1. Manuals
  2. Brands
  3. ETIC Manuals
  4. Firewall
  5. IPL-E
  6. Setup manual

ETIC IPL-E Setup Manual

Ethernet adsl cellular routeur firewall
Hide thumbs Also See for IPL-E:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
IPL-E
IPL-A
IPL-C
Ethernet ADSL Cellular Routeur Firewall
_________________
SETUP GUIDE
_________________
Document reference : 9023409-01

Advertisement

Table of Contents
loading

Related Manuals for ETIC IPL-E

Summary of Contents for ETIC IPL-E

  • Page 1 IPL-E IPL-A IPL-C Ethernet ADSL Cellular Routeur Firewall _________________ SETUP GUIDE _________________ Document reference : 9023409-01...
  • Page 2 The IPL family of IP routers is manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL : + 33 4-76-04-20-00 Hotline : + 33 4-76-04-20-05 FAX : + 33 4-76-04-20-01 E-mail : hotline@etictelecom.com web : www.etictelecom.com...

  • Page 3: Table Of Contents

    CONTENT CONTENT ........................... 3 OVERVIEW ..........................7 SUBJECT OF THE MANUAL ....................7 MAIN FEATURES OF THE IPL ROUTERS ................7 IPL ROUTER ORGANISATION ..................... 9 PREPARING THE SETUP ......................11 FIRST SETUP ........................11 PROTECTING THE ACCESS TO THE ADMINISTRATION WEB SERVER ....... 11 HTTPS SET-UP MODIFICATIONS THROUGH THE WAN INTERFACE ........
  • Page 4 CONTENT IPL ROUTER SETUP REMOTE ACCESS CONNECTION ..................31 Advantages of a remote access connection ............31 Types of remote access connections ..............33 HTTPS connection and portal for smartphones, tablets or PCs ......34 7.3.1 Overview .......................... 34 7.3.2 Set-up ..........................
  • Page 5 CONTENT … IPL ROUTER SETUP ADVANCED NAT ......................60 15.1 Overview ......................60 15.2 Set-up ........................ 61 DYNDNS OR NOIP SET-UP ....................62 16.1 Overview ......................62 16.2 Set-up ........................ 62 FIREWALL SET-UP ......................64 17.1 Overview ......................64 17.2 Main filter ......................
  • Page 6 CONTENT MAINTENANCE ........................79 « PING » TOOL ......................... 79 « WIFI » SCANNER TOOL ....................79 FIRMWARE UPDATE ......................79 Page 6 Setup Guide 9023409-01 Ethernet ADSL Cellular Routeur Firewall...

  • Page 7: Overview

    OVERVIEW Subject of the manual This manual describes how to set-up the IPL family of routers manufactured by ETIC TELECOM That manual applies in particular to the models listed below : Ethernet interfaces IP router IPL-E ADSL router IPL-A Cellular LTE-UMTS-GPRS router...
  • Page 8 OVERVIEW Remote access server for PC, tablet or smartphone The IPL routers provide a powerful and flexible remote access service. PPTP, L2TP/IPSec, OpenVPN or HTTPS remote access connections can be set-up. Remote users are authenticated, and particular access rights can be assigned to each remote user according to his identity.

  • Page 9: Ipl Router Organisation

    (LAN interface). ADSL router IPL-A WAN interface Depending on the model, the IPL routers provide the following WAN interfaces to reach te Internet or a company network : WAN interface of the IPL routers IPL-E IPL-EW IPL-A IPL-AW IPL-C IPL-CW...
  • Page 10 OVERVIEW Remote access server location The remote users can connect to the WAN interface of the router. Firewall The deny of service filter protects against Internet attacks. The main filter filters IP frames between the LAN interface on one hand and the WAN interface or transmitted inside a VPN or transmitted inside a remote user connection on the other hand.

  • Page 11: Preparing The Setup

    PREPARING THE SETUP First setup from factory, the IP address of the router is 192.168.0.128. Step 1 : Create or modify the PC IP connection. Assign to the PC an IP @ in accordance with the router RAS IP address. For the first configuration, assign for instance 192.168.0.127 to the PC.

  • Page 12: Https Set-Up Modifications Through The Wan Interface

    PREPARING THE SETUP HTTPS set-up modifications through the WAN interface The administration web server is located at the LAN IP address. Coming from factory, access to the administration web server is not allowed through the WAN interface To use HTTPS instead of HTTP to setup the product or to authorise access to the administration web server through the WAN interface, •...

  • Page 13: Saving Or Restoring A Set Of Parameters

    In a second step, any set stored inside the router and displayed with the Configurations table can be saved as an editable file stored outside the ETIC router. Inversely, a saved file can be loaded to the product Configurations table and then, if necessary, declared as the active set of parameters.

  • Page 15: Ipl Router Set-Up

    IPL ROUTER SET-UP IPL ROUTER SET-UP To configure the router, we advise to proceed as follows : Function Menu WAN connection set-up WAN interface Ethernet WAN ADSL setup Cellular network WiFi network (the router RAS is a WiFI client) LAN interface set-up LAN Interface The Ethernete &...

  • Page 16: Ethernet / Wan Interface Setup

    « Connection type » list : The Ethernet value is the default value. It has to be selected when another router connected to the Ethernet/WAN interface of the ETIC router is in charge of routing the IP frames to the internet The PPPOE value must be selected only in a particular situation : When it is selected, the IPL router sets a PPP connection over Ethernet towards a service provider for instance.
  • Page 17 IPL ROUTER SET-UP Choice Ethernet PPPoE “Priority” parameter That parameter defines the priority of the path when more than one path is selected (Cellular & Ethernet WAN, for instance). The router will use as a priority the path to which the highest value is assigned;...

  • Page 18: Adsl Interface Setup

    IPL ROUTER SET-UP ADSL interface setup That section applies to the IPL-A ADSL router and to the IPL-DAC ADSL & cellular router. • Select the Set-up > WAN menu « WAN type » list : Select the “ADSL” value. ADSL modem configuration ”Modulation”...
  • Page 19 IPL ROUTER SET-UP IP configuration of the ADSL line depending on the PPPoE PPPoA IPoA “Priority” parameter Enter a medium value « PPP login» & «PPP pasword»: Enter the ADSL account values «PPPoE service name » parameter : It is thename of the service provided by the operator It is usually not necessary to enter that paramater “Obtain an IP address automatically”...

  • Page 20: Cellular Interface Setup

    IPL ROUTER SET-UP Cellular interface setup Two SIM cards can be inserted in the router to allow the use of two different cellular networks . The network corresponding o the SIM card Nr1 is the main network, while the other one is the backup network.

  • Page 21: Using The Sim Cards 1 And 2

    IPL ROUTER SET-UP « Cellular network » parameter : The router RAS is supposed to connect to the best cellular relay available. However, in particular situations, it may be useful to force the router RAS to use a particular service. That parameter gives the choice to select either the LTE 4G service, or the UMTS 3G service or the GPRS- EDGE service.

  • Page 22: Cellular Connection Control

    IPL ROUTER SET-UP Example : T1 Network 1 failure confirmation time = 20 mn T1 Network 2 failure confirmation time = 20 mn T3 Minimum connection time on network 2 = 12 hours «Network 1 failure confirmation time » parameter See above.

  • Page 23: Wifi Interface Setup

    IPL ROUTER SET-UP WiFi interface setup Remark : The WiFi scanner makes possible to detect the WiFi networks around the router RAS. To use the WiFi scanner, select the Diagnostic > Tools > WiFi scanner menu. To set-up the WiFi interface as a client to reach the Internet, •...

  • Page 24: Lan Interface Setup

    IPL ROUTER SET-UP LAN interface setup 5.1 Overview Ethernet switch or hub The LAN interface consists of 1 to 4 switched Ethernet 10/100 BT RJ45 connectors. An option enables to shape a hub instead of a switch for test purposes for instance. IP address of the router RAS on the LAN interface A fixed IP address must be assigned to the LAN interface of the IPL router.

  • Page 25: Ethernet & Ip Menu

    IPL ROUTER SET-UP IP adresses allocation Case 1 : Remote users connection Case 2 : VPN set between 2 routers 5.2 Ethernet & IP menu Select Set-up > LAN Interface > Ethernet & IP • Ethernet ports « hub mode enable» checkbox : If the checkbox is selected, the LAN ports behaves like a hub.
  • Page 26 IPL ROUTER SET-UP Remote access menu «Automatic management of the remote users» checkbox : If that checkbox is selected, the router RAS allocates automatically an unused IP address of the LAN network to a remote user when he connects. Unselect that checkbox to set-up the pool of fixed IP addresses which can be allocated to the remote users. That IP addresses must belong to the LAN domain.

  • Page 27: Wifi Access Point Set-Up

    IPL ROUTER SET-UP 5.3 WiFi access point set-up Remark : The Wifi module can be set-up either like a client or like an access point. To set-up the WiFi access point, • Select the Set-up > LAN interface > WiFi access point menu •...

  • Page 28: Device List Set-Up

    IPL ROUTER SET-UP 5.4 Device list set-up To set-up the device list, • Select the Set-up > LAN interface > device list menu To add a device to the list, Click the « Add » button • Assign a name and an IP address to the device •...

  • Page 29: Dhcp Server Menu

    IPL ROUTER SET-UP 5.5 DHCP server menu The router RAS can behave like a DHCP server over the LAN interface. In that case, a pool of addresses must be reserved ; the addresses of the pool are automatically distributed to the devices of the LAN acting as DHCP clients. The addresses of the LAN domain which do not belong to that pool can be allocated as fixed IP addresses to particular devices.

  • Page 30: M2Me_Connect Connection Set-Up

    IPL ROUTER SET-UP M2Me_Connect connection set-up That paragraph applies to all the models of IPL routers, but only if the M2Me option has been enabled. Preliminary remark : To provide access to a machine for remote users through the M2Me_Connect service, it is necessary to carry-out three steps : step : carry-out the M2Me connection set-up described in this paragraph.

  • Page 31: Remote Access Connection

    • Data encryption Data is encrypted from end to end. • PC, Tablet, smartphone The solutions provided by the ETIC router are suitable as well for Windows PCs or tablets or smartphones (Androïd or IOS). To set-up a remote connection,...
  • Page 32 IPL ROUTER SET-UP Select Set-up > Remote access > Remote access servers • Page 32 Setup Guide 9023409-01 Ethernet ADSL Cellular Routeur Firewall...

  • Page 33: Types Of Remote Access Connections

    IPL ROUTER SET-UP 7.2 Types of remote access connections Four types of remote access connections can be set-up : OpenVPN., PPTP, L2TP/IPSec, HTTPS. Remote user Authentication Encryption Identification OpenVPN Login Optionally a certificate PPTP Login L2TP/IPSec Login PWD and Preshared Key or certificate HTTPS Login That four types of connection can be implemented in PCs, tablets or smartphones.

  • Page 34: Https Connection And Portal For Smartphones, Tablets Or Pcs

    It means that a simple HTML / HTTP unsecure server can be used remotely through the internet in a safe way. When a remote user connects to the ETIC router using an HTTPS secure connection, the portal displays the list of the html servers to which he has the right to access.

  • Page 35: Set-Up

    To access to the HTTPS internet portal from the Internet, • Launch the browser • Enter : https:// « Internet IP address of the ETIC router» • Enter the login and password when the identification window is displayed. The Web portal page displays the list of the web servers to which it is possible to connect according to the user identity.

  • Page 36: Openvpn Remote User Connection

    Select the “Login / password” value or the “Login/password & certificate” value if the certificate of the remote PC must be checked. In that case, the certificate of the remote PC must be stored in the ETIC router (see the table at the top of the page).

  • Page 37: Pptp Connection

    Select the “Login / password” value or the “Login/password & certificate” value if the certificate of the remote PC must be checked. In that case, the certificate of the remote PC must be stored in the ETIC router (see the table at the top of the User list page).

  • Page 38: User List

    IPL ROUTER SET-UP User list It is necessary to register at least one remote use in the user list. The users list is able to register 25 authorised remote users forms. Each user form stores the identity of the user (Login and password), his email address to send alarm emails and his mobile telephone number to send alarm SMS to him.
  • Page 39 IPL ROUTER SET-UP To register a remote user in the user list, Click the « ADD » button located under the user list. • Enter the identity of the user (Login and password), his email address to send alarm emails. Page 39 Ethernet ADSL Cellular Routeur Firewall Setup Guide 9023409-01...

  • Page 40: Assigning Rights To Remote Users

    IPL ROUTER SET-UP Assigning rights to remote users Individual access rights to the network can be assigned to each user. The list of devices of the LAN network must have been registered previously (LAN interface menu). To grant access rights to a remote user, Select the set-up, remote access, access rights menu.

  • Page 41: Ipsec Vpns Set-Up

    The router which initiates the IPSec VPN is called the initiator; the other one is called the responder. • Preshared key authentication Only one preshared key can be stored in one ETIC router; it is used by all the VPNs and also by the L2TP/IPSec remote user connection.

  • Page 42: Ipsec Vpn Connection Set-Up

    IPL ROUTER SET-UP 10.2 IPSec VPN connection set-up • Select the Set-up> Network > IPSec VPN menu The IPSec VPN home page is displayed. Page 42 Setup Guide 9023409-01 Ethernet ADSL Cellular Routeur Firewall...
  • Page 43 IPL ROUTER SET-UP To add an IPSec VPN connection, click « Add». The set-up page of the new VPN connection is displayed. Page 43 Ethernet ADSL Cellular Routeur Firewall Setup Guide 9023409-01...
  • Page 44 « My SubjectAlt name » parameter: Enter the 'SubjectAltName' value of the active certificate of the current router. If the active certificate is an ETIC TELECOM certificate, that field is the email field. Remote « SubjectAlt name » parameter : Enter the 'SubjectAltName' value of the active certificate of the remote router.
  • Page 45 IPL ROUTER SET-UP « » & « Remote WAN Netmask” parameters (initiator only): Remote WAN IP address Enter the WAN IP address of the remote router Remark : This address is the address of the router towards which the VPN must be set. IKE phase 1 section IKE phase 1 performs mutual authentication between the two parties with the end result of having shared secret keys.
  • Page 46 IPL ROUTER SET-UP IKE phase 2 Section The purpose of IKE phase two is to negotiate the IPSec parameters (general parameters, encryption, SA life- time…). The result of the IKE phase 2 is the encrypted tunnel between the two routers. «Protocol »...

  • Page 47: Openvpn Type Vpn Connection

    The authentication of the two participants to the VPN connection can also be carried-out using certificates in addition to a Login and password. Coming from factory , a certificate produced by ETIC TELECOM is registered in the ETIC router. Other kinds of X509 certificates can be added. (see the Set-up>Security>X509 certificate).
  • Page 48 IPL ROUTER SET-UP Page 48 Setup Guide 9023409-01 Ethernet ADSL Cellular Routeur Firewall...

  • Page 49: Set-Up Principles

    11.2 Set-up principles • VPN server set-up If the ETIC router behaves like a VPN server, it means that the ETIC router has to receive at least one ingoing connection, the set-up has to be carried-out in two steps : Step 1 : Configuration of the parameters of the OpenVPN server.

  • Page 50: Openvpn Server Set-Up

    IPL ROUTER SET-UP 11.3 OpenVPN server set-up Select the « Add » button located just below the VPN server table • “Port number” & “protocol” parameters : Select the port Nr and the type of level 3 protocol used to transport OpenVPN. Attention : The port number value must be different from the one used by remote users.
  • Page 51 Programming static routes is not necessary. • If that option is not selected, a device connected to a VPN client ETIC router can exchange data with a device connected to the LAN network of the VPN server, but not with a device connected to one other VPN client ETIC router.

  • Page 52: Setting Up An Outgoing Connection

    That address can be a public IP address or a domain name or a DynDNS or NoIP address. « Backup VPN server IP address» parameter : The client VPN ETIC router is able to set a backup VPN if the main VPN fails. “Port number” & “protocol” parameters : Select the port Nr and the type of level 3 protocol used to transport OpenVPN.
  • Page 53 IPL ROUTER SET-UP « Start on event » checkbox : The VPN is usually established at power-up. However, it can be useful to establish the VPN when a particular event occurs : Cellular WAN up Cellular WAN down Ethernet WAN up Ethernet WAN down Digital input ON Digital input OFF...

  • Page 54: Setting Up An Ingoing Vpn Connection

    « Common name» parameter : Enter the value of the field 'SubjectAltName' of the active certificate of the remote ETIC router. If the active certificate of the remote router is delivered by ETIC TELECOM, that field is the email field. Page 54...

  • Page 55: Ip Routing

    Once an iP address has been assigned to the R2 router on the LAN interface and another one on the WAN interface (see drawing hereafter), the ETIC router is ready to route frames … … between devices connected to the remote LAN network like RL1, and devices connected to the LAN network like L1 through a VPN;...
  • Page 56 IPL ROUTER SET-UP Router Nr2 static routes : Active Route name Destination Netmask Gateway Network 6 192.168.6.0 255.255.255.0 192.168.5.1 Network 1 192.168.1.0 255.255.255.0 192.168.2.1 Network 192.168.4.0 255.255.255.0 192.168.5.128 Remote WAN Remark : It is not necessary to enter in the router R2 the static route to the WAN network nor to the remote LAN network, that routes have been automatically created by the router respectively when the WAN IP address has been entered and when the VPN has been configured.

  • Page 57: Rip Protocol

    IPL ROUTER SET-UP 12.3 RIP protocol RIP (Routing Information Protocol) is a routing protocol which enables each router belonging to a network to acquire the routes to any subnet. The principle is as follows : Routing table Each router holds a routing table. Each entry of the table consists in the destination subnet address and the adjacent router address leading to that subnet.

  • Page 58: Network Address Translation (Nat)

    If routing tables cannot be registered nor a VPN, the solution can be to use the Port forwarding function : When W1 needs to transmit frames to PLC1, it transits the frames to the ETIC router on a particular port number.

  • Page 59: Set-Up

    IPL ROUTER SET-UP Service in Device out Service out 192.168.0.15 192.168.0.16 192.168.0.17 14.2 Set-up To set-up a portforwarding rule, • Select > Network> Routing > Port forwarding menu, • Click the Add button, • Enter the characteristics of the frames which must be forwarded : Source IP address, Port number (destination) •...

  • Page 60: Advanced Nat

    The advanced NAT function consists in modifying the source or destination IP addresses and port number of the frames received by the ETIC router on its LAN or WAN interface. It applies to all the frames received by the router on any of its two interfaces except to the IP packets contained in a remote user connections.

  • Page 61: Set-Up

    IPL ROUTER SET-UP 15.2 Set-up To set the advanced address translation functions, select the setup >Network>Advanced NAT menu. • To create a new DNAT rule, • click “Add a DNAT” rule. • Select “Yes” to enable the rule. • Enter the characteristics of the IP frames which must be modified by the DNAT rule. Source IP address &...

  • Page 62: Dyndns Or Noip Set-Up

    IPL ROUTER SET-UP DynDNS or NoIP set-up 16.1 Overview The DynDNS or the NoIP services make possible to connect remotely to a device over the Internet even if the IP address of that device is dynamic. The IP address of the device has to be a public IP address. For instance, if a remote PC needs to connect to a RAS-EC or a IPL-C cellular router, DynDNS or NoIP solutions will help only if the IP address assigned by the mobile data service provider to the “antenna”...
  • Page 63 IPL ROUTER SET-UP • Select the« Set up » menu, and then WAN interface, and then “dynamic IP address” . « Enable» checkbox : Select that checkbox. When you wish to set a connection toward the RAS-3G (PPTP, TLS, VPN …), enter the DynDNS host name instead of the antenna IP address of the RAS-3G router.

  • Page 64: Firewall Set-Up

    IPL ROUTER SET-UP Firewall set-up 17.1 Overview The firewall filters IP frames between the LAN interface on one hand and the WAN interface, • or transmitted inside a VPN, • or transmitted inside a remote user connection, • on the other hand. It consists of three parts : •...

  • Page 65: Main Filter

    IPL ROUTER SET-UP 17.2 Main filter 17.2.1 Main filter organisation • Main filter structure For a better organisation, the main filter is divided in two tables; both having the same structure. The “VPN” filter : It filters the packets transmitted inside the VPNs. The “WAN”...
  • Page 66 IPL ROUTER SET-UP • Main filter table The main filter is a table, each line being a rule. Each rule of the filter is composed a several fields which defines a particular data flow and another field which is called the action field. The fields which define the data flow are : Direction («...

  • Page 67: Serial To Ip Gateway Configuration

    Serial to IP gateway configuration 18.1 Overview The ETIC router provides optionally 1 or 2 serial RS232, RS232, RS485 or RS422 ports. A serial gateway can be assigned to each port . A serial gateway makes possible to use the IP network to transport serial data between two or several serial devices or directly with devices connected to the Ethernet network.
  • Page 68 IPL ROUTER SET-UP The gateways listed below are provided by the ETIC ROUTER router : Modbus client or server (i.e. master or slave) To connect several serial modbus slaves to several IP modbus clients. Or to connect a serial modbus master to an IP modbus server.

  • Page 69: Modbus Gateway

    Modbus TCP devices connected to the IP network. Remark : Several ETIC router models provides two serial ports; one Modbus client gateway can be assigned to the port 1 and a Modbus client gateway to the port 2 using both the 502 TCP port.

  • Page 70: Modbus Server Gateway

    IPL ROUTER SET-UP 18.2.3 Modbus server gateway This gateway allows to connect serial modbus slaves to the serial interface of the ETIC router. • Select the modbus menu and then modbus server and enable the modbus server gateway and set the parameters as follows : “Port selection”...

  • Page 71: Modbus Client Gateway

    This gateway allows to connect a serial modbus master to the serial interface of the ETIC router. • Select the modbus menu and then “modbus client” menu; enable the “modbus client” gateway and set up the parameters as follows : “Port selection”...

  • Page 72: Raw Tcp Gateway

    (also called server) located on the IP network. The server can be either an ETIC gateway or a PC including a software TCP server. • Select the “transparent” and then the “raw client COM1” or the “raw client COM2” menu .

  • Page 73: Raw Server Gateway

    IPL ROUTER SET-UP 18.3.2 Raw server gateway That gateway can be used if a serial slave device has to answer requests coming from devices located on the IP network and acting like a master (also called TCP client). • Select the “transparent” and then the “raw server COM1” or the “raw server COM2” menu. •...

  • Page 74: Raw Udp Gateway

    IPL ROUTER SET-UP 18.4 RAW UDP gateway 18.4.1 Overview The RAW UDP gateway enables you to connect together a group of serial or IP devices through an IP network. The group can include IP devices if they have the software pieces able to receive or transmit serial data inside UDP.
  • Page 75 IPL ROUTER SET-UP “IP addresses of the destination devices » table : This table stores the IP addresses of the gateways to which the serial data, encapsulated inside UDP, have to be sent. A different UDP port number can be entered for each destination IP address. Page 75 Ethernet ADSL Cellular Routeur Firewall Setup Guide 9023409-01...

  • Page 76: Usb Gateway

    It will be used as the destination IP address of the IP frames which must be forwarded to the USB device. “Accept WAN traffic” checkbox: It is necessary to select that checkbox it the PC is connected to the network through the ETIC router the WAN interface.

  • Page 77: Alarm Email Or A Sms

    SMTP client section « Use the M2Mail service » parameter (email choice) : ETIC TELECOM provides a SMTP service which can be used to send the alarm mail without additional set-up. Select that option to send the alarm mail through this service.

  • Page 78: Snmp Traps

    That certificate can be used to set a VPN between two routers. An ETIC router can set a VPN with another one only if the certificates of both routers have been provided by the same authority. Additional X509 certificates, provided by ETIC TEECOM or not, can be registered into the ETIC router.

  • Page 79: Maintenance

    The Wifi scanner displays the main information about each WiFi network : MAC address of the access point, SSID, reception level. Remark : The WiFi interface of the ETIC router needs to be registered as a WiFi client interface. Firmware update The firmware update can be carried-out locally or remotely.
  • Page 80 ETIC TELECOM 13 chemin du vieux Chêne 38240 Meylan France contact@etictelecom.com...

This manual is also suitable for:

Ipl-aIpl-c

Table of Contents