1. Manuals
  2. Brands
  3. UTT Manuals
  4. Network Router
  5. HiPER 840G
  6. Advanced configuration manual

UTT HiPER 840G Advanced Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

HiPER 840G Gigabit Router
Advanced Configuration Guide
V1.0
UTT Technologies Co., Ltd.
http://www.uttglobal.com

Advertisement

Table of Contents
loading

Related Manuals for UTT HiPER 840G

Summary of Contents for UTT HiPER 840G

  • Page 1 HiPER 840G Gigabit Router Advanced Configuration Guide V1.0 UTT Technologies Co., Ltd. http://www.uttglobal.com...

  • Page 2: Copyright Notice

    UTT Technologies Co., Ltd. UTT Technologies Co., Ltd. has the patents, patent applications, trademarks, trademark applications, copyrights and other intellectual property rights that are mentioned in this document.

  • Page 3: Table Of Contents

    UTT Technologies Table of Contents Table of Contents Copyright Notice ........................2 Table of Contents........................I About This Manual........................1 Scope ......................... 1 Web UI Style....................... 1 Documents Conventions .................... 2 0.3.1 Symbol Conventions ................... 2 0.3.2 Other Conventions ....................2 0.3.3...
  • Page 4 UTT Technologies Table of Contents System Status ......................24 4.2.1 Wired Status ..................... 24 4.2.2 Wireless Status ....................25 Interface Traffic ......................27 Restart ........................29 Chapter 5 Network ......................30 WAN Settings ......................30 5.1.1 Internet Connection List ..................30 5.1.2...
  • Page 5 UTT Technologies Table of Contents 6.2.5 How to Add IP/MAC Bindings ................83 6.2.6 Internet W hitelist and Blacklist ................84 Static Route ......................87 6.3.1 Introduction to Static Route ................87 6.3.2 Static Route List....................87 6.3.3 Static Route Settings ..................88 6.3.4...
  • Page 6 UTT Technologies Table of Contents PPTP Client Settings ....................130 PPTP Client List ..................... 131 Configuration Example for PPTP Client ..............132 IPSEC VPN ........................174 Introduction to IPSec Implementation 9.5.1 ................174 IPSec Settings–AutoKey (IKE) 9.5.2 ....................190 IPSec List 9.5.3...
  • Page 7 UTT Technologies Table of Contents Appendix F Table Index....................... 169 http://www.uttglobal.com Page 5 www.argo-contar.com...

  • Page 8: About This Manual

    UTT Technologies About This Manual About This Manual Scope This guide mainly describes how to install and configure the HiPER 840G Gigabit Router offered by UTT Technologies Co., Ltd. For more information, please visit our website at www.uttglobal.com. Web UI Style The Web UI style complies with the browser standard, which is as follows: Radio Button: It allows you to choose only one of a predefined set of options.

  • Page 9: Documents Conventions

    UTT Technologies About This Manual Documents Conventions 0.3.1 Symbol Conventions : It represents a configuration parameter. Parameters may be optional or required. Required parameters are indicated by a red asterisk (*). : It represents a button. : It represents one or more notes.

  • Page 10: Detailed Description Of List

    UTT Technologies About This Manual Click to revert to the last saved settings. Click to delete the selected entry(s). Click to display the latest information on the page. Click to clear all the statistics on the page. Click to go back to the previous page.
  • Page 11 UTT Technologies About This Manual Element Description Current page number/ total pages, the example means that the current page is the first page, and total one page. Click to jump to the first page. Click to jump to the previous page.

  • Page 12: Factory Default Settings

    Table 0-3 Factory Default Settings Document Organization This guide mainly describes the settings and applications of the HiPER 840G Gigabit Router, which include product overview, hardware installation, quick setup, start menu, network, wireless, advanced, user management, firewall, VPN, system administration, status and support.
  • Page 13 UTT Technologies About This Manual Chapter 3 Quick Setup This chapter describes the following contents: How to install and configure TCP/IP properties on your PC. • How to login to the Gigabit Router; and introduction to the WEB UI layout.
  • Page 14 UTT Technologies About This Manual Static Route: How to configure and view the static routes. • PPPoE Server: How to configure PPPoE server global settings and PPPoE account • settings, and view PPPoE user status. Chapter 7 User Management This chapter describes how to control and manage the Internet behaviors of the LAN...

  • Page 15: Contact Information

    Chapter 12 Support This chapter describes how to link to the UTTCare, Forum, Knowledge and Reservation page of the UTT website, which can help you quickly learn the UTT Technologies service system and enjoy the most intimate and professional services.

  • Page 16: Chapter 1 Product Overview

    Chapter 1 Product Overview Chapter 1 Product Overview Thanks for choosing the HiPER 840G Gigabit Router from UTT Technologies Co., Ltd. This chapter describes the functions and features of the HiPER 840G Gigabit Router in brief. Product Brief HiPER 840G Gigabit Router is designed for small-sized businesses and branch offices, integrating wired networks network.

  • Page 17: Physical Specification

    UTT Technologies Chapter 1 Product Overview Supports 6kV lightning protection • Supports VPN pass-through (IPSec, PPTP and L2TP) • Supports PPTP client • Supports DHCP server • Supports DNS proxy • Supports DDNS (Dynamic Domain Name System) • Supports IP/MAC binding •...

  • Page 18: Chapter 2 Hardware Installation

    UTT Technologies Chapter 2 Hardware Installation Chapter 2 Hardware Installation Physical Characteristics 2.1.1 Front Panel As shown in Figure 2-1, the LEDs are located on the front panel of the Gigabit Router. The LEDs indicate the status of the system and each port. Table 2-1 describes these LEDs.

  • Page 19: Reset Button

    UTT Technologies Chapter 2 Hardware Installation There’s no built-in USB Flash Memory connected to the system. There’s 1 USB Flash Memory connected to the system. USB Status USB 2 There’s no USB Flash Memory connected to the system. A valid link is established on the corresponding port.

  • Page 20: Rear Panel

    UTT Technologies Chapter 2 Hardware Installation Port Description They are used to connect the wired computers, hubs, switches, and other Ethernet network devices on the LAN to the Gigabit Router. WAN1 ~ They are used to connect the Gigabit Router to the Internet.
  • Page 21 UTT Technologies Chapter 2 Hardware Installation need to select a proper location to install the Gigabit Router. In most cases, you can install it on a level surface such as a desktop or shelf. Note Please ensure that the desktop or shelf is stable and the power outlet is grounded properly, and do not place heavy objects on the Gigabit Router.

  • Page 22: Chapter 3 Quick Setup

    UTT Technologies Chapter 4 Start Menu Chapter 3 Quick Setup This chapter describes how to properly configure TCP/IP settings on your computer, how to login to the Gigabit Router, and how to configure the basic parameters to quickly connect the Gigabit Router to the Internet via the Start > Setup Wizard. In addition, it also briefly describes the layout and style of the Gigabit Router’s Web UI.
  • Page 23 UTT Technologies Chapter 4 Start Menu If the displayed page is similar to the screenshot below, the connection • between your computer and the Gigabit Router hasn't been established yet. If the connection hasn't been established, please take the following steps to resolve the...

  • Page 24: Logging In To The Gigabit Router

    UTT Technologies Chapter 4 Start Menu Logging in to the Gigabit Router This section describes how to login to the Gigabit Router. No matter what operating system is installed on your computer, such as, MS Windows, Macintosh, UNIX, or Linux, and so on, you can login to and configure the Gigabit Router through the Web browser (for example, Internet Explorer).
  • Page 25 Router. Short Icons: They are used for fast link to the corresponding pages on the website of UTT Technologies Co., Ltd. Product: Click to link to the products page of the UTT website to find more ● products. Forum: Click to link to the forum homepage of the UTT website to ●...

  • Page 26: Setup Wizard

    UTT Technologies Chapter 4 Start Menu Setup Wizard This section describes the Start > Setup Wizard page. 3.3.1 Running the Setup Wizard As mentioned earlier, the first page of the Setup Wizard appears immediately after your first login, see the following figure.
  • Page 27 UTT Technologies Chapter 4 Start Menu Figure 3-5 Welcome Page 3.3.2 Setup Wizard - WAN1 Internet Connection Settings In the Setup Wizard, you can configure each Internet connection respectively. For each Internet access mode, the Internet connection settings are different.
  • Page 28 The WAN IP address and default gateway IP address must be on the same subnet. If not, please modify the Subnet Mask to make them be on the same subnet. If you don’t have the subnet related knowledge, please ask a professional or UTT customer http://www.uttglobal.com Page 21 www.argo-contar.com...
  • Page 29 UTT Technologies Chapter 4 Start Menu engineer for help. 3.3.2.2 DHCP Internet Connection Settings If your ISP automatically assigns an IP address to the Gigabit Router via DHCP, please select DHCP from the Connection Type drop-down list. Then the following page will be shown.
  • Page 30 UTT Technologies Chapter 4 Start Menu Figure 3-8 Setup Wizard - WAN1 Settings (PPPoE) Connection Type: It specifies the type of the Internet connection. Here please select PPPoE. The Gigabit Router will automatically obtain the WAN IP address, subnet mask and gateway IP address from your ISP’s PPPoE server.

  • Page 31: Chapter 4 Start Menu

    UTT Technologies Chapter 4 Start Menu Chapter 4 Start Menu The Start menu item is the first one under the top-level menu. It provides links to several commonly used pages including Setup Wizard, System Status, Interface Traffic and Restart, where you can quickly configure the basic parameters for the Gigabit Router to operate properly, view system status, view interface traffic statistics, and restart the Gigabit Router.

  • Page 32: Wireless Status

    UTT Technologies Chapter 4 Start Menu Figure 4-1 System Status - Wired Status WAN1: It displays the current status and basic configuration of the WAN1 Internet connection, which include connection type, status, IP address, subnet mask, MAC address, default gateway and DNS server addresses, and up time.
  • Page 33 UTT Technologies Chapter 4 Start Menu Figure 4-2 System Status - Wireless Status 3G: It displays the current status and basic configuration of the 3G Internet connection, which include connection type, status, IP address, subnet mask, MAC address, default gateway and DNS server addresses, and up time.

  • Page 34: Interface Traffic

    UTT Technologies Chapter 4 Start Menu information of the interfaces that have been configured. Interface Traffic This section describes the Start > Interface Traffic page. This page provides the real-time traffic chart for each interface that has been configured, which displays the real-time Rx/Tx rate, average Rx/Tx rate, maximum Rx/Tx rate and total Rx/Tx traffic of each interface.
  • Page 35 UTT Technologies Chapter 4 Start Menu Line: Select this option to display a line chart. The chart includes two lines with ● different colors, which represent the real-time Rx rate and Tx rate resectively. Solid: Select this option to display an area chart. The area chart is like the line ●...

  • Page 36: Restart

    UTT Technologies Chapter 4 Start Menu This page only displays the traffic statistics for the interfaces that have been configured. Restart Figure 4-5 Restart the Gigabit Router Restart: Click to restart the Gigabit Router. If you click the Restart button, the system will pop up a prompt dialog box (see Figure 4-6).

  • Page 37: Chapter 5 Network

    UTT Technologies Chapter 5 Network Chapter 5 Network This chapter describes how to configure the basic network parameters of the Gigabit Router, which include WAN settings, load balancing, LAN settings, DHCP server, DDNS, and UPnP. WAN Settings This section describes the Network > WAN page.

  • Page 38: Parameter Definitions

    UTT Technologies Chapter 5 Network Figure 5-2 Internet Connection List (Continue) 5.1.1.1 Parameter Definitions Interface: It displays the name of the WAN interface. The Gigabit Router has four WAN interfaces: WAN1, 3G, and APClient. Therein, WAN1 are wired interfaces, and 3G and APClient are wireless interfaces.
  • Page 39 UTT Technologies Chapter 5 Network The connection is disconnected due to that the interface is disabled or Disconnected not connected, etc. The connection is established between the Gigabit Router and peer Connected device. Table 5-2 Description of Static IP Connection Status DHCP Connection Status For the DHCP connection, there are two kinds of status, see Table 5-3.
  • Page 40 UTT Technologies Chapter 5 Network Rx Rate: It displays the average download speed (in kilobytes per second) of the Internet connection during the time interval between two refresh operations. Tx Rate: It displays the average upload speed (in kilobytes per second) of the Internet connection during the time interval between two refresh operations.

  • Page 41: Internet Connection Settings

    UTT Technologies Chapter 5 Network Figure 5-3 Internet Connection List - PPPoE/3G Connection 5.1.1.4 How to Renew and Release a DHCP Connection If you click the Interface hyperlink or icon of a DHCP connection, the Renew button and Release button will appear below the list, see Figure 5-4.
  • Page 42 UTT Technologies Chapter 5 Network Figure 5-5 Network - WAN Settings Note It allows you to choose the ISP Policy (i.e., route policy database) for each Internet connection. The system will automatically create the associated static routes according to your selection. Thus all traffic destined for one ISP’s servers will be forwarded through this ISP’s connection.
  • Page 43 UTT Technologies Chapter 5 Network 5.1.2.1.1 Static IP Internet Connection Settings Figure 5-6 Static IP Internet Connection Interface: It specifies the name of the WAN interface. Here please select WAN1 or APClient. Connection Type: It specifies the type of the Internet connection. Here please select Static IP.
  • Page 44 UTT Technologies Chapter 5 Network Interface: It specifies the name of the WAN interface. Here please select WAN1 or APClient. Connection Type: It specifies the type of the Internet connection. Here please select DHCP. The Gigabit Router will automatically obtain the WAN IP address, subnet mask and gateway and DNS server addresses from your ISP’s DHCP server.
  • Page 45 UTT Technologies Chapter 5 Network connection. The available options are Either, PAP, CHAP and NONE. The default value is Either, which means that the Gigabit Router will automatically negotiate it with the remote PPPoE Server. NONE means that no authentication is performed.
  • Page 46 UTT Technologies Chapter 5 Network Figure 5-9 3G Internet Connection Settings Interface: It specifies the name of the WAN interface. Here please select 3G. ISP Policy and Update Policy: Refer to Section 5.1.2.1.1 Static IP Internet Connection for detailed information.

  • Page 47: Mac Address Clone

    UTT Technologies Chapter 5 Network 5.1.3 MAC Address Clone Some ISPs register the MAC address of your network device (usually a computer) when your account is first opened, and they will only accept traffic from that MAC address. With MAC address clone feature, you may assign the registered MAC address to the Gigabit Router’s external interface if you don’t want to re-register the MAC address with your ISP.

  • Page 48: Load Balancing

    UTT Technologies Chapter 5 Network Load Balancing This section describes the Network > Load Balancing page. In this page, you can configure load balancing global parameters, the connection detection parameters (including detection target IP, detection interval, retry times, etc.) for each Internet connection, and view the status and configuration of them.
  • Page 49 UTT Technologies Chapter 5 Network but not received any response packet during a detection period, it will consider that the connection is faulty. For a faulty Internet connection, the detection mechanism is as follows: Similarly, the Gigabit Router also periodically sends a detection packet at the specified time interval to the target IP address.

  • Page 50: Load Balancing Global Settings

    UTT Technologies Chapter 5 Network primary connections, and others are used as backup connections. The working principle is as follows: As long as one or more primary connections are normal, the LAN users will use the primary connection(s) to access the Internet.

  • Page 51: Load Balancing List

    UTT Technologies Chapter 5 Network 5.2.2.2 Global Settings - Partial Load Balancing Figure 5-12 Global Settings - Partial Load Balancing Mode: It specifies the mode of load balancing. Here please select Partial Load Balancing. Primary: It specifies the primary connection group. An Internet connection in the Primary list box is a primary connection.

  • Page 52: Connection Detection Settings

    UTT Technologies Chapter 5 Network Figure 5-13 Load Balancing List Figure 5-14 Load Balancing List (Continue) Edit an Internet Connection: To configure or modify the detection related parameters of an Internet connection, click its Interface hyperlink or icon, the related information will be displayed in the Connection Detection Settings page.
  • Page 53 UTT Technologies Chapter 5 Network Figure 5-15 Connection Detection Settings Interface: It indicates the name of the WAN interface. It is non-editable. Detection Interval: It specifies the time interval at which the Gigabit Router periodically sends detection packets, one packet at a time. It must be between 1 and 60 seconds, or 0.

  • Page 54: How To Configure Connection Detection Settings

    UTT Technologies Chapter 5 Network 5.2.5 How to Configure Connection Detection Settings To configure connection detection settings, follow these steps: Step 1 Go to the Network > Load Balancing > Load Balancing List page. Step 2 Click an Internet connection’s Interface hyperlink or icon to go the Connection Detection Settings page.

  • Page 55: Lan Settings

    UTT Technologies Chapter 5 Network LAN Settings This section describes the Network > LAN page, where you can configure the IP address, subnet mask and MAC address of the Gigabit Router’s LAN interface. Figure 5-16 LAN Interface Settings IP Address: It specifies the IP address of the LAN interface.

  • Page 56: Dhcp Server

    UTT Technologies Chapter 5 Network DHCP Server This section describes the Network > DHCP Server page, which includes DHCP server settings, static DHCP and DHCP client list. 5.4.1 DHCP Server Settings Figure 5-17 DHCP Server Settings Enable DHCP Server: It allows you to enable or disable DHCP server. If you want to enable DHCP server on the Gigabit Router, please select this check box.
  • Page 57 UTT Technologies Chapter 5 Network most cases, this address must be on the same subnet as the Gigabit Router’s LAN IP address. Subnet Mask: It specifies the subnet mask of the IP addresses assigned by the DHCP server. In most cases, this subnet mask must be identical to the Gigabit Router’s LAN subnet mask.

  • Page 58: Static Dhcp

    UTT Technologies Chapter 5 Network computers use this server as the primary DNS server. Now, the Gigabit Router will be used as a new gateway for the local computers. In this case, in order to use DNS proxy service normally, the administrator only need to change the Gigabit Router’s LAN IP address to the old proxy DNS server’s IP address, and enable DNS proxy on...

  • Page 59: Static Dhcp List

    UTT Technologies Chapter 5 Network Note The reserved IP address must be a valid IP address within the range of IP addresses assigned by the DHCP server. After you have added the static DHCP entry successfully, the Gigabit Router will always assign the reserved IP address to the specified computer.

  • Page 60: Dhcp Client List

    UTT Technologies Chapter 5 Network 5.4.2.3 How to Add Static DHCP Entries To add one or more static DHCP entries, follow these steps: Step 1 Go to the Network > DHCP Server > Static DHCP page. Step 2 Click the Add button to go to the Static DHCP Settings page, and then specify the User Name, IP Address and MAC Address, lastly click the Save button.
  • Page 61 UTT Technologies Chapter 5 Network Refresh: Click to view the latest information in the list. Note The DHCP Client List only displays the DHCP clients with dynamically assigned IP addresses. It doesn’t display the DHCP clients specified by the static DHCP entries.

  • Page 62: Configuration Example For Dhcp

    UTT Technologies Chapter 5 Network 5.4.4 Configuration Example for DHCP 1. Requirements In this example, the Gigabit Router acts as a DHCP server to dynamically assign the IP addresses to the clients that reside on the same subnet. The Gigabit Router’s LAN IP address is 192.168.1.1/24.
  • Page 63 UTT Technologies Chapter 5 Network Figure 5-21 DHCP Server Settings - Example Step 3 Go to the Network > DHCP Server > Static DHCP page. Step 4 Add the static DHCP entry 1: Click the Add button to go to the Static DHCP Settings page (see Figure 5-22), enter Server1 in the User Name text box, 192.168.1.15 in the IP Address text box, and 0021859B4546 in the MAC...
  • Page 64 UTT Technologies Chapter 5 Network 192.168.1.16 in the IP Address text box, and 001f3c0f07f4 in the MAC Address text box, and then click the Save button. Figure 5-23 Adding the Static DHCP Entry 2 - Example Now you have configured the two static DHCP entries. You can view them in the Static...

  • Page 65: Ddns

    UTT Technologies Co., Ltd. currently provide free DDNS services, but they may charge for the DDNS services in the future. In this case, UTT Technologies Co., Ltd. will notify you as soon as possible; if you refuse to pay for the services, you will no longer be able to use them.

  • Page 66: Ddns Settings

    UTT Technologies Chapter 5 Network Figure 5-25 Apply for a DDNS Account from 3322.org Host Name: It specifies a unique host name of the Gigabit Router. The suffix of 3322.org will be appended to the host name to create a fully qualified domain name (FQDN) for the Gigabit Router.
  • Page 67 UTT Technologies Chapter 5 Network Cancel: Click to revert to the last saved settings. 5.5.3.2 DDNS Service Offered by 3322.org Figure 5-27 DDNS Settings Related to 3322.org Service Provider: It specifies the DDNS service provider who offers services to the Gigabit Router.

  • Page 68: Ddns Status

    UTT Technologies Chapter 5 Network 5.5.3.3 DDNS Service Offered by IPLink Figure 5-28 DDNS Settings Related to iplink.com.cn Service Provider: It specifies the DDNS service provider who offers services to the Gigabit Router. Now the Gigabit Router only supports two DDNS service providers: iplink.com.cn and 3322.org.

  • Page 69: Ddns Verification

    UTT Technologies Chapter 5 Network Figure 5-29 DDNS Status Update: Click to update DDNS status. 5.5.5 DDNS Verification To verify whether DDNS is updated successfully, you can use the ping command at the command prompt on the PC, for example: ping avery12345.3322.org If the displayed page is similar to the screenshot below: the domain name is resolved to an IP address successfully (58.246.187.126 in this example), DDNS is updated...

  • Page 70: Upnp

    UTT Technologies Chapter 5 Network UPnP This section describes the Network > UPnP page. The Universal Plug and Play (UPnP) is architecture that implements zero configuration networking, that is, it provides automatic IP configuration and dynamic discovery of the UPnP compatible devices from various vendors. A UPnP compatible device can dynamically join a network and work properly.
  • Page 71 UTT Technologies Chapter 5 Network Figure 5-31 UPnP Port Forwarding List ID: It is used to identify each UPnP port forwarding entry in the list. Internal IP: It displays the IP address of the local computer. Internal Port: It displays the service port provided by the local computer.

  • Page 72: Chapter 6 Advanced

    UTT Technologies Chapter 7 Advanced Chapter 6 Advanced This chapter describes how to configure and use the advanced features of the Gigabit Router, which include NAT and DMZ, IP/MAC binding, static route, and PPPoE server. NAT and DMZ This section describes the Advanced > NAT&DMZ page.

  • Page 73: Nat Types

    UTT Technologies Chapter 7 Advanced Internet connection by the ISP. It is a legal public IP address that can represent one or more internal IP addresses to the outside world. 6.1.1.3 NAT Types The Gigabit Router provides two types of NAT: One2One and EasyIP.
  • Page 74 UTT Technologies Chapter 7 Advanced the mapped local server, so the outside users can access the service offered by the server. For example, if you want to allow the local SMTP server (IP address: 192.168.1.88) to be available to the outside users, you can create a port forwarding entry: external IP address is WAN1 IP address (200.200.201.88 in this example), external port is 2100, internal IP...

  • Page 75: Port Forwarding

    UTT Technologies Chapter 7 Advanced 6.1.2 Port Forwarding 6.1.2.1 Port Forwarding List Figure 6-1 Port Forwarding List Add a Port Forwarding Entry: To add a new port forwarding entry, first click the Add button to go to the Port Forwarding Settings page, next configure it, lastly click the Save button.

  • Page 76: Port Forwarding Settings

    UTT Technologies Chapter 7 Advanced 6.1.2.2 Port Forwarding Settings Figure 6-2 Port Forwarding Settings Name: It specifies a unique name of the port forwarding entry. Enable: It allows you to enable or disable the port forwarding entry. The default value is checked, which means the port forwarding entry is in effect.
  • Page 77 UTT Technologies Chapter 7 Advanced Save: Click to save your changes. Cancel: Click to revert to the last saved settings. Back: Click to go back to the Port Forwarding List. 6.1.2.3 How to Add Port Forwarding Entries To add one or more static port forwarding entries, follow these steps: Step 1 Go to the Advanced >...

  • Page 78: Nat Rule

    UTT Technologies Chapter 7 Advanced Figure 6-3 Port Forwarding Settings - Example 6.1.3 NAT Rule 6.1.3.1 NAT Rule List Figure 6-4 NAT Rule List Add a NAT Rule: To add a new NAT rule, first click the Add button to go to the NAT Rule Settings page, next configure it, lastly click the Save button.
  • Page 79 UTT Technologies Chapter 7 Advanced icon, the related information will be displayed in the setup page. Then modify it, and click the Save button. Delete NAT Rule(s): There are three ways to delete NAT rules. To delete a NAT rule, directly click its icon.
  • Page 80 UTT Technologies Chapter 7 Advanced Cancel: Click to revert to the last saved settings. Back: Click to go back to the NAT Rule List. 6.1.3.2.2 NAT Rule Settings - One2One Figure 6-6 NAT Rule Settings - One2One Name: It specifies a unique name of the NAT rule.
  • Page 81 UTT Technologies Chapter 7 Advanced A One2One NAT rule can contain up to 20 external/internal IP addresses. 6.1.3.3 How to Add NAT Rules To add one or more NAT rules, follow these steps: Step 1 Please identify the type of the NAT rule that you want to add.
  • Page 82 UTT Technologies Chapter 7 Advanced The administrator want the local computers in the online game area (its address range is from 192.168.1.10/24 to 192.168.1.100/24) to use 218.1.21.3/29 to access the Internet. To achieve this purpose, he should create an EasyIP NAT rule for them. The rule’s External IP is 218.1.21.3, Start Internal IP is 192.168.1.10, End Internal IP is...
  • Page 83 UTT Technologies Chapter 7 Advanced 6.1.3.4.2 An Example for Configuring a One2One NAT Rule 1. Requirements In this example, a business has a single static IP Internet connection, and obtains eight public IP addresses (202.1.1.128/29 - 202.1.1.1.135/29) from the ISP. Therein, 202.1.1.129/29 is used as the Internet connection’s gateway IP address, 202.1.1.130/2 is...

  • Page 84: Dmz

    UTT Technologies Chapter 7 Advanced Figure 6-8 One2One NAT Rule Settings - Example Step 3 Select One2One from the NAT Type drop-down list. Step 4 Enter 202.1.1.131 in the Start External IP text box; enter 192.168.1.200 and 192.168.1.203 in the Start Internal IP and End Internal IP text boxes respectively.
  • Page 85 UTT Technologies Chapter 7 Advanced Note When a local computer is designated as the DMZ host, it loses firewall protection provided by the Gigabit Router. The DMZ host can be accessed through all the WAN interfaces. http://www.uttglobal.com Page 78...

  • Page 86: Ip/Mac Binding

    UTT Technologies Chapter 7 Advanced IP/MAC Binding This section describes the Security > IP/MAC Binding page. 6.2.1 Introduction to IP/MAC Binding 6.2.1.1 IP/MAC Binding Overview To achieve network security management, you should perform user identification before performing user authorization. In this section, we describe how to implement user identification.

  • Page 87: Ip/Mac Binding Global Settings

    UTT Technologies Chapter 7 Advanced access the Internet through the Gigabit Router, that is, it will allow them if they Allow Undefined LAN PCs check box is checked, else block them. IP/MAC binding feature can act on the packets initiated from the local computers to the Gigabit Router or outside computers.

  • Page 88: Ip/Mac Binding List

    UTT Technologies Chapter 7 Advanced 6.2.3 IP/MAC Binding List Figure 6-11 IP/MAC Binding List Add One or More IP/MAC Bindings: To add one or more IP/MAC bindings, first click the Add button to go to the IP/MAC Binding Settings page shown in Figure 6-14, next configure them, lastly click the Save button.

  • Page 89: Ip/Mac Binding Settings

    UTT Technologies Chapter 7 Advanced Note When you add the IP/MAC address pair of the computer that you use to administer the Gigabit Router into the IP/MAC Binding List, please leave the Allow check box checked. Otherwise you cannot access the Gigabit Router from that computer. If you attempt to clear the check box, you will be prompted that the operation is not permitted, see the following figure.

  • Page 90: How To Add Ip/Mac Bindings

    UTT Technologies Chapter 7 Advanced box. Note that if a computer’s IP/MAC address pair has been added in the IP/MAC Binding List, this IP/MAC address pair will not be displayed here. Bind: Click to bind all the valid IP and MAC address pairs in the text box.

  • Page 91: Internet Whitelist And Blacklist

    UTT Technologies Chapter 7 Advanced Binding List. Step 4 If you want to block the undefined local computers from accessing the Gigabit Router and Internet, please clear the Allow Undefined LAN PCs check box; else, the undefined local computers are allowed to access the Gigabit Router and Internet.
  • Page 92 UTT Technologies Chapter 7 Advanced 6.2.6.2 How to Configure an Internet Whitelist To configure an Internet whitelist, follow these steps: Step 1 Go to the Advanced > IP/MAC Binding page, and click the Add button to go to the IP/MAC Binding Settings page.
  • Page 93 UTT Technologies Chapter 7 Advanced Method One: Bind each illegal user’s IP address to a MAC address which is different from any local computer’s, and add these IP/MAC address pairs into the IP/MAC Binding List. Method Two: Add these users’ IP and MAC address pairs into the IP/MAC Binding List, and clear each IP/MAC binding’s Allow check box...

  • Page 94: Static Route

    UTT Technologies Chapter 7 Advanced Static Route This section describes the Advanced > Static Route page, where you can configure and view static routes. 6.3.1 Introduction to Static Route A static route is manually configured by the network administrator, which is stored in a routing table.

  • Page 95: Static Route Settings

    UTT Technologies Chapter 7 Advanced and click the Save button. Delete Static Route(s): There are three ways to delete static route(s). To delete a static route, directly click its icon. To delete more than one static route at a time, select the leftmost check boxes of the static routes that you want to delete, and then click the Delete button.

  • Page 96: How To Add Static Routes

    UTT Technologies Chapter 7 Advanced Interface: It specifies an outbound interface through which the packets are forwarded to the next hop gateway or router. The available options are LAN, WAN1, APClient and 3G. Save: Click to save your changes. Cancel: Click to revert to the last saved settings.
  • Page 97 UTT Technologies Chapter 7 Advanced Static Route List. Step 7 To add another new static route, please repeat the above steps. Note If you want to delete static route(s), please follow the ways described in Section 7.3.2 Static Route List.

  • Page 98: Pppoe Server

    UTT Technologies Chapter 7 Advanced PPPoE Server This section describes how to configure PPPoE server global settings and PPPoE account settings, and how to view PPPoE user status. 6.4.1 PPPoE Overview The PPPoE stands for Point-to-Point Protocol over Ethernet, which uses client/server model.
  • Page 99 UTT Technologies Chapter 7 Advanced broadcasts a PADI packet to find all the servers that can be connected possibly. Until it receives PADO packets from one or more servers. The PADI packet must contain a service name which indicates the service requested by the client.

  • Page 100: Pppoe Server Global Settings

    UTT Technologies Chapter 7 Advanced 6.4.2 PPPoE Server Global Settings Figure 6-22 PPPoE Server Global Settings Enable PPPoE Server: It allows you to enable or disable PPPoE server. If you want to enable PPPoE server on the Gigabit Router, please select this check box.

  • Page 101: Pppoe Account List

    UTT Technologies Chapter 7 Advanced 6.4.3 PPPoE Account List Figure 6-23 PPPoE Account List Add a PPPoE Account: To add a new PPPoE account, first click the Add button to go to the setup page, next configure it, lastly click the Save button.

  • Page 102: Pppoe User Status

    UTT Technologies Chapter 7 Advanced Figure 6-24 PPPoE Account Settings User Name: It specifies a unique user name of the PPPoE account. It must be between 1 and 31 characters long. The PPPoE server will use User Name and Password to identify the PPPoE client.
  • Page 103 UTT Technologies Chapter 7 Advanced Figure 6-25 PPPoE User Status List User Name: It displays the user name of the PPPoE account. The PPPoE dial-in user uses it to dial-up and establish the PPPoE session to the Gigabit Router. IP Address: It displays the PPPoE dial-in user’s IP address assigned by the PPPoE server.

  • Page 104: Chapter 7 User Management

    UTT Technologies Chapter 8 User Management Chapter 7 User Management This chapter describes how to control and manage the Internet behaviors of the LAN users, including global management and group management. Global Management This section describes the User > Global Management page.
  • Page 105 UTT Technologies Chapter 8 User Management Block QQ: It allows or blocks QQ application. If you want to block the LAN users from using QQ to chat with others, please select this check box. Block MSN: It allows or blocks MSN Messenger. If you want to block the LAN users from using MSN Messenger to chat with others, please select this check box.

  • Page 106: An Example For Global Management Policy

    Chapter 8 User Management 7.1.2 An Example for Global Management Policy A business uses a HiPER 840G Gigabit Router to access the Internet. The CEO wants to block the employees from using MSN and BT applications during business hours (Monday to Friday, 9:00 to 17:00).

  • Page 107: Group Management

    UTT Technologies Chapter 8 User Management Group Management This section describes the User > Group Management page. In this page, you can group the users that have the same Internet access privileges into a user group, and assign a range of contiguous IP addresses to them. After that, you can create group management policies for each group based on schedule.

  • Page 108: Group Management Policy Settings

    UTT Technologies Chapter 8 User Management Add a Group Management Policy: To add a new group management policy, first click the Add button to go to the Group Management Settings page, next configure it, lastly click the Save button. View Group Management Policy(s): When you have configured one or more group management policies, you can view them in the Group Management List.
  • Page 109 UTT Technologies Chapter 8 User Management Figure 7-6 Group Management Policy Settings Group Name: It specifies a unique name of group. Start IP Address and End IP Address: They specify a range of contiguous IP addresses. All the computers within the specified range are members of the group, and are subject to the group management policy.

  • Page 110: Execution Order Of Group Management Policies

    MSN, but other users cannot. 7.2.5 An Example for Group Management Policy 1. Requirements A business uses a HiPER 840G Gigabit Router to access the Internet. The CEO wants to control Internet behaviors of the employees of the Administration Department and Business Department: Block the Administration Department’s employees (IP range: 192.168.1.2-...
  • Page 111 UTT Technologies Chapter 8 User Management The exception is that the CEO with IP address 192.168.1.6 can access any services. Allow the Business Department’s employees (IP range: 192.168.1.11-192.168.1.30) to access any services. 2. Analysis We need to create three group management policies to meet the requirements: Group management policy 1: It allows the CEO to access all Internet services.
  • Page 112 UTT Technologies Chapter 8 User Management Step 3 Click the Add button to go to the Group Management Settings page to create the policy 2. The detailed settings are shown in Figure 7-8. Figure 7-8 Group Management Policy Example - Policy 2...
  • Page 113 UTT Technologies Chapter 8 User Management Figure 7-9 Group Management Policy Example - Policy 3 Step 5 After you have configured the three policies, you can view them in the Group Management List, see Figure 7-10. Figure 7-10 Group Management List – Example http://www.uttglobal.com...
  • Page 114 UTT Technologies Chapter 8 User Management Figure 7-11 Group Management List – Example (Continue) http://www.uttglobal.com Page 10710710...

  • Page 115: Chapter 8 Firewall

    UTT Technologies Chapter 9 Firewall Chapter 8 Firewall This chapter describes how to configure firewall features, including access control, domain filtering, and attack prevention. Access Control This section describes the Firewall > Access Control page, which includes the Access Rule List and Access Rule Settings.
  • Page 116 UTT Technologies Chapter 9 Firewall first rule that matches the packet is applied, and the specified Action (Allow or Deny) is taken. After a match is found, no further rules are checked. Note that the rules are listed in decreasing order of priority in the Access Rule List: The rule with a higher priority is listed before the one with a lower priority.

  • Page 117: Access Rule List

    UTT Technologies Chapter 9 Firewall Router checks each received packet against the access rules in the Access Rule List, and the first access rule that matches a packet determines whether the Gigabit Router accepts or drops the packet. If the rule’s Action is Allow, the packet is forwarded. If the rule’s Action is Deny, the packet is dropped.

  • Page 118: Access Rule Settings

    UTT Technologies Chapter 9 Firewall Figure 8-3 Access Rule List (Continue) Add an Access Rule: To add a new access rule, first click the Add button to go to the Access Rule Settings page, next configure it, lastly click the Save button.
  • Page 119 UTT Technologies Chapter 9 Firewall 8.1.3.1 Access Rule Settings - IP Filtering Figure 8-4 Access Rule Settings - IP Filtering Name: It specifies a unique name of the access rule. Enable: It allows you to enable or disable the access rule. The default value is checked, which means the access rule is in effect.
  • Page 120 UTT Technologies Chapter 9 Firewall be repeated. Action: It specifies the action to be taken if a packet matches the access rule. The available options are Allow and Deny. Allow: It indicates that the Gigabit Router will allow the packets matching the ●...
  • Page 121 UTT Technologies Chapter 9 Firewall 8.1.3.2 Access Rule Settings - URL Filtering Figure 8-5 Access Rule Settings - URL Filtering The parameters Name, Source IP Range, Priority and Action, and Schedule related parameters are the same as those of the IP Filtering access rule, please refer to Section 9.1.3.1 Access Rule Settings - IP Filtering for detailed information.
  • Page 122 The URL filtering rules cannot be used to control users’ access to other services through a web browser. For example, to control users’ access to ftp://ftp.utt.com.cn, you need to configure an IP filtering rule to allow or deny ftp service.

  • Page 123: Configuration Examples For Access Rule

    UTT Technologies Chapter 9 Firewall 9.1.3.1 Access Rule Settings - IP Filtering for detailed information. Filtering Type: It specifies the filtering type of the access rule. The options are IP Filtering, URL Filtering, and Keyword Filtering. Here please select Keyword Filtering.
  • Page 124 UTT Technologies Chapter 9 Firewall Figure 8-7 Access Rule List - Example 1 Figure 8-8 Access Rule List - Example 1 (Continue) Figure 8-9 Access Rule List - Example 1 (Continue) 8.1.4.2 Example 2 - Only Block a Group of Users from Accessing Certain Services In this example, we want to block a group of users (IP address range: 192.168.1.80...
  • Page 125 UTT Technologies Chapter 9 Firewall access any other services. We need to create three access rules to meet the requirements: Access rule 1: It blocks those users from accessing www.bbc.com. ● Access rule 2: It blocks those users from accessing www.cnn.com.
  • Page 126 UTT Technologies Chapter 9 Firewall Figure 8-12 Access Rule List - Example 2 (Continue) 8.1.4.3 Example 3 - Control Internet Behaviors of a Group of Users based on Schedule In this example, we want to only allow a group of users (IP address range: 192.168.1.150 -192.168.1.200) to access web service during business hours (Monday to Friday, 9:00 to...
  • Page 127 UTT Technologies Chapter 9 Firewall Figure 8-14 Access Rule List - Example 3 (Continue) Figure 8-15 Access Rule List - Example 3 (Continue) 8.1.4.4 Example 4 - Control Internet Behaviors of a Single User You can assign a range of contiguous IP addresses to the users that have the same Internet access privileges, and then create access rules for the user group.
  • Page 128 UTT Technologies Chapter 9 Firewall Figure 8-16 Access Rule List - Example 4 Figure 8-17 Access Rule List - Example 4 (Continue) Figure 8-18 Access Rule List - Example 4 (Continue) http://www.uttglobal.com Page 12112112...

  • Page 129: Domain Filtering

    UTT Technologies Chapter 9 Firewall Domain Filtering This section describes the Firewall > Domain Filtering page. The domain filtering feature allows you to block access to unwanted websites in your organization. 8.2.1 Domain Filtering Global Settings Figure 8-19 Domain Filtering Global Settings Enable Domain Filtering: It allows you to enable or disable domain filtering.
  • Page 130 UTT Technologies Chapter 9 Firewall Router will block the LAN users from accessing these domain names. Add a Domain Name: To add a domain name to the Domain Name List, enter the domain name of the website that you want to block in the Domain Name text box, and then click the Add button.

  • Page 131: Attack Prevention

    UTT Technologies Chapter 9 Firewall Attack Prevention This section describes the Firewall > Attack Prevention page. Figure 8-21 Attack Prevention Settings Enable DDoS Prevention: It is used to enable or disable DDoS prevention. If you select the check box to enable this feature, it will effectively protect the Gigabit Router against popular DoS/DDoS attacks.

  • Page 132: Chapter 9 Vpn

    UTT Technologies Chapter 10 VPN Chapter 9 VPN The Gigabit Router supports PPTP client feature. PPTP is a VPN tunneling protocol which encapsulates PPP frames in IP packets for transmission over a public IP network such as the Internet. PPTP is based on client/server model. The PPTP client initiates a PPTP connection to the server, while the PPTP server accepts the incoming PPTP connection from the client.

  • Page 133: Protocol Overview

    NAT devices. Most NAT devices can translate TCP-based packets for PPTP tunnel maintenance. However, many NAT devices or firewalls cannot handle GRE packets, thus the PPTP data packets with the GRE header cannot pass them. The UTT products support NAT traversal for PPTP tunnels.

  • Page 134: Packet Flow - Pptp Client

    UTT Technologies Chapter 10 VPN 9.1.2 Packet Flow - PPTP Client Figure 9-2 PPTP Packet Flow As shown in Figure 9-2, during the PPTP tunnel establishment and data transmission processes, the packet flow through the PPTP client can be summarized as follows:...

  • Page 135: User Authentication

    UTT Technologies Chapter 10 VPN The PPTP client sends the PPTP packets to the PPTP server through the PPTP tunnel ((10) in Figure 9-2). The PPTP client receives the PPTP packets from the PPTP server, and performs decapsulation ((15) in Figure 9-2).
  • Page 136 UTT Technologies Chapter 10 VPN the encapsulated packet is likely to exceed the MTU of the outbound physical interface. This causes the encapsulated packet to be fragmented before transmission, and the PPTP receiver is responsible for reassembling the fragments back into the original encapsulated packet before decapsulation.

  • Page 137: Pptp Sessions Limit

    UTT Technologies Chapter 10 VPN 9.1.6 PPTP Sessions Limit The Gigabit Router supports two concurrent PPTP sessions (i.e., tunnels) at most. If there are already two active PPTP sessions on the Gigabit Router, the system will reject any request for creating a new PPTP session and prompt you.

  • Page 138: Pptp Client List

    UTT Technologies Chapter 10 VPN None: It means that no authentication is performed. • Either: It means that the Gigabit Router will automatically negotiate it with the • remote VPN appliance. Remote Subnet IP: It specifies the subnet IP address of the remote network. In most cases, you may enter the IP address of the remote VPN appliance’s LAN interface.

  • Page 139: Configuration Example For Pptp Client

    As shown in Figure 9-8, we will use PPTP to establish a VPN tunnel, deploy a HiPER 840G Gigabit Router acting as a PPTP client at the branch office, and another VPN appliance (a UTT VPN gateway is recommended) acting as a PPTP server at the head office. The IP addresses are as follows: The HiPER 840G (PPTP Client) at the branch office: LAN Subnet: 192.168.1.0/255.255.255.0...

  • Page 140: Ipsec Vpn

    9.5.1 Introduction to IPSec Implementation As shown inTable 11-1 Four Types of IPSec VPN Configuration, the UTT VPN gateway supports four types of IPSec VPN configuration. Key Mode...
  • Page 141 UTT Technologies Chapter 10 VPN Manual Key Gateway-to-Gateway IPSec VPN http://www.uttglobal.com Page 13413413...
  • Page 142 (another UTT VPN gateway or compatible VPN appliance) has a static IP address; and in the last type, the local UTT VPN gateway has a static IP address, while the remote endpoint (another UTT VPN gateway or compatible VPN appliance) has a dynamic IP address.
  • Page 143 IPSec supports two methods to create security associations (SAs): The SAs can be created manually by the system administrator, which is called • Manual Key on the UTT VPN gateway; The SAs can be negotiated and created dynamically by IKE, which is called AutoKey •...

  • Page 144: Tunnel Mode

    When both endpoints of an IPSec tunnel are hosts, you can use transport mode or tunnel mode. When either end of the tunnel is a security gateway (such as a router or firewall), or both ends are security gateways, you must use tunnel mode. On the UTT VPN gateway, IPSec always operates in tunnel mode.

  • Page 145: Key Management

    The term key management refers to the creation, distribution, storage and deletion of keys. Key management is a critical part of IPSec. IPSec uses cryptographic keys for authentication and encryption. On the UTT VPN gateway, IPSec supports both manual and automatic key management.
  • Page 146 IPSec tunnel. In this case, if the UTT VPN gateway receives a packet matching an IPSec security policy, it will encrypt and authenticate the packet, and then send it to the remote endpoint through the IPSec tunnel.
  • Page 147 When both IPSec endpoints agree to accept at least one set of the proposed phase 1 security parameters and then process them, a successful phase 1 negotiation concludes. When acting as an initiator, the UTT VPN gateway supports up to 12 phase 1 proposals, which allow you to specify a series of security parameters; when acting as a responder, it can accept any phase 1 proposal.
  • Page 148 UTT Technologies Chapter 10 VPN Second exchange (message 3 and 4): A Diffie-Hellman exchange is ● performed. Each endpoint exchanges a nonce (i.e., random number). Third exchange (message 5 and 6): Identities of both endpoints are ● exchanged and verified.
  • Page 149 UTT Technologies Chapter 10 VPN There are five basic DH groups (UTT VPN gateway supports DH groups 1, 2, and 5). Each DH group has a different size modulus. A larger modulus provides higher security, but requires more processing time to generate the key. The modulus of DH groups 1, 2,...
  • Page 150 DPD check box to enable DPD feature, and configure the parameter Heartbeat Interval to specify a time interval at which the UTT VPN gateway periodically sends DPD heartbeat messages to the peer to verify its availability (section 6.1.2.2).
  • Page 151 IPSec header; if not, the packet will be forwarded directly. Else, the UTT VPN gateway will authenticate and/or decrypt the packet, and then forward the resulting packet (i.e., initial packet) to its intend destination.
  • Page 152 IPSec tunnel is not established, it will initiate IKE negotiation to establish a pair of IPSec SAs (that is, an IPSec tunnel). After the IPSec tunnel is established, the UTT VPN gateway will do the required IPSec processing (e.g., encryption and/or authentication) before sending the packet to the remote endpoint through the tunnel;...
  • Page 153 UTT Technologies Chapter 10 VPN 9.5.1.7 Packet Flow – IPSec Initiator Figure 11-16 IPSec Packet Flow As shown in Figure 11-16 IPSec Packet Flow, during the IPSec tunnel establishment and data transmission processes, the packet flow through the IPSec initiator can be...
  • Page 154 IPSec tunnel. 9.5.1.9MTU and Fragmentation The UTT VPN gateway will fragment an IP packet if it exceeds the MTU of the outbound physical interface. For example, a standard Ethernet-type interface has a MTU of 1500 bytes, thus the UTT VPN gateway will fragment a packet exceeding 1500 bytes in order to transmit it over the Ethernet interface.
  • Page 155 IPSec switching path. To solve this problem, the UTT VPN gateway allows you to set the IPSec tunnel MTU to minimize the fragmentation. If an IP packet exceeds the specified MTU, it will be fragmented by the original host before transmission.
  • Page 156 UTT Technologies Chapter 10 VPN On the UTT VPN gateway, the IPSec tunnel MTU is 1400 bytes by default. In most cases, please leave the default value because it can meet most application needs. 9.5.1.10 IPSec NAT Traversal Network Address Translation (NAT) is a technology that allows multiple hosts on a private network to share a single or a small group of public IP addresses.

  • Page 157: Ipsec Settings-Autokey (Ike)

    UTT Technologies Chapter 10 VPN 9.5.1.11 IPSec Sessions Limit The maximum number of concurrent IPSec sessions (i.e., tunnels) is depends on the specific product model. If the number of active VPN sessions has reached the maximum value, the system will reject any request for creating a new IPSec session and pop up a prompt dialog box shown in Figure 11-19 Prompt Dialog Box –...
  • Page 158 If both IPSec endpoints have static IP addresses, you can choose Bidirectional as the connection type (see Figure 11-22 IPSec Settings (AutoKey (IKE) – Bidirectional)). In this case, the local UTT VPN gateway can act as an initiator or responder; and neither local ID nor remote ID is required.
  • Page 159 Save: Click it to save the IPSec settings. 2) Originate-Only (Dynamic-to-Static IPSec VPN) If the local UTT VPN gateway has a dynamically assigned IP address, and the remote endpoint (another UTT VPN gateway or compatible VPN appliance) has a static IP address, you can choose Originate-Only as the connection type (see Figure 11-23 IPSec Settings (AutoKey (IKE) –...
  • Page 160 The difference is that this connection type requires identity authentication. Specifically, the identity authentication for the local UTT gateway is required, that is, the local UTT gateway should provide its identity information to the remote IPSec endpoint for authentication;...
  • Page 161 IPSec device to authenticate the local UTT VPN gateway. ID Value (Local): It specifies the identity of the local UTT VPN gateway. In this connection type, it is a required parameter. Please enter an ID value according to the selected ID Type (Local).
  • Page 162 ID Value (Local). ID Value (Local): It specifies the identity of the local UTT VPN gateway. In this connection type, it is a required parameter. Please enter an ID value according to the selected ID Type (Local).
  • Page 163 UTT Technologies Chapter 10 VPN Figure 11-25 IPSec Settings (AutoKey (IKE) – Advanced Options (Main Mode) http://www.uttglobal.com Page 19619619...
  • Page 164 UTT Technologies Chapter 10 VPN Figure 11-26 IPSec Settings (AutoKey (IKE) – Advanced Options (Aggressive Mode) Advanced Options: Click this hyperlink to view and configure advanced parameters. In most cases, you need not configure them. Exchange Mode: It specifies the exchange mode used for IKE phase 1 negotiation.
  • Page 165 DPD: It is used to enable or disable DPD, which allows the UTT VPN gateway to detect an unresponsive peer. If you select this check box to enable DPD, the UTT...
  • Page 166 3DES, the authentication algorithm is md5, and the DH group is DH group 2. In the Web UI, the UTT VPN gateway provides four phase 1 proposals by default; therefore, you need not configure phase 1 proposals in some cases. In addition, it allows you to configure phase 1 proposals as required.

  • Page 167: Ipsec List

    AES256 algorithm, ESP authentication with SHA algorithm and AH authentication with MD5 algorithm. By default, the UTT VPN gateway provides one phase 2 proposal by the parameter P2 Encrypt/Auth Algorithms 1 (default value is esp-3des) in the Web UI. In addition, it allows you to choose up to four phase 2 proposals in the Web UI, and twelve phase 2 proposals in the CLI.

  • Page 168: How To Add, View, Edit And Delete Ipsec Entries

    UTT Technologies Chapter 10 VPN Unestablished The IKE SA and IPSec SAs are not established. IKE Negotiating IKE Phase 1 negotiation is in progress; the IKE SA is not established yet. IPSec Negotiating The IKE SA is established; IKE Phase 2 negotiation is in progress.

  • Page 169: Configuration Examples For Ipsec - Autokey

    Bidirectional (Gateway-to-Gateway IPSec VPN): Both IPSec endpoints have static ● IP addresses. In this case, the local UTT VPN gateway can act as an initiator or responder. Answer-Only (Static-to-Dynamic IPSec VPN): The local UTT VPN gateway has a ●...
  • Page 170 In this scenario (seeFigure 11-28 Network Topology – UTT VPN Gateway and UTT VPN Gateway (Bidirectional)), we deploy two UTT VPN gateways at a company: one is located at the head office, and the other is located at the branch office. Now we want to use AutoKey (IKE) mode to establish an IPSec tunnel between them, and use the following proposals (i.e., encryption and authentication algorithms): the phase 1 proposals...
  • Page 171 On the UTT VPN gateway, you can go to the VPN > IPSec > IPSec List page to view the configuration of the IPSec tunnel, including the Remote Gateway, Remote Subnet IP, Bind to and Local Subnet IP, see Figure 11-29 IPSec List –...
  • Page 172 (another UTT VPN gateway or compatible VPN appliance) has a dynamically assigned IP address (PPPoE or DHCP), you can choose Answer-Only as the connection type. In this case, the local UTT VPN gateway can only act as a responder, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.
  • Page 173 1 proposals are left at their default values, and the preferred phase 2 proposal is esp-aes192-sha; in addition, the preshared key is testing, the originator’s ID type is Email address and value is hiper@utt.com.cn, and the IP addresses are as follows: The UTT VPN gateway at the head office: WAN Interface IP Address: 200.200.202.123/24...
  • Page 174 On the UTT VPN gateway, you can go to the VPN > IPSec > IPSec List page to view the configuration of the IPSec tunnel, including the Remote Gateway, Remote Subnet IP, Bind to and Local Subnet IP, see Figure 11-31 Responder’s IPSec List –...
  • Page 175 Figure 11-31 Responder’s IPSec List – UTT VPN Gateway to UTT VPN Gateway (Answer-Only) Viewing the UTT VPN gateway at the branch office The following figure shows the configuration and status of the IPSec tunnel on the UTT VPN gateway with a dynamic IP address at the branch office.
  • Page 176 IP address, you can choose Originate-Only as the connection type. In this case, the local UTT VPN gateway can only act as an initiator, and both IPSec endpoints should use aggressive mode for phase 1 IKE negotiation.

  • Page 177: Chapter 10 System Administration

    UTT Technologies Chapter 11 System Administration Chapter 10 System Administration This chapter describes how to perform maintenance activities on the Gigabit Router, including administrator settings, system time settings, configuration backup and restore, firmware upgrade, remote management, and scheduled task settings.

  • Page 178: Administrator Settings

    UTT Technologies Chapter 11 System Administration To delete an administrator account, directly click its icon. To delete more than one administrator account at a time, select the leftmost check boxes of the administrator accounts that you want to delete, and then click the Delete button.

  • Page 179: System Time

    UTT Technologies Chapter 11 System Administration 10.2 System Time This section describes the Administration > Time page, see Figure 10-3. To ensure that the time-related features (e.g., DDNS, Schedule, Access Control, etc.) work well, you should synchronize the system clock.
  • Page 180 UTT Technologies Chapter 11 System Administration SNTP Server 1 IP Address ~ SNTP Server 3 IP Address: It allows you to configure up to three SNTP servers on the Gigabit Router. The Server 1 is the primary server (the default is 192.43.244.18), and the Server 2 is the first backup server (the default is 129.6.15.28), and the Server 3 is the second backup server (the default is 0.0.0.0).

  • Page 181: Configuration

    UTT Technologies Chapter 11 System Administration 10.3 Configuration This section describes the Administration > Configuration page, where you can backup the current configuration file to the local PC, restore your previous configuration using the backup configuration file, and reset the Gigabit Router to factory default settings.

  • Page 182: Reset To Factory Defaults

    UTT Technologies Chapter 11 System Administration 10.3.3 Reset to Factory Defaults Figure 10-6 Reset to Factory Defaults Reset: To reset the Gigabit Router to factory default settings, click the Reset button, and then restart the Gigabit Router. Note After performing the reset operation, you must manually restart the Gigabit Router in order for the default settings to take effect.

  • Page 183: Firmware Upgrade

    This section describes the Administration > Firmware page, where you can view the current firmware version information, download the latest firmware from the website of UTT Technologies Co., Ltd., and upgrade the firmware. Figure 10-7 Firmware Upgrade Current Firmware Version: It displays the version of the current firmware installed on the Gigabit Router.
  • Page 184 UTT Technologies Chapter 11 System Administration Step 3 Renewing the firmware Click the Upgrade button to renew the Gigabit Router’s firmware. If you click the Upgrade button, you will be prompted to confirm the upgrade (see Figure 10-8). Then you can click OK to upgrade the firmware and restart the Gigabit Router, or click Cancel to cancel the operation.

  • Page 185: Remote Access

    UTT Technologies Chapter 11 System Administration 10.5 Remote Access This section describes the Administration > Remote Access page. In this page, you can enable HTTP remote management, which allows you to access the Gigabit Router’s Web UI from anywhere over the Internet.

  • Page 186: Scheduled Task

    UTT Technologies Chapter 11 System Administration 10.6 Scheduled Task This section describes the Administration > Scheduled Task page, where you can create and view the scheduled tasks. With scheduled tasks, the Gigabit Router can periodically start each task at the time you specify.

  • Page 187: Scheduled Task List

    UTT Technologies Chapter 11 System Administration 10.6.2 Scheduled Task List Figure 10-11 Scheduled Task List Figure 10-12 Scheduled Task List (Continue) Add a Scheduled Task: To add a new scheduled task, first click the Add button to go to the Scheduled Task Settings page, next configure it, lastly click the Save button.

  • Page 188: Chapter 11 Status

    UTT Technologies Chapter 12 Status Chapter 11 Status This chapter describes how to view the wired status and wireless status, the traffic statistics for each interface, and system information including the current system time, system up time, system resources usage information, firmware version, and system log.
  • Page 189 UTT Technologies Chapter 12 Status Figure 11-2 System Status - Wireless Status Wired Status: Refer to Section 4.2.1 Wired Status for detailed information. ● Note The Wired Status page and Wireless Status page only display the status information of the interfaces that have been configured.

  • Page 190: Traffic Statistics

    UTT Technologies Chapter 12 Status 9.5 Traffic Statistics This section describes the ingress and egress traffic statistics for each interface. Figure 11-3 Traffic Statistics WAN1, 3G, APClient and LAN: You can view the traffic statistics for each interface, including the number of bytes received and transmitted, and the number of packets received and transmitted.

  • Page 191: System Information

    UTT Technologies Chapter 12 Status 11.3 System Information This section describes the Status > System Info page, which includes the current system time, system up time, system resources usage information, SN, firmware version, and system log. System information can help you identify and diagnose the source of current system problems, or help you predict potential system problems.
  • Page 192 UTT Technologies Chapter 12 Status SN: It displays the internal serial number of the Gigabit Router, which may be different from the SN found on the label at the bottom of the Gigabit Router. Version: It displays the version of the current firmware installed on the Gigabit Router.

  • Page 193: Chapter 12 Support

    Chapter 12 Support The Support page provides links to the UTTCare, Forum, Knowledge and Reservation page of the UTT website, which can help you quickly learn the UTT Technologies service system and enjoy the most intimate and professional services. Figure 12-1 Support As shown in Figure 12-1, it allows you to click each Learn More hyperlink to directly open the corresponding page of the UTT website.

  • Page 194: Appendix A How To Configure Your Pc

    UTT Technologies Appendix A How to configure your PC Appendix A How to Configure Your PC This appendix describes how to configure TCP/IP settings on a Windows XP-based computer. There are two ways to configure TCP/IP settings: manually configuring TCP/IP settings, and automatically configuring TCP/IP settings with DHCP.
  • Page 195 UTT Technologies Appendix A How to configure your PC Figure A-0-1 Local Area Connection Properties In the Internet Protocol (TCP/IP) Properties dialog box (see Figure A-0-2), select the Use the following IP address option , enter 192.168.1.x (x is between 2 and 254, including 2 and 253) in the IP address text box, 255.255.255.0 in the Subnet mask...
  • Page 196 UTT Technologies Appendix A How to configure your PC On the Windows taskbar, click Start > Settings > Control Panel. Double-click the Network Connections icon, right-click the Local Area Connection icon and select Properties. On the General tab (see Figure A-0-1), in the This connection uses the following items box, click the Internet Protocol (TCP/IP) item, and then click the Properties button.
  • Page 197 UTT Technologies Appendix A How to configure your PC Click Install. Click Protocol, and then click Add. Click Have Disk. In the Copy manufacturer's files from box, type System_Drive_Letter:\windows\inf, and then click OK. In the list of available protocols, click Internet Protocol (TCP/IP), and then click Restart your computer.

  • Page 198: Appendix B Faq

    UTT Technologies Appendix B FAQ Appendix B FAQ How to connect the Gigabit Router to the Internet using PPPoE? Step 1 Set your ADSL Modem to bridge mode (RFC 1483 bridged mode). Step 2 Please make sure that your PPPoE Internet connection use standard dial-type.

  • Page 199: How To Connect The Gigabit Router To The Internet Using Static Ip

    UTT Technologies Appendix B FAQ Figure B-0-2 Viewing PPPoE Connection Status in the Internet Connection List (Continue) Step 8 Configure the local computers according to the steps described in Appendix A How to Configure Your PC. How to connect the Gigabit Router to the Internet...
  • Page 200 UTT Technologies Appendix B FAQ Step 3 Configure the DHCP Internet connection related parameters in the Start > Setup Wizard or the Network > WAN page. Note Some ISPs register the MAC address of your network device (usually a computer) when your account is first opened, and they will only accept traffic from that MAC address.

  • Page 201: How To Reset The Gigabit Router To Factory Default Settings

    UTT Technologies Appendix B FAQ How to reset the Gigabit Router to factory default settings? Note The reset operation will clear all the custom settings on the Gigabit Router, so do it with caution. The following describes how to reset the Gigabit Router to factory default settings. There are two cases depending on whether you remember the administrator password or not.

  • Page 202: Appendix C Common Ip Protocols

    UTT Technologies Appendix C Common IP Protocols Appendix C Common IP Protocols Protocol Name Protocol Number Full Name Internet Protocol ICMP Internet Protocol Message Protocol IGMP Internet Group Management Gateway-Gateway Protocol IPINIP IP in IP Tunnel Driver Transmission Control Protocol...

  • Page 203: Appendix D Common Service Ports

    UTT Technologies Appendix D Common Service Ports Appendix D Common Service Ports Service Name Port Protocol Description echo echo discard discard systat Active users systat Active users daytime daytime qotd Quote of the day qotd Quote of the day chargen...
  • Page 204 UTT Technologies Appendix D Common Service Ports domain Domain Name Server bootps Bootstrap Protocol Server bootpc Bootstrap Protocol Client tftp Trivial File Transfer gopher finger http World Wide Web kerberos Kerberos kerberos Kerberos hostname NIC Host Name Server iso-tsap ISO-TSAP Class 0...
  • Page 205 UTT Technologies Appendix D Common Service Ports snmp snmptrap SNMP trap print-srv Network PostScript Border Gateway Protocol Internet Relay Chat Protocol IPX over IP ldap Lightweight Directory Access Protocol https MCom https MCom microsoft-ds microsoft-ds kpasswd Kerberos (v5) kpasswd Kerberos (v5)
  • Page 206 UTT Technologies Appendix D Common Service Ports conference netnews netwall For emergency broadcasts uucp klogin Kerberos login kshell Kerberos remote shell new-rwho remotefs rmonitor monitor ldaps LDAP over TLS/SSL doom Doom Id Software doom Doom Id Software kerberos-adm Kerberos administration...
  • Page 207 UTT Technologies Appendix D Common Service Ports radacct 1813 RADIUS accounting protocol nfsd 2049 NFS server knetd 2053 Kerberos de-multiplexor 9535 Remote Man Server http://www.uttglobal.com Page 164...

  • Page 208: Appendix E Figure Index

    UTT Technologies Appendix E Figure Index Appendix E Figure Index Figure 0-1 MAC Address Filtering List ..................3 Figure 2-1 Front Panel of the Gigabit Router ................. 11 Figure 2-2 Back Panel of the Gigabit Router ................13 Figure 3-1 Entering IP address in the Address Bar ..............17 Figure 3-2 Login Screen ......................17...
  • Page 209 UTT Technologies Appendix E Figure Index Figure 5-14 Load Balancing List (Continue) ................45 Figure 5-15 Connection Detection Settings ................46 Figure 5-16 LAN Interface Settings..................48 Figure 5-17 DHCP Server Settings ..................49 Figure 5-18 Static DHCP Settings ..................51 Figure 5-19 Static DHCP List ....................52 Figure 5-20 DHCP Client List ....................53...
  • Page 210 UTT Technologies Appendix E Figure Index Figure 7-2 Updating Policy .....................98 Figure 7-3 Global Management Policy - Example..............99 Figure 7-4 Group Management Policy List................100 Figure 7-5 Group Management Policy List (Continue) ............100 Figure 7-6 Group Management Policy Settings ..............102 Figure 7-7 Group Management Policy Example - Policy 1 ..........
  • Page 211 UTT Technologies Appendix E Figure Index Figure 10-6 Reset to Factory Defaults .................. 139 Figure 10-7 Firmware Upgrade..................... 140 Figure 10-8 Prompt Dialog Box - Firmware Upgrade ............141 Figure 10-9 Remote Access Settings..................142 Figure 10-10 Scheduled Task Settings .................. 143 Figure 10-11 Scheduled Task List ..................

  • Page 212: Appendix F Table Index

    UTT Technologies Appendix F Table Index Appendix F Table Index Table 0-1 Common Button Descriptions....................3 Table 0-2 Basic Elements and Features of the List ................. 4 Table 0-3 Factory Default Settings ......................5 Table 2-1 Description of LEDs on the Front Panel ................12 Table 2-2 Description of Ports on the Rear Panel .................

Table of Contents