1. Manuals
  2. Brands
  3. Allnet Manuals
  4. Wireless Router
  5. ALL1294VPN
  6. User manual

Allnet ALL1294VPN User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Broadband VPN
Router
ALL1294VPN
Broadband Internet Access
4-Port Switching Hub
User's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ALL1294VPN and is the answer not in the manual?

Questions and answers

Related Manuals for Allnet ALL1294VPN

Summary of Contents for Allnet ALL1294VPN

  • Page 1 Broadband VPN Router ALL1294VPN Broadband Internet Access 4-Port Switching Hub User's Guide...

  • Page 2: Table Of Contents

    Table of Contents CHAPTER 1 INTRODUCTION ..................... 1 Broadband VPN Router Features..................1 Package Contents ......................3 Physical Details........................4 CHAPTER 2 INSTALLATION....................6 Requirements........................6 Procedure ........................... 6 CHAPTER 3 SETUP ........................ 8 Overview ..........................8 Configuration Program ....................9 Setup Wizard ........................
  • Page 3 Client Database......................101 Status Screen........................103 Windows Client Setup....................104 CHAPTER 9 ADMINISTRATIONS................... 112 Overview ........................112 Config File........................113 Logs..........................114 Admin Login ........................116 Network Diagnostics ..................... 117 Options ........................... 118 PC Database........................119 Remote Administration....................123 Routing ........................... 124 Security Options ......................

  • Page 4: Chapter 1 Introduction

    Chapter 1 Introduction This Chapter provides an overview of the Broadband VPN Router's features and capabilities. Congratulations on the purchase of your new Broadband VPN Router. The Broadband VPN Router is a multi-function device providing the following services: • Shared Broadband Internet Access for all LAN users.

  • Page 5: Advanced Internet Functions

    Broadband VPN Gateway User Guide Advanced Internet Functions • Communication Applications. Support for Internet communication applications, such as interactive Games, Telephony, and Conferencing applications, which are often difficult to use when behind a Firewall, is included. • Special Internet Applications. Applications which use non-standard connections or port numbers are normally blocked by the Firewall.

  • Page 6: Package Contents

    Introduction • NAT Protection. An intrinsic side effect of NAT (Network Address Translation) technology is that by allowing all LAN users to share a single IP address, the location and even the existence of each PC is hidden. From the external viewpoint, there is no network, only a single device - the Broadband VPN Router.

  • Page 7: Physical Details

    Broadband VPN Gateway User Guide Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. For each port, there are 2 LEDs •...

  • Page 8: Rear Panel

    Introduction Rear Panel Figure 3: Rear Panel Use a standard LAN cable to connect to a normal port on another hub. Reset Button This button has two (2) functions: • Reboot. When pressed and released, the Broadband VPN Router will reboot (restart). •...

  • Page 9: Chapter 2 Installation

    Chapter 2 Installation This Chapter covers the physical installation of the Broadband VPN Router. Requirements • Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors. • TCP/IP protocol must be installed on all PCs. • For Internet Access, an Internet Access account with an ISP, and either of a DSL or Cable modem (for WAN port usage) Procedure Figure 4: Installation Diagram...

  • Page 10: Check The Leds

    Installation 3. Connect WAN Cable Connect the DSL or Cable modem to the WAN port on the Broadband VPN Router. Use the cable supplied with your DSL/Cable modem. If no cable was supplied, use a standard cable. 4. Power Up •...

  • Page 11: Chapter 3 Setup

    Chapter 3 Setup This Chapter provides Setup details of the Broadband VPN Router. Overview This chapter describes the setup procedure for: • Internet Access • LAN configuration PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration.

  • Page 12: Configuration Program

    Setup Configure or use any of the following: Chapter 9: Administrations • Configuration File backup and restore. • Logs • Admin Login • Network Diagnostic • Options • PC Database • Remote Administration • Routing • Security Options • Upgrade Firmware •...
  • Page 13 Broadband VPN Gateway User Guide • Double - click the icon for the Broadband VPN Router (either on the Desktop, or in My Network Places) to start the configuration. Refer to the following section Setup Wizard for details of the initial configuration process. Using your Web Browser To establish a connection from your PC to the Broadband VPN Router: 1.

  • Page 14: Setup Wizard

    Setup Setup Wizard The first time you connect to the Broadband VPN Router, the Setup Wizard will run automatically. (The Setup Wizard will also run if the Broadband VPN Router's default setting are restored.) 1. Step through the Wizard until finished. •...
  • Page 15 Broadband VPN Gateway User Guide PPPoE You connect to the ISP only User name and password. when required. The IP address is usually allocated automatically. • PPTP Mainly used in Europe. PPTP Server IP Address. • User name and password. You connect to the ISP only •...

  • Page 16: Home Screen

    Setup Home Screen After finishing or exiting the Setup Wizard, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation & Data Input •...

  • Page 17: Wan Port Configuration Screen

    Broadband VPN Gateway User Guide WAN Port Configuration Screen The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Advanced Settings menu. An example screen is shown below. Figure 7: WAN Port Identification Hostname Normally, there is no need to change the default name, but if your...
  • Page 18 Setup Specified Also called Static IP Address. Select this if your ISP has allocated IP Address you a fixed IP Address. If this option is selected, the following data must be entered. • IP Address. The IP Address allocated by the ISP. •...
  • Page 19 Broadband VPN Gateway User Guide Login Login Method If your ISP does not use a login method (username, password) for Internet access, leave this at the default value "None (Direct connection)" Otherwise, check the documentation from your ISP, select the login method used, and enter the required data.

  • Page 20: Lan Screen

    Setup LAN Screen Use the LAN link on the main menu to reach the LAN screen An example screen is shown below. Figure 8: LAN Screen Data - LAN Screen TCP/IP IP Address IP address for the Broadband VPN Router, as seen from the local LAN.

  • Page 21: What Dhcp Does

    Broadband VPN Gateway User Guide DHCP What DHCP Does A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request. • The client request is made when the client device starts up (boots). •...

  • Page 22: Chapter 4 Pc Configuration

    Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Internal") LAN. Overview For each PC, the following may need to be configured: • TCP/IP network settings • Internet Access configuration Windows Clients This section describes how to configure Windows clients for Internet access via the Broadband VPN Router.
  • Page 23 Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the following: Figure 9: Network Configuration 2. Select the TCP/IP protocol for your network card. 3. Click on the Properties button. You should then see a screen like the following. Figure 10: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP...
  • Page 24 PC Configuration • On the Gateway tab, enter the Broadband VPN Router 's IP address in the New Gateway field and click Add, as shown below. Your LAN administrator can advise you of the IP Address they assigned to the Broadband VPN Router. Figure 11: Gateway Tab (Win 95/98) •...
  • Page 25 Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure 13: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below.

  • Page 26: Specify An Ip Address

    PC Configuration Figure 14: Windows NT4.0 - IP Address 3. Select the network card for your LAN. 4. Select the appropriate radio button - Obtain an IP address from a DHCP Server or Specify an IP Address, as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting.
  • Page 27 Broadband VPN Gateway User Guide Figure 15 - Windows NT4.0 - Add Gateway 2. The DNS should be set to the address provided by your ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add button (under DNS Service Search Order), and enter the DNS provided by your ISP.
  • Page 28 PC Configuration Figure 16: Windows NT4.0 - DNS...
  • Page 29 Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 17: Network Configuration (Win 2000) 3.
  • Page 30 PC Configuration Figure 18: TCP/IP Properties (Win 2000) 5. Ensure your TCP/IP settings are correct, as described below. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the Broadband VPN Router will act as a DHCP Server.
  • Page 31 Broadband VPN Gateway User Guide Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 19: Network Configuration (Windows XP) 3.
  • Page 32 PC Configuration Figure 20: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the Broadband VPN Router will act as a DHCP Server.

  • Page 33: For Windows Xp

    Broadband VPN Gateway User Guide Internet Access To configure your PCs to use the Broadband VPN Router for Internet access: • Ensure that the DSL modem, Cable modem, or other permanent connection is functional. • Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection.

  • Page 34: Macintosh Clients

    PC Configuration Macintosh Clients From your Macintosh, you can access the Internet via the Broadband VPN Router. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up menu. 3. Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID field can be left blank.

  • Page 35: Chapter 5 Operation And Status

    Chapter 5 Operation and Status This Chapter details the operation of the Broadband VPN Router and the status screens. Operation Once both the Broadband VPN Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: •...
  • Page 36 Operation and Status Data - Status Screen Internet Connection Method This indicates the current connection method, as set in the Setup Wizard. This shows the connection status of the modem. Broadband Modem Internet Connection Current connection status: • Active • Idle •...

  • Page 37: Connection Status - Pppoe

    Broadband VPN Gateway User Guide Connection Status - PPPoE If using PPPoE (PPP over Ethernet), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 22: PPPoE Status Screen Data - PPPoE Screen Connection The hardware address of this device, as seen by remote devices Physical Address...
  • Page 38 Operation and Status • The "Clear Log" button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons Connect If not connected, establish a connection to your ISP. If connected to your ISP, hang up the connection. Disconnect Clear Log Delete all data currently in the Log.

  • Page 39: Connection Status - Pptp

    Broadband VPN Gateway User Guide Connection Status - PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 23: PPTP Status Screen Data - PPTP Screen Connection Physical Address The hardware address of this device, as seen by remote devices on...

  • Page 40: Connection Status - Telstra Big Pond

    Operation and Status Disconnect If connected to your ISP, hang up the connection. Delete all data currently in the Log. This will make it easier to read Clear Log new messages. Refresh Update the data on screen. Connection Status - Telstra Big Pond An example screen is shown below.

  • Page 41: Connection Details - Singtel Ras

    Broadband VPN Gateway User Guide Disconnect buttons unless the setting "Connect automatically, as required" is disabled. Connection Log • The Connection Log shows status messages relating to the Connection Log existing connection. • The Clear Log button will restart the Log, while the Refresh button will update the messages shown on screen.
  • Page 42 Operation and Status is allocated by your ISP (Internet Service Provider). The Network Mask associated with the IP Address above. Network Mask Default Gateway The IP Address of the remote Gateway or Router associated with the IP Address above. DNS IP Address The IP Address of the Domain Name Server which is currently used.

  • Page 43: Connection Details - Fixed/Dynamic Ip Address

    Broadband VPN Gateway User Guide Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 26: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Internet Physical Address...
  • Page 44 Operation and Status connection and obtain an IP Address from the ISP's DHCP Server. • If an IP Address has been allocated to the Broadband VPN Router (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connection and release the IP Address.

  • Page 45: Chapter 6 Advanced Features

    Chapter 6 Advanced Features This Chapter explains when and how to use the Broadband VPN Router's "Advanced" Features. Overview The following advanced features are provided. • Advanced Internet • Communication Applications • Special Applications • Multi-DMZ • URL filter • Dynamic DNS •...

  • Page 46: Advanced Internet Screen

    Advanced Features Advanced Internet Screen Figure 27: Internet Screen This screen allows configuration of all advanced features relating to Internet access. • Communication Applications • Special Applications • Multi-DMZ • URL filter Communication Applications Most applications are supported transparently by the Broadband VPN Router. But sometimes it is not clear which PC should receive an incoming connection.

  • Page 47: Special Applications

    Broadband VPN Gateway User Guide Send incoming calls to This lists the PCs on your LAN. • If necessary, you can add PCs manually, using the "PC Database" option on the advanced menu. • For each application listed above, you can choose a destination PC.
  • Page 48 Advanced Features • Type - Select the protocol (TCP or UDP) used when you receive data Incoming from the special application or service. (Note: Some applications use Ports different protocols for outgoing and incoming data). • Start - Enter the beginning of the range of port numbers used by the application server, for data you receive.

  • Page 49: Url Filter

    Broadband VPN Gateway User Guide The "DMZ PC" is effectively outside the Firewall, making it more vulnerable to attacks. For this reason, you should only enable the DMZ feature when required. URL Filter The URL Filter allows you to block access to undesirable Web site •...
  • Page 50 Advanced Features Buttons Delete/Delete All Use these buttons to delete the selected entry or all entries, as required. Multiple entries can be selected by holding down the CTRL key while selecting. (On the Macintosh, hold the SHIFT key while selecting.) Use this to add the current Filter String to the site list.

  • Page 51: Dynamic Dns (Domain Name Server)

    Broadband VPN Gateway User Guide Dynamic DNS (Domain Name Server) This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address.
  • Page 52 Advanced Features • After registration, use the "Create New Host" link to request a domain name. DDNS Data Select the desired DDNS Service provider. DDNS Service Click this button to open a new window and connect to the Web site Web Site for the selected DDNS service provider.

  • Page 53: Virtual Servers

    Broadband VPN Gateway User Guide Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because: • Your Server does not have a valid external IP Address. •...
  • Page 54 Advanced Features Using the DMZ port for Virtual Servers You should connect your Virtual Servers to the DMZ port, for the following reasons: • Traffic passing between the DMZ and LAN passes through the firewall. The firewall will protect your LAN if your Server is compromised and used to launch an attack on your LAN.

  • Page 55: Defining Your Own Virtual Servers

    Broadband VPN Gateway User Guide Properties Enable Use this to Enable or Disable support for this Server, as required. • If Enabled, any incoming connections will be forwarded to the selected PC. • If Disabled, any incoming connection attempts will be blocked. PC (Server) Select the PC for this Server.

  • Page 56: Access Control

    Advanced Features Access Control This feature is accessed by the Access Control link on the Security menu. The Access Control feature allows administrators to restrict the level of Internet Access available to PCs on your LAN. With the default settings, everyone has unrestricted Internet access.
  • Page 57 Broadband VPN Gateway User Guide Data - Access Control Screen Group Group Select the desired Group. The screen will update to display the settings for the selected Group. Groups are named "Default", "Group 1", "Group 2", "Group 3" and "Group 4", and cannot be re- named.

  • Page 58: Group Members Screen

    Advanced Features Clear Log Click this to clear and restart the "Access Control" log, making new entries easier to read. Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 34: Group Members Use this screen to add or remove members (PCs) from the current group.
  • Page 59 Broadband VPN Gateway User Guide request was blocked Destination The destination URL or IP address...

  • Page 60: Firewall Rules

    Advanced Features Firewall Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable.
  • Page 61 Broadband VPN Gateway User Guide For each rule, the following data is shown: Data • Name - The name you assigned to the rule. • Source - The traffic covered by this rule, defined by the source IP address. If the IP address is followed by ... this indicates there is range of IP addresses, rather than a single address.
  • Page 62 Advanced Features Add/Edit Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below. Figure 36: Add/Edit Firewall Rule Data - Add/Edit Firewall Rule Screen Enter a suitable name for this rule. Name Type This determines the source and destination ports for traffic...
  • Page 63 Broadband VPN Gateway User Guide Dest IP These settings determine which traffic, based on their destination IP address, is covered by this rule. Select the desired option: • Any - All traffic from the source port is covered by this rule. •...

  • Page 64: Scheduling

    Advanced Features Scheduling • This schedule can be (optionally) applied to any Access Control Group. • Blocking will be performed during the scheduled time (between the "Start" and "Finish" times.) • Two (2) separate sessions or periods can be defined. •...

  • Page 65: Services

    Broadband VPN Gateway User Guide Services Services are used in defining traffic to be blocked or allowed by the Access Control or Firewall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Security menu.
  • Page 66 Advanced Features Buttons Delete Delete the selected service from the list. Add a new entry to the Service list, using the data shown in the "Add New Service" area on screen. Cancel Clear the " Add New Service " area, ready for entering data for a new Service.

  • Page 67: Chapter 7 Vpn

    Chapter 7 This Chapter describes the VPN capabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Private Network) support provided by your Broadband VPN Router. A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet.
  • Page 68 • Phase I is the negotiation and establishment up of the IKE connection. • Phase II is the negotiation and establishment up of the IPsec connection. Because the IKE and IPsec connections are separate, they have different SAs (security associations). Policies VPN configuration settings are stored in Policies.

  • Page 69: Common Vpn Situations

    Broadband VPN Gateway User Guide Common VPN Situations VPN Pass-through Figure 39: VPN Pass-through Here, a PC on the LAN behind the Router/Gateway is using VPN software, but the Router/Gateway is NOT acting as a VPN endpoint. It is only allowing the VPN connection. •...

  • Page 70: Connecting 2 Lans Via Vpn

    Connecting 2 LANs via VPN Figure 41: Connecting 2 VPN Gateways This allows two (2) LANs to be connected. PCs on each endpoint gain secure access to the remote LAN. • The 2 LANs MUST use different IP address ranges. •...

  • Page 71: Vpn Configuration

    Broadband VPN Gateway User Guide VPN Configuration This section covers the configuration required on the Broadband VPN Router when using Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu.

  • Page 72: Adding A New Policy

    Move There are 2 ways to change the order of policies: • Use the up and down indicators on the right to move the selected row. You must confirm your changes by clicking "OK". If you change your mind before clicking "OK", click "Cancel" to reverse your changes.
  • Page 73 Broadband VPN Gateway User Guide • Otherwise, click Next to continue. You will see a screen like the following. Figure 44: VPN Wizard - General General Settings Enter a suitable name. This name is not supplied to the remote VPN. It is Policy Name used only to help you manage the policies.
  • Page 74 Figure 45: VPN Wizard - Traffic Selector • For outgoing VPN connections, these settings determine which traffic will cause a VPN tunnel to be created, and which traffic will be sent through the tunnel. • For incoming VPN connections, these settings determine which systems on your local LAN will be available to the remote endpoint.
  • Page 75 Broadband VPN Gateway User Guide Remote IP addresses • Single address - enter an IP address in the "Start IP address" Type field. • Range address - enter the starting IP address in the "Start IP address" field, and the finish IP address in the "Finish IP address"...
  • Page 76 These settings must match the remote VPN. Note that you cannot use both AH and ESP. Manually assigned Keys AH Authentication AH (Authentication Header) specifies the authentication protocol for the VPN header, if used. (AH is often NOT used) If AH is not enabled, the following settings can be ignored. Keys •...
  • Page 77 Broadband VPN Gateway User Guide For Manual Key Exchange, configuration is now complete. • Click "Next" to view the final screen. • On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard. IKE Phase 1 If you selected IKE, the following screen is displayed after the Traffic Selector screen.
  • Page 78 IKE Exchange Select the desired option, and ensure the remote VPN endpoint uses the same mode. Main Mode provides identity protection for the hosts Mode initiating the IPSec session, but takes slightly longer to complete. Aggressive Mode provides no identity protection, but is quicker. Direction Select the desired option: •...
  • Page 79 Broadband VPN Gateway User Guide IKE Phase 2 (IPsec SA) IPsec SA Life Time This setting does not have to match the remote VPN endpoint; the shorter time will be used. Although measured in seconds, it is common to use time periods of several hours, such 28,800 seconds. If enabled, PFS (Perfect Forward Security) enhances security by IPSec PFS changing the IPsec key at regular intervals, and ensuring that each...

  • Page 80: Examples

    Examples This section describes some examples of using the Broadband VPN Router in common VPN situations. Example 1: Connecting 2 Broadband VPN Routers In this example, 2 LANs are connected via VPN. Figure 49: Connecting 2 Broadband VPN Routers Note •...
  • Page 81 Broadband VPN Gateway User Guide IKE Authentication Pre-shared Key Pre-shared Key Certificates are not widely method used. Pre-shared Key Xxxxxxxxxx Xxxxxxxxxx Must match IKE Authentication Must match algorithm IKE Encryption Must match IKE Exchange Main Mode Main Mode Must match mode DH Group Group 1 (768 bit)
  • Page 82 Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the Broadband VPN Router and gains access to the local LAN. Figure 50: Windows 2000/XP Client to Broadband VPN Router To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
  • Page 83 Broadband VPN Gateway User Guide DH Group Group 1 (768 bit) Must match client PC IKE SA Life time 28800 Does not have to match client PC. Shorter period will be used. IKE PFS Disable Must match client PC IPSec SA Parameters IPSec SA Life time 28800 Do not have to match.
  • Page 84 Figure 52: Windows 2000/XP - Policy Properties • Note that no rules are in use. Two 2 rules are required - incoming and outgoing. • The outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen below. Figure 53: IP Filter List 7.
  • Page 85 Broadband VPN Gateway User Guide Figure 54: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address. • Since this is the outgoing filter, the Source IP address is "My IP address" and the Destination IP address is the address range used on the remote LAN. •...
  • Page 86 Figure 56: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Require Security Properties screen. Figure 57: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
  • Page 87 Broadband VPN Gateway User Guide Figure 58: Modify Security Method 13. On the resulting screen (above), select High [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 59: Require Security Properties 14. Ensure the following settings are correct, then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.
  • Page 88 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address. Enter the WAN (Internet) IP address of the Broadband VPN Router, as shown below. Figure 60: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below.
  • Page 89 Broadband VPN Gateway User Guide 19. Click "Close" to return to the DUT to Win2K properties screen. The "To DUT" filter should now be listed, as shown below. Figure 62: Windows 2000/XP Client to Broadband VPN Router 20. To add the second (incoming) rule, click "Add". For the name, enter "To Win2K", then click "Add".
  • Page 90 Figure 64: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 65: Filter List 23. Ensure the "To Win2K" filter is selected, then click the Filter Action tab.
  • Page 91 Broadband VPN Gateway User Guide Figure 66: Filter Action 24. Select Require Security, then click "Edit". On the Require Security Methods screen below, select Negotiate security. Figure 67: Security Methods 25. Click the "Add" button. On the resulting Modify Security Method screen below, select High [ESP].
  • Page 92 Figure 68: Modify Security Method 26. Click "OK" to save your changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (172.10..9.10 in this example). Figure 69: Tunnel Setting 28.
  • Page 93 Broadband VPN Gateway User Guide Figure 70: Authentication Method 29. Select Use this string to protect the key exchange (preshared key), then enter your preshared key in the field provided. 30. Click "OK" to save your settings, then "Close" to return to the DUT to Win2K Properties screen.
  • Page 94 Figure 72: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure 73: Key Exchange Settings 33. Click the "Methods" button to see the screen below.
  • Page 95 Broadband VPN Gateway User Guide Figure 74: Key Exchange Security Methods 34. Select the first entry, and click the "Edit" button to see the following screen. Figure 75: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm, "3DES" for Encryption algorithm, and "Low(1)" for the Diffie-Hellman Group.
  • Page 96 Example 3: Windows 2000 Server to VPN Gateway In this example, a Windows 2000 Server connects to the Broadband VPN Router. Users on each LAN can then gain access to the remote LAN. Figure 77: Broadband VPN Router to Windows 2000 Server Broadband VPN Router Configuration This is the same as for the client setup earlier, with the exception of the IP address range for the remote endpoint.
  • Page 97 Broadband VPN Gateway User Guide Windows 2000 Server Configuration Configuration is the same as for Example 2: Windows 2000/XP Client to except for specifying the Source and Destination addresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows. Figure 78: Windows 2000 Server - Addressing •...

  • Page 98: Using Certificates

    Using Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificate to itself. This Certificate is required in order to validate communication with the CA.
  • Page 99 Broadband VPN Gateway User Guide Adding a Trusted Certificate 1. After obtaining a new Certificate from the CA, you need to upload it to the Broadband VPN Router. 2. On the "Certificates" screen, click the "Add Trusted Certificate" button to view the Add Trusted Certificate screen, shown below.
  • Page 100 Subject Name This is the name which other organizations will see as the Holder (owner) of this Certificate. This should be your registered business name or official company name. Generally, all Certificates should have the same value in the Subject field. Hash Algorithm Select the desired option.
  • Page 101 Broadband VPN Gateway User Guide CRLs CRLs are only necessary if using Certificates. CRL (Certificate Revocation List) files show Certificates which have been revoked, and are no longer valid. Each CA issues their own CRLs. It is VERY IMPORTANT to keep your CRLs up-to-date. You need to obtain the CRL for each CA regularly.

  • Page 102: Vpn Status

    VPN Status This screen lists all VPN SAs (Security Association) which exist at the current time. • If no VPN tunnels exist at the current time, the table will be empty. • To update the display, click the "Refresh" button. •...

  • Page 103: Chapter 8 Microsoft Vpn

    Chapter 8 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows. This feature can be used to provide remote access to your LAN by individual PCs. This method provides an alternative to using IPSec VPN, which is described in the previous chapter.

  • Page 104: Client Database

    Microsoft VPN Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection by remote Windows clients, you must enable this feature, and enter the client details (on the Clients screen) to allow them to login to this Server.
  • Page 105 Broadband VPN Gateway User Guide Data - Microsoft VPN Client Database Screen Existing Users User List All existing users are listed. If you have not added any users, this list will be empty. When a user is selected, their details are displayed in the Properties panel.

  • Page 106: Status Screen

    Microsoft VPN Status Screen The Status screen is accessed by selecting the Status option on the Microsoft VPN menu. Figure 88: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status This indicates whether or not the PPTP (VPN) Server is enabled. This indicates the number of remote clients currently logged into the Current PPTP (VPN) Server.

  • Page 107: Windows Client Setup

    Broadband VPN Gateway User Guide Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway: • The Microsoft VPN feature in the VPN Broadband Gateway must be enabled and configured, as described in the previous section. •...
  • Page 108 Microsoft VPN 5. Click "Finish" to exit the Wizard. The new entry will now be listed in "Dial-up Networking". If necessary, you can change the settings for this connection by right-clicking on it, and selecting Properties. To force all outgoing traffic to be sent via VPN, enable the setting This is the default Internet connection on the Dialing tab.

  • Page 109: Windows 2000

    Broadband VPN Gateway User Guide Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and start the "New Connection" Wizard. Figure 91: Windows 2000 Network Connection 2. Select the VPN option ("Connect to a private network through the Internet"), as shown above, and click Next.
  • Page 110 Microsoft VPN Figure 93: Windows 2000 VPN Host 4. On the screen above, enter the Domain Name or Internet IP address of the Broadband VPN Router you wish to connect to. Click Next to continue. Figure 94: Windows 2000 Connection Availability 5.
  • Page 111 Broadband VPN Gateway User Guide Figure 95: Windows 2000 Finish Wizard 6. Enter a suitable name, and click "Finish" to save and exit. Setup is now complete. To establish a connection: 1. Right-click the connection in "Network Connections", and select "Connect". 2.
  • Page 112 Microsoft VPN Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network Connections), and start the New Connection Wizard. Figure 96: Windows XP Network Connection Type 2. Select the option "Connect to the network at my workplace", as shown above, and click Next.
  • Page 113 Broadband VPN Gateway User Guide Figure 98: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 99: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection". Click Next to continue.
  • Page 114 Microsoft VPN 6. On the screen above, enter the Domain Name or Internet IP address of the Broadband VPN Router you wish to connect to. Click Next to continue. Figure 101: Windows XP Connection Availability 7. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue.

  • Page 115: Chapter 9 Administrations

    Chapter 9 Administrations This Chapter explains the screens and settings available via the "Administration" menu. Overview Normally, it is not necessary to use these screens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users.

  • Page 116: Config File

    Administrations Config File This feature allows you to download the current settings from the Wireless Router, and save them to a file on your PC. You can restore a previously-downloaded configuration file to the Wireless Router, by uploading it to the Wireless Router. This screen also allows you to set the Wireless Router back to its factory default configuration.

  • Page 117: Logs

    Broadband VPN Gateway User Guide Logs The Logs record various types of activity on the Broadband VPN Router. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance. Since only a limited amount of log data can be stored in the Broadband VPN Router, log data can also be E-mailed to your PC or sent to a Syslog Server.
  • Page 118 Administrations Access Control If enabled, the log will include attempted outgoing connections which have been blocked by the "Access Control" feature. If enabled, the log will details of packets blocked by user-defined Firewall Rules Firewall rules. Logging can be set for each rule individually. Only rules which have logging enabled will be included.

  • Page 119: Admin Login

    Broadband VPN Gateway User Guide Admin Login The Admin Login screen allows you to assign a user name and password to the Broadband VPN Router . Figure 104: Admin Login Screen 1. The default login name is "admin". Change this to the desired value. 2.

  • Page 120: Network Diagnostics

    Administrations Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network problems. An example Network Diagnostics screen is shown below. Figure 106: Network Diagnostics Screen Data - Network Diagnostics Screen Ping Enter the IP address you wish to ping.

  • Page 121: Options

    Broadband VPN Gateway User Guide Options This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or change any settings. Figure 107: Options Screen Data - Options Screen Backup DNS IP Address Enter the IP Address of the DNS (Domain Name Servers) here.

  • Page 122: Pc Database

    Administrations PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It eliminates the need to enter IP addresses. Also, you do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Database screen is shown below.
  • Page 123 Broadband VPN Gateway User Guide Data - PC Database Screen Known PCs This lists all current entries. Data displayed is name (IP Address) type. The "type" indicates whether the PC is connected to the LAN. If adding a new PC to the list, enter its name here. It is best if this Name matches the PC's "hostname".
  • Page 124 Administrations PC Database (Admin) This screen is displayed if the "Advanced Administration" button on the PC Database is clicked. It provides more control than the standard PC Database screen. Figure 109: PC Database (Admin) Data - PC Database ( Admin) Screen Known PCs This lists all current entries.
  • Page 125 Broadband VPN Gateway User Guide IP Address Select the appropriate option: • Automatic - The PC is set to be a DHCP client (Windows: "Obtain an IP address automatically"). The Broadband VPN Router will allocate an IP address to this PC when requested to do so.

  • Page 126: Remote Administration

    Administrations Remote Administration This feature allows you to manage the Broadband VPN Router via the Internet. Figure 110: Remote Administration Screen Data - Remote Administration Screen Remote Administration Enable to allow administration via the Internet. If Disabled, this Enable Remote Administration device will ignore management connection attempts from the Internet.

  • Page 127: Routing

    Broadband VPN Gateway User Guide Routing Overview • If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing" page completely. • If the Broadband VPN Router is only acting as a Gateway for the local LAN segment, ignore the "Routing"...
  • Page 128 Administrations Figure 111: Routing Screen Data - Routing Screen Check this to enable the RIP (Routing Information Protocol) feature Enable RIP of the Broadband VPN Router. The Broadband VPN Router supports RIP 1 only. Static Routing Static Routing This list shows all entries in the Routing Table. Table Entries •...

  • Page 129: Configuring Other Routers On Your Lan

    Broadband VPN Gateway User Guide • Destination Network - The network address of the remote LAN Properties segment. For standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at 0. •...
  • Page 130 Administrations Other Routers on the Local LAN Other routers on the local LAN must use the Broadband VPN Router 's Local Router as the Default Route. The entries will be the same as the Broadband VPN Router 's local router, with the exception of the Gateway IP Address.
  • Page 131 Broadband VPN Gateway User Guide Gateway IP Address 192.168.0.1 (Broadband VPN Router 's IP Address) For Router B's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.1.80 (Broadband VPN Router 's local router)

  • Page 132: Security Options

    Administrations Security Options This screen allows you to set Firewall and other security-related options. Figure 113: Security Options Screen Data - Security Options Screen Firewall If enabled, DoS (Denial of Service) attacks will be detected and Enable DoS blocked. The default is enabled. It is strongly recommended that this Firewall setting be left enabled.
  • Page 133 Broadband VPN Gateway User Guide Options The ICMP protocol is used by the "ping" and "trace route" programs, Respond to and by network monitoring and diagnostic programs. ICMP • If checked, the Broadband VPN Router will respond to ICMP packets received from the Internet. •...

  • Page 134: Firmware Upgrade

    Administrations Firmware Upgrade The firmware (software) in the Broadband VPN Router can be upgraded using your Web Browser. You must first download the upgrade file, then select Upgrade on the Other menu. You will see a screen like the following. Figure 114: Upgrade Firmware Screen To perform the Firmware Upgrade: 1.

  • Page 135: Upnp

    Broadband VPN Gateway User Guide UPnP An example UPnP screen is shown below. Figure 115: UPnP Screen Data - UPNP Screen UPnP • UPnP (Universal Plug and Play) allows automatic discovery and Enable UPnP configuration of equipment attached to your LAN. UPnP is by Services supported by Windows ME, XP, or later.

  • Page 136: Appendix A Troubleshooting

    Appendix A Troubleshooting This Appendix covers the most likely problems and their solutions. Overview This chapter covers some common problems that may be encountered while using the Broadband VPN Router and some possible solutions to them. If you follow the suggested steps and the Broadband VPN Router still does not function properly, contact your dealer for further advice.
  • Page 137 Broadband VPN Gateway User Guide Problem 2: Some applications do not run properly when using the Broadband VPN Router. The Broadband VPN Router processes the data passing through it, so it is Solution 2: not transparent. Use the Special Applications feature to allow the use of Internet applications which do not function correctly.

  • Page 138: Appendix B Specifications

    Appendix B Specifications Broadband VPN Router Model Broadband VPN Router Dimensions 170mm(W) * 147mm(D) * 27mm(H) Operating Temperature 0° C to 40° C Storage Temperature -10° C to 70° C Network Protocol: TCP/IP Network Interface: 6 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection 1 * 10/100BaseT (RJ45) for DMZ Port 1 * 10/100BaseT (RJ45) for WAN LEDs...

  • Page 139: Ce Marking Warning

    Broadband VPN Gateway User Guide FCC Radiation Exposure Statement This equipment complies with FCC RF radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body. This device complies with Part 15 of the FCC Rules.
  • Page 140 The safety advice in the documentation accompanying the products shall be obeyed. The conformity to the above directive is indicated by the CE sign on the device. The ALLNET ALL1294VPN Broadband VPN Router conforms to the European Directives 89/336/EEC. This equipment meets the following conformance standards:...

Table of Contents