment Standards entitled Digital Apparatus ICES 003 These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation Information to the User If this equipment does cause interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures m Reorient the receiving antenna Relocate the equipment with respect to the receiver m Move the equipment away from the receiver m Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits m Consult the deal
38. ary 172 16 57 52 server PPPoE User Name PPPoE Password m Host Name The Host Name of your computer may be PPPOE Service Name optional Primary DNS Address options required by your ISP Secondary DNS Address optional ee asia m Maximum Idle Time The amount of time without activity SE ECN before the Gateway terminates the Internet connection gt Since the Gateway firmware contains its own PPPoE client you no longer need to run PPPoE client software on your computer to access the Internet You can simply start your browser and connect to the Internet immediately after setting up your cable or DSL modem Your ISP may need you to enter host name or PPPoE settings To setup the Gateway for use with a PPPoE connection the following fields will need to be completed m IP Address The internet address allocated by your ISP for this connection is automatically configured and is not editable 42 Configuring a PPTP connection If your ISP has allocated you a dynamic address using PPTP you will have selected PPTP used by some European providers as your P Allocation Mode Figure 37 PPTP Setup Screen To setup the Gateway for use with a PPTP connection the following fields will need to be completed m IP Address The internet address allocated by your ISP for this connection is automatically configured and is not editable m PPTP Server Address This is typically the address
39. ase sensitive and must be entered as the Old Password the first time you configure the Gateway 3Com recommends that you change the password from its default value Figure 13 Change Administration Password Screen 3 OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft Internet Explorers E Change Administration Password To ensure the security of your Gateway it is recommended that you choose a new password this should be a mix of letters and numbers and not easily guessed by others To leave the password unchanged leave the fields blank and click Next Old Password New Password Confirm Password Choose a password that you can remember but that others are unlikely to guess Remember that the password is case sensitive Click Next to display the Time Zone setup screen Figure 14 Setting the Time Zone The Gateway sets its time automatically when it connects to the Internet This time is used when recording information log files To set the Gateway to your local time 1 Select your time zone from the drop down menu 2 Check the Enable Daylight Saving box to automatically adjust the time seasonally 3 Click Next to continue 25 To set the Gateway to World Time UTC 1 Select GMT Greenwich Mean Time from the drop down menu 2 Ensure that the Enable Daylight Saving box is cleared 3 Click Next to continue Figure 14 Time Zone Screen 7 OfficeConnect Cable DSL Secure Gateway Setup Wizard Micros
40. ble trade secrets of 3Com and its suppliers You agree to hold such trade secrets in confidence You further acknowledge and agree that ownership of and title to the Software and Documentation and all subsequent copies hereof regardless of the form or media are held by 3Com and its suppliers UNITED STATES GOVERNMENT LEGENDS The Software Documentation and any other echnical data provided hereunder is commercial in nature and developed solely at private expense The Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as acommercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in this Agreement which is 3Com s standard commercial license for the Software Technical data is provided with imited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable TERM AND TERMINATION The licenses granted hereunder are perpetual unless erminated earlier as specified below You may terminate the licenses and this Agreement at any time by destroying the Software and Documentation together with all copies and merged portions in any form The licenses and this Agreement will also terminate immediately if you fail to comply with any term or condition of this Agreement Upon such termination you agree to destroy the Software and Documentation together with all copies and merged portions in any form
41. ction simply says type Keyboard key If you must press two or more keys simultaneously names the key names are linked with a plus sign Example Press Ctrl Alt Del Table 2 Text Conventions continued Do not use this e mail address for technical support questions For information about contacting Technical Support please refer Convention Description to the Support and Safety Information sheet Words in italics Italics are used to m Emphasize a point D ANEN term at the place where it is defined Related Documentation EEN and soft In addition to this guide each OfficeConnect Cable DSL Secure From the Help menu select Contents Gateway document set includes one Installation Guide This Click OK guide contains the instructions you need to install and configure your Cable DSL Secure Gateway Feedback about this User Guide Product Registration Your suggestions are very important to us They will help make You can now register your OfficeConnect Cable DSL Secure our documentation more useful to you Please e mail comments Gateway on the 3Com web site and receive up to date about this document to 3Com at information on your product pddtechpubs_comments 3com com http www 3com com register Please include the following information when commenting m Document title m Document part number on the title page m Page number if appropriate Example m OfficeConnect Cable DSL Secure Gateway User Gui
42. de m Part Number DUA08569 5AAA02 m Page 24 Welcome to the world of networking with 3Com In the modern business environment communication and sharing information is crucial Computer networks have proved to be one of the fastest modes of communication but until recently only large businesses could afford the networking advantage The OfficeConnect product range from 3Com has changed all this bringing networks to the small office The products that compose the OfficeConnect line give you the small office user the same power flexibility and protection that has been available only to large corporations Now you can network the computers in your office connect them all to a single Internet outlet and harness the combined power of all of your computers OfficeConnect Cable DSL Secure Gateway The OfficeConnect Cable DSL Secure Gateway is designed to provide a cost effective means of sharing a single broadband Internet connection amongst several computers The Gateway also increases your network security by acting as a firewall preventing unauthorised external access to your network and by creating Virtual Private Networks VPNs encrypted links to other private networks The example in Figure 1 shows a network connected to the Internet without a Gateway One computer is connected to the Internet using a Cable or DSL modem This computer must always be powered on for the other computers on the network to access
43. e Support Feedback Gateway must be changed to the MAC address that you supplied to your IS m Clone MAC Address Your ISP may require you to have a Use the Gateway s original MAC address 01 23 45 67 89 A8 Enter a new MAC adress manual 256870 particular MAC address This will be the MAC address of the computer you first used to connect with your ISP Status and Logs Click Apply to save any changes you have made Status Ready To setup the Gateway for use with a dynamic IP address connection the following settings are configured m IP Address The internet address allocated by your ISP for this connection is automatically configured and is not editable 41 Configuring a PPPoE connection m PPPoE User Name The user name you use to access your ISP If your ISP has allocated you a dynamic address using PPPoE you m PPPoE Password The password you use to access your ISP will have selected PPPoE PPP over Ethernet as your IP Allocation Mode m PPPoE Service Name Your ISP may require you to specify a service name for your connection Fi 36 PPPoE Setup S A gare E m Primary DNS Address The address of your ISP s Domain Name Service server is automatically configured and is not editable m Secondary DNS Address The address of your ISP s secondary Domain Name Service server The second server is PPPOE PPP overEheme optionally provided by an ISP in case of failure of the prim
44. e same IP address and subnet mask will never be duplicated for devices on the network DHCP is particularly useful for networks with large numbers of users on them Static Addressing You must enter an IP Address and the subnet mask manually on every device Using a static IP and subnet mask means the address is permanently fixed Auto IP Addressing Network devices use automatic IP addressing if they are configured to acquire an address using DHCP but are unable to contact a DHCP server Automatic IP addressing is a scheme where devices allocate themselves an IP address at random from the industry standard subnet of 169 254 x x with a subnet mask of 255 255 0 0 If two devices allocate themselves the same address the conflict is detected and one of the devices allocates itself a new address Automatic IP addressing support was introduced by Microsoft in the Windows 98 operating system and is also supported in Windows 2000 Private IP Addresses The following address ranges have been reserved by the Internet Engineering Task Force IETF for private use m 10 0 0 0 10 255 255 255 m 172 16 0 0 172 31 255 255 m 192 168 0 0 192 168 255 255 The Gateway has a default subnet of 192 168 1 0 192 168 1 255 3Com recommends that you use this subnet for the LAN addresses of your first Gateway and subsequent ranges 192 168 2 0 192 168 2 255 for the LAN range of other Gateways that you will connect to by VPN 75 7
45. ee the file a LOG OUT Once you have downloaded the software use the Browse button to locate the file on your computer and then click on Apply You may need to change the file type in the dialog box displayed by your web browser to to be able to see the file The file will be copied to the Gateway and once this has completed the Gateway will restart Although the upgrade process has been designed to preserve your configuration settings 3Com recommends that you make a backup of the configuration beforehand in case the upgrade process fails for any reason for example the connection between the computer and the Gateway is lost while the new software is being copied to the Gateway The upgrade procedure can take a few minutes and is complete Figure 63 Status Screen when the Alert LED has stopped flashing and is permanently off EMT ES Make sure that you do not interrupt power to the Gateway A SE during the upgrade procedure if you do the software may be corrupted and the Gateway may not start up properly afterwards If ne A LED comes on oo or Tanya oa after a 3C0mMm ge ays failed upgrade refer to Troubleshooting on page 67 General Information Welcome LAN Settings Software version 1 00 BERN Hardware version 01 00 a Ba sun 3C number 3C856 95 Viewing Status and Logs a Serial Number 7x9V6018030 La g System Tools Access From the Internet S
46. electing Status and Logs from the Main menu displays the ATEN E Status and Logs screens in your Web browser The Status and co E E Logs screen displays a tabular representation of your network Poo our mo and Internet connection SEEN no Internet IP Address 172 16 57 52 Dynamic H H H H Internet Subnet Mask 255 255 255 0 Status to display the current unit status including a summary me EE of the configuration See Figure 63 Remaining Lease Time 00 18 01 Internet MAC Address 00 05 1A 61 BD 31 Log Settings to choose whether to store the log on the A EN Gateway or to send to the remote user or both See Figure 64 LAN Subnet Mask 255 255 255 0 LAN MAC Address 00 03 1A 81 CD 43 e Gateway s DHCP Server ENABLED i gt If you choose the option to store the log on the Gateway the log file will be overwritten when it is full If you choose the option to Internet Port Status 10 Mbps Half Duplex e LAN Port 1 Status 100 Mbps Full Duplex send logs to a remote server then you will need to specify the IP Tan Porto sta NET address of the remote server The IP address must be within the RE LAN subnet and a syslog server must be installed on the remote server You may be asked to refer to the information on the Status screen if you contact your supplier for technical support Logs to view both the normal events and security threats logged by the Gateway 64 Figure 64 Log Settings Screen El able DSL Secure soft Intern
47. en Ger te unter SELV Bedingungen betrieben werden VORSICHT Es sind keine von dem Benutzer zu ersetzende oder zu wartende Teile in dem Ger t vorhanden Wenn Sie ein Problem mit dem Gateway haben das nicht mittels der Fehleranalyse in dieser Anleitung behoben werden kann setzen Sie sich mit Ihrem Lieferanten in Verbindung VORSICHT Vor dem Ausbau des Ger ts das Netzadapterkabel herausziehen VORSICHT RJ 45 Anschl sse Dies sind abgeschirmte RJ 45 Datenbuchsen Sie k nnen nicht als Telefonanschlu buchsen verwendet werden An diesen Buchsen d rfen nur RJ 45 Datenstecker angeschlossen werden 80 Consignes importantes de s curit AN gt pp gt AVERTISSEMENT Les avertissements pr sentent des consignes que vous devez respecter pour garantir votre s curit personnelle Vous devez respecter attentivement toutes les consignes Nous vous demandons de lire attentivement les consignes suivantes de s curit avant d installer ou de retirer l appareil AVERTISSEMENT Faites tr s attention lors de l installation et de la d pose du groupe AVERTISSEMENT Seulement entasser le moyer avec les autres moyeux OfficeConnects AVERTISSEMENT Pour garantir le respect des normes internationales de s curit utilisez uniquement l adaptateur lectrique remis avec cet appareil AVERTISSEMENT La prise secteur doit se trouver proximit de l appareil et son acc s doit tre facile Vous ne pouvez mettre l appare
48. er or an experienced radio television technician for help The user may find the following booklet prepared by the Federal Communications Commission helpful How to Identify and Resolve Radio TV Interference Problems This booklet is available from the U S Government Printing Office Washington DC 20402 Stock No 004 000 00345 4 In order to meet FCC emissions limits this equipment must be used only with cables which comply with IEEE 802 3 99 CE Statement Europe This product complies with the European Low Voltage Directive 73 23 EEC and EMC Directive 89 336 EEC as amended by European Directive 93 68 EEC CSA Statement This Class B digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulations Cet appareil numerique de la classe B respecte toutes les exigences du Reglement sur le materiel brouilleur du Canada BSMI Statement ad GOEN Ier Se RE du gt EER BE Ge BO oP BE gt AE TT VCCI Statement COMB FHLBRESRRRSAEMM BBA VCCI ORE CEI TA BERGA CORB RER TIEMT SEE ZE MLLTUEIN COMENT APT LEV a SL T RENE EMERALD ES ARA Co TELUORIRNELTF W 100 DUA08569 5AAA02 Published November 2002
49. er the Internet IP address or name of the remote gateway Figure 54 m Remote Network address enter the LAN IP address of the remote network This is the first IP address of a subnet one below the first address available for use Figure 54 IPSec Connection Gateway to Gateway m Encryption type choose the encryption type from DES or 3DES 3DES is more secure but may take longer to encrypt and decrypt 3 VPN Connection Setup Microsoft Internet Explorer VPN Tunnel Configuration PER IRRE gt 3DES is not shipped with the Gateway as standard due to Description nm international restrictions on encryption If your country permits its De Pola oda use it can be downloaded from the 3Com web site at Tunnel Type IPSec El http www 3com com Remote IPSec Server address Remote Network address 1 m Hash Algorithm choose either SHA 1 or MD5 from the Remota Subnet Mask EEE drop down list Both ends of the connection must use the Tunnel Shared Key 3 same value Encryption type Triple DES DES m Exchange keys using choose the encryption method used Dt o P to exchange shared keys Diffie Hellman Group 2 is more Use Perfect Forward Secrecy E secure but less common than Diffie Hellman Group 1 m Use Perfect Forward Secrecy Choose whether to use If the remote Gateway has a LAN IP address of 192 168 1 1 and perfect forward secrecy Using perfect forward secrecy will a subnet mask of 255 255 255 0 then the LAN IP address of
50. es 96 setting 47 product registration 8 protocol defined 90 R rear panel diagram 13 recording DHCP settings 16 recording PPPOE settings 16 recording PPTP settings 16 recording static address settings 16 registration 8 remote network address 57 restarting the Gateway 61 restoring Gateway configuration 62 RJ 45 defined 90 S safety information 79 sample network diagram 9 saving Gateway configuration 62 server defined 90 session chaining 51 setting up Macintosh OS 8 5 9 x 20 Windows 2000 XP 19 Windows 95 98 ME 20 setting up computers 19 settings advanced 52 setup wizard 23 shared key 57 58 59 sharing broadband 9 special applications 49 adding 50 custom 50 static address recording settings 16 static Internet settings 40 status viewing 64 status LED cable DSL 13 LAN 12 subnet mask 36 90 support 65 switch 90 system password 23 system requirements 78 system tools 61 T TCP IP 73 89 defined 90 echnical specifications 77 echnical support 65 ime zone setting 62 wizard 25 raffic 91 rigger port 51 Triple DES 87 unnel shared key 57 58 59 U upgrading firmware 63 UTC world time 25 97 V VCCI statement 99 viewing status and logs 64 virtual DMZ 46 virtual private network 91 virtual servers 45 creating 46 VPN configuring 53 defined 91 example 58 VPN mode 53 W WAN See wide area network web proxies disabling 21 Wichtige Sicherheitshinweise 79 wide
51. es government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo and OfficeConnect are registered trademarks of 3Com Corporation Intel and Pentium are registered trademarks of Intel Corporation Microsoft MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation Novell and NetWare are registered trademarks of Novell Inc UNIX is a registered trademark in the United States and other countries licensed exclusively through X Open Company Ltd Netscape Navigator is a registered trademark of Ne
52. escription Connection Type C Gateway to gateway amp Remote User Access IPSec E Tunnel Type Remote User ID Tunnel Shared Key Encryption type Triple DES GDES Diffie Hellman Group 1 768 bi Use Perfect Forward Secrecy Y Exchange keys using 57 m Encryption type choose the encryption type from DES or 3DES 3DES is more secure but may take longer to encrypt and decrypt 3DES is not shipped with the Gateway as standard due to international restrictions on encryption If your country permits its use it can be downloaded from the 3Com web site at http www 3com com m Exchange keys using choose the encryption method used to exchange shared keys Diffie Hellman Group 2 is more secure but less common than Diffie Hellman Group 1 m Use Perfect Forward Secrecy Choose whether to use perfect forward secrecy Using perfect forward secrecy will change the encryption keys during the course of a connection making the tunnel more secure but slowing data transfer To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checked To keep the same key for the length of a connection leave the box unchecked Click Apply to save your changes or Close to return without saving IPSec Connections using Gateway to Gateway If you have selected IPSec as a Tunnel Type and Gateway to Gateway as a Connection Type enter the following values m Remote IPSec Server Address ent
53. ess The address of your ISP s secondary Domain Name Service server The second server is optionally provided by an ISP in case of failure of the primary server Click Apply to save any changes you have made Configuring a Dynamic IP Address m Subnet Mask The subnet for the address is automatically If your ISP has allocated you a dynamic address using DHCP you configured but is not displayed will have selected Dynamic IP address automatically allocated as m ISP Gateway Address The gateway address from your ISP your P Allocation Mode to the Internet is automatically configured but is not displayed Figure 35 ERA Address Sen Ses m Primary DNS Address The address of your ISP s Domain Name Service server is automatically configured and cannot be edited m Secondary DNS Address The address of your ISP s EE secondary Domain Name Service server The second server is Welcome Connection Parameters optionally provided by an ISP in case of failure of the primary LAN Settings IP Allocation Mode Dynamic IP address automatically allocated y Internet Settings 1P Address 172 165752 Refresh Renew server Firewall Primary DNS Address optional haere Secondary ONS Adress CZ ons m Host Name The Host Name of your computer may be required by your ISP Host Name optional Clone MAC Address Some ISPs require you to register your MAC address with them I you have done this the MAC address of th
54. et Explorer e Obtaining Support and Feedback for your Sms 29 4 ET EE TT U Gateway En OfficeConnect Cable DSL Secure Gateway Selecting Support Feedback on the main menu generates both scom WS cy m The support links screen which contains a list of Internet links Welcome that provide information and support concerning the LAN Settings Choose a logging option Help a EXA Gateway Figure 65 X Store log on the Gateway Kanal Store lag on the Gateway AND send to remate server Apply VPN Send log to remote server only SE Figure 65 Support Screen Remote log server is at IP address ja ix bl Back o gt Status and Logs _ A 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer s Support Feedback Fle Edt View Favorites Tools Help GoBack O A 0 Aseerch Favores rede EI DM fe Unis An OfficeConnect Cable DSL Secure Gateway 3com Welcome Support LAN Settings Support Feedback This Administration S Internet Settings instructions about configurin prehensive online help system that gives explanations and Help prec D Gateway RS Firewall VPN System Tools Status Ready Status and Logs gt Support Feedback LOG OUT Status Ready 65 m The feedback links screen which contains an Internet link to the 3Com website so that you can provide feedback on the product Figure 66 Figure 66 Feedback Screen
55. et Settings window allows you to set up the Gateway for the type of Internet connection you have Before setting up your Internet connection mode have the modem configuration supplied by your ISP to hand Figure 16 Internet Settings Screen 3 OfficeConnect Cable DSL Secure TE ox Internet Settings Internet Addressing Mode Some ISP s particularly those offering DSL require PPPoE or PPTP to allow you to connect to their network If the installation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select the PPTP option If your ISP does not require PPPoE or PPTP they may supply your Internet Configuration dynamically or you may have to manually configure your Gateway with a static address Please select the mode that applies to your ISP from the list below If unsure please contact your ISP ISP has provided a static IP address ISP provides configuration dynamically via DHCP C PPPoE is required typically DSL users only C PPTP is required some DSL users in Europe rs Ecg Select the Internet Addressing mode your ISP requires and click Next Depending on your selection refer to Static IP Mode on page 27 Dynamic IP Address Mode on page 27 PPPoE Mode on page 28 PPTP Mode on page 29 Static IP Mode To setup the Gateway for use with a static IP address connection use the following procedure Figure 17 Static
56. eway to ensure that your computer receives an IP address When entering the address of the Gateway into your web browser ensure that you include the full URL including the http prefix e g http 192 168 1 1 If you cannot browse to the Gateway use the winipcfg utility in Windows 95 98 ME to verify that your computer has received the correct address information from the Gateway From the Start menu choose Run and then enter winipcfg Check that the computer has an IP address of the form 192 168 1 xxx where xxx is in the range 2 254 the subnet mask is 255 255 255 0 and the default Gateway is 192 168 1 1 the address of the Gateway If these are not correct use the Release and Renew functions to obtain a new IP address from the Gateway Under Windows NT 2000 XP use the ipconfig command line utility to perform the same Browsing to the Gateway Configuration Screens If you have connected your Gateway and computers together but functions cannot browse to the Gateway configuration screens check the m f you still cannot browse to the Gateway then use the following Discovery program on the accompanying CD ROM as m Confirm that the physical connection between your computer described in Using Discovery on page 71 and the Gateway is OK and that the link status LEDs on the Gateway and NIC are illuminated and indicating the same speed 10Mbps or 100Mbps Some NICs do not have status LEDs in which case a diagnostic pro
57. f different encryption methods When setting up an IPSec connection between two devices they must support the same encryption method m L2TP over IPSec Enabled L2TP over IPSec is a combination of protocols which authenticates a user using L2TP and encrypts data using IPSec See L2TP Configuration on page 54 53 gt gt m PPTP Server Enabled PPTP Point to Point Tunnelling Protocol is an encrypted VPN protocol like IPSec It is not as secure as IPSec but is easy to administrate PPTP does not support Gateway to Gateway connections and is only suitable for connecting remote users Enabling IPSec VPN will disable pass through to IPSec and L2TP IPSec Virtual Servers on the LAN Enabling L2TP over IPSec will disable pass through to IPSec and L2TP IPSec Virtual Servers on the LAN Enabling the PPTP server will disable PPTP pass through to a Virtual Server on the LAN Pass through outbound from clients on the LAN to servers on the internet is unaffected A VPN Tunnel needs the same protocol on both sides of the connection If you are trying to establish an IPSec connection with another Gateway or with a user the other Gateway must support IPSec or the user must have software installed that supports IPSec VPN The VPN Mode menu is shown in Figure 51 below Choose from the options by clicking in the appropriate radio button under VPN Server Setup IPSec Configuration In the IPSec Configuration field enter
58. fault to the addresses 192 168 1 100 to 192 168 1 200 if the IP address of the Gateway has been left at the default 192 168 1 1 The Setup Wizard suggests a DHCP server address range that is valid for the LAN settings entered If the defaults are used it will be 100 200 The suggested range will vary depending on the LAN settings entered in the LAN IP Address screen m To disable DHCP select Do not enable the DHCP server 31 gt Click Next when you have finished Viewing the Summary When you complete the Setup Wizard a configuration summary will display See Figure 25 below Verify the configuration information of the Gateway and click Finish to save your settings and restart the Gateway Figure 25 Configuration Summary Screen A OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft AS Configuration Summary You have now completed the OfficeConnect Cable DSL Secure Gateway Setup Wizard A summary of your chosen configuration is shown below When you click on the Finish button these settings will be applied NAT Status Enabled LAN IP Address LAN Subnet Mask DHCP Server 192 168 1 1 255 255 255 0 Disabled Internet Addressing Mode Internet IP Address Internet Subnet Mask ISP Gateway Address DNS Address 1 DNS Address 2 Hostname MAC Address for Internet Connection Static 10 0 0 5 255 255 255 0 10 0 0 1 10 0 0 2 10 0 0 3 Not cloned Timezone GMT 00 00 London Edinburgh Note
59. fficeConnect Cable DSL d 5 Secure Gateway OfficeConnect Switch 17 To use your Cable DSL Secure Gateway to connect to the Internet through an external cable or DSL modem Figure 5 Use the supplied cable to connect the Gateway s Ethernet Cable DSL port to your Cable DSL modem Ensure that your modem is connected to the Internet and switched on Connect your computer to one of the 10 100 LAN ports on the Gateway Connect the power adaptor to the Gateway and wait for the Alert LED to stop flashing Check that the Cable DSL Status LED is illuminated Switch on your computer Once your computer is ready to use check that the LAN Port Status LED on the Gateway is illuminated You have now completed the hardware installation of your Gateway You now need to set up your computers so that they can make use of the Gateway to communicate with the Internet 18 SETTING UP YOUR COMPUTERS The OfficeConnect Cable DSL Secure Gateway has the ability to dynamically allocate network addresses to the computers on your network using DHCP However your computers need to be configured correctly for this to take place To change the configuration of your computers to allow this follow the instructions in this chapter If your computers are configured with static addresses also known as fixed addresses and you do not wish to change this then you should use the Discovery program on
60. gram may be available that can give you this information Refer to the documentation supplied with your NIC for details 67 Connecting to the Internet If you can browse to the Gateway configuration screens but cannot access sites on the Internet check the following Confirm that the physical connection between the Gateway and the Cable DSL modem is OK and that the link status LEDs on both Gateway and modem are illuminated Confirm that the connection between the modem and the Cable DSL interface is OK Ensure that you have entered the correct information into the Gateway configuration screens as required by your Internet Service Provider Use the Internet Settings screen to verify this For DSL users check that the PPPoE or PPTP user name password and service name are correct if these are required Only enter a PPPoE service name if your ISP requires one For cable users check whether your ISP requires a fixed MAC Ethernet address If so use the Clone MAC Address feature in the Gateway to ensure that the correct MAC address is presented as described in Configuring a Dynamic IP Address on page 41 Ensure that your computers are not configured to use a Web proxy On Windows computers this can be found under Control Panel gt Internet Options gt Connections Check PC Privileges to see if you have allowed your PCs to connect to the Internet See PC Privileges on page 47 68 Forgotten
61. guide is intended for use by those responsible for installing and setting up network equipment consequently it assumes a basic working knowledge of LANs Local Area Networks and Internet gateway systems gt If a release note is shipped with this OfficeConnect Cable DSL Secure Gateway and contains information that differs from the information in this guide follow the information in the release note Most user guides and release notes are available in Adobe Acro bat Reader Portable Document Format PDF on the 3Com World Wide Web site http www 3com com Naming Convention Throughout this guide the OfficeConnect Cable DSL Secure Gateway is referred to as the Gateway Category 3 and Category 5 Twisted Pair Cables are referred to as Twisted Pair Cables throughout this guide Conventions Table 1 and Table 2 list conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description gt Information note Information that describes important features or instructions N Caution Information that alerts you to potential loss of data or potential damage to an application system or device Warning Information that alerts you to potential personal injury Table 2 Text Conventions Convention Description The words enter When you see the word enter in this guide you and type must type something and then press Return or Enter Do not press Return or Enter when an instru
62. he IP address of the computer in the P Address of DMZ Host text box and then click SAVE Creating a Virtual Server Activating and configuring a virtual server allows one or more of the computers on your network to function as an Internet service host For example one of your computers could be configured as an FTP host allowing others outside of your office network to download files of your choosing Or if you have created a Web site you can configure one of your computers as a Web server so that others can view your Web site If you are using One to Many NAT you can only have one server of each type on your network To have more than one server of a type for example more than one web server visible to the Internet you must be using One to One NAT To configure a virtual server Click New on the right side of the screen to open the Virtual Server Settings dialogue box Figure 41 Enter the IP address of the computer in the Server IP Address text box Select the Service from the pull down list Figure 42 Figure 42 Virtual Servers Settings Screen Internet Settings Ethernet Dynamic IP Microsoft Internet Explorer lol xi Virtual Server Server IP Addre Local Service Or select Custom to specify a suitable name for the service and then enter the port numbers required for that service If a service requires more than one port number enter the multiple ports as a comma separated list Figure 43 Custom Setup Scree
63. he Special Applications screen Depending on the settings you have made in PC Privileges the Special Application you have defined may not be allowed across the Firewall See PC Privileges on page 47 Creating Custom Special Applications If your special application is not listed in the Choose Application drop down box you can still configure it manually Select Custom from the Choose Application drop down box and the Special Application Setup Screen gains the extra fields needed to describe a custom special application These are shown in Figure 49 below Figure 49 Custom Special Applications Setup Screen CAUTION Selecting Multiple Hosts Allowed weakens the A security that your Gateway s firewall is able to provide and eee SS should only be used if the special application requires it Special Application Settings Choose Application Custom ee m Timeout Enter the number of seconds the Gateway should Application Name testapp 7 A x e Trigger Port BR wait for the first reply from the special application server Spacy Pratacal rem before it abandons the connection Multiple Hosts Allowed Enable unn AA D The default Timeout is three seconds If you find that Address Translation Type No Address Translation connections are being dropped enter a higher value m Application Name Each special application is named and m Session Chaining Some special applications need to take will detect the ports
64. he special application on that row This will prevent the Gateway s firewall from opening to that connection m Name Each special application is named This name is not used by the Gateway and is only to enable you to identify the connection Clicking the name of a connection displays the Special Application Setup screen See Adding and Editing Special Applications below m Trigger Port This is the TCP IP port number that the Gateway uses to recognize that the application has started Additionally there are two buttons outside the table m Help displays the online help page for this screen m New creates a new special application See Adding and Editing Special Applications below 50 gt Adding and Editing Special Applications Click on the New button to create a new special application or on the name of a special application to edit the settings for that application Figure 48 Special Application Settings Screen BEE 7 Special Application Setup Microsoft Internet Explorer Special Application Settings Choose Application FTP x Trigger Port 21 Select the applications from the Choose Application drop down box See Figure 48 If the application you want to define is not in the list select Custom and see Creating Custom Special Applications below Click Add to add the special application to the list of protocols or Close to abort your selection and return to t
65. ically This detects some of the settings the Gateway o needs to function and asks that you input the others 3 To log in enter the password the default password is admin in the System Password field and click Log in Figure 10 Login Screen Accessing the Wizard The Cable DSL Secure Gateway Setup Wizard is Web based which means that it is accessed through your Web browser Netscape Navigator or Internet Explorer To use the Setup Wizard 1 Ensure that you have at least one computer connected to the Gateway See Installing the Gateway on page 15 Enter System Password System Password default admin Log in Cancel 2 Launch your Web browser on the computer Enter the URL of your Gateway in to the location or address box of your browser Figure 9 gt The default URL for the gateway is http 192 168 1 1 If you have changed the IP address of the unit you should substitute this for the default address within the URL Note The password is case sensitive Click here if you can t remember the password Status E Done E my Computer Z Figure 9 Web Browser Location Field Factory Default 4 Ifthe password is correct the OfficeConnect Cable DSL Secure Gateway Welcome screen shown in Figure 11 will appear If your Gateway has not been configured before the Wizard shown in Figure 12 will also launch automatically File Edit View Favorites Tools Help bak gt gt
66. ically and Obtain DNS server address automatically are both selected as shown in Figure 7 Click OK Figure 7 Internet Protocol Properties Internet Protocol TCP IP Properties Ax General You can get IP settings assigned automatically if your network supports this capabiity Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically T Use the following IP address Obtain DNS server address automatically Use the following DNS server addresses 7 Restart your computer Windows 95 98 ME 1 From the Windows Start Menu select Settings gt Control Panel 2 Double click on Network Select the TCP IP item for your network card and click on Properties 3 In the TCP IP dialog select the P Address tab and ensure that Obtain IP address automatically is selected Click OK A Restart your computer Macintosh OS 8 5 9 x If you are using a Macintosh computer use the following procedure to change your TCP IP settings 1 From the desktop select Apple Menu Control Panels and TCP IP 2 In the TCP IP control panel set Connect Via to Ethernet 20 In the TCP IP control panel set Configure to Using DHCP Server Close the TCP IP dialog box and save your changes Restart your computer Disabling PPPoE and PPTP Client Software If you have PPPoE or PPTP client software installed on your computer you
67. ide of all screens is a main menu as shown in Figure 26 When you click on a topic from the main menu that page will appear in the main part of the screen Figure 26 OfficeConnect Cable DSL Secure Gateway Screen Layout Option Tabs Main Menu m Welcome displays the firmware version of the Gateway and important messages on the Notice Board allows you to change your password and launch the Wizard 33 m LAN Settings allows you to configure IP address and subnet mask information set up DHCP server parameters and display the DHCP client list m Internet Settings sets up Internet addressing modes such as PPPoE connection dynamic IP address allocation Network Address Translation NAT and static IP address settings m Firewall allows configuration of the Gateway s firewall features Virtual Servers Special Applications PC Privileges and other general security options m VPN Allows the administrator to set up and maintain Virtual Private Network VPN connections m System Tools allows the administrator to perform maintenance activities on the Gateway m Status and Logs displays the current status and activity logs of the Gateway m Support contains a comprehensive online help system Option Tabs Each menu page may also provide sub sections which are accessed through the use of option tabs see Figure 26 for example To access an option simply click on the required tab
68. ield Click Apply to save your changes Configuring the Firewall On the main frame of the Firewall setup screen is a menu with four tabs Virtual Servers PC Privileges Special Applications and Advanced These enable you to set the access to and security of your network The Virtual Servers Menu Selecting the Firewall option on the main menu displays the Virtual Servers screen Figure 41 Figure 41 Virtual Servers Screen rh jravortes Breda A Er 2 Di El OfficeConnect Firewall Virtual DMZ When a request from the Internet is NOT directed to a virtual server listed in the table below Block request Redirect request to Virtual DMZ host this reduces the security provided by the unit 1P address of DMZ Host Virtual Server 1P Address Service Ports TCP only MyCustomService 10 100 200 500 both TCP and UDP Creating a Virtual DMZ A virtual DMZ De Militarized Zone Host is a computer on your network with reduced protection provided by the firewall This feature allows a single computer to be exposed to 2 way communication from outside of your network The PC is still protected against DoS and hacker attacks CAUTION This feature should be used only if the Virtual Server or Special Applications options do not provide the level of access needed for certain applications To configure one of your computers as a DMZ host select Redirect Request to Virtual DMZ Host and enter t
69. il hors circuit qu en d branchant son cordon lectrique au niveau de cette prise AVERTISSEMENT l appareil fonctionne une tension extr mement basse de s curit qui est conforme la norme CEI 60950 Ces conditions ne sont maintenues que AN AN si l quipement auquel il est raccord fonctionne dans les m mes conditions AVERTISSEMENT n y a pas de parties remplaceables par les utilisateurs ou entretenues par les utilisateurs l int rieur du moyeu Si vous avez un probl me physique avec le moyeu qui ne peut pas tre r solu avec les actions de la r solution des probl mes dans ce guide contacter votre fournisseur AVERTISSEMENT D branchez l adaptateur lectrique avant de retirer cet appareil AVERTISSEMENT Ports RJ 45 Il s agit de prises femelles blind es de donn es RJ 45 Vous ne pouvez pas les utiliser comme prise de t l phone Branchez uniquement des connecteurs de donn es RJ 45 sur ces prises femelles 81 82 END USER SOFTWARE LICENCE AGREEMENT 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE DOWNLOADING INSTALLING AND USING THIS PRODUCT THE USE OF WHICH IS LICENSED BY 3COM CORPORATION 3COM TO ITS CUSTOMERS FOR THEIR USE ONLY AS SET FORTH BELOW DOWNLOADING INSTALLING OR OTHERWISE USING ANY PART OF THE SOFTWARE OR DOCUMENTATION INDICATES THAT YOU ACCEPT THESE TERMS AND CONDITIONS IF YOU DO NOT AGREE TO THE TER
70. indows 98 and Windows NT 4 0 contain software that assigns IP addresses to workstations on a network These assignments are made by the DHCP server software that runs on Windows NT Server and Windows 95 and Windows 98 will call the server to obtain the address Windows 98 will allocate itself an address if no DHCP server can be found DNS Domain Name System DNS allows Internet host computers to have a domain name such as 3com com and one or more IP addresses such as 192 34 45 8 A DNS server keeps a database of host computers and their respective domain names and IP addresses so that when a domain name is requested as in typing 3com com into your Internet browser the user is sent to the proper IP address The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned DSL modem DSL stands for digital subscriber line A DSL modem uses your existing phone lines to send and receive data at high speeds Ethernet A LAN specification developed jointly by Xerox Intel and Digital Equipment Corporation Ethernet networks use CSMA CD to transmit packets at a rate of 10 Mbps over a variety of cables Ethernet Address See MAC address Fast Ethernet An Ethernet system that is designed to operate at 100 Mbps 88 Firewall Electronic protection that prevents anyone outside of your network from seeing your files or damaging your computers Full Duplex A sys
71. ith a low heavy metal content CONTENTS Contents 3 About This Guide 7 Naming Convention 7 Conventions 7 Introducing the OfficeConnect Cable DSL Secure Gateway OfficeConnect Cable DSL Secure Gateway 9 Cable DSL Secure Gateway Advantages 10 Package Contents 11 Minimum System and Component Requirements 11 Front Panel 12 Rear Panel 13 Installing the Gateway 15 Introduction 15 Positioning the Gateway 15 Safety Information 15 Using the Rubber Feet 15 Before you Install your Gateway 15 PPPoE 16 PPTP 16 DHCP 16 Static 16 Powering Up the Gateway 17 Connecting the Cable DSL Secure Gateway 17 9 Setting Up Your Computers 19 Obtaining an IP Address Automatically 19 Windows 2000 XP 19 Windows 95 98 ME 20 Macintosh OS 8 5 9 x 20 Disabling PPPoE and PPTP Client Software 20 Running the Setup Wizard 23 Accessing the Wizard 23 Setting the Password 24 Setting the Time Zone 25 Auto Configuration Settings 26 Internet Settings 26 Choosing your LAN Settings 30 Activating DHCP 30 Viewing the Summary 31 Gateway Configuration 33 Navigating Through the Gateway Configuration Pages 33 Main Menu 33 Option Tabs 33 Welcome Screen 34 Viewing the Notice Board 34 Changing the Administration Password 34 Setup Wizard 35 LAN Settings 35 LAN IP Settings 35 DHCP Clients List 37 Internet Settings 38 Connection to ISP 39 Setting up NAT 43 Configuring the Firewall 45 The Virtual Servers Menu 45 PC Privileges 47 Special Applicatio
72. k as it was before Alert LED The Alert LED will flash when the Gateway unit is first powered up while the system software checks the hardware for proper operation Once the Gateway has started normal operation the Alert LED will go out m If the Alert LED does not go out following start up but illuminates continuously this indicates that the software has detected a possible fault with the hardware If the Alert LED is flashing slowly this indicates a firmware failure Remove power from the Gateway wait 10 seconds and then re apply power If the Alert LED comes on continuously again then a fault has been detected Locate the copy of the Gateway software on the accompanying CD ROM and upload it to the Gateway to see if this clears the fault refer to Recovering from Corrupted Software below If this does not fix the problem contact your supplier for further advice m During normal operation you may notice the Alert LED lighting briefly from time to time This indicates that the Gateway has detected a hacker attack from the Internet and has prevented it from harming your network You need take no specific action on this unless you decide that these attacks 69 are happening frequently in which case you may wish to discuss this with your ISP The Gateway logs such attacks and this information is available through the configuration screens Recovering from Corrupted Software If the Alert LED remains permanently on fo
73. llowing power up it is possible that the system software has become corrupted In this condition the Gateway will enter a failsafe state DHCP is disabled and the LAN IP address is set to 192 168 1 1 Follow the instructions below to upload a new copy of the system software to a Gateway unit in this state Ensure that one of your computers has a copy of the new software image file stored on its hard disk or available on CD ROM Remove power from the Gateway and disconnect the Cable DSL modem and all your computers except for the one computer with the software image You will need to reconfigure this computer with the following static IP address information m P address 192 168 1 2 m Subnet mask 255 255 255 0 m Default Gateway address 192 168 1 1 Restart the computer and re apply power to the Gateway Using the Web browser on the computer enter the following URL in the location bar http 192 168 1 1 This will connect you to the failsafe mode of the Gateway Follow the on screen instructions Enter the path and filename of the software image file When the upload has completed the Gateway will restart run the self test and if successful resume normal operation The Alert LED will go out Refer to the Installation Guide to reconnect your Gateway to the Cable DSL modem and the computers in your network Do not forget to reconfigure the computer you used for the software upload If the Gateway does not resume
74. n internet Settings Ethernet Dynamic IP Microsoft Internet Explorer lei ks Virtual Server Settings Server IP Address 192 168 1 1 Local Service Custom E Custom Service Name WebTest Specify Custom Service Ports 8080 Specify Protocol UDP and TCP and TCP TCP only UDP onl 4 Click Add to save the settings 47 PC Privileges Select PC Privileges to display the PC Privileges setup screen This is shown in Figure 44 below i gt The Gateway s DHCP server has been enhanced to support PC Privileges If you want to use DHCP and control access to the Internet on a user by user basis then you must either use the Gateway s DHCP server or static addressing Figure 44 PC Privileges Screen Fie Edit View Favorites Tools Help Stok EE E 3com Firewall Welcome Enable Privileges LAN Settings All PCs have unlimited access to the internet Firewall VPN PC s IP Address Authorised Services oe us ac all PCs Only HTTP HTTPS POP3 SMTP News nd Logs Support Feedback LOG OUT Status Ready Access from the local network to the Internet can be controlled on a PC by PC basis In the default configuration the Gateway will allow all connected PCs unlimited access to the Internet 4 PC Privileges allows you to assign different access rights for different computers on your network restricting this access and controlling your users access to outside resources To
75. nly used by some European service providers If the installation instructions that accompany your modem ask you to setup a dialup connection using a PPTP VPN tunnel then select this option To configure the gateway you will need to know the following m Username m Password m VPN server address usually your modem Connection to ISP Select the addressing method that your ISP uses to allocate your Gateway s Internet IP address Choose from the options in the P Allocation Mode drop down box and the screen will refresh with options relevant to that choice This option shown in Figure 33 allows you to change the method your Gateway uses to connect to your ISP You should only need to change these settings if m you change your Internet connection password PPPoE only m f you select Static IP address to be specified manually see or Configuring a Static IP Address on page 40 m your ISP informs you of a change in their settings or you m If you select Dynamic IP address automatically allocated see change ISPs Configuring a Dynamic IP Address on page 41 m If you select PPPoE PPP over Ethernet see Configuring a Figure 33 Connection to ISP Screen PPPOE connection on page 42 s m f you select PPTP used by some European providers see GE Go Configuring a PPTP connection on page 43 ue EEE gt If you are using One to One NAT your method of connection will already be fixed to Static To change to ano
76. nnection Fill in the Initial IP Address and the Initial Subnet Mask fields if your ISP has provided you with these settings Alternatively if the PPTP server is located in your DSL modem click Suggest to select and IP address on the same subnet as the PPTP server Choosing your LAN Settings The LAN settings screen shown in Figure 23 below displays the Gateway current IP address and subnet mask If this is the first time the Wizard has been run it will display the default address and subnet mask Figure 23 LAN IP Address Screen LAN Settings LAN IP Address The fields below show a suggested LAN IP address and subnet mask for your Gateway If these values are not suitable please change them and then click Next to continue IP Address 192 168 1 1 Subnet Mask 255 255 255 0 E ES 1 Enter your chosen IP address for the Gateway in the P Address field This should be a private network so that it does not conflict with IP addresses on the Internet See Private IP Addresses on page 75 gt 3Com recommends that you use the default IP address and subnet mask unless you already have a network that uses different values 30 gt Enter your chosen subnet mask in the Subnet Mask field This should be large enough to contain all your computers and other network devices The default 255 255 255 0 allows for 254 devices including the Gateway If you are going to set up an IPSec VPN with another Gateway you must
77. normal operation following the upload it may be faulty Contact your supplier for advice Frequently Asked Questions How many computers on the LAN does the Cable DSL Secure Gateway support A maximum of 253 computers on the LAN are supported There are only 4 LAN ports on the Gateway How are additional computers connected You can expand the number of connections available on your LAN by using hubs and switches connected to the Gateway 3Com OfficeConnect hubs and switches provide a simple reliable means of expanding your network contact your supplier for more information or visit http www 3com com 70 Does the Gateway support virtual private networks VPNs The Gateway fully supports VPNs It is capable of m Initiating and terminating IPSec connections m Terminating L2TP over IPSec and PPTP connections m Providing hardware accelerated encryption for IPSec VPNs and IPSec VPNs within L2TP over IPSec m Providing VPN pass through Where can download software upgrades for the Gateway Upgrades to the Cable DSL Secure Gateway software are posted on the 3Com support web site accessible by visiting http www 3com com What other online resources are there The 3Com Knowledgebase at http knowledgebase 3com com is a database of technical information covering all 3Com products It is updated daily with information from 3Com technical support services and it is available 24 hours a day 7 days
78. ns 49 Advanced 52 Configuring VPNs 53 Setting the VPN Mode 53 Viewing VPN Connections 55 Editing IPSec Routes 60 Accessing the System Tools 61 Restart 61 TimeZone 62 Loading and Saving the Gateway Configuration Upgrading the Firmware of your Gateway 63 Viewing Status and Logs 64 Obtaining Support and Feedback for your Gateway Troubleshooting 67 Basic Connection Checks 67 Browsing to the Gateway Configuration Screens Connecting to the Internet 68 Forgotten Password 68 AlertLED 69 Recovering from Corrupted Software 69 Frequently Asked Questions 70 Using Discovery 71 Running the Discovery Application 71 Windows Installation 95 98 2000 Me NT 71 IP Addressing 73 The Internet Protocol Suite 73 How does a Device Obtain an IP Address and Subnet Mask 74 DHCP Addressing 74 Static Addressing 74 Auto IP Addressing 75 Private IP Addresses 75 Technical Specifications 77 Interfaces 77 Operating Temperature 77 62 Power 77 Humidity 77 65 AIMERIONS 77 Weight 77 Standards 77 System Requirements 78 Operating Systems 78 Ethernet Performance 78 Cable Specifications 78 Safety Information 79 Important Safety Information 79 Wichtige Sicherheitshinweise 79 Consignes importantes de securite 80 End User Software Licence Agreement 383 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT 83 ISP Information 85 Information Regarding Popular ISPs 85 Glossary 87 Index 93 Regulatory Notices 99 ABOUT THIS GUIDE This
79. of your modem 43 m PPTP User Name The user name you use to access your ISP m PPTP Password The password you use to access your ISP m Primary DNS Address The address of your ISP s Domain Name Service server is automatically configured and is not editable m Secondary DNS Address The address of your ISP s secondary Domain Name Service server The second server is optionally provided by an ISP in case of failure of the primary server m Maximum ldle Time The amount of time without activity before the Gateway terminates the Internet connection m Initial IP Address and Initial Subnet Mask IP settings must be used when establishing a PPTP connection Alternatively if the PPTP server is located in your DSL modem click Suggest to select an IP address on the same subnet as the PPTP server Setting up NAT The Gateway is able to perform Network Address Translation NAT in one of two modes as shown in Figure 38 m One to many NAT The Gateway shows only one address to the Internet m One to one NAT Every address on the Internet pool is linked to an address in the LAN pool The Gateway will respond to all the addresses in the Internet pool Figure 38 One to Many and One to One NAT One to Many NAT 192 168 1 100 192 168 1 101 192 168 1 102 1721657852 172 16 5058 172 16 57 54 192 168 1 100 192 168 1 101 192 168 1 102 Figure 39 Network Address Translation Screen Setting up One
80. oft x Time Zone Please select your time zone from the list below and whether your location uses daylight saving time GMT 00 00 London Edinburgh FA E Enable Daylight Saving The Daylight Savings option automatically adjusts the system clock for summer and winter time To disable this feature ensure that the Enable Daylight Saving box is cleared Auto Configuration Settings If the Gateway is able to detect a PPPoE or DHCP server on its Ethernet Cable DSL port then it will offer you the option of configuring its Internet settings automatically As an example the Auto Configuration screen for PPPOE is shown in Figure 15 below Figure 15 PPPoE Auto configuration Screen 3 OfficeConnect OEM ec x Auto Configuration Summary A PPPoE Server has been detected on your Internet Connection Your ISP will have provided you with a User Name and Password for authentication Do you want to use the Internet Settings that have been detected by the Setup Wizard Yes No Configure Gateway Manually nach nets cone Click Next to accept the option you have chosen and continue m If the Gateway could not automatically configure your internet settings or if you chose to configure your Internet D settings manually continue at Internet Settings below m If you chose one of the automatic configuration options continue at Choosing your LAN Settings on page 29 26 Internet Settings The Intern
81. omputer does not connect for a week its IP Address may be reused The Gateway will attempt to supply a computer the same lease as was issued previously even if that lease has expired 37 gt Expired leases are only reused when there are no free leases available When an expired lease is re issued the oldest lease that is not a fixed association is used The Release button allows the lease for an IP address that has been issued to a device to be cleared If you are running short of addresses in the DHCP Pool and you know of computers that are unlikely to connect to your network soon you can release the IP address allowing it to be reallocated to another machine If you have spare or expired IP addresses in the pool you will not need to release addresses The P Address Host Name and MAC Address indicate the address that has been allocated They identify the machine by name and by the unique number MAC Address of the machine network card The Fixed Association check box allows you to freeze the relationship between an IP address and a particular machine If you check the box for one row that IP address will always be given out to the same machine and will not be allocated to another machine even if the lease has expired Clear the check box to allow the address to revert back to normal behavior Click Refresh to save any changes you have made Click New to allocate an IP address to a MAC address Click Add to save
82. on each PC so that they have an IP address within the same subnet as the Gateway and have their default Gateway set as the Gateway IP address If you reconfigure your network you may need to change your Subnet Mask The Subnet Mask detemines how many addresses are available to your network The default Subnet Mask is 255 255 255 0 For example if the IP Address of your Gateway is 192 168 1 1 and the Subnet Mask of your network is 255 255 255 0 then your network can have a maximum of 254 addresses from 192 168 1 1 to 192 168 1 254 192 168 1 0 and 192 168 1 255 are reserved by the subnet and are not available for use When you change the IP Address or Subnet Mask of the Gateway you should review the DHCP Server settings as described below Changing the DHCP Server Settings This section allows to you enable disable and configure the settings of the Gateway s DHCP server 36 If you intend to use the Gateway to control the permissions of individual machines on your network then you must use the Gateway s DHCP server to allocate addresses or use static addressing If you use another DHCP server you may get unexpected results See PC Privileges on page 47 To enable the DHCP Server ensure that the Enable check box is ticked To disable the DHCP Server ensure that the Enable check box is cleared Set the P Pool Start Address and IP Pool End Address to the first and last address you want the Gateway to allocate to compute
83. on for each such workstation or network server on which the Software is used as permitted hereunder Otherwise the Software and Documentation may be copied only as essential for backup or archive purposes in support of your use of the Software as permitted hereunder Each copy of the Software and Documentation must contain 3Com s and its licensors proprietary rights and copyright notices in the same form as on the original You agree not to remove or deface any portion of any legend provided on any licensed program or documentation delivered to you under this Agreement ASSIGNMENT NO REVERSE ENGINEERING You may transfer the Software Documentation and the licenses granted herein to another party in the same country in which you obtained the Software and Documentation if the other party agrees in writing to accept and be bound by the terms and conditions of this Agreement If you transfer the Software and Documentation you must at the same time either transfer all copies of the Software and Documentation to the party or you must destroy any copies not transferred Except as set forth above you may not assign or transfer your rights under this Agreement Modification reverse engineering reverse compiling or disassembly of the Software is expressly prohibited However if you are a European Union EU resident information necessary to achieve interoperability of the Software with other programs within the meaning of the EU Directive on
84. onnections YPN Connection Setup Microsoft Internet Explorer VPN Tunnel Configuration User Name Description Connection Type C Gateway to gateway Remote User Access L2TP over IPSec Tunnel Type Password Click Apply to save your changes or Close to return without saving When you have created a user account the user will need to know in order to enable connection PPTP Connections If you have selected PPTP as a Tunnel Type enter the following m Password The Password that the user will need to supply to connect Figure 56 When you have created a user account the user will need to know the User Name and Password you have given them Figure 56 PPTP Connections E YPN Connection Setup Microsoft Internet Explorer VPN Tunnel Configuration m m C Gateway to gateway User Name Description Connection Type Remote User Access Tunnel Type Password The screens to edit and add a PPTP user contain the same fields Click Apply to save your changes or Close to return without saving 60 Editing IPSec Routes This screen allows you to add and replace networks in the existing IPSec Route See Figure 57 To do this Select edit to display the Edit Route screen Figure 58 Click in the table and add a new Network and Subnet Mask entry Click Apply to save your changes or Close to return without saving The gateway for a remote network must also be set to use the VPN t
85. ons screen and click New In the Connection Name field enter headsales In the Description field enter Connection between head office and sales office Ensure that the Gateway to gateway radio button is selected Enter the Internet IP address of the Gateway you are configuring in the This Gateway s ID field a Enter 174 19 201 162 on Gateway One b Enter 172 27 34 202 on Gateway Two Enter the Internet IP address of the other Gateway in the Remote IPSec Server Address field a Enter 174 27 34 202 on Gateway One b Enter 172 19 201 162 on Gateway Two Enter the IP address of the other LAN subnet in the Remote Network address field a Enter 192 168 2 0 on Gateway One b Enter 192 168 1 0 on Gateway Two 59 10 11 12 13 14 15 The Remote Subnet Mask is a default setting of 255 255 255 0 Enter a password in the Tunnel Shared Key field in both Gateways The example uses TYP0249 23b as the shared key Choose DES as the Encryption Type Choose SHA 1 as the Hash Algorithm Choose Diffie Hellman Group 1 768 bit the in the Exchange keys using drop down box Ensure that the Use Perfect Forward Secrecy box is checked Click Apply to save your changes or Close to return without saving L2TP over IPSec Connections If you have selected L2TP over IPSec as your Tunnel Type enter the following values See Figure 55 m Password The password that will need to be supplied to connect Figure 55 L2TP over IPSec C
86. ormation sent arrives in one piece when it reaches its destination IP relates to the address of the end station to which data is being sent as well as the address of the destination network Traffic The movement of data packets on a network VPN Virtual Private Network A VPN is a private network where the data is passed across a public network infrastructure such as the Internet The data is kept private by using encryption WAN Wide Area Network A network that connects computers located in geographically separate areas for example different buildings cities or countries The Internet is an example of a wide area network Wizard A Windows application that automates a procedure such as installation or configuration 91 92 INDEX Numbers 100BASE TX 87 10BASE T 87 3DES defined 87 upgrading to 63 A access rights 48 adding special applications 50 address TCP IP 73 admin password 23 changing 34 advanced settings 52 alert LED 12 Apple Macintosh see Macintosh auto configuration wizard 26 Auto IP addressing 75 Auto negotiation 87 B bandwidth 87 BCIQ statement 99 blocking Internet access 48 broadband sharing 9 C cable specifications 78 cable DSL Ethernet port 13 93 cable DSL modem connecting to 17 cable DSL status LED 13 category 3 cables 87 category 5 cables 87 changing the admin password 34 client 87 configuring computers 19 configuring the Gateway 33 configuring VP
87. p page for this screen m Refresh updates the contents of the window allowing you to see the current status of connections m New creates a new VPN connection See Adding and Editing VPN Connections below Adding and Editing VPN Connections This screen allows you to add new IPSec L2TP over IPSec and PPTP connections and to edit existing ones When adding or amending values on this screen remember that both sides of an IPSec L2TP over IPSec or PPTP connection must contain the same information An IPSec L2TP over IPSec or PPTP connection cannot therefore be activated until both ends of the tunnel have been configured 56 m Connection Name User Name the ID of the remote gateway the value entered in This Gateway s ID on the remote gateway or the remote user s login name This can be a name containing numbers and letters but no punctuation or an IP address but cannot be a domain name If the Connection Name is set using numeric IP addresses then the Gateway to Gateway connection will use main mode Otherwise it will use aggressive mode m Description a description of the connection This can be different on each Gateway as it is not used in the connection m Connection Type choose either Gateway to Gateway only available with IPSec to connect to another Gateway or Remote User Access to create a connection for a remote computer If the remote site has another gateway with an established IPSec
88. radio button pou mer SS m is selected VPN delete Custom testanp 49208 H er System Tools EEE EE m Click on All PCs to pop up the PC Privileges window er non Status and Logs m Ensure that the Email 110 25 and Web 80 boxes are Support checked and that other check boxes are left cleared m Set the Block or Allow other services drop down box to Block other services Status Ready For the purposes of this example your users also need to access a test web server on port 8080 To allow this Some software applications need a connection to be started from the Internet an act that is usually blocked by the Gateway s m Enter the number 8080 in the except specify ports box firewall m Click Apply to save your changes and close the PC Privileges window 49 So that these special applications can work properly and are not blocked the firewall needs to be told about them In each instance there will be an outgoing trigger which tells the Gateway firewall that the application has started and to allow the incoming connections Each defined Special Application only supports a single computer user and any incoming ports opened by a Special Application trigger will be closed after 20 minutes of inactivity for TCP IP connections or 10 for UDP IP connections For each special application configured by the Gateway a row is added to the table Each row contains the following items m Delete button Deletes t
89. ration d Ee WIZARD Welcome LAN Settings jel LAN Settings 8 Ers y 1P Address aan Internet Settings a Firewall Subnet Mask 255 255 255 0 aowi Los our VPN DHCP Server Cancel System Tools The Gateway acts as DHCP Server M Enable 1P Pool Start Address ATEN Bi Status and Logs IP Pool End Address 132 168 1 200 Support Feedback Local Domain Server domain WINS Server optional 3Com NBX Call Processor optional Click the WIZARD button to launch the configuration wizard Refer to Running the Setup Wizard on page 23 for information on how to run the wizard Status Ready Changing the LAN Settings These settings will have been entered during the set up wizard when the device is first used You only need to change these if you reconfigure your network If you make any changes click Apply to save them to the Gateway LAN Settings The LAN Settings menu allows you to view and amend your Gateway m LAN settings m DHCP server settings m DHCP client settings 35 When changing the IP Address of the Gateway choose an address that will be unique in your network and in your network s subnet The default IP Address of the Gateway is 192 168 1 1 When you change the IP Address of the Gateway you must reboot all computers that gain their IP address from the Gateway before they will be able to access the Internet If you are using static addresses for your PCs you must alter the network configuration
90. rformance The Cable DSL Secure Gateway complies to the IEEE 802 3i u and x specifications Cable Specifications The Cable DSL Secure Gateway supports the following cable types and maximum lengths Category 3 Ethernet or Category 5 Fast Ethernet or Dual Speed Ethernet Twisted Pair shielded and unshielded cable types Maximum cable length of 100m 327 86 ft gt Category 5 cables are required for a 100BASE TX connection 78 SAFETY INFORMATION Important Safety Information AN SS Ss Prr gt WARNING Warnings contain directions that you must follow for your personal safety Follow all directions carefully You must read the following safety information carefully before you install or remove the unit WARNING Exceptional care must be taken during installation and removal of the unit WARNING Only stack the Gateway with other OfficeConnect units WARNING To ensure compliance with international safety standards only use the power adapter that is supplied with the unit WARNING The socket outlet must be near to the unit and easily accessible You can only remove power from the unit by disconnecting the power cord from the outlet WARNING This unit operates under SELV Safety Extra Low Voltage conditions according to IEC 60950 The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions WARNING There are no user replaceable fuses or
91. rs The IP address pool must be contained within the subnet as defined in Changing the LAN Settings on page 35 The default start and end addresses are 192 168 1 100 and 192 168 1 200 The Local Domain Server is set to Domain as default If you have a WINS Server on your network enter its IP address in the WINS Server box The gateway will pass this information on to all Windows PCs that obtain an address from its DHCP server If you have a 3Com NBX Call Processor on your network enter its IP address in the 3Com NBX Call Processor box The 3Com NBX Call Processor acts as a switchboard for voice over IP phones and the gateway will pass on this information If you will be using One to One NAT you must set up a range that is one less than the number of public addresses allocated to you by your ISP The DHCP range must also be identical to the range specified when you set up One to One NAT See Setting up One to One NAT on page 45 DHCP Clients List The DHCP Clients screen provides details of the devices that have been given IP addresses by the Gateway s DHCP server For each device that has been granted a lease the P address Host Name and MAC address of that device is displayed Figure 31 DHCP Clients Screen 1P Address Host Name MAC Address Fixed Association 00 50 09 0c 05 03 00 50 0F 05 18 03 E 00 50 08 05 A4 B9 u ac LOG OLT The Gateway grants leases for 7 days If a c
92. s hardware accelerated encryption for IPSec VPNs including L2TP over IPSec Package Contents The OfficeConnect Cable DSL Secure Gateway kit includes the following items One OfficeConnect Cable DSL Secure Gateway One power adapter for use with the Gateway Four rubber feet One stacking clip One Ethernet cable One CD ROM containing m the Gateway Discovery program m a backup copy of the Gateway firmware the Installation Guide m this User Guide Installation Guide One Support and Safety Information Sheet One Warranty Flyer One License Agreement This User Guide If any of these items are missing or damaged please contact your retailer 11 Minimum System and Component Requirements Your OfficeConnect Cable DSL Secure Gateway requires that the computer s and components in your network be configured with at least the following m A computer with an operating system that supports TCP IP networking protocols for example Windows 95 98 NT Me 2000 XP Unix Mac OS 8 5 or higher m An Ethernet 10 Mbps or 10 100 Mbps NIC for each computer to be connected to the four port switch on your Gateway m A cable modem or DSL modem with an Ethernet port RJ 45 connector m An active Internet access account m A Web browser program that supports JavaScript such as Netscape 4 7 or higher or Internet Explorer 5 5 or higher normal operation See Recovering from Corrupted Software on Front Panel page 69 The front
93. sed to connect Ethernet networks The RJ stands for registered jack Server A computer in a network that is shared by multiple end stations Servers provide end stations with access to shared network services such as computer files and printer queues Subnet Address An extension of the IP addressing scheme that allows a site to use a single IP network address for multiple physical networks Subnet mask A subnet mask which may be a part of the TCP IP information provided by your ISP is a set of four numbers configured like an IP address It is used to create IP address numbers used only within a particular network as opposed to valid IP address numbers recognized by the Internet which must assigned by InterNIC Subnets A network that is a component of a larger network Switch A device that interconnects several LANs to form a single logical LAN that comprises of several LAN segments Switches are similar to bridges in that they connect LANs of a different type however they connect more LANs than a bridge and are generally more sophisticated TCP IP Transmission Control Protocol Internet Protocol This is the name for two of the most well known protocols developed for the interconnection of networks Originally a UNIX standard 90 TCP IP is now supported on almost all platforms and is the protocol of the Internet TCP relates to the content of the data travelling through a network ensuring that the inf
94. set your subnet mask to 255 255 255 0 See Configuring VPNs on page 53 Activating DHCP gt The Gateway contains a Dynamic Host Configuration DHCP server that can automatically configure the TCP IP settings of every computer on your network The DHCP Server Setup screen is shown below If you intend to use the Gateway to control the permissions of individual machines on your network then you must use the Gateway s DHCP server to allocate addresses or use static addressing If you use another DHCP server you may get unexpected results See PC Privileges on page 47 Figure 24 DHCP Server Setup Screen 2 OfficeConnect Cable DSL Secure Gateway Setup Wizard Microsoft IntemebEXpla LAN Settings DHCP Server Setup The Gateway can act as a DHCP Server to provide IP addresses to the PCs on your LAN This option should only be enabled if there are no other DHCP servers on your LAN Do not enable the DHCP server Enable the DHCP server with the following settings The fields below have been pre filled with a recommended IP Address Range for your network IP Address Range Start Address IP Address Range End Address 192 168 1 100 192 168 1 200 3Com recommends that you activate the DHCP server and leave it at the default values unless you already have a DHCP Server on your network m To activate the DHCP Server option select Enable the DHCP server with the following settings The DHCP server will de
95. tem that allows packets to be transmitted and received at the same time and in effect doubles the potential throughput of a link Gateway A device that acts as a central hub by connecting to each computer s network interface card and managing the data traffic between the local network and the Internet Half Duplex A system that allows packets to transmitted and received but not at the same time Contrast with full duplex Hub A device that regenerates LAN traffic so that the transmission distance of that signal can be extended Hubs are similar to repeaters in that they connect LANs of the same type however they connect more LANs than a repeater and are generally more sophisticated IEEE Institute of Electrical and Electronics Engineers This American organization was founded in 1963 and sets standards for computers and communications IETF Internet Engineering Task Force An organization responsible for providing engineering solutions for TCP IP networks In the network management area this group is responsible for the development of the SNMP protocol Internet Protocol IP is a layer 3 network protocol that is the standard for sending data through a network IP is part of the TCP IP set of protocols that describe the routing of packets to addressed devices An IP address consists of 32 bits divided into two or three fields a network number and a host number or a network number a subnet number and a host number
96. terling XO Zyan Cable DSL Secure Gateway Brightnet Earthlink has this software built in Ameritech Covad Static Cable Modem Always on Cox Cable Sprint US and you can safely remove Mindspring Sympatico Cable ISP assigns specific IP Cable Cable Cable it from your PC You will DSL USwest Qwest information which needs to need to enter the account SNet be entered on the Static name and password that IP page of the Gateway your ISP provided to you in the PPPoE page of the Bell includes Bell Advantage Bell Canada Bell South PacBell and Gateway Leave the service Southwestern Bell name blank unless your ISP requires it 85 86 GLOSSARY 10BASE T The IEEE specification for 10 Mbps Ethernet over Category 3 4 or 5 twisted pair cable 100BASE TX The IEEE specification for 100 Mbps Fast Ethernet over Category 5 twisted pair cable 3DES Triple DES See DES 3DES is an extremely secure encryption system that works by applying the DES encryption system three times on the same message using different keys It is typically used in military applications where it is expected that the VPN traffic will be intercepted and an effort made to decode it Auto negotiation Some devices in the OfficeConnect range support auto negotiation Auto negotiation is where two devices sharing a link automatically configure to use the best common speed The order of preference best first is 100BASE TX full
97. that need to be opened so you do not control of a session If the special application you wish to run need to specify them This name is not used by the Gateway requires this ensure that Session Chaining is enabled and is only to enable you to identify the connection otherwise ensure that it is disabled m Trigger Port This is the TCP IP port number that the N CAUTION Allowing Session Chaining weakens the security that Gateway uses to recognize the outgoing packet that starts your Gateway firewall is able to provide and should only be special application session Your application provider can used if the special application requires it provide you with this information a m Address Translation Type If your special application provider The Gateway allows Trigger Ports that are a single value or a embeds IP addresses in TCP or UDP packets you will have to range of values but not a list So 6599 and 6577 6587 are enable address translation on the appropriate protocol type both valid but 6577 6579 6582 is not Your application provider can provide you with this f information m Specify Protocol Select the protocol TCP or UDP that your special application uses Your application provider can provide When you have configured your special application click Add to you with this information save your changes or Close to quit without making any changes m Multiple Hosts Allowed If your application provider uses more
98. the Gateway CD ROM to detect and configure your Gateway Refer to Using Discovery on page 71 for information on using the Discovery program Obtaining an IP Address Automatically Windows 2000 XP If you are using a Windows 2000 or Windows XP computer use the following procedure to change your TCP IP settings Windows XP specific instructions in brackets From the Windows Start Menu select Settings gt Control Panel select Control Panel directly from the Start menu in Windows XP Double click on Network and Dial Up Connections Network and Internet Connections For XP only click on Network Connections Double click on Local Area Connection Click on Properties 19 5 A screen similar to Figure 6 should be displayed Select Internet Protocol TCP IP and click on Properties Figure 6 Local Area Connection Properties Local Area Connection Properties xl General Connect using E9 3Com 30918 Integrated Fast Ethemet Controller 3C9058 Components checked are used by this connection MY NwLink NetBIOS a AF NWLink IPX SPX NetBIOS Compatible Transport Proto a El j eim Instal 1 Uninstal Properties Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication oss diverse interconnected networks I Show icon in taskbar when connected oK Cancel 6 Ensure that the options Obtain an IP Address automat
99. the Internet INTRODUCING THE OFFICECONNECT CABLE DSL SECURE GATEWAY Figure 1 Example Network Without a Cable DSL Secure Gateway Cable DSL Modem OfficeConnect Switch When you use the Cable DSL Secure Gateway in your network Figure 2 it becomes your connection to the Internet Connections can be made directly to the Gateway or through an OfficeConnect Hub or Switch expanding the number of computers you can have in your network Figure 2 Example Network Using a Cable DSL Secure Gateway Your existing Cable DSL Modem OfficeConnect Switch 10 Cable DSL Secure Gateway Advantages The advantages of using a Gateway include Shared Internet connection No need for a dedicated always on computer serving as your Internet connection Cross platform operation for compatibility with Windows Unix and Macintosh computers Easy to use Web based setup and configuration Provides centralization of all network address settings DHCP Provides Virtual Server redirection to enable remote access to Web FTP and other services on your network Provides firewall protection against Internet hacker attacks a Implements Stateful Packet Inspection to block network intrusions m Blocks Denial of Service attacks by using pattern detection Supports Virtual Private Networks VPNs m Initiates and terminates IPSec connections m Terminates PPTP and L2TP over IPSec connections m Provide
100. the Legal Protection of Computer Programs is available to you from 3Com upon written request EXPORT RESTRICTIONS The Software including the Documentation and all related technical data and any copies thereof collectively Technical Data is subject to United States Export control laws and may be subject to export or import regulations in other countries In addition the Technical Data covered by this Agreement may contain data encryption code which is unlawful to export or transfer from the United States or country where you legally obtained it without an approved U S Department of Commerce export license and appropriate foreign export or import license as required You agree that you will not export or re export the Technical Data or any copies thereof or any products utilizing the Technical Data in violation of any applicable laws or regulations of the United States or the country where you legally obtained it You are responsible for obtaining any licenses to export re export or import the Technical Data In addition to the above the Product may not be used exported or re exported i into or to a national or resident of any country to which the U S has embargoed or ii to any one on the U S Commerce Department s Table of Denial Orders or the U S Treasury Department s list of Specially Designated Nationals TRADE SECRETS TITLE You acknowledge and agree that the structure sequence and organization of the Software are the valua
101. the alert LED is Off Flashing The link is OK and data is being transmitted or Flashing slowly Two seconds on two seconds off received The Gateway has completed the Reset to Factory Defaults process and is waiting for you to reset the unit To do this Off Indicates one of the following remove power wait 10 seconds and then re apply power The m nothing is connected Gateway will then enter the start up sequence and resume 12 m the connected device is switched off m there is a problem with the connection Troubleshooting on page 67 4 Cable DSL Status LED Green 100 Mbps link Yellow 10 Mbps link Indicates a number of different conditions as described below On The link between the Gateway and the cable or DSL modem is OK Flashing The link is OK and data is being transmitted or received Off Indicates one of the following m nothing is connected m the modem is switched off m there is a problem with the connection Troubleshooting on page 67 13 Rear Panel The rear panel Figure 4 of the Gateway contains four LAN ports one Ethernet Cable DSL port and a power adapter socket Figure 4 Cable DSL Secure Gateway Rear Panel CH E Cable DSL 5 Power Adapter socket Only use the power adapter that is supplied with this Gateway Do not use any other adapter 6 Ethernet Cable DSL port Use the supplied patch cable to connect the Gateway to the 10 100 port on your cable or DSL
102. the change the encryption keys during the course of a connection remote subnet is 192 168 1 0 making the tunnel more secure but slowing data transfer To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checked To keep the same key for the length of a connection leave the box unchecked The Gateways must be configured with LAN IP address ranges that do not overlap m Remote Subnet address this is set as 255 255 255 0 as default Example Setting up an IPSec connection between two gi 3 Gateways m Tunnel Shared Key this is the password for the connection and is a combination of letters numbers and punctuation and Gateway One is located at the head office and is configured with can be up to 64 characters in length the following settings If you are creating a Gateway to Gateway connection you have m Internet IP address 172 27 34 202 no need to remember the Tunnel Shared Key once the tunnel is m LAN IP address 192 168 1 1 established and do not have to make the key a memorable password m LAN Subnet Mask 255 255 255 0 58 ZS WN ul Gateway Two is located at the sales office and is configured with the following settings m Internet IP address 174 27 34 202 m LAN IP address 192 168 2 1 m Remote Subnet Mask 255 255 255 0 To set up an IPSec Connection between the two Gateways do the following on each Gateway Select IPSec Enabled from the VPN Mode screen Switch to the VPN Connecti
103. ther method of address allocation you must first turn off One to One NAT See 72165752 Setting up NAT on page 43 255 255 255 0 7216871 7216572 Secondary DNS Address optional ul aci LOG OUT 39 Configuring a Static IP Address If your ISP has allocated you one or more static addresses you will have selected Static IP address to be specified manually as your P Allocation Mode Figure 34 Static Address Setup Screen E le DSL Secure File Edit View Favorites Tools Back A Qsearch 0 Connection Parameters 1P allocation Mode Welcome LAN Settings Static IP address to be specified manually Internet Settings 1P Address reis Firewall Subnet Mask 255 255 2550 VPN ISP Gateway Address 7216 571 System Tools Primary DNS Address 172 16 57 2 Secondary DNS Address optional Status and Logs Support Feedback LOG OUT The following settings are required to set up Static IP address connection Enter the values provided by your ISP m IP Address The address allocated by your ISP for this connection If you have been allocated a range of IP addresses by your ISP enter the first IP address in the range 40 m Subnet Mask The subnet mask supplied by your ISP for this connection m GP Gateway Address The Gateway address from your ISP to the Internet m Primary DNS Address The address of your ISP s Domain Name Service server m Secondary DNS Addr
104. tion in Appendix D before you start VORSICHT Bitte lesen Sie den Abschnitt Wichtige Sicherheitsinformationen sorgf ltig durch bevor Sie das Ger t einschalten AVERTISSEMENT Veuillez lire attentivement la section Consignes importantes de s curit avant de mettre en route 15 When positioning your Gateway ensure m It is out of direct sunlight and away from sources of heat m Cabling is away from power lines fluorescent lighting fixtures and sources of electrical noise such as radios transmitters and broadband amplifiers m Water or moisture cannot enter the case of the unit m Air flow around the unit and through the vents in the side of the case is not restricted We recommend you provide a minimum of 25mm 1in clearance Using the Rubber Feet Use the four self adhesive rubber feet to prevent your Gateway from moving around on your desk or when stacking with flat top OfficeConnect units Only stick the feet to the marked areas at each corner of the underside of your Gateway Before you Install your Gateway Before you install and configure your Gateway you need the following additional information If you do not have this information contact your Internet Service Provider or see ISP Information on page 85 for details of popular ISPs Space is provided below for you to record this information PPPOE lt a PPTP f your ISP allocates IP information dynamically over PPPoE yo
105. tscape Communications JavaScript is a trademark of Sun Microsystems All other company and product names may be trademarks of the respective companies with which they are associated ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations To uphold our policy we are committed to Establishing environmental performance standards that comply with national legislation and regulations Conserving energy materials and natural resources in all operations Reducing the waste generated by all operations Ensuring that all waste conforms to recognized environmental standards Maximizing the recyclable and reusable content of all products Ensuring that all products can be recycled reused and disposed of safely Ensuring that all products are labelled according to recognized environmental standards Improving our environmental record on a continual basis End of Life Statement 3Com processes allow for the recovery reclamation and safe disposal of all end of life electronic components Regulated Materials Statement 3Com products do not contain any hazardous or ozone depleting material Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable managed forests it is fully biodegradable and recyclable and is completely chlorine free The varnish is environmentally friendly and the inks are vegetable based w
106. twork device Most devices that connect to a LAN have a MAC address assigned to them as they are used to identify other devices in a network MAC addresses are 6 bytes long NAT Network Address Translation NAT enables all the computers on your network to share one IP address The NAT capability of the Gateway allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP Network A Network is a collection of computers and other computer equipment that are connected for the purpose of exchanging information or sharing resources Networks vary in size some are within a single room others span continents Network Interface Card NIC A circuit board installed into a piece of computing equipment for example a computer that enables you to connect it to the network A NIC is also known as an adapter or adapter card Protocol A set of rules for communication between devices on a network The rules dictate format timing sequencing and error control PPPoE Point to Point Protocol over Ethernet Point to Point Protocol is a method of secure data transmission originally created for dial up connections PPPOE is for Ethernet connections PPTP Point to Point Tunnelling Protocol PPTP is a simple VPN encryption protocol based on the Point to Point protocol It is most frequently used to connect remote PCs to private networks RJ 45 A standard connector u
107. u need a User Name and Password e PPPoE User Name PPPoE Password PPPoE Service Name Host Name f your ISP allocates IP information dynamically over PPTP you need a User Name and Password PPTP User Name PPTP Password PPTP Server Address Se Only enter a PPPoE Service Name or Host Name or a PPTP Server Address if your ISP requires you to do this Do not enter anything if your ISP does not require a service name DHCP f your ISP allocates IP information dynamically using DHCP they may require you to use keep a fixed MAC Address and Host Name for security purposes 7 No MAC Address Host Name Static 16 f your ISP allocates fixed or static IP information you need the following information IP Address Subnet Mask Default Gateway Address Primary DNS Address Powering Up the Gateway 1 Plug the power adapter into the power adapter socket located on the back panel of the Gateway refer to Power Adapter socket on page 13 Plug the power adapter into a standard electrical wall socket Connecting the Cable DSL Secure Gateway The first step for installing your Cable DSL Secure Gateway is to physically connect it to a cable or DSL modem in order to be able to access the Internet Figure 5 Connecting the Cable DSL Secure Gateway Your existing Cable DSL Modem Tr O
108. unnel to access your local network Therefore if you include a subnet for a remote network in your IPSec route then the remote network must also include your subnet in its IPSec route also Figure 57 IPSec Routes Fie Edt Ven Favorites Too Help y Accessing the System Tools Heak D D A Asch its Grew 4 e A 5 A unis s A a gt e The System Tools menu includes four administration items OfficeConnect Cable DSL Secure Gateway ln y A i 3com Restart Time Zone Configuration and Upgrade See Figure 59 VPN Mode YPN Connections IPSec Routes Welcome Restart LAN Settings Networks reached using Hemel Tunnel to main office edit nn minos me Pressing the Restart the Gateway button has the same effect as pie Networks reached using Cant Testen Leit power cycling the unit No configuration information will be lost aa but the log files will be erased This function may be of use if ED E you are experiencing problems and you wish to re establish your Internet connection Figure 59 Restart Screen 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer E la x Fle Edt View Favorites Tools Help Ea Back gt OA GY search Favorites meda Y D Y sh KZ OfficeConnect Cable DSL Secure Gateway FI E 3com Links Restart Time Zone Configuration Upgrade Figure 58 Edit Route g g LAN SONTE Click on the b
109. use access control for all computers Click the Control PC Access to the Internet radio button Click on All PCs to setup the access rights for all computers connected to the Gateway Check the box of a service to authorize it Clear the box to deny the service See Figure 45 Figure 45 All PCs Setup Screen Firewall popup clientPrivileges Microsoft Internet Explorer PC Privileges Select authorised services F HTTP 80 MW HTTPS 443 Web browsing F Web Proxy 8080 M SMTP 25 M POP3 110 eMail T IMAP 143 FP FTP 21 M News 119 I Telnet 23 Block or Allow other services Block y All other services except specify ports Either m Enter the additional services that you wish to allow in the except specify ports box and set the drop down box to Allow m Enter the services that you wish to deny in the except specify ports box and set the drop down box to Deny Enter multiple ports as either a comma separated list e g 101 105 107 or as a range e g 101 107 Click Apply to save the settings To assign different access rights for different computers Click the Control PC Access to the Internet radio button Click New to display the PC Privileges setting screen Enter the IP address of the computer in the PC s IP Address text box Check the box of a service to authorize it Clear the box to deny the service See Figure 46 Figure 46 PC Privileges Setup Screen 4
110. utton to restart the Gateway EA Internet Settings e Bir RESTART THE GATEWAY 3 VPN Edit Route Microsoft Internet Explorer iojxi rewal von System Tools Note Users will be disconnected from the Internet while the Gateway is restarting IPSec Routes Y Status and Logs Use tunnel Hemel to access the following networks ee 5 A A H Support Feedbac Network Subnet Mask A 1 10 12 120 0 255 255 252 0 Close wes 2 3 4 5 6 7 8 E 9 Status Ready 10 61 Any network users who are currently accessing the Internet will have their access interrupted whilst the restart takes place and they may need to reboot their computers when the restart has completed and the Gateway is operational again Time Zone Choose the time zone that is closest to your actual location The time zone setting is used by the system clock when displaying the correct time in the log files If you use Daylight saving tick the Enable Daylight savings box and then click Apply Figure 60 Figure 60 Time Zone Screen mnect Cable DSL Secure Gateway Microsoft Internet Explorer AE Fie Edt View Favorites Tools Help Ei Back D QSeach Favorites Yes 4 Ge SE 2 unis OfficeConnect Cable DSL Secure Gateway Time Zone CU gt Upgrade Time Zone GMT 00 00 London Edinburgh d Help I Enable Daylight savings apply Current system date and time on the gateway is 21 October 2002 13 22 28 El
111. variety of networking technologies Asa the IP address of 192 168 100 8 is split into m Part one 192 168 100 identifies the network on which the device resides IP Addresses and Subnet Masks Each device on your network must have a unique IP address to operate correctly An IP address identifies the address of the device to which data is being sent and the address of the destination network IP addresses have the format n n n x where n is a decimal number between 0 and 255 and x is a number between 1 and 254 inclusive m Part two 8 identifies the device within the network This type of IP Address operates on a subnet mask of 255 255 255 0 See Table 3 for an example about how a network with three PCs and a Cable DSL Secure Gateway might be configured Table 3 IP Addressing and Subnet Masking in a Small Network However an IP Address alone is not enough to make your device operate In addition to the IP address you need to set a subnet mask All networks are divided into smaller sub networks and a Device IP Address Subnet Mask subnet mask is a number that enables a device to identify the PC 1 192 168 100 8 255 255 255 0 sub network to which it is connected For your network to work correctly all devices on the network Pez Pre re must have PC 3 192 168 100 188 255 255 255 0 m The same sub network address Cable DSL 192 168 100 72 255 255 255 0 m The same subnet mask Secure Gateway 73
112. vorites meda BE S Si 2 une CA OfficeConnect Cable DSL Secure Gateway 3com Welcome LAN Settings Internet Settings Lao Password SENTE Change Administration Password Old Password New Password Firewall VPN Confirm Passwor d Note Password is case sensitive Cancel System Tools Status and Logs Support Feedback LOG OUT Status Ready To change the password Enter the current password in the Old Password field Enter the new password in the New Password field Enter the new password again in the Confirm Password field Click Apply to save the new password The password is case sensitive LAN IP Settings The Unit Configuration screen allows you to change the TCP IP settings of your Gateway and its DHCP server Setup Wizard Figure 29 Wizard Screen 3Com OfficeConnect Cable DSL Secure Gateway Microsoft Internet Explorer E lexi File Edt View Farontes Tods Help t y ek O Os rentes Quedo J De A Si 2 ES Figure 30 Unit Configuration Screen OfficeConnect Cable DSL Secure Gateway fi B 0 File Edit View Favorites Tools Help ANGER MERE Setup Wizard Wizard Hack Q 3 A search rat Breda G AB 2 OfficeConnect Cable DSL Secure Gateway d The wizard is a set of screens that help you configure the Gateway for the first time Help Please click on the WIZARD button to launch the wizard Unit Configu
Download Pdf Manuals
Related Search