Page 1 LevelOne FBR-1404TX Broadband VPN Gateway w/ 4-port Switch User’s Manual Version:1.1...
Page 2: Table Of Contents
CHAPTER 1 INTRODUCTION ... 1 LevelOne Broadband VPN Gateway Features ... 1 Package Contents ... 3 Physical Details... 4 CHAPTER 2 INSTALLATION... 6 Requirements... 6 Procedure ... 6 CHAPTER 3 SETUP ... 8 Overview ... 8 Configuration Program ... 9 Setup Wizard ...
Page 3 Upgrade Firmware ... 114 UPnP... 115 APPENDIX A TROUBLESHOOTING ... 116 Overview ... 116 General Problems ... 116 Internet Access... 116 APPENDIX B SPECIFICATIONS... 118 LevelOne Broadband VPN Gateway ... 118 FCC Statement ... 118 CE Marking Warning ... 119...
Page 4: Chapter 1 Introduction
This Chapter provides an overview of the LevelOne Broadband VPN Gate- way's features and capabilities. Congratulations on the purchase of your new LevelOne Broadband VPN Gateway. The Leve- lOne Broadband VPN Gateway is a multi-function device providing the following services:...
Page 5: Security Features
10/100BaseT switching hub, making it easy to create or extend your LAN. DHCP Server Support. address to PCs and other devices upon request. The LevelOne Broadband VPN Gateway can act as a DHCP Server for devices on your local LAN and WLAN.
Page 6: Package Contents
Protection against DoS attacks. Internet connection with invalid packets and connection requests, using so much band- width and so many resources that Internet access becomes unavailable. The LevelOne Broadband VPN Gateway incorporates protection against DoS attacks. Rule-based Policy Firewall. ets, you can define your own firewall rules. This can also be used to control the Internet services available to LAN users.
Page 7: Physical Details
LevelOne Broadband VPN Gateway User Guide Physical Details Front-mounted LEDs Power On - Power on. (Green) Off - No power. Status On - Error condition. (Red) Off - Normal operation. Blinking - This LED blinks during start up. For each port, there are 2 LEDs...
Page 8: Rear Panel
LAN connections Note: Any LAN port on the LevelOne Broadband VPN Gateway will automatically function as an "Uplink" port when required. Just connect any port to a normal port on the other hub, using a standard LAN cable.
Page 9: Chapter 2 Installation
Ensure the LevelOne Broadband VPN Gateway and the DSL/Cable modem are powered OFF. 2. Connect LAN Cables Use standard LAN cables to connect PCs to the Switching Hub ports on the LevelOne Broadband VPN Gateway. Both 10BaseT and 100BaseT connections can be used simulta- neously.
Page 10: Check The Leds
Just connect any LAN port to a normal port on the other hub, using a standard LAN cable. 3. Connect WAN Cable Connect the DSL or Cable modem to the WAN port on the LevelOne Broadband VPN Gateway. Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable.
Page 11: Chapter 3 Setup
PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Con- figuration. Other configuration may also be required, depending on which features and functions of the LevelOne Broadband VPN Gateway you wish to use. Use the table below to locate detailed instructions for the required functions. To Do this: Configure PCs on your LAN.
Page 12: Configuration Program
The LevelOne Broadband VPN Gateway must be installed and powered ON. If the LevelOne Broadband VPN Gateway 's default IP Address (192.168.0.1) is already used by another device, the other device must be turned OFF until the LevelOne Broad- band VPN Gateway is allocated a new IP Address during configuration.
Page 13 PC is already running, restart it. 2. Start your WEB browser. 3. In the Address box, enter "HTTP://" and the IP Address of the LevelOne Broadband VPN Gateway, as in this example, which uses the LevelOne Broadband VPN Gateway 's default IP Address: HTTP://192.168.0.1...
Page 14: Setup Wizard
Setup Wizard The first time you connect to the LevelOne Broadband VPN Gateway, the Setup Wizard will run automatically. (The Setup Wizard will also run if the LevelOne Broadband VPN Gate- way's default setting are restored.) 1. Step through the Wizard until finished.
Page 15 LevelOne Broadband VPN Gateway User Guide PPPoE PPTP Other Modems (e.g. Broadband Wireless) Type Dynamic IP Address Static (Fixed) IP Address Big Pond Cable (Australia) For this connection method, the following data is required: User Name Password Big Pond Server IP address...
Page 16: Home Screen
Home Screen After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Navigation & Data Input Use the menu bar on the top of the screen, and the "Back" button on your Browser, for navigation.
Page 17: Lan Screen
TCP/IP IP Address IP address for the LevelOne Broadband VPN Gateway, as seen from the local LAN. Use the default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN.
Page 18 Server, rather than the LevelOne Broadband VPN Gateway 's, the following procedure is required. 1. Disable the DHCP Server feature in the LevelOne Broadband VPN Gateway. This setting is on the LAN screen. 2. Configure the DHCP Server to provide the LevelOne Broadband VPN Gateway 's IP Address as the Default Gateway.
Page 19: Password Screen
LevelOne Broadband VPN Gateway User Guide Password Screen The Admin Login screen allows you to assign a user name and password to the LevelOne Broadband VPN Gateway. Figure 8: Password Screen 1. The default login name is "admin". Change this to the desired value.
Page 20: Chapter 4 Pc Configuration
If using a Fixed (specified) IP address, the following changes are re- quired: The Gateway must be set to the IP address of the LevelOne Broadband VPN Gateway The DNS should be set to the address provided by your ISP.
Page 21: Using Dhcp
Windows setting. Using this is recommended. By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the LevelOne Broadband VPN Gate- way. Using "Specify an IP Address"...
Page 22 PC Configuration On the Gateway tab, enter the LevelOne Broadband VPN Gateway 's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the LevelOne Broadband VPN Gateway.
Page 23 LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure 14: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below.
Page 24 This is the default Windows setting. Using this is recommended. By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the LevelOne Broadband VPN Gate- way.
Page 25 LevelOne Broadband VPN Gateway User Guide Figure 16 - Windows NT4.0 - Add Gateway 2. The DNS should be set to the address provided by your ISP, as follows: Click the DNS tab. On the DNS screen, shown below, click the Add button (under DNS Service Search...
Page 26 PC Configuration Figure 17: Windows NT4.0 - DNS...
Page 27 LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 18: Network Configuration (Win 2000) 3.
Page 28 Windows setting. Using this is recommended. By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the LevelOne Broadband VPN Gate- way. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
Page 29 LevelOne Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 20: Network Configuration (Windows XP) 3.
Page 30 Windows setting. Using this is recommended. By default, the LevelOne Broadband VPN Gateway will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the LevelOne Broadband VPN Gate- way. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.
Page 31: Internet Access
LevelOne Broadband VPN Gateway User Guide Internet Access To configure your PCs to use the LevelOne Broadband VPN Gateway for Internet access: Ensure that the DSL modem, Cable modem, or other permanent connection is functional. Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection.
Page 32: Macintosh Clients
Other Unix Systems To access the Internet via the LevelOne Broadband VPN Gateway: Ensure the "Gateway" field for your network card is set to the IP Address of the LevelOne Broadband VPN Gateway. Ensure your DNS (Name Server) settings are correct.
Page 33: Chapter 5 Operation And Status
This Chapter details the operation of the LevelOne Broadband VPN Gateway and the status screens. Operation Once both the LevelOne Broadband VPN Gateway and the PCs are configured, opera- tion is automatic. However, there are some situations where additional Internet configuration may be required: If using Internet-based Communication Applications, it may be necessary to specify which PC receives an incoming connection.
Page 34 For additional information about the PCs on your LAN, and the IP addresses allocated to them, use the PC Database option on the Advanced menu. This displays the current name of the LevelOne Broadband VPN Gateway. The current version of the firmware installed in the LevelOne Broadband VPN Gateway.
Page 35: Connection Status - Pppoe
LevelOne Broadband VPN Gateway User Guide Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connection Details" button is clicked. Data - PPPoE Screen Connection Physical Address IP Address...
Page 36 Buttons Connect Disconnect Clear Log Refresh Connection Log Messages Message Connect on Demand Manual connection Reset physical connection Connecting to remote server Remote Server located Start PPP PPP up successfully Idle time-out reached Disconnecting Error: Remote Server not found Error: PPP Connection failed Error: Connection to Server lost...
Page 37: Connection Status - Pptp
LevelOne Broadband VPN Gateway User Guide Connection Status - PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be displayed when the "Connection Details" button is clicked. Data - PPTP Screen Connection The hardware address of this device, as seen by remote devices on Physical Address the Internet.
Page 38: Connection Status - Telstra Big Pond
Clear Log Delete all data currently in the Log. This will make it easier to read new messages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An example screen is shown below. Figure 25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Physical Address...
Page 39: Connection Details - Singtel Ras
LevelOne Broadband VPN Gateway User Guide Connection Log Connection Log Buttons If not connected, establish a connection to Telstra Big Pond. Connect If connected to Telstra Big Pond, terminate the connection. Disconnect Delete all data currently in the Log. This will make it easier to read Clear Log new messages.
Page 40 IP Address from the ISP's DHCP Server. If an IP Address has been allocated to the LevelOne Broadband VPN Gateway (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connec- tion and release the IP Address.
Page 41: Connection Details - Fixed/Dynamic Ip Address
"Renew" If the ISP's DHCP Server has NOT allocated an IP Address for the LevelOne Broadband VPN Gateway, this button will say "Renew". Clicking the "Renew" button will attempt to re- establish the connection and obtain an IP Address from the ISP's...
Page 42 Operation and Status DHCP Server. If an IP Address has been allocated to the LevelOne Broadband VPN Gateway (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connec- tion and release the IP Address.
Page 43: Chapter 6 Internet Features
Chapter 6 Internet Features This Chapter explains when and how to use the LevelOne Broadband VPN Gateway's "Internet" Features. Overview The following advanced features are covered in this Chapter: WAN Port Advanced Internet Communication Applications Special Applications URL filter Dynamic DNS...
Page 44: Wan Port Configuration Screen
WAN Port Configuration Screen The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Internet menu. An example screen is shown below. Data - WAN Port Screen Identification Normally, there is no need to change the default name, but if your Hostname ISP requests that you use a particular “Hostname”, enter it here.
Page 45 LevelOne Broadband VPN Gateway User Guide Specified Also called Static IP Address. Select this if your ISP has allocated IP Address you a fixed IP Address. If this option is selected, the following data must be entered. Login Login Method If your ISP does not use a login method (username, password) for Internet access, leave this at the default value "None (Direct connec-...
Page 46: Advanced Internet Screen
URL filter Communication Applications Most applications are supported transparently by the LevelOne Broadband VPN Gateway. But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.
Page 47: Special Applications
If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the LevelOne Broadband VPN Gateway 's firewall. In this case, you can define the application as a "Special Applica- tion".
Page 48 Type - Select the protocol (TCP or UDP) used when you receive data Incoming from the special application or service. (Note: Some applications use Ports different protocols for outgoing and incoming data). Start - Enter the beginning of the range of port numbers used by the application server, for data you receive.
Page 49: Url Filter
LevelOne Broadband VPN Gateway User Guide URL Filter The URL Filter allows you to block access to undesirable Web site To use this feature, you must define "filter strings". If the "filter string" appears in a requested URL, the request is blocked.
Page 50: Dynamic Dns (Domain Name Server)
2. After registration, use the "Create New Host" option (at www.dyndns.org) to request your desired Domain name. 3. Enter your data from www.dyndns.org in the LevelOne Broadband VPN Gateway 's DDNS screen. 4. The LevelOne Broadband VPN Gateway will then automatically ensure that your current IP Address is recorded at http://www.dyndns.org...
Page 51 LevelOne Broadband VPN Gateway User Guide DDNS Data Enter the "User name" specified at the www.dyndns.org Web site User Name when you registered. Password Enter your current password for www.dyndns.org Domain Name DDNS Status This message is returned by the DDNS Server at www.dyndns.org Enter your domain name, as allocated at www.dyndns.org.
Page 52: Virtual Servers
Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: Your Server does not have a valid external IP Address. Attempts to connect to devices on your LAN are blocked by the firewall in this device.
Page 53 LevelOne Broadband VPN Gateway User Guide Virtual Servers Screen The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu. An example screen is shown below. This screen lists a number of pre-defined Servers,. providing a quick and convenient method to set up the common server types.
Page 54: Internet Options
It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynamic. However, you can use the Dynamic DNS feature, described in the following section, to allow users to connect to your Virtual Servers using a URL, rather than an IP Address. Internet Options This screen allows advanced users to enter or change a number of settings.
Page 55: Chapter 7 Security Configuration
Chapter 7 Security Configuration This Chapter explains the settings available via the security configuration section of the "Security" menu. Overview The following advanced configurations are provided. Access Control Firewall Rules Logs Security Options Scheduling Services...
Page 56: Access Control
Access Control This feature is accessed by the Access Control link on the Security menu. The Access Control feature allows administrators to restrict the level of Internet Access avail- able to PCs on your LAN. With the default settings, everyone has unrestricted Internet access. To use this feature: 1.
Page 57 LevelOne Broadband VPN Gateway User Guide "Members" Button Click this button to add or remove members from the current Group. See the following section for details of the Group Members screen. Internet Access Restrictions Select the desired options for the current group:...
Page 58 Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Use this screen to add or remove members (PCs) from the current group. The "Del >>" button will remove the selected PC (in the Members list) from the current group.
Page 59: Firewall Rules
LevelOne Broadband VPN Gateway User Guide Firewall Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable.
Page 60 For each rule, the following data is shown: Data Name - The name you assigned to the rule. Source - The traffic covered by this rule, defined by the source IP address. If the IP address is followed by ... this indicates there is range of IP addresses, rather than a single address.
Page 61 LevelOne Broadband VPN Gateway User Guide Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below. Data - Firewall Rule Screen Name Type Source IP Figure 39: Firewall Rule Enter a suitable name for this rule.
Page 62 Dest IP Services Action These settings determine which traffic, based on their destination IP address, is covered by this rule. Select the desired option: Any - All traffic from the source port is covered by this rule. Single address - Enter the required IP address in the "Start IP address"...
Page 63: Logs
Since only a limited amount of log data can be stored in the LevelOne Broadband VPN Gate- way, log data can also be E-mailed to your PC or sent to a Syslog Server.
Page 64: Syslog Server
E-Mail Logs Send E-mail alert E-mail Logs Send E-mail Address Subject SMTP Server Port No. Syslog Server Enable Syslog Syslog Server Include If enabled, an E-mail will be sent immediately if a DoS (Denial of Service) attack is detected. If enabled, the E-mail address infor- mation must be provided.
Page 65: Security Options
LevelOne Broadband VPN Gateway User Guide Security Options This screen allows you to set Firewall and other security-related options. Data - Security Options Screen SPI Firewall If enabled, DoS (Denial of Service) attacks will be detected and Enable DoS blocked. The default is enabled. It is strongly recommended that this Firewall setting be left enabled.
Page 66 Respond to and by network monitoring and diagnostic programs. ICMP If checked, the LevelOne Broadband VPN Gateway will respond to ICMP packets received from the Internet. If not checked, ICMP packets from the Internet will be ignored. Disabling this option provides a slight increase in security.
Page 67: Scheduling
LevelOne Broadband VPN Gateway User Guide Scheduling This schedule can be (optionally) applied to any Access Control Group. Blocking will be performed during the scheduled time (between the "Start" and "Finish" times.) Two (2) separate sessions or periods can be defined.
Page 68: Services
Services Services are used in defining traffic to be blocked or allowed by the Access Control or Fire- wall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Security menu. Data - Services Screen Available Services Available Services...
Page 69 LevelOne Broadband VPN Gateway User Guide Cancel Clear the " Add New Service " area, ready for entering data for a new Service.
Page 70: Chapter 8 Vpn
A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet. This secure connection is called a VPN Tunnel. There are many standards and protocols for VPNs. The standard implemented in the LevelOne Broadband VPN Gateway is IPSec.
Page 71: Vpn Configuration
LevelOne Broadband VPN Gateway User Guide Phase I is the negotiation and establishment of the IKE connection. Phase II is the negotiation and establishment of the IPsec connection. Because the IKE and IPsec connections are separate, they have different SAs (security associa- tions).
Page 72: Common Vpn Situations
LAN resources as PCs on the local LAN (unless restricted by the network administrator). IPsec is not the only protocol which can be used in this situation, but the LevelOne Broad- band VPN Gateway supports IPsec ONLY.
Page 73 LevelOne Broadband VPN Gateway User Guide Connecting 2 LANs via VPN Figure 46: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. The 2 LANs MUST use different IP address ranges.
Page 74: Vpn Policies
VPN Policies This section covers the configuration required on the LevelOne Broadband VPN Gateway when using Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu. This screen lists all existing VPN policies.
Page 75 LevelOne Broadband VPN Gateway User Guide Move There are 2 ways to change the order of policies: Use the up and down indicators on the right to move the selected row. You must confirm your changes by clicking "OK". If you change your mind before clicking "OK", click "Cancel"...
Page 76: General Settings
General Settings Enter a suitable name. This name is not supplied to the remote VPN. It is Policy Name used only to help you manage the policies. Enable or disable the policy as required. For each remote VPN, only 1 Enable Policy policy can be enabled at any time.
Page 77 LevelOne Broadband VPN Gateway User Guide Figure 50: VPN Wizard - Traffic Selector For outgoing VPN connections, these settings determine which traffic will cause a VPN tunnel to be created, and which traffic will be sent through the tunnel. For incoming VPN connections, these settings determine which systems on your local LAN will be available to the remote endpoint.
Page 78 Remote IP addresses Type The remote VPN should have these IP addresses entered as it's "Local" addresses. 3. Click Next to continue. The screen you will see depends on whether you previously selected "Manual Key Exchange" or "IKE". Manual Key Exchange Figure 51: VPN Wizard - Manual Key Exchange Single address - enter an IP address in the "Start IP address"...
Page 79 LevelOne Broadband VPN Gateway User Guide These settings must match the remote VPN. Note that you cannot use both AH and ESP. Manually assigned Keys AH (Authentication Header) specifies the authentication protocol AH Authentication for the VPN header, if used. (AH is often NOT used) If AH is not enabled, the following settings can be ignored.
Page 80 Click "Next" to view the final screen. On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard. IKE Phase 1 If you selected IKE, the following screen is displayed after the Traffic Selector screen. IKE Phase 1 (IKE SA) Direction Select the desired option:...
Page 81 LevelOne Broadband VPN Gateway User Guide IKE Exchange Select the desired option, and ensure the remote VPN endpoint uses Mode the same mode. Main Mode provides identity protection for the hosts initiating the IPSec session, but takes slightly longer to complete.
Page 82 ESP Encryption ESP (Encapsulating Security Payload) provides security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both ESP Encryption and ESP Authentication. Select the desired method, and ensure the remote VPN endpoint uses the same method. The "3DES" algorithm provides greater security than "DES", but is slower.
Page 83: Certificates
LevelOne Broadband VPN Gateway User Guide Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificate to itself. This Certificate is required in order to validate communication with the CA.
Page 84 Adding a Trusted Certificate 1. After obtaining a new Certificate from the CA, you need to upload it to the LevelOne Broadband VPN Gateway. 2. On the "Certificates" screen, click the "Add Trusted Certificate" button to view the Add Trusted Certificate screen, shown below.
Page 85 Submit the CA's form. If there are no problems, the Certificate will then be issued. 7. After obtaining a new Certificate, as described above, you need to upload it the LevelOne Broadband VPN Gateway. Click the "Next" button to see the screen below.
Page 86 Click the "Browse" button, and locate the certificate file on your PC Select the file. The name will appear in the "Certificate File" field. Click "Upload" to upload the certificate file to the LevelOne Broadband VPN Gate- way. Click "Finished" to return to the Certificate list. The new Certificate will appear in the...
Page 87: Crls
Select the file. The name will appear in the "File to Upload" field. Click "Upload" to upload the CRL file to the LevelOne Broadband VPN Gateway. Click "Back" to return to the CRL list. The new CRL will appear in the list.
Page 88: Vpn Status
VPN Status This screens lists all VPN SAs (Security Association) which exist at the current time. If no VPN tunnels exist at the current time, the table will be empty. To update the display, click the "Refresh" button. If using IKE, there is one SA for the IKE connection, and another SA for the IPSec connection.
Page 89: Examples
LevelOne Broadband VPN Gateway User Guide Examples This section describes some examples of using the LevelOne Broadband VPN Gateway in common VPN situations. Example 1: Connecting 2 LevelOne Broadband VPN Gateways In this example, 2 LANs are connected via VPN.
Page 90 IKE Authentication Pre-shared Key method Pre-shared Key Xxxxxxxxxx IKE Authentication algorithm IKE Encryption IKE Exchange Main Mode mode DH Group Group 1 (768 bit) IKE SA Life time 28800 IKE PFS Disable IPSec SA Parameters IPSec SA Life time 28800 IPSec PFS Disabled AH authentication...
Page 91 LevelOne Broadband VPN Gateway User Guide Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the LevelOne Broadband VPN Gate- way and gains access to the local LAN. Figure 63: Windows 2000/XP Client to LevelOne Broadband VPN Gateway To use 3DES encryption, you need Service Pack 3 or later installed on Windows 2000.
Page 92 DH Group Group 1 (768 bit) IKE SA Life time 28800 IKE PFS Disable IPSec SA Parameters IPSec SA Life time 28800 IPSec PFS Disable AH authentication Disabled ESP authentication Enable/MD5 ESP encryption Enable/DES Windows Client Configuration 1. Select Start - Programs - Administrative Tools - Local Security Policy. 2.
Page 93 LevelOne Broadband VPN Gateway User Guide Figure 65: Windows 2000/XP - Policy Properties Note that no rules are in use. Two 2 rules are required - incoming and outgoing. The outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen below.
Page 94 8. Enter the Source IP address and the Destination IP address. Since this is the outing filter, the Source IP address is "My IP address" and the Desti- nation IP address is the address range used on the remote LAN. Ensure the Mirrored option is checked.
Page 95 LevelOne Broadband VPN Gateway User Guide Figure 69: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Require Security Proper- ties screen. Figure 70: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
Page 96 13. On the resulting screen (above), select High [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. 14. Ensure the following settings are correct, then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.
Page 97 LevelOne Broadband VPN Gateway User Guide 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP ad- dress. Enter the WAN (Internet) IP address of the LevelOne Broadband VPN Gateway, as shown below. 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below.
Page 98 19. Click "Close" to return to the DUT to Win2K properties screen. The "To DUT" filter should now be listed, as shown below. Figure 75: Windows 2000/XP Client to LevelOne Broadband VPN Gateway 20. To add the second (outgoing) rule, click "Add". For the name, enter "To Win2K", then click "Add".
Page 99 LevelOne Broadband VPN Gateway User Guide Figure 77: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 78: Filter List 23. Ensure the "To Win2K" filter is selected, then click the Filter Action tab.
Page 100 24. Select Require Security, then click "Edit". On the Require Security Methods screen below, select Negotiate security. 25. Click the "Add" button. On the resulting Modify Security Method screen below, select High [ESP]. Figure 79: Filter Action Figure 80: Security Methods...
Page 101 LevelOne Broadband VPN Gateway User Guide 26. Click "OK" to save your changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (172.10..9.10 in this example).
Page 102 29. Select Use this string to protect the key exchange (preshared key), then enter your pre- shared key in the field provided. 30. Click "OK" to save your settings, then "Close" to return to the DUT to Win2K Properties screen. There should now be 2 IP Filers listed, as shown below. 31.
Page 103 LevelOne Broadband VPN Gateway User Guide Figure 85: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure 86: Key Exchange Settings 33. Click the "Methods" button to see the screen below.
Page 104 36. Click "OK" to save, then "OK" again, and then "Close" to return to the Local Security Settings screen. 37. Right click the DUT to Win2K Policy and select "Assign" to make your policy active. Figure 89: Windows 2000/XP Client to LevelOne Broadband VPN Gateway Configuration is now complete. Figure 88: IKE Security Algorithms...
Page 105 LevelOne Broadband VPN Gateway User Guide Example 3: Windows 2000 Server to VPN Gateway In this example, a Windows 2000 Server connects to the LevelOne Broadband VPN Gateway. Users on each LAN can then gain access to the remote LAN.
Page 106 Figure 91: Windows 2000 Server - Addressing The Source Address should be set to "A specific IP Subnet", and the IP address and Subnet mask set to the address range used on the LevelOne Broadband VPN Gateway's LAN. The Destination Address should be set to "A specific IP Subnet", and the IP address and...
Page 107: Chapter 9 Other Features And Settings
PCs which use a Fixed (Static) IP Address. Remote This feature allows you to manage the LevelOne Broadband VPN Gateway via the Internet. Administration Only required if your LAN has other Routers or Gateways.
Page 108: Pc Database
By default, non-Server versions of Windows act as "DHCP Clients"; this setting is called "Obtain an IP Address automatically". The LevelOne Broadband VPN Gateway uses the "Hardware Address" to identify each PC, not the name or IP address. The "Hardware Address" can only change if you change the PC's network card or adapter.
Page 109 LevelOne Broadband VPN Gateway User Guide Data - PC Database Screen This lists all current entries. Data displayed is name (IP Address) type. Known PCs The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, enter its name here. It is best if this matches the PC's "hostname".
Page 110 The IP address could change, but normally won't. DCHP Client - Reserved IP Address - Select this if the PC is set to be a DCHP client, and you wish to guarantee that the LevelOne Broadband VPN Gateway will always allocate the same IP Ad- dress to this PC.
Page 111 Standard Screen Click this to view the standard "PC Database" screen. Automatic discovery - Select this to have the LevelOne Broad- band VPN Gateway contact the PC and find its MAC address. This is only possible if the PC is connected to the LAN and pow- ered On.
Page 112: Remote Administration
Remote Administration This feature allows you to manage the LevelOne Broadband VPN Gateway via the Internet. Figure 94: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable Remote Enable to allow administration via the Internet. If Disabled, this...
Page 113: Routing
If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing" page completely. If the LevelOne Broadband VPN Gateway is only acting as a Gateway for the local LAN segment, ignore the "Routing" page even if your LAN has other Routers.
Page 114: Static Routing
Enable RIP Check this to enable the RIP (Routing Information Protocol) feature of the LevelOne Broadband VPN Gateway. The LevelOne Broadband VPN Gateway supports RIP 1 only. Static Routing Static Routing This list shows all entries in the Routing Table.
Page 115 Configuring Other Routers on your LAN It is essential that all IP packets for devices not on the local LAN be passed to the LevelOne Broadband VPN Gateway, so that they can be forwarded to the external LAN, WAN, or Internet.
Page 116 Static Routing - Example For the LevelOne Broadband VPN Gateway 's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the LevelOne Broadband VPN Gateway requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address...
Page 117: Upgrade Firmware
LevelOne Broadband VPN Gateway User Guide Upgrade Firmware The firmware (software) in the LevelOne Broadband VPN Gateway can be upgraded using your Web Browser. You must first download the upgrade file, then select Upgrade on the Other menu. You will see a screen like the following.
Page 118: Upnp
Windows XP, who access the Properties via UPnP. (e.g. Right - click the LevelOne Broadband VPN Gateway in My Network Places, and select Properties) If checked, then UPnP users can disable Internet access via this device.
Page 119: Appendix A Troubleshooting
This chapter covers some common problems that may be encountered while using the Leve- lOne Broadband VPN Gateway and some possible solutions to them. If you follow the suggested steps and the LevelOne Broadband VPN Gateway still does not function properly, contact your dealer for further advice.
Page 120 Internet connection (DSL/Cable modem etc) to see that it is working correctly. Problem 2: Some applications do not run properly when using the LevelOne Broadband VPN Gateway. The LevelOne Broadband VPN Gateway processes the data passing through Solution 2: it, so it is not transparent.
Page 121: Appendix B Specifications
Appendix B Specifications LevelOne Broadband VPN Gateway Model Dimensions Operating Temperature Storage Temperature Network Protocol: Network Interface: LEDs Power Adapter FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 122: Ce Marking Warning
Appendix B - Specifications FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body. This device complies with Part 15 of the FCC Rules.

LevelOne FBR-1404TX User Manual

Chapter 1 Introduction

Chapter 2 Installation

Chapter 3 Setup

Chapter 4 Pc Configuration

Chapter 5 Operation and Status

Chapter 6 Internet Features

Chapter 7 Security Configuration

Chapter 8 Vpn

Chapter 9 Other Features and Settings

Appendix A Troubleshooting

Appendix B Specifications

Quick Links

Related Manuals for LevelOne FBR-1404TX

Summary of Contents for LevelOne FBR-1404TX

Table of Contents