1. Manuals
  2. Brands
  3. SMC Networks Manuals
  4. Network Router
  5. BR14VPN - annexe 1
  6. User manual

SMC Networks Barricade BR14VPN User Manual

Vpn 4/8-port broadband router
Hide thumbs Also See for Barricade BR14VPN:
Table of Contents

Advertisement

Quick Links

i

Advertisement

Table of Contents
loading

Related Manuals for SMC Networks Barricade BR14VPN

Summary of Contents for SMC Networks Barricade BR14VPN

  • Page 2 Copyright Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
  • Page 3 Compliances FCC - Class B This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with instructions, may cause harmful interference to radio communications.
  • Page 4 EC Conformance Declaration – Class B SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II Calle Fructuos Gelabert 6-8, 2o, 4a 08970 – Sant Joan Despi Barcelona, Spain This equipment complies with the requirements relating to electromagnetic compatibility, EN 55022/A1 Class B, and EN 50082-1.

  • Page 5: Table Of Contents

    1 | SYSTEM REQUIREMENTS 2 | EQUIPMENT CHECKLIST 3 | FUNCTIONS AND FEATURES 4 | PANEL LAYOUT 5 | HARDWARE INSTALLATION 6 | NETWORK SETTINGS AND SOFTWARE INSTALLATION 6.1 | Installing TCP/IP 6.2 | Setting up TCP/IP 6.3 | Obtaining an IP Address 6.4 | Configuring a Macintosh Computer 6.5 | Verifying Your TCP/IP Connection 7 | CONFIGURING YOUR BROADBAND VPN ROUTER...
  • Page 6 7.9 | Advanced Setup - VPN 7.9.1 | IPSec Tunnel 7.9.2 | IKE Proposal 7.9.3 | IPSec Proposal 7.9.4 | Dynamic VPN 7.9.5 | PPTP/L2TP Server 7.10 | Advanced Setup - SNMP 7.11 | Advanced Setup - ROUTING 7.12 | Advanced Setup - MISCELLANEOUS 7.13 | Advanced Setup –...

  • Page 7: System Requirements

    1 | System Requirements • Internet access from your local telephone company or Internet Service Provider (ISP) using a DSL modem, cable modem, Dial-Up modem, or ISDN modem • A PC using a fixed IP address or dynamic IP address assigned via DHCP, as well as a Gateway server address and DNS server address from your service provider •...

  • Page 8: Functions And Features

    3 | Functions and Features Broadband Modem and NAT Router 10/100 Mbps Ethernet Interface Auto-sensing Ethernet Switch VPN Supported Firewall DHCP Server Supported Web-based Configuration Network Filter Supported Universal Plug and Play (UPnP) Supported Virtual Server Supported User Defined Application Sensing Tunnel DMZ Host Supported SNMP Supported...

  • Page 9: Panel Layout

    4 | Panel Layout The following figure shows the front panel layout, which is followed by a table describing in detail the status and function of each LED. SMCBR14VPN Front Panel SMCBR18VPN Front Panel Function Color Power Power Green indicator System Orange status...

  • Page 10: Hardware Installation

    SMCBR18VPN Front Panel: 8 LAN, 1 WAN, and 1 COM port Port Type 5 VDC Port 1–4/8 5 | Hardware Installation The router can be placed anywhere in your office or home. No special wiring or cooling requirements are necessary. However, you should comply with the following guidelines: •...

  • Page 11: Installing Tcp/Ip

    You must first verify that the TCP/IP communication protocol is properly installed and the computer is configured to get its IP address via the DHCP Server that is built-into this router. If you have not previously installed TCP/IP protocols on your client PCs, refer to the following section.

  • Page 12: Obtaining An Ip Address

    into your CDROM drive and check the correct file location, e.g., D:\win98, D:\win9x. (if D is the letter of your CD-ROM drive). 9. Windows may prompt you to restart the PC. If so, click the Yes button. If Windows does not prompt you to restart your computer, do so to insure your settings. Windows NT From the Windows desktop click Start/Settings/Control Panel.

  • Page 13: Configuring A Macintosh Computer

    6.4 | Configuring a Macintosh Computer You may find that the instructions here do not exactly match your screen. This is because these steps and screen shots were created using Mac OS 10.2. Mac OS 7.x and above are all very similar, but may not be identical to Mac OS 10.2.

  • Page 14: Configuring Your Broadband Vpn Router

    7 | Configuring Your Broadband VPN Router Before you attempt to log into the web-based Administration, please verify the following. Your browser is configured properly (see below). 2. Disable any firewall or security software that may be running. 3. Confirm that you have a good link LED where your computer is plugged into the Router.

  • Page 15: Setup Wizard

    Note that there are two different Web user interfaces, one for general users and one for the system administrator. To log on as an administrator, enter the system password (default password is smcadmin) and click the LOGIN button. If you typed the password correctly, the left panel of the Web user interface changes to the administrator configuration mode as shown in the following figures.
  • Page 16 Cable Modem The cable modem option allows you to configure a host name and MAC Address. The Host Name is optional, but may be required by some ISPs. The default MAC address is set to the WAN’s physical interface on the Router. Use this address when registering for Internet service, and do not change it unless required by your ISP.
  • Page 17 Fixed-IP xDSL Some xDSL Internet Service Providers may assign a fixed (static) IP address. If you have been provided with this information, choose this option and enter the assigned IP address, gateway IP address, DNS IP addresses, and subnet mask. PPPoE xDSL Enter the PPPoE User Name and Password assigned by your Service Provider.
  • Page 18 PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary. If you have been provided with the information as shown on the screen, enter the assigned IP address, subnet mask, default gateway IP address, user ID and password, and PPTP Gateway.
  • Page 19 BigPond If you use the BigPond Internet Service which is available in Australia, enter your username and password and apply the changes. L2TP Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary.
  • Page 20 will be dropped and will automatically re-establish the connection as soon as you attempt to access the Internet again. Dial-Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broadband connectivity is unavailable.

  • Page 22: Advanced Setup - System

    7.4 | Advanced Setup – SYSTEM Time Zone Use the section below to configure the Barricade's system time. Select your timezone and configure the daylight savings option based on your location. This information is used for the time/date parental rules you can configure with the Barricade's Advanced Firewall. This information is also used for your network logging.
  • Page 23 Password Settings Use this section to configure the 2 password accounts and idle time-out setting for your Barricade Router. There are 2 levels of admin access for this VPN Router: The Administrator account has Read/Write permission to view and change any settings. The default password for this account is "smcadmin".
  • Page 24 Syslog Server The Syslog Server tool will automatically download the Barricade log to the server IP address specified by the user. Enter the Server LAN IP Address and select the Enable radio button to enable this function. The broadband router is also able to send the log files to a specific email address.

  • Page 25: Advanced Setup - Wan

    7.5 | Advanced Setup - WAN Dynamic IP The cable modem option allows you to configure a host name and MAC Address. The Host Name is optional, but may be required by some ISPs. The default MAC address is set to the WAN’s physical interface on the Router.
  • Page 26 PPPoE Enter the PPPoE User Name and Password assigned by your Service Provider. The Service Name is normally optional, but may be required by some service providers. Leave the Maximum Transmission Unit (MTU) at the default value unless you have a particular reason to change it.
  • Page 27 PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary. If you have been provided with the information as shown on the screen, enter the assigned IP address, subnet mask, default gateway IP address, user ID and password, and PPTP Gateway.
  • Page 28 BigPond If you use the BigPond Internet Service which is available in Australia, enter your username and password and apply the changes. L2TP Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary.
  • Page 29 Dial Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broadband connectivity is unavailable. Enter the phone number, account name and password assigned to you by your ISP.

  • Page 30: Advanced Setup - Lan

    7.6 | Advanced Setup - LAN This is the local IP address of the router. All networked computers must use the LAN IP address of the router as their default Gateway. However, if necessary, it can be changed. Here you can configure the LAN IP address for the router and enable/disable the DHCP server for dynamic client address allocation.
  • Page 31 You also have the option to configure more advanced settings by clicking the “More” button. You can configure the router’s DHCP server to give out specific Primary and Secondary DNS, Primary and Secondary WINS, and an alternate Gateway (in the event that the router is not the Internet gateway).

  • Page 32: Advanced Setup - Nat

    7.7 | Advanced Setup - NAT 7.7.1 | Virtual Server The firewall of the router filters out unrecognized packets to protect your intranet. This means that all network hosts are invisible to the outside world. However, some of the hosts can be made accessible by enabling the Virtual Server mapping.

  • Page 33: Special Applications

    For example, if you have an FTP server (port 21) at 192.168.123.1, a Web server (port 80) at 192.168.123.2, and a VPN server at 192.168.123.6, you need to specify the following virtual server mapping as shown in the table below: Service Port 1723 The “IP Address”...

  • Page 34: Virtual Computer

    For a full list of ports and the services that run on them, see http://www.iana.org/assignments/port-numbers 7.7.3 | Virtual Computer Use the “Virtual Computer” option to maintain the privacy and security of the local network. Virtual Computer enables you to use the original NAT feature, and allows you to setup the one-to-one mapping of multiple global IP address and local IP address.

  • Page 35: Url Blocking

    You can select one of the two filtering policies: • Allow all to pass except those that match the specified rules • Deny all to pass except those that match the specified rules You can apply up to 8 rules for each direction, inbound or outbound. For each rule you can define the following: •...

  • Page 36: Mac Filter

    7.8.3 | MAC Filter MAC Address Filtering allows you assign different access rights to various users and you can also assign a specific IP address to a certain MAC address. Select the Enable radio button to enable the MAC Address Control. All of the settings on this screen take effect when Enable is checked.

  • Page 37: Schedule Rule

    7.8.4 | Schedule Rule Set scheduled times to be used to control what time of day a service or set of services is enabled. Use this section to configure up to 10 Schedule Rules to limit network access based on time and day. To create a schedule rule click the [Add Schedule Rule...] link below. Enter a rule name into the text field next to “Name of Rule 1”.

  • Page 38: Advanced

    The Schedule Rule screen appears. It now shows your setting for Rule 1. If you need to make changes to your setting, click the Edit button. If you want to delete Rule 1, click the Delete button. 7.8.5 | Advanced In this section you can enable/disable Stateful Packet Inspection (SPI), Discard Ping from WAN, and PPTP and IPSec VPN Passthrough types.

  • Page 39: Dmz

    7.8.6 | DMZ If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall, then you can open the client up to unrestricted two-way Internet access by defining a Virtual DMZ Host. 7.9 | Advanced Setup - VPN 7.9.1 | IPSec Tunnel VPN settings are used to create virtual private tunnels to remote VPN gateways.
  • Page 40 • VPN: VPN protects network information from intruders. However, it greatly decreases network throughput. Enable it only when a security tunnel is absolutely necessary. This feature is disabled by default. • Max. Number of Tunnels: Set the number of tunnels that are allowed to be in operation simultaneously.

  • Page 41: Ike Proposal

    Options • Select IKE proposal: Click this button to setup a set of frequently used IKE proposals for the dedicated tunnel. • Select IPSec proposal: Click this button to setup a set of frequently used IPSec proposals for the dedicated tunnel. The tunnel name is equal to the name you configured on the previous page of VPN settings.

  • Page 42: Ipsec Proposal

    • Life Time: The unit of Life time is based on the value of the life time unit, which can be seconds or KB. If the value of the unit is seconds, the value of life time represents the life time of the dedicated VPN tunnel between both end gateways. Its value can range from 300 to 172,800 seconds.
  • Page 43 • Proposal Name: The proposal name indicates which IPSec proposal will be monitored. The first character of the name with the value of 0x00 stands for the IPSec proposal that is not available. • DH Group - Three groups can be selected: Group 1 (MODP768) Group 2 (MODP1024) Group 5 (MODP1536)

  • Page 44: Dynamic Vpn

    7.9.4 | Dynamic VPN When using the VPN Dynamic IP Setting, the router functions as a Dynamic VPN server. The Dynamic VPN server does not check the VPN client IP information - this means that you can build a VPN tunnel with a VPN gateway from any remote host, regardless of the IP information.

  • Page 45: Pptp/L2Tp Server

    7.9.5 | PPTP/L2TP Server Point-to-Point and Layer 2 Tunneling Protocols (PPTP / L2TP) allows the secure remote access over the Internet by simply dialing in a local point provided by an ISP. The following screen displays the management interface where you enter username and passwords for authorized remote users, the authentication protocol, and the IP address range to assign to those users: The VPN Broadband Router supports PAP, CHAP and MS-CHAP authentication protocols.

  • Page 46: Advanced Setup - Snmp

    7.10 | Advanced Setup - SNMP The Simple Network Management Protocol (SNMP) lets you manage a computer network remotely by polling and setting terminal values and monitoring network events. • Enable SNMP: You can check Local, Remote, or both options to enable the SNMP function.

  • Page 47: Advanced Setup - Routing

    7.11 | Advanced Setup - ROUTING The Routing Table lets you determine which physical interface address to use for outgoing IP data grams. If you have more than one router and subnet, you will have to enable the routing table to allow packets to find the routing path. This allows different subnets to communicate with each other.

  • Page 48: Advanced Setup - Miscellaneous

    7.12 | Advanced Setup - MISCELLANEOUS If you experience difficulties accessing an FTP server that is running on a port other than 21, you can enter that port in the “Non-standard FTP port” and apply the changes. Wake-on-LAN is a technology that lets you power up a networked router remotely. To use this feature, the target network adapter must be Wake-on-LAN enabled and you have to know the MAC address of the adapter.

  • Page 49: Advanced Setup - Display Status

    7.13 | Advanced Setup – DISPLAY STATUS Enable the Display Status option to view the WAN connectivity settings on the login page. When this is enabled, the login page appears as follows: 7.14 | DDNS (Dynamic DNS) Dynamic DNS provides users on the Internet a method to tie their domain name(s) to computers or servers.

  • Page 50: Upnp (Universal Plug-And-Play)

    7.15 | UPnP (Universal Plug-and-Play) The Universal Plug and Play architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPnP enables seamless proximity networking in addition to control and data transfer among networked devices in the home, office and everywhere in between.

  • Page 51: Status

    7.17 | Status You can use the Status screen to see the connection status for Barricade's WAN/LAN interfaces, firmware and hardware version numbers, any illegal attempts to access your network, as well as information on all DHCP client PCs currently connected to your network.

  • Page 53: Ipsec Settings Guide (For Reference/Example Only)

    8 | IPSec Settings Guide (For Reference/Example Only) 8.1 | Tunnel between two SMCBR14VPN The easiest way to construct a VPN tunnel between two sites is to use two SMCBR14VPNs, which are connected to the internet. The steps to follow to create an IP tunnel between are the following: •...
  • Page 54 Set the VPN settings as follows: VPN: Enable Max. number of tunnels: Tunnel Name: Method: When finished, click “More”. VPN Settings – Tunnel 1 – IKE...

  • Page 55: Settings For Router 2

    Set the Tunnel 1 IKE settings as follows: Tunnel 1: Local Subnet: 192.168.1.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip2.smc.com Preshare Key: mypresharedkey When finished, save your settings. 8.1.2 | Settings for router 2 VPN Router WAN IP Address: ip2.smc.com LAN IP Address: 192.168.2.1 192.168.2.xxx...
  • Page 56 Set the VPN settings as follows: VPN: Enable Max. number of tunnels: Tunnel Name: Method: When finished, click “More”. VPN Settings – Tunnel 1 – IKE...
  • Page 57 Set the Tunnel 1 IKE settings as follows: Tunnel 1: Local Subnet: 192.168.2.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip1.smc.com Preshare Key: mypresharedkey When finished, save your settings.
  • Page 58 8.1 3 | Common Sett ngs for both routers VPN Settings – Tunnel 1 – Set IKE Proposal Set the Tunnel 1 IKE Proposal settings as follows: Proposal Name: DH Group: Group2 Encypt. algorithm: 3DES Auth. algorithm: SHA1 Life Time: 10000 Life Time Unit: Sec.

  • Page 59: Tunnel Between A Smcbr14Vpn And Standalone Client

    VPN Settings – Tunnel 1 – Set IPSec Proposal Set the Tunnel 1 IPSec Proposal settings as follows: Proposal Name: DH Group: Group2 Encap. protocol: Encrypt. algorithm: Auth. Algorithm: Life Time: 10000 Life Time Unit: Sec. When finished, save the settings. Now to view the VPN connection process, go to the STATUS page and view the System Log.

  • Page 60: Pptp/ L2Tp Configuration Example

    8.3 | PPTP/ L2TP configuration example Pease note that the virtual address of the L2TP and PPTP server have to be different. PPTP • Step 1: Go to the PPTP Server section and select the Enable radio button • Step 2: Change the virtual IP value if necessary (this is the IP network that your PPTP clients will automatically be connected to) •...
  • Page 61 55 55...

  • Page 62: Troubleshooting

    9 | Troubleshooting A. Verifying your connection to the router If you are unable to access the Router’s web-based administration pages, then you may not be properly connected or configured. To determine your TCP/IP configuration status please follow the steps below: 1.
  • Page 63 F. I am having problems establishing a PPPoE xDSL WAN connection Some ISP’s require you to enter the domain name in addition to your username and password. For instance, for SBC Global, enter username@sbcglobal.net. For Ameritech users, enter username@ameritech.net. BellSouth users may need to enter username@bellsouth.net and Mindspring subscribers enter username@mindspring.com.
  • Page 64 J. I forgot my password and can no longer log into the router. You should restore your router to factory defaults via its hardware reset button. Locate the reset button (to the right of the power input). While the device is powered on, use a paper clip to depress this button for about 5-7 seconds and then release.

  • Page 65: Questions And Awnsers

    Microsoft uses an embedded L2TP/IPSEC VPN implementation. In order to use the Microsoft standard VPN client, one has to disable the IPSEC on the PC. Please refer to Microsoft help to perform this operation. 9.1 | Questions and Awnsers What is the difference between SMCBR14VPN and SMCBR18VPN? The SMCBR14VPN has 4 LAN ports and the SMCBR18VPN HAS 8 LAN ports.

  • Page 66: Technical Specifications

    10 | Technical Specifications Standards: IEEE 802.3 10Base-T Ethernet IEEE 802.3u 100Base-TX Fast Ethernet Hardware / Ports: LAN Port 4x RJ45, 10/100 Mbps with Auto-MDI/MDIX (BR14VPN) 8x RJ45, 10/100 Mbps with Auto-MDI/MDIX (BR18VPN) WAN Port 1x RJ45, 10/100 Mbps with Auto-MDI/MDIX COM Port 1x DB9 (male), Up to 115200bps Input Power...
  • Page 67 Dynamic IP L2TP PPTP BigPond Static IP Input Power: 5V 2A Operating Temperature: 0~40 Humidity: 10%~90% non-condensing Compliances: VCCI...

  • Page 68: Terminology

    11 | Terminology 10BaseT - Physical Layer Specification for Twisted-Pair Ethernet using Unshielded Twisted Pair wire at 10Mbps. This is the most popular type of LAN cable used today because it is very cheap and easy to install. It uses RJ-45 connectors and has a cable length span of up to 100 meters.
  • Page 69 DES - Data Encryption Standard. A cryptographic encryption algorithm that is part of many standards. DHCP - Dynamic Host Configuration Protocol. This protocol automatically configures the TCP/IP settings of every computer on your home network. DMZ - Allows a networked computer to be fully exposed to the Internet. This function is used when the special application sensing tunnel feature is insufficient to allow an application to function correctly.
  • Page 70 ISAKMP - Internet Security Association and Key Manangement Protocol. The basis for IKE. ISP - Internet Service Provider. An ISP is a business that provides connectivity to the Internet for individuals and other businesses or organizations. JPEG – Joint Photographic Experts Group. JPEG is a standard for compressing still images and it provides compression with ratios up to 100:1.
  • Page 71 NAT – (Network Address Translation) This process allows all of the computers on your home network to use one IP address. The NAT capability of the Barricade, allows you to access the Internet from any computer on your home network without having to purchase more IP addresses from your ISP.
  • Page 72 TCP/IP - Transmission Control Protocol/Internet Protocol. This is the standard protocol for data transmission over the Internet. TCP - Transmission Control Protocol - TCP and UDP (User Datagram Protocol) are the two transport protocols in TCP/IP. TCP ensures that a message is sent accurately and in its entirety.

This manual is also suitable for:

Barricade smcbr 18vpnBr18vpn - annexe 1Barricade smcbr18vpnSmcbr14vpn

Table of Contents