ETIC RAS-E User Manual
  1. Manuals
  2. Brands
  3. ETIC Manuals
  4. Network Router
  5. RAS-E
  6. User manual

ETIC RAS-E User Manual

Machine access box
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
RAS-E
RAS-EW
RAS-EC
RAS-ECW
_________________
_________________
USER GUIDE
Machine Access Box RAS
DOC_DEV_RAS_User guide_A

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RAS-E and is the answer not in the manual?

Questions and answers

Related Manuals for ETIC RAS-E

Summary of Contents for ETIC RAS-E

  • Page 1 RAS-E RAS-EW RAS-EC RAS-ECW _________________ _________________ USER GUIDE Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 2 CONTENT The RAS router is manufactured by ETIC TELECOM 13 Chemin du vieux chêne 38240 MEYLAN FRANCE TEL : + 33 4-76-04-20-05 FAX : + 33 4-76-04-20-01 E-mail : hotline@etictelecom.com web : www.etictelecom.com Page 2 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 3: Table Of Contents

    PRODUCT DESCRIPTION ....................31 Dimensions ......................31 Push-buttons ..................... 32 Connectors ......................32 RAS-E-100 router RAS ..................34 RAS-E or RAS-EW (Wi-Fi option) ................. 35 Cellular router RAS-EC ou RAS-ECW (Wi-Fi option) ..........37 Page 3 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 4 CONTENT … PRODUCT INSTALLATION MOUNTING THE PRODUCT ON A DIN RAIL ............... 39 COOLING ......................... 39 SUPPLY VOLTAGE ......................39 RS232 ..........................40 RS485 CONNECTION ....................... 40 DIGITAL INPUT AND OUTPUT ..................40 CONNECTING THE ROUTER TO THE CELLULAR NETWORK ..........41 Controls before installing the router ..............
  • Page 5 CONTENT ADVANCED SET-UP ........................65 INTERNET ACCESS SET-UP ..................... 66 Overview ......................66 Ethernet / WAN interface ..................66 Cellular network interface ................... 68 1.3.1 SIM 1 or SIM 2 set-up ..................... 68 1.3.2 Using the SIM cards 1 and 2 ..................69 1.3.3 Cellular connection control ....................
  • Page 6 CONTENT … ADVANCED SET-UP OPENVPN TYPE VPN CONNECTION ................95 Overview ......................95 8.1.1 Set-up principles ......................97 OpenVPN server set-up ..................98 Setting up an outgoing connection ..............100 Setting up an ingoing VPN connection .............. 102 IP ROUTING ........................103 Basic routing function ..................

  • Page 7: Machine Access Box Ras Doc_Dev_Ras_User Guide_A

    CONTENT … ADVANCED SET-UP SERIAL TO IP GATEWAY CONFIGURATION ..............115 15.1 Overview ......................115 15.2 Modbus gateway ....................117 15.2.1 Glossary........................117 15.2.2 Selecting a Modbus client or a Modbus server gateway ........117 15.2.3 Modbus server gateway ..................... 118 15.2.4 Modbus client gateway ....................

  • Page 9: Product Overview

    PRODUCT OVERVIEW Certificate of conformity The manufacturer, ETIC Telecom – 13 chemin du vieux chêne – 38240 Meylan – France, Hereby declares that the listed products Type of device: Router RAS family described in the next pages Conform to the Council Directive 1999/5/EC related to radio and telecommunication terminal equipments.

  • Page 10: Product Identification

    PRODUCT OVERVIEW Product identification Router RAS with Ethernet interfaces RAS-E- Ethernet interfaces to Internet • • • M2Me ready • • • User list • • • Remote users firewall • • • Firewall SPI • • • VPN IPSEC & OpenVPN Serial gateway •...
  • Page 11 PRODUCT OVERVIEW Router RAS with Ethernet & Wi-Fi interfaces RAS-EW- Ethernet interfaces to Internet • • Wi-Fi interface (Access point & client) • • M2Me ready • • User list • • Remote users firewall • • Firewall SPI • •...
  • Page 12 PRODUCT OVERVIEW Router RAS with cellular & Ethernet interfaces RAS-EC- Cellular ntwk router LTE 4G - UMTS 3G -GPRS-EDGE • • UMTS 3G -GPRS-EDGE : XY = HG LTE 4G - UMTS 3G -GPRS-EDGE XY =LE Ethernet interfaces to Internet •...
  • Page 13 PRODUCT OVERVIEW Router RAS with cellular, Wi-Fi & Ethernet interfaces RAS-ECW- Cellular ntwk router LTE 4G - UMTS 3G -GPRS-EDGE • • UMTS 3G -GPRS-EDGE : XY = HG LTE 4G - UMTS 3G -GPRS-EDGE XY =LE Ethernet interfaces to Internet •...

  • Page 14: Data-Sheet

    PRODUCT OVERVIEW Data-sheet General characteristics Dimensions 137 x 48 x 116 mm (h, l, p) Electrical safety EN 60950- UL 1950 ESD : EN61000-4-2 : Discharge 6 KV RF field : EN61000-4-3 : 10V/m < 2 GHz Fast transient : EN61000-4-4 Surge voltage : EN61000-4-5 : 4KV line / earth RoHS 2002/95/CE (RoHS)
  • Page 15 PRODUCT OVERVIEW Security Client or server IPSEC or TLS/SSL Encryption AES256 3DES Certificate X509 or preshared key 25 VPNs maximum of the same type (TLS or IPSec) Stateful packet inspection (50 rules) Firewall Source & destination IP address & port number filter Logs Date and time stamped logs Remote access server (RAS)

  • Page 16: Product Overview

    PRODUCT OVERVIEW Product overview 4.1 Main functions of the router RAS Remote maintenance of machines using the M2Me_Connect service The RAS family allows to connect easily and safely a machine to a remote PC, through the M2Me_Connect Internet cloud service, for operation like remote maintenance. When the remote PC is connected, the remote user can exchange any kind of data with each device of the machine network as if his PC was directly connected to the machine network.

  • Page 17: Router Ras Organisation

    The router RAS provides two IP interfaces : The WAN interface to reach the Internet and the LAN interface to connect the machine. WAN interface : Depending on the model, the router RAS provides the following interfaces to reach the Internet : WAN interfaces RAS-E RAS-EW RAS-EC RAS-ECW Ethernet ...

  • Page 18: The M2Me_Connect Connection

    Let’s take the example of a « machine » made of a set of connected devices and connected to the Factory Network via a RAS-E. Assuming that an expert is willing to remotely have access to the machine for breakdown diagnosis, technical data acquisition, Web page display, file or program refreshment, M2Me Connect service enables the remote operator to have access to the machine even if the machine does not have any public IP address.

  • Page 19: Benefits Of The M2Me_Connect Service

    PRODUCT OVERVIEW 4.4 Benefits of the M2Me_Connect service Outgoing connection M2Me connection onto the Internet is powered from the RAS. This non intrusive solution is better admitted than an ingoing connection from the Internet onto the Machine. Private & dynamic IP address The machine connected into a factory network or connected to the Internet via a cellular network does not have a public IP address.

  • Page 20: Use Cases

    PRODUCT OVERVIEW Use cases There are different ways to connect the router RAS to the Internet and to the machine depending on the situation which is encountered and also on the router RAS model. We describe hereafter six typical situations. Page 20 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 21 PRODUCT OVERVIEW Use case Internet Internet access Factory The machine is network connected to the factory network RAS-E through the router RAS. RAS-EW RAS-EC RAS-ECW Factory The machine belongs to network the factory network. RAS-E RAS-EW RAS-EC RAS-ECW Cellular The machine is...

  • Page 22: Use Case Nr 1 : The Machine Is Connected To The Factory Network

    PRODUCT OVERVIEW 5.1 Use case 1 : The machine is connected to the factory network Description The machine is separated from the factory network by the router RAS. The Internet is reached through the factory network. Models Way to the Internet Router RAS interface to Machine interface the Internet...
  • Page 23 PRODUCT OVERVIEW Available functions Connecting the remote PC to each device of the machine network through M2Me  Individual rights for each the remote user  Communication initiated by devices belonging to the machine network towards  devices belonging to the factory network Communication initiated by devices belonging to the factory network towards Enabled by creating devices belonging to the machine network...

  • Page 24: Use Case Nr 2 : The Machine Belongs To The Factory Network

    PRODUCT OVERVIEW 5.2 Use case 2 : The machine belongs to the factory network Description The devices of the machine belong to the factory network. The Internet is reached through the existing access. In that case, the router RAS has to be connected to the factory network with its LAN Ethernet port. Models Way to the Internet Router RAS interface to...

  • Page 25: Use Case Nr3 : The Machine Is Connected Through A Cellular Network

    PRODUCT OVERVIEW 5.3 Use case 3 : The machine is connected through a cellular network Description The Internet is reached through a cellular network. Models Way to the Internet Machine interface RAS-EC Cellular network Ethernet LAN 1 to 4 RAS-ECW Serial interface Machine IP address Rule : The IP domain of the machine network and the IP domain of the remote PC must be different.

  • Page 26: Use Case Nr4 : The Machine Is Connected Through A Wi-Fi Network

    PRODUCT OVERVIEW 5.4 Use case 4 : The machine is connected through a Wi-Fi network Description The Internet is reached through a Wi-Fi network. Models Way to the Internet Machine interface RAS-EC Cellular network Ethernet LAN 1 to 4 RAS-ECW Serial interface Machine IP address Rule : The IP domain of the machine network and the IP domain of the remote PC must be different.

  • Page 27: Use Case Nr 5 : Connecting The Machine Through The Factory & A Cellular Ntwk

    PRODUCT OVERVIEW 5.5 Use case 5 : The machine is connected through the factory & a cellular ntwk Description Reaching the Internet through the factory network may not be immediately authorized or available at the moment of the machine installation; it is the reason why, the router RAS (RAS-EC or RAS-ECW) is able to select the available way to the Internet;...
  • Page 28 PRODUCT OVERVIEW Available functions Connecting the remote PC to each device of the machine network through M2Me  Individual rights for each the remote user  Communication initiated by devices belonging to the machine network towards  devices belonging to the factory network Communication initiated by devices belonging to the factory network towards Enabled by creating devices belonging to the machine network...

  • Page 29: Use Case Nr 6 : Connecting The Machine Through The Wi-Fi & A Cellular Ntwk

    PRODUCT OVERVIEW 5.6 Use case 6 : The machine is connected through a Wi-Fi & a cellular ntwk Description Models Way to the Internet Internet interface Machine interface Wi-Fi network Ethernet WAN RAS-EC Ethernet LAN 1 to 4 RAS-ECW Cellular network Cellular antenna Serial interface Machine IP address...
  • Page 30 PRODUCT OVERVIEW Available functions Connecting the remote PC to each device of the machine network through M2Me  Individual rights for each the remote user  Communication initiated by devices belonging to the machine network towards  devices belonging to the factory network Communication initiated by devices belonging to the factory network towards Enabled by creating devices belonging to the machine network...

  • Page 31: Product Installation

    PRODUCT INSTALLATION Product description 1.1 Dimensions Page 31 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 32: Push-Buttons

    INSTALLATION 1.2 Push-buttons Rear panel push-button Pressing the rear Function panel PB During operation Flashing red The default IP address 192.168.0.128 is selected The current configuration remains active During power-up Flashing red The factory configuration and the default IP address 192.168.0.128 are selected.
  • Page 33 INSTALLATION Wi-Fi Antenna connector Network Type Observation Wi-Fi RP-SMA female Celular Antenna connector Network Type Observation Cellular SMA female 2 positions RS485 screw block (C10) Position Signal Fonction RS485 polarity A RS485 polarity B RJ45 RS232 DCE interface Pos. Signal Function RJ45 DTR - 108...

  • Page 34: Ras-E-100 Router Ras

    INSTALLATION 1.4 RAS-E-100 router RAS LED INDICATORS RAS-E-100 et RAS-EW-100 Designation Function Green The unit is ready Operation Flashing red Hardware default Ethernet M2Me M2Me_Connect not selected Flashing M2Me_Connect connection in progress Green The unit is connected to the M2Me_Connect service...

  • Page 35: Ras-E Or Ras-Ew (Wi-Fi Option)

    INSTALLATION 1.5 RAS-E or RAS-EW (Wi-Fi option) RAS-E-400 RAS-EW-400 RAS-E-220 RAS-EW-220 Page 35 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 36 INSTALLATION LED INDICATORS RAS-E-XYZ et RAS-EW-XYZ Designation Function Green The unit is ready Operation Flashing red Hardware default or unit start step Ethernet M2Me M2Me_Connect not selected Flashing M2Me_Connect connection in progress Green The unit is connected to the M2Me_Connect service...

  • Page 37: Cellular Router Ras-Ec Ou Ras-Ecw (Wi-Fi Option)

    INSTALLATION 1.6 Cellular router RAS-EC ou RAS-ECW (Wi-Fi option) RAS-EC-400 RAS-ECW-400 RAS-EC-220 RAS-ECW220 Page 37 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 38 INSTALLATION LED INDICATORS RAS-EC-XYZ et RAS-ECW-XYZ Designation Fonction Operation Green The unit is ready Power-up The SIM card is not present Hardware failure Cellular SIM card not present – cellular interface disabled Connection Flashing slowly Connection in progress (1st step) Flashing fast Connection in progress (2nd step) Green...

  • Page 39: Mounting The Product On A Din Rail

    Supply voltage RAS-E-400, RAS-EW-400 Vmin : 10 V DC RAS-EC-400, RAS-ECW-400 Vmax = 60 V DC RAS-E-220, RAS-EW-220, RAS-ECW-220 Vmin : 10 V DC Vmax = 30 V DC The power is lower than 7W. Page 39 Machine Access Box RAS...

  • Page 40: Rs232

    INSTALLATION RS232 The RS232 cable must be shorter than 10 meters. Cables can be provided to connect the product to DTE and DCE as follows : RS232 cables (L=1m) Code User connector Cable function CAB592 SubD 9 male To connect a DCE to the router RAS CAB593 SubD 9 female To connect a DTE to the router RAS...

  • Page 41: Connecting The Router To The Cellular Network

    INSTALLATION Connecting the router to the cellular network 8.1 Controls before installing the router Autorisation to use a cellular connection Check the cellular connection is authorised at the location where the router RAS is supposed to be installed. Control of the reception level before installing the machine Before installing the router, refer to a cell map over the Internet to check that the cellular reception signal is strong enough at the location where the machine is supposed to be installed.

  • Page 42: Cellular Service Subscription

    INSTALLATION 8.4 Cellular service subscription The router RAS is designed to connect to the LTE-UMTS-GPRS data transmission service like the one used by the tablets. The subscription should also provide the SMS service if SMS alarms are required. A telephone service subscription is not needed. One will take care to subscribe to a service authorizing the right volume of data per month (MB/month) and to check the price of the MB exceeding the limit of the subscription plan, if it exists.

  • Page 43: Controlling The Conformance Of The Connection

    INSTALLATION 8.6 Controlling the conformance of the connection After installing and setting up the router, control the conformance of the connection : Reception level The reception level must be better than -90 dBm (two flashes of the reception level led indicator). See the table below.

  • Page 45: Preparing The Product Set-Up

    PREPARING THE PRODUCT SET-UP First set-up The first configuration is carried-out with an HTML browser and a PC to the Ethernet LAN port 1 to 4 of the router RAS . Coming from factory, the IP address of the router is 192.168.0.128. Step 1 : Create or modify the PC IP connection.

  • Page 46: Protecting The Access To The Administration Web Server

    PREPARING THE PRODUCT SET-UP Protecting the access to the administration web server  Select Set-up > Security > Administration rights.  Enter an administration identifier and password. Set-up modifications with HTTPS or through the WAN interface The administration web server is located at the LAN IP address. Coming from factory, access to the administration web server is not allowed through the WAN interface To use HTTPS instead of HTTP to setup the product or to authorise access to the administration web server through the WAN interface,...

  • Page 47: Setting-Up The Router With The Wizard

    SETTING-UP THE ROUTER WITH THE WIZARD The Wizard simplifies the Internet connection set-up. 6 use cases can be selected (that 6 use cases have been described in the Overview chapter). Once the Internet connection has been setup with the Wizard, the advanced setup mode makes possible to setup other functions like SMS or email alarm and the firewall.
  • Page 48 SETTING-UP THE ROUTER WITH THE WIZARD “Obtain DNS IP addresses automatically” checkbox : Set that checkbox if the Domain name servers IP addresses are provided ent. Otherwise enter the IP addresses of the DNS primary and secondary servers.  Click « Next « The proxy server page is displayed.
  • Page 49 SETTING-UP THE ROUTER WITH THE WIZARD STEP 3 : MACHINE NETWORK The “machine network” page is displayed. Remark : The IP domain of the machine network must mandatorily be different from the IP domain of the factory network. Otherwise the IP addresses of each device of the machine must be modified. The IP domain of the machine network must also be different form the IP domain of the remote PC.
  • Page 50 SETTING-UP THE ROUTER WITH THE WIZARD The “Device list” page is displayed. That page enables to store the devices list of the machine network. The access right to each of these devices can be then assigned to each remote user. To add a device to the devices list, click the “add »...
  • Page 51 SETTING-UP THE ROUTER WITH THE WIZARD The “Access rights” page is displayed The table of the access rights is displayed. To assign a new right to a user, click the “Add” button select a user in the list select a device in the list Click the «...

  • Page 52: Use Case Nr 2 Set-Up

    SETTING-UP THE ROUTER WITH THE WIZARD Use case 2 set-up All the devices of machine belong to the factory network. The router RAS is also connected to the factory network through its LAN interface. Attention : In that situation, a remote user can access remotely to all the devices connected to the network and not only to the machine devices like in the Use case 1.
  • Page 53 SETTING-UP THE ROUTER WITH THE WIZARD STEP 3 : MACHINE NETWORK The “Device list” page is displayed. That page enables to store the devices list of the machine network. The access right to each of these devices can be then assigned to each remote user. To add a device to the devices list, click the “add »...

  • Page 54: Use Case 3 Set-Up

    SETTING-UP THE ROUTER WITH THE WIZARD Use case 3 set-up The machine is connected to the Internet through a cellular network Use case router RAS Internet Internet interface models access RAS-EC Cellular network Antenna RAS-ECW STEP 1 : SELECT THE USE CASE ...
  • Page 55 SETTING-UP THE ROUTER WITH THE WIZARD «Are machine IP network (LAN) and remote maintenance PC IP network overlapping? question : If the answer is Yes, enter the translated IP domain assigned to the machine.  Click « Next« The “Device list” page is displayed. That page enables to store the list of the devices belonging to the machine network.

  • Page 56: Use Case 4 Set-Up

    SETTING-UP THE ROUTER WITH THE WIZARD Use case 4 set-up The machine is connected to the Internet through a Wi-Fi network. The Wi-Fi interface of the router RAS is used as a Wi-Fi client ; it cannot be used at the same time as an access point.
  • Page 57 SETTING-UP THE ROUTER WITH THE WIZARD «Are machine IP network (LAN) and remote maintenance PC IP network overlapping? question : If the answer is Yes, enter the translated IP domain assigned to the machine.  Click « Next« The “Device list” page is displayed. That page enables to store the list of the devices belonging to the machine network.

  • Page 58: Use Case 5 Set-Up

    SETTING-UP THE ROUTER WITH THE WIZARD Use case 5 set-up The machine is connected to the Internet through the factory network as a priority and also through the cellular network as a backup path. The router RAS switches automatically. Models Way to the Internet case...
  • Page 59 SETTING-UP THE ROUTER WITH THE WIZARD STEP 3 : MACHINE NETWORK The “machine network” page is displayed. Remark : The IP domain of the machine network must mandatorily be different from the IP domain of the factory network. Otherwise the IP addresses of each device of the machine must be modified. The IP domain of the machine network must also be different form the IP domain of the remote PC.
  • Page 60 SETTING-UP THE ROUTER WITH THE WIZARD STEP 4 : REMOTE USERS The “Remote user” page is displayed That page enables to store the authorized remote users list. Remark : Coming from factory, the ID and password of the remote users are checked but not the certificate. To add a remote user, click the “add »...

  • Page 61: Use Case 6 Set-Up

    SETTING-UP THE ROUTER WITH THE WIZARD Use case 6 set-up The machine is connected to the Internet through the Wi-Fi network as a priority and also through the cellular network as a backup path. The router RAS switches automatically. Way to the Internet Models Internet...
  • Page 62 SETTING-UP THE ROUTER WITH THE WIZARD STEP 3 : MACHINE NETWORK The “machine network” page is displayed. Remark : The IP domain of the machine network must mandatorily be different from the IP domain of the factory network. Otherwise the IP addresses of each device of the machine must be modified. The IP domain of the machine network must also be different form the IP domain of the remote PC.
  • Page 63 SETTING-UP THE ROUTER WITH THE WIZARD The “Device list” page is displayed. That page enables to store the devices list of the machine network. The access right to each of these devices can be then assigned to each remote user. To add a device to the devices list, click the “add »...

  • Page 65: Advanced Set-Up

    ADVANCED SET-UP The advanced configuration mode allows to set-up step by step all the functions provided by the router RAS. Function Menu Internet connection set-up WAN interface Ethernet WAN Cellular network Wi-Fi network (the router RAS is a Wi-Fi client) LAN interface set-up LAN Interface The Ethernete &...

  • Page 66: Internet Access Set-Up

    ADVANCED SET-UP Internet access set-up 1.1 Overview Depending on the router RAS model, the following interfaces are provided.  Ethernet WAN (all models), Cellular,  Wi-Fi as a client,   Ethernet LAN (all models), 1.2 Ethernet / WAN interface ...
  • Page 67 ADVANCED SET-UP Choice Ethernet PPPoE “Priority” parameter   That parameter defines the priority of the path when more than one path is selected (Cellular & Ethernet WAN, for instance). The router will use as a priority the path to which the highest value is assigned;...

  • Page 68: Cellular Network Interface

    ADVANCED SET-UP 1.3 Cellular network interface Two SIM cards can be inserted in the router to allow the use of two different cellular networks . The network corresponding o the SIM card Nr1 is the main network, while the other one is the backup network.

  • Page 69: Using The Sim Cards 1 And 2

    ADVANCED SET-UP « Cellular network » parametr : The router RAS is supposed to connect to the best cellular relay available. However, in particular situations, it may be useful to force the router RAS to use a particular service. That parameter gives the choice to select either the LTE 4G service, or the UMTS 3G service or the GPRS- EDGE service.

  • Page 70: Cellular Connection Control

    ADVANCED SET-UP Example : T1 Network 1 failure confirmation time = 20 mn T1 Network 2 failure confirmation time = 20 mn T3 Minimum connection time on network 2 = 12 hours «Network 1 failure confirmation time » parameter See above. Value : 5, 10, 20, 30, 60 mn «Network 2 failure confirmation time »...

  • Page 71: Wi-Fi Interface Setup

    ADVANCED SET-UP Wi-Fi interface setup Remark : The Wi-Fi scanner makes possible to detect the Wi-Fi networks around the router RAS. To use the Wi-Fi scanner, select the Diagnostic > Tools > Wi-Fi scanner menu. To set-up the Wi-Fi interface as a client to reach the Internet, ...

  • Page 72: Lan Interface

    ADVANCED SET-UP LAN interface 2.1 Overview Ethernet switch or hub The LAN interface consists of 1 to 4 switched Ethernet 10/100 BT RJ45 connectors. An option enables to shape a hub instead of a switch for test purposes for instance. IP address of the router RAS on the LAN interface A fixed IP address must be assigned to the LAN interface of the router RAS.

  • Page 73: Ethernet & Ip Menu

    ADVANCED SET-UP IP adresses allocation Case 1 : Remote users connection Case 2 : VPN set between 2 routers 2.2 Ethernet & IP menu  Select Set-up > LAN Interface > Ethernet & IP Ethernet ports « hub mode enable» checkbox : If the checkbox is selected, the LAN ports behaves like a hub.
  • Page 74 ADVANCED SET-UP Remote access menu «Automatic management of the remote users» checkbox : If that checkbox is selected, the router RAS allocates automatically an unused IP address of the LAN network to a remote user when he connects. Unselect that checkbox to set-up the pool of fixed IP addresses which can be allocated to the remote users. That IP addresses must belong to the LAN domain.

  • Page 75: Wi-Fi Access Point Set-Up

    ADVANCED SET-UP 2.3 Wi-Fi access point set-up Remark : The Wi-Fi module can be set-up either like a client or like an access point. To set-up the Wi-Fi access point,  Select the Set-up > LAN interface > Wi-Fi acces point menu ...

  • Page 76: Device List Set-Up

    ADVANCED SET-UP 2.4 Device list set-up To set-up the device list,  Select the Set-up > LAN interface > device list menu To add a device to the list, Click the « Add » button  Assign a name and an IP address to the device ...

  • Page 77: Dhcp Server Menu

    ADVANCED SET-UP 2.5 DHCP server menu The router RAS can behave like a DHCP server over the LAN interface. In that case, a pool of addresses must be reserved ; the addresses of the pool are automatically distributed to the devices of the LAN acting as DHCP clients. The addresses of the LAN domain which do not belong to that pool can be allocated as fixed IP addresses to particular devices.

  • Page 78: M2Me_Connect Connection Set-Up

    ADVANCED SET-UP M2Me_Connect connection set-up The M2Me_Connect connection is a VPN set from the router RAS to the M2Me_Connect server. The VPN can be transported in UDP or TCP.  Select the Set-up > Remote access > M2Me_Connect « TCP port » & « UDP ports » parameters : Enter the selected UDP and TCP ports the router will have to test to set the M2Me VPN.

  • Page 79: Remote Access Connection

     Data encryption Data is encrypted from end to end.  PC, Tablet, smartphone The solutions provided by the ETIC router are suitable as well for Windows PCs or tablets or smartphones (Androïd or IOS). To set-up a remote connection,...
  • Page 80 ADVANCED SET-UP  Select Set-up > Remote access > Remote access servers Page 80 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 81: Types Of Remote Access Connections

    ADVANCED SET-UP 4.2 Types of remote access connections Four types of remote access connections can be set-up : OpenVPN., PPTP, L2TP/IPSec, HTTPS. Remote user Authentication Encryption Identification OpenVPN Login Optionally a certificate PPTP Login L2TP/IPSec Login PWD and Preshared Key or certificate HTTPS Login That four types of connection can be implemented in PCs, tablets or smartphones.

  • Page 82: Https Connection And Portal For Smartphones, Tablets Or Pcs

    It means that a simple HTML / HTTP unsecure server can be used remotely through the internet in a safe way. When a remote user connects to the ETIC router using an HTTPS secure connection, the portal displays the list of the html servers to which he has the right to access.

  • Page 83: Set-Up

    To access to the HTTPS internet portal from the Internet,  Launch the browser  Enter : https:// « Internet IP address of the ETIC router»  Enter the login and password when the identification window is displayed. The Web portal page displays the list of the web servers to which it is possible to connect according to the user identity.

  • Page 84: Openvpn Remote User Connection

    Select the “Login / password” value or the “Login/password & certificate” value if the certificate of he remote PC must be checked. In that case, the certificate of the remote PC must be stored in the ETIC router (see the table at the top of the page).

  • Page 85: Pptp Connection

    Select the “Login / password” value or the “Login/password & certificate” value if the certificate of the remote PC must be checked. In that case, the certificate of the remote PC must be stored in the ETIC router (see the table at the top of the User list page).

  • Page 86: User List

    ADVANCED SET-UP User list It is necessary to register at least one remote use in the user list. The users list is able to register 25 authorised remote users forms. Each user form stores the identity of the user (Login and password), his email address to send alarm emails and his mobile telephone number to send alarm SMS to him.
  • Page 87 ADVANCED SET-UP To register a remote user in the user list, Click the « ADD » button located under the user list.  Enter the identity of the user (Login and password), his email address to send alarm emails. Page 87 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 88: Assigning Rights To Remote Users

    ADVANCED SET-UP Assigning rights to remote users Individual access rights to the network can be assigned to each user. The list of devices of the LAN network must have been registered previously (LAN interface menu). To grant access rights to a remote user, Select the set-up, remote access, access rights menu.

  • Page 89: Ipsec Vpns Set-Up

    The router which initiates the IPSec VPN is called the initiator; the other one is called the responder.  Preshared key authentication Only one preshared key can be stored in one ETIC router; it is used by all the VPNs and also by the L2TP/IPSec remote user connection.

  • Page 90: Ipsec Vpn Connection Set-Up

    ADVANCED SET-UP 7.2 IPSec VPN connection set-up  Select the Set-up> Network > IPSec VPN menu The IPSec VPN home page is displayed. Page 90 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 91 ADVANCED SET-UP To add an IPSec VPN connection, click « Add». The set-up page of the new VPN connection is displayed. Page 91 Machine Access Box RAS DOC_DEV_RAS_User guide_A...
  • Page 92 « My SubjectAlt name » parameter: Enter the 'SubjectAltName' value of the active certificate of the current router. If the active certificate is an ETIC TELECOM certificate, that field is the email field. Remote « SubjectAlt name » parameter : Enter the 'SubjectAltName' value of the active certificate of the remote router.
  • Page 93 ADVANCED SET-UP « » & « Remote WAN Netmask” parameters (initiator only): Remote WAN IP address Enter the WAN IP address of the remote router Remark : This address is the address of the router towards which the VPN must be set. IKE phase 1 section IKE phase 1 performs mutual authentication between the two parties with the end result of having shared secret keys.
  • Page 94 ADVANCED SET-UP IKE phase 2 Section The purpose of IKE phase two is to negotiate the IPSec parameters (general parameters, encryption, SA life- time…). The result of the IKE phase 2 is the encrypted tunnel between the two routers. «Protocol » parameter : This parameter enables to set-up the IPSec transport protocol.

  • Page 95: Openvpn Type Vpn Connection

    The authentication of the two participants to the VPN connection can also be carried-out using certificates in addition to a Login and password. Coming from factory , a certificate produced by ETIC TELECOM is registered in the ETIC router. Other kinds of X509 certificates can be added. (see the Set-up>Security>X509 certificate).
  • Page 96 ADVANCED SET-UP Page 96 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 97: Set-Up Principles

    Set-up principles  VPN server set-up If the ETIC router behaves like a VPN server, it means that the ETIC router has to receive at least one ingoing connection, the set-up has to be carried-out in two steps : Step 1 : Configuration of the parameters of the OpenVPN server.

  • Page 98: Openvpn Server Set-Up

    ADVANCED SET-UP 8.2 OpenVPN server set-up Select the « Add » button located just below the VPN server table  “Port number” & “protocol” parameters : Select the port Nr and the type of level 3 protocol used to transport OpenVPN. Attention : The port number value must be different from the one used by remote users.
  • Page 99 Programming static routes is not necessary.  If that option is not selected, a device connected to a VPN client ETIC router can exchange data with a device connected to the LAN network of the VPN server, but not with a device connected to one other VPN client ETIC router.

  • Page 100: Setting Up An Outgoing Connection

    That address can be a public IP address or a domain name or a DynDNS or NoIP address. « Backup VPN server IP address» parameter : The client VPN ETIC router is able to set a backup VPN if the main VPN fails. “Port number” & “protocol” parameters : Select the port Nr and the type of level 3 protocol used to transport OpenVPN.
  • Page 101 «Attach the VPN to a specific interface» list : An outgoing OpenVPN connection is normally attached to the main WAN interface of a ETIC router, for instance the cellular interface in the case of cellular router like IPL-C or RAS-EC.

  • Page 102: Setting Up An Ingoing Vpn Connection

    « Common name» parameter : Enter the value of the field 'SubjectAltName' of the active certificate of the remote ETIC router. If the active certificateof the remote router is delivered by ETIC TELECOM, that field is the email field. Page 102...

  • Page 103: Ip Routing

    Once an iP address has been assigned to the R2 router on the LAN interface and another one on the WAN interface (see drawing hereafter), the ETIC router is ready to route frames … … between devices connected to the remote LAN network like RL1, and devices connected to the LAN network like L1 through a VPN;...
  • Page 104 ADVANCED SET-UP Router 2 static routes : Active Route name Destination Netmask Gateway Network 6 192.168.6.0 255.255.255.0 192.168.5.1 Network 1 192.168.1.0 255.255.255.0 192.168.2.1 Network 192.168.4.0 255.255.255.0 192.168.5.128 Remote WAN Remark : It is not necessary to enter in the router R2 the static route to the WAN network nor to the remote LAN network, that routes have been automatically created by the router respectively when the WAN IP address has been entered and when the VPN has been configured.

  • Page 105: Rip Protocol

    ADVANCED SET-UP 9.3 RIP protocol RIP (Routing Information Protocol) is a routing protocol which enables each router belonging to a network to acquire the routes to any subnet. The principle is as follows : Routing table Each router holds a routing table. Each entry of the table consists in the destination subnet address and the adjacent router address leading to that subnet.

  • Page 106: Network Address Translation (Nat)

    If routing tables cannot be registered nor a VPN, the solution can be to use the Port forwarding function : When W1 needs to transmit frames to PLC1, it transits the frames to the ETIC router on a particular port number.

  • Page 107: Set-Up

    ADVANCED SET-UP Service in Device out Service out 192.168.0.15 192.168.0.16 192.168.0.17 11.2 Set-up To set-up a port forwarding rule,  Select > Network> Routing > Port forwarding menu,  Click the Add button,  Enter the characteristics of the frames which must be forwarded : Source IP address, Port number (destination) ...

  • Page 108: Advanced Nat

    The advanced NAT function consists in modifying the source or destination IP addresses and port number of the frames received by the ETIC router on its LAN or WAN interface. It applies to all the frames received by the router on any of its two interfaces except to the IP packets contained in a remote user connections.

  • Page 109: Set-Up

    ADVANCED SET-UP 12.2 Set-up To set the advanced address translation functions, select the setup >Network>Advanced NAT menu.  To create a new DNAT rule,  click “Add a DNAT” rule.  Select “Yes” to enable the rule.  Enter the characteristics of the IP frames which must be modified by the DNAT rule. Source IP address &...

  • Page 110: Dyndns Or Noip Set-Up

    ADVANCED SET-UP DynDNS or NoIP set-up 13.1 Overview The DynDNS or the NoIP services make possible to connect remotely to a device over the Internet even if the IP address of that device is dynamic. The IP address of the device has to be a public IP address. For instance, if a remote PC needs to connect to a RAS-EC or a IPL-C cellular router, DynDNS or NoIP solutions will help only if the IP address assigned by the mobile data service provider to the “antenna”...
  • Page 111 ADVANCED SET-UP « Enable» checkbox : Select that checkbox. When you wish to set a connection toward the RAS-3G (PPTP, TLS, VPN …), enter the DynDNS host name instead of the antenna IP address of the RAS-3G router. Page 111 Machine Access Box RAS DOC_DEV_RAS_User guide_A...

  • Page 112: Firewall Set-Up

    ADVANCED SET-UP Firewall set-up 14.1 Overview The firewall filters IP frames between the LAN interface on one hand and the WAN interface,  or transmitted inside a VPN,  or transmitted inside a remote user connection,  on the other hand. It consists of three parts : ...

  • Page 113: Main Filter

    ADVANCED SET-UP 14.2 Main filter The main filter applies to all the IP packets except to the ones included in remote users connections. To recognize a TLS remote user connection, the router detects the port number. 14.2.1 Main filter prganisation ...
  • Page 114 ADVANCED SET-UP If the packet does not match any of the rules of the table, the default policy is applied to the packet (Allow or Deny). Remark : Coming from factory, the main filter is set-up as follows : The traffic carried inside the VPNs is authorized. The traffic carried outside the VPNs is authorized when it is initiated by a device belonging to the LAN network.

  • Page 115: Serial To Ip Gateway Configuration

    ADVANCED SET-UP Serial to IP gateway configuration 15.1 Overview The IPL provides optionally 1 or 2 serial RS232, RS232, RS485 or RS422 ports. A serial gateway can be assigned to each port . A serial gateway makes possible to use the IP network to transport serial data between two or several serial devices or directly with devices connected to the Ethernet network.
  • Page 116 ADVANCED SET-UP The gateways listed below are provided by the IPL router :: Modbus client or server (i.e. master or slave) To connect several serial modbus slaves to several IP modbus clients. Or to connect a serial modbus master to an IP modbus server. RAW TCP server or client : To connect 2 serial devices through an IP network.

  • Page 117: Modbus Gateway

    Modbus TCP devices connected to the IP network. Remark : Several ETIC router models provides two serial ports; one Modbus client gateway can be assigned to the port 1 and a Modbus client gateway to the port 2 using both the 502 TCP port.

  • Page 118: Modbus Server Gateway

    ADVANCED SET-UP 15.2.3 Modbus server gateway This gateway allows to connect serial modbus slaves to the serial interface of the ETIC router.  Select the modbus menu and then modbus server and enable the modbus server gateway and set the parameters as follows : “Port selection”...

  • Page 119: Modbus Client Gateway

    ADVANCED SET-UP 15.2.4 Modbus client gateway This gateway allows to connect a serial modbus master to the serial interface of the IPL-AD2.  Select the modbus menu and then “modbus client” menu; enable the “modbus client” gateway and set up the parameters as follows : “Port selection”...

  • Page 120: Raw Tcp Gateway

    (also called server) located on the IP network. The server can be either an ETIC gateway or a PC including a software TCP server.  Select the “transparent” and then the “raw client COM1” or the “raw client COM2” menu .

  • Page 121: Raw Server Gateway

    ADVANCED SET-UP 15.3.2 Raw server gateway That gateway can be used if a serial slave device has to answer requests coming from devices located on the IP network and acting like a master (also called TCP client).  Select the “transparent” and then the “raw server COM1” or the “raw server COM2” menu. ...

  • Page 122: Raw Udp Gateway

    ADVANCED SET-UP 15.4 RAW UDP gateway 15.4.1 Overview The RAW UDP gateway enables you to connect together a group of serial or IP devices through an IP network. The group can include IP devices if they have the software pieces able to receive or transmit serial data inside UDP.

  • Page 123: Usb Gateway

    “Accept WAN traffic” checkbox: It is necessary to select that checkbox it the PC is connected to the network through the ETIC router the WAN interface. It is not necessary to select that checkbox if the remote PC is connected to the RAS through a VPN or through the LAN interface.

  • Page 124: Alarm Email Or A Sms

    SMTP client section « Use the M2Mail service » parameter (email choice) : ETIC TELECOM provides a SMTP service which can be used to send the alarm mail without additional set-up. Select that option to send the alarm mail through this service.

  • Page 125: Snmp Traps

    That certificate can be used to set a VPN between two routers. An ETIC router can set a VPN with another one only if the certificates of both routers have been provided by the same authority. Additional X509 certificates, provided by ETIC TEECOM or not, can be registered into the ETIC router.

  • Page 127: Maintenance

    MAINTENANCE Diagnostic menu 1.1 Logs To display the logs,  Select The Diagnostic > Logs menu. Main logs It registers the following events : SIM card status WAN interface connection / disconnection VPNs connection / disconnection Remote users connection / disconnection Router power-up or reset OpenVPN &...

  • Page 128: Network Status

    MAINTENANCE 1.2 Network status To display the Interfaces status pages :  Select The Diagnostic > Network status>Interfaces menu. The Interfaces page summarizes the current information of each interface of the router, like for instance : LAN interface : MAC and IP address Ethernet ports status …...

  • Page 129: Serial Gateways Status

    The Wi-Fi scanner displays the main information about each Wi-Fi network : MAC address of the access point, SSID, reception level. Remark : The Wi-Fi interface of the ETIC router needs to be registered as a Wi-Fi client interface. Page 129...

  • Page 130: Saving Or Restoring A Set Of Parameters

    In a second step, any set stored inside the router and displayed with the Configurations table can be saved as an editable file stored outside the ETIC router. Inversely, a saved file can be loaded to the product Configurations table and then, if necessary, declared as the active set of parameters.

  • Page 131: Firmware Update

    Firmware update The firmware update can be carried-out locally or remotely. If the firmware update operation do not succeed, for instance if the connection fails, the ETIC router restarts with the current firmware. Once the firmware update has been carried-out, the ETIC router restores the previous current set of parameters.
  • Page 132 ETIC TELECOM 13 chemin du vieux Chêne 38240 Meylan France contact@etictelecom.com...

This manual is also suitable for:

Ras-ewRas-ecRas-ecw

Table of Contents