1. Manuals
  2. Brands
  3. Accton Technology Manuals
  4. Network Router
  5. Edge-Core VR-200
  6. User manual

Accton Technology Edge-Core VR-200 User Manual

16-port multi-wan vpn router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading

Related Manuals for Accton Technology Edge-Core VR-200

Summary of Contents for Accton Technology Edge-Core VR-200

  • Page 2: Table Of Contents

    VR-200 16-Port Multi-WAN VPN Router Table of Contents Introduction ................1 Main features: ......................3 Multi WAN............................3 Quality of Service (QoS)........................3 Firewall Security ..........................3 VPN Support............................ 4 Networking............................4 Network Management ........................5 How To Install ............... 6 Hardware Features: ....................6 Feature List............................
  • Page 3 VR-200 16-Port Multi-WAN VPN Router Quality of Service (QoS)........................ 34 Password ............................39 Time............................... 40 Advanced Setting....................42 DMZ Host............................42 Forwarding............................. 42 UPnP ............................. 46 Routing ............................47 One-to-One NAT ........................... 50 DDNS............................. 52 MAC Clone ............................ 54 DHCP........................56 Setup ............................. 56 Status.............................
  • Page 4 VR-200 16-Port Multi-WAN VPN Router Logout........................120 • iii •...

  • Page 6: Introduction

    VR-200 16-Port Multi-WAN VPN Router 1. Introduction The 16-Port Multi-WAN VPN Router contains two WAN ports and two configurable WAN/LAN ports, eleven dedicated Ethernet 10/100 LAN ports and one dedicated DMZ port and mainly supports small and medium size enterprise business network with a high security VPN. The router brings high-speed network security to enterprise businesses, remote users, service providers, and data centers.
  • Page 7 VR-200 16-Port Multi-WAN VPN Router packets based on the established security policies. It also provides automatic protection from Denial of service (DoS) attacks such as SYN flooding, IP Spoofing, LAND, ping of death and all reassembly attacks. The NAT functionality with firewall conceals network address to avoid its disclosure as public information and also provides a solution for IP address depletion problem.

  • Page 8: Main Features

    VR-200 16-Port Multi-WAN VPN Router Main features: Multi WAN Intelligent Balancer and Traffic Management Network Service Detection CoS (Class of Service) by IP Group Protocol binding Quality of Service (QoS) Guarantee/Minimum Bandwidth Maximum Bandwidth Priority for certain Service Port-based QoS Firewall Security Firewall Throughput: up to 100 Mbps (Uni-directional) Stateful Packet Inspection Firewall...

  • Page 9: Vpn Support

    VR-200 16-Port Multi-WAN VPN Router VPN Support IPSec VPN VPN Throughput: up to 95 Mbps Support up to 200 VPN tunnels Up to 2 Group VPNs support Friendly VPN Tunnel Management IKE: Pre-Shared keys IPSec Encryption DES/3DES/AES IPSec Authentication MD5/SHA1 Support PMTU DPD detection View log...

  • Page 10: Network Management

    VR-200 16-Port Multi-WAN VPN Router NAT with port forwarding NAT with port triggering DNS Relay DDNS: Support DynDNS and 3322 Dynamic DNS ICMP FTP/TFTP Password protected configuration or management sessions for web access Network Management Comprehensive web based management and policy setting Firmware upgrade through Web browser SNMP v1/v2c Monitoring, Logging, and Alarms of system activities...

  • Page 11: How To Install

    VR-200 16-Port Multi-WAN VPN Router 2. How To Install Hardware Features: Feature List Up to 4 RJ-45 10/100Base-T Ethernet Ports 11~13 RJ-45 10/100Base-T Ethernet ports Intel IXP425-533MHz SDRAM 64 Mbytes SDRAM Flash ROM 16 Mbytes Flash Internal Power Input: AC100~240, 0.8A;Output: DC3.3V / 5A EMI/EMC FCC Class A, CE Class A Operating Temp.: 0ºC to 40ºC (32ºF to 104ºF)

  • Page 12: Led Status

    VR-200 16-Port Multi-WAN VPN Router LED Status Color Description Power Green Green On: Power On Orange On: System not ready DIAG Orange Orange Off: System ready Light up: Ethernet Link Link/Act Green Blinking: When the port is sending or receiving data Yellow On: 100Mbps Speed...
  • Page 13 VR-200 16-Port Multi-WAN VPN Router Push button for 10 Factory Default seconds DIAG LED : Orange Blinking fast • 8 •...

  • Page 14: Physical Setup Of The Router

    VR-200 16-Port Multi-WAN VPN Router Physical Setup of the Router: You can set the Router on a desktop, install it in a rack with attached brackets, or mount it on the wall. Set the Router on a desktop or other flat, secure surface. Do not place excessive weight on top of the chassis that could damage the chassis.

  • Page 15: Connecting The 16-Port Multi-Wan Vpn Router To Your Network

    VR-200 16-Port Multi-WAN VPN Router 94mm. After the nails are secured on the wall, you can wall-mount it. Connecting the 16-Port Multi-WAN VPN Router to your Network: The figures describe the integration of the 16-Port Multi-WAN VPN Router into the network. Figure1: Multi WAN Figure2: DMZ •...
  • Page 16 VR-200 16-Port Multi-WAN VPN Router The Router is a network device that connects two networks together. Set up WAN connection: WAN port can be connected to a modem, hub, switch or a router. Set up LAN connection: LAN port can be connected to a hub, switch or a computer directly.

  • Page 17: How To Manage

    VR-200 16-Port Multi-WAN VPN Router 3. How To Manage Login Enter User Name and Password in the blank area, and then click OK. The Router's default User Name and Password is 'admin' when you first power up the Router. Sitemap Click Sitemap button to view the sitemap.

  • Page 18: Home

    VR-200 16-Port Multi-WAN VPN Router Home The Home screen displays the router’s current status and settings. This information is read only. If you click the button with underline, it will hyperlink to related setup pages. System Information Serial Number: The serial number of the 16-Port Multi-WAN VPN Router unit. Firmware version: The current version number of the firmware installed on this unit.

  • Page 19: Port Statistics

    VR-200 16-Port Multi-WAN VPN Router Port Statistics Users can click the port number from port Statistic to see the status of the selected port. For example, click the hyperlink Enabled in Status of Port ID 1; you can see the Port information. In Summary table, it shows the setting of the port selected by users, such as Type, Link Status (up or down), Port Activity ( Port Enabled ), Priority (High or Normal), Speed Status (10Mbps or 100Mbps), Duplex Status (half or full), Auto negotiation (...

  • Page 20: General Setting Status

    VR-200 16-Port Multi-WAN VPN Router General Setting Status LAN IP: It shows the current IP Address of the Router, as seen by internal users on the Internet, and hyperlinks to LN Setting in General Setting page. WAN1~4 It shows the current chosen WAN IP Address of the Router, as seen by external users on the Internet and hyperlinks to WAN Connection in the Configure of General Setting page.

  • Page 21: Advanced Setting Status

    VR-200 16-Port Multi-WAN VPN Router page. Advanced Setting Status DMZ Host: It shows DMZ Private Address and hyperlinks to DMZ Host in Advanced Setting page. The default is disabled. Working Mode: It shows the Working Mode (Gateway or Router) and hyperlinks to Dynamic Routing in Advanced Setting page.

  • Page 22: Vpn Setting Status

    VR-200 16-Port Multi-WAN VPN Router Block WAN Request: It shows the status (On/Off) and hyperlinks to the Block WAN Request in Firewall page. Remote Management: it shows the status (On/Off) and hyperlinks to the remote Management in Firewall page. VPN Setting Status VPN Summary: It hyperlinks to VPN page.

  • Page 23: Log Setting Status

    VR-200 16-Port Multi-WAN VPN Router Log Setting Status: It hyperlinks to System Log of Log page If you have not set up the mail server in Log page, it shows “E-mail cannot be sent because you have not specified an outbound SMTP server address.” If you have set up the mail server but the log has not been shown due to Log Queue Length and Log Time Threshold settings, it shows “E-mail settings have been configured.”...

  • Page 24: General Setting

    VR-200 16-Port Multi-WAN VPN Router General Setting The General Setting screen contains all of the router’s basic setup functions. For most users, the default values for the device should be satisfactory. The device can be used in most network settings without changing any of the values. Some users will need to enter additional information in order to connect to the Internet through an ISP (Internet Service Provider) or broadband (DSL, cable modem) carrier.
  • Page 25 VR-200 16-Port Multi-WAN VPN Router be obtained from your ISP. In most cases, leaving these fields blank will work. LAN Setting This is the Router’s LAN IP Address and Subnet Mask. The default value is 192.168.1.1 for IP address and 255.255.255.0 for the Subnet Mask. WAN Setting Please choose how many WAN ports you prefer to use (Default value is 4): Users can choose from 2~ 4 and the interface in the following table will be changed automatically...
  • Page 26 VR-200 16-Port Multi-WAN VPN Router If users change the number of WAN ports and click Edit in the Config. Column to edit the WAN connection, the confirm message will show. Users have to save settings for the change or cancel the settings. Make sure the network configuration match with the settings. It shows “Undefined”...
  • Page 27 VR-200 16-Port Multi-WAN VPN Router Type: there are four types of WAN connection, Obtain an IP automatically, DNS Server Address, Static IP, and PPPoE (Point-to-Point Protocol over Ethernet). Four types will be described as followed: Obtain an IP automatically: If your ISP is running a DHCP server, select Obtain an IP automatically option. Your ISP will assign these values, includes DNS Server automatically.
  • Page 28 VR-200 16-Port Multi-WAN VPN Router Enter your Username and Password. If you select Connect on Demand option, the PPPoE connection will be disconnected particularly when it has been idle for a period longer than the Max Idle Time setting. If you select Keep Alive option, the Router will keep the connection alive by sending out a few data packets at Redial Period, so your Internet service thinks that the connection is still alive.
  • Page 29 VR-200 16-Port Multi-WAN VPN Router Enter your Username and Password. If you select Connect on Demand option, the connection will be disconnected if it has been idle for a period longer than the Max Idle Time setting. If you select Keep Alive option, the Router will keep the connection alive by sending out a few data packets at Redial Period, so your Internet service thinks that the connection is still alive.
  • Page 30 VR-200 16-Port Multi-WAN VPN Router accessible by users on the LAN. Each of the servers on the DMZ will need a unique, publishable Internet IP address. The Internet Service Provider used to connect the network to the Internet should be able to provide these addresses, as well as information on setting up public Internet servers.

  • Page 31: Multi Wan

    VR-200 16-Port Multi-WAN VPN Router Click the Apply button to save the network settings, click the Cancel button to undo your changes or click the Back button to previous page. Multi WAN There are two functions provided for users – Intelligent Balancer (Auto Mode) and IP Group (By Users) Intelligent Balancer (Auto Mode) All WAN ports will be Auto Mode.
  • Page 32 VR-200 16-Port Multi-WAN VPN Router Click the Edit button in Config. column to configure the selected WAN port. Interface: The WAN port number that users are editing is shown here. The Max. Bandwidth provided by ISP: enter the Max. Bandwidth of Upstream and Downstream for WAN1 ~ WAN4 provided by ISP.
  • Page 33 VR-200 16-Port Multi-WAN VPN Router Retry count: The count of ping. The default is 5. Retry timeout: The interval between two ping actions. The default is 30 seconds. When Fail: 1. Generate the Error Condition in the System Log: The Router will generate the System Log when ping fails to inform users that the ISP connection is disconnected.
  • Page 34 VR-200 16-Port Multi-WAN VPN Router Service: Users can choose the Service from the drop-down menu, or click the service management to add new Service. The default Service is SMTP. Service Management: If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter the Service Name, Protocol and Port Range.
  • Page 35 VR-200 16-Port Multi-WAN VPN Router Add to list button: click this button and configure as many entries as you like. The maximum entry is 30. You can also delete the selected application. Click the Apply button to save the network settings, click the Cancel button to undo your changes or click the Back button to previous page IP Group (By Users) IP Group (By Users) enables the administrator to define traffic into different priority levels or...
  • Page 36 VR-200 16-Port Multi-WAN VPN Router If users want to change the Mode, the confirm message will shown. Users have to save settings for the change before edit the interface. This port (WAN1) always uses Intelligent Balancer (Auto Mode): 16-Port Multi-WAN VPN Router reserves at least one WAN port for non- IP Group Users and WAN1 will always use Intelligent Balancer mode.
  • Page 37 VR-200 16-Port Multi-WAN VPN Router Interface: The WAN port number that users are editing is shown here. The Max. Bandwidth provided by ISP: enter the Max. Bandwidth of Upstream and Downstream for WAN1 ~ WAN4 provided by ISP. Network Service Detection: This tool can detect the network connection status of ISP by pinging Default Gateway, ISP Host, Remote Host, and DNS Lookup Host.
  • Page 38 VR-200 16-Port Multi-WAN VPN Router four items. 1. Default Gateway: If you check this item, the Router will ping the default gateway first. 2. ISP Host: After pinging Default Gateway, the Router will ping ISP Host “Retry timeout” later. The ISP Host is provided by ISP. 3.

  • Page 39: Quality Of Service (Qos)

    VR-200 16-Port Multi-WAN VPN Router If the Service you need is not listed in menu, please click the Service Management button to add new Service and enter the Service Name, Protocol and Port Range. Then click the Apply Save Setting button. Click the Apply button to save the Multi-WAN Load Balance settings on IP Group page, click the Cancel button to undo the changes, or click Back button to return to previous page.
  • Page 40 VR-200 16-Port Multi-WAN VPN Router The Max Bandwidth Provided by ISP Before configuring the QoS, please enter the max upstream and downstream bandwidth rates of each WAN ports into the following table, Rate Control 16-Port VPN Router provides specific service and IP address to transfer sensitive data through WAN ports with guarantee bandwidth.
  • Page 41 VR-200 16-Port Multi-WAN VPN Router Type: There are two types of QoS, including Rate control and Priority. Interface: Click on the square box to enable priority on specific WAN ports. Service: Select the Service from the pull-down menu. Source IP: Enter your Source IP address. The default value is Zero which includes all internal IP addresses.
  • Page 42 VR-200 16-Port Multi-WAN VPN Router button. Click the Apply button to save the QoS settings, click the Cancel button to undo the changes. Priority 16-Port VPN Router provides specific service transferring sensitive data through WAN ports with three different types of priorities. They are high, middle, and low priorities. The default is middle priority.
  • Page 43 VR-200 16-Port Multi-WAN VPN Router Type: There are two types of QoS, including Rate control and Priority. Interface: Click on the square box to enable priority on specific WAN ports. Service: Select the Service from the pull-down menu. Direction: Select Upstream (for outbound traffic) or Downstream (for inbound traffic) from the pull-down menu.

  • Page 44: Password

    VR-200 16-Port Multi-WAN VPN Router button. Click the Apply button to save the QoS settings, click the Cancel button to undo the changes. Password The Router's default password is 'admin', and it is strongly recommended that you change the Router's password. If you leave the password filed blank, all users on your network will be able to access the Router simply by entering the unit’s IP address into their web browser’s location window.

  • Page 45: Time

    VR-200 16-Port Multi-WAN VPN Router Old Password: Enter the old password. The default Password is ‘admin’ when you first power up the Router. (Note: The password cannot be recovered if it is lost or forgotten. If the password is lost or forgotten, you have to reset the Router to its factory default state.) New Password: Enter a new password for the Router.
  • Page 46 VR-200 16-Port Multi-WAN VPN Router is Greenwich Mean Time. Manually: Enter the Hours, Minutes, Seconds, Month, Day and Year. Click the Apply button to save the Time settings or click the Cancel button to undo the changes. • 41 •...

  • Page 47: Advanced Setting

    VR-200 16-Port Multi-WAN VPN Router Advanced Setting DMZ Host The DMZ (Demilitarized Zone) Host feature allows one local user to be exposed to the Internet to use a special-purpose service such as Internet gaming and video-conferencing. Enter the DMZ Private IP Address to access DMZ Host settings. The Default value zero (0) will deactivate DMZ Host.
  • Page 48 VR-200 16-Port Multi-WAN VPN Router You may use this function to establish a Web server or FTP server via an IP Gateway. Be sure that you enter a valid IP Address. (You may need to establish a static IP address in order to properly run an Internet server.) For added security, Internet users will be able to communicate with the server, but they will not actually be connected.
  • Page 49 VR-200 16-Port Multi-WAN VPN Router 3. Enter the IP Address of the server that you want the Internet users to access. Then enable the entry. 4. Click the Add to List button, and configure as many entries as you would like. You can also Delete the selected application.
  • Page 50 VR-200 16-Port Multi-WAN VPN Router Some Internet applications or games use alternate ports to communicate between server and LAN host. When you want to use those applications, enter the triggering (outgoing) port and alternate incoming port in this table. The Router will forward the incoming packets to the LAN host.

  • Page 51: Upnp

    VR-200 16-Port Multi-WAN VPN Router UPnP UPnP forwarding can be used to set up public services on your network. Windows XP can modify those entries via UPnP when UPnP function is enabled by selecting Yes. 1. Users have to click the Service Management firstly to enter the Service Name, Protocol and External Port and Internal Port, and then Add to list and save settings.

  • Page 52: Routing

    VR-200 16-Port Multi-WAN VPN Router change IP or Disable, then click Update this Application button. Click the Apply button to save the settings, click the Cancel button to undo your changes, click the Show Tables to see the details. Routing Dynamic Routing The Router's dynamic routing feature can be used to automatically adjust to physical changes in the network's layout.
  • Page 53 VR-200 16-Port Multi-WAN VPN Router RIP (Routing Information Protocol): The Router, using the RIP protocol, calculates the most efficient route for the network’s data packets to travel between the source and the destination, based upon the shortest paths. Receive RIP versions: Choose the RX protocol you want for receiving data from the network.
  • Page 54 VR-200 16-Port Multi-WAN VPN Router Enter the following data to create a static route entry: Destination IP: Enter the network address of the remote LAN segment. For a standard Class C IP domain, the network address is the first three fields of the Destination LAN IP, while the last field should be zero.

  • Page 55: One-To-One Nat

    VR-200 16-Port Multi-WAN VPN Router network, such as switches, PCs, etc. Interface (LAN, WAN1~WAN4, DMZ): Interface tells you whether your network is on the LAN or the WAN, or the DMZ. The WAN port number will be generated automatically by your WAN port number setting. If you’re connecting to a sub-network, select LAN.
  • Page 56 VR-200 16-Port Multi-WAN VPN Router 209.19.28.31, with 209.19.28.16 used as the 16-Port Multi-WAN VPN Router WAN IP (NAT Public) Address. The address range of 192.168.168.1 to 192.168.168.255 is used for the machines on the LAN. Typically, only machines that have been designated as Public LAN Servers will be accessible from the Internet.

  • Page 57: Ddns

    VR-200 16-Port Multi-WAN VPN Router machine being made accessible from the Internet. Public Range Begin: Enter the beginning IP address of the public address range being mapped in the Public Range Begin field. This address will be assigned by the ISP.
  • Page 58 VR-200 16-Port Multi-WAN VPN Router The table shown above is according to your number of WAN port settings on General Setting or Port Management page. Click Edit in the Config. Column to edit DDNS of selected WAN port. The table also shows the DDNS Status and Host Name that you enter on this page. Interface: The WAN port number that user is editing is shown here.

  • Page 59: Mac Clone

    VR-200 16-Port Multi-WAN VPN Router updated successfully" once DDNS is updated successfully. If it shows "The hostname does not exist", "Username is not correct", "Hostname is not correct" or ‘’ Not updated’’, please make sure you enter the correct information of the account you set up with DynDNS.org.
  • Page 60 VR-200 16-Port Multi-WAN VPN Router Input the MAC Address to User Defined WAN MAC Address field or select MAC Address from this PC. Click Apply to save the MAC Cloning settings or click the Cancel button to undo your changes or click the Back button to previous page. •...

  • Page 61: Dhcp

    VR-200 16-Port Multi-WAN VPN Router DHCP Setup The Router can be used as a DHCP (Dynamic Host Configuration Protocol) server on your network. A DHCP server assigns available IP addresses to each computer on your network automatically. If you choose to enable the DHCP server option, you must configure all of the PCs on your LAN to connect to a DHCP server.
  • Page 62 VR-200 16-Port Multi-WAN VPN Router If the Router's DHCP server function is disabled, you have to carefully configure the IP address, Mask, and DNS settings of every computer on your network. Be careful not to assign the same IP address to different computers. Make any changes to the available fields as described below.

  • Page 63: Status

    VR-200 16-Port Multi-WAN VPN Router addresses. The WINS is assigned if the computer (DHCP client) requests one. If you do not know the WINS, leave it as 0. Click the Apply button to save the DHCP settings or click the Cancel button to undo the changes.
  • Page 64 VR-200 16-Port Multi-WAN VPN Router (Client Host Name, IP Address, MAC Address, and Leased Time) of all network clients using the DHCP server. Clicking Trash Can button to delete the line, and the IP Address of Client Host got will be released, or clicking Refresh button to refresh the Client Table. •...

  • Page 65: Tool

    VR-200 16-Port Multi-WAN VPN Router Tool SNMP SNMP, Simple Network Management Protocol, is a network protocol that provides network administrators with the ability to monitor the status of the 16-Port Multi-WAN VPN Router and receive notification of any critical events as they occur on the network. The 16-Port Multi-WAN VPN Router supports SNMP v1/v2c and all relevant Management Information Base II (MIBII) groups.

  • Page 66: Diagnostic

    VR-200 16-Port Multi-WAN VPN Router Enable SNMP: SNMP is enabled by default. To disable the SNMP agent, leave the box blank. System Name: This is the hostname of the 16-Port Multi-WAN VPN Router. System Contact: Type in the name of the network administrator for the 16-Port Multi-WAN VPN Router.
  • Page 67 VR-200 16-Port Multi-WAN VPN Router The Internet has a service called the Domain Name Service (DNS) which allows users to enter an easily remembered host name, such as www.16-Port Multi-WAN VPN Router.com, instead of numerical TCP/IP addresses to access Internet resources. 16-Port Multi-WAN VPN Router has a DNS lookup tool that will return the numerical TCP/IP address of a host name.

  • Page 68: Restart

    VR-200 16-Port Multi-WAN VPN Router Enter the IP address of the device being pinged and click the Go button. The test will take a few seconds to complete. Once completed, a message showing the results will be displayed at the bottom of the Web browser window. The results include Status (Test succeeded/Failed), Packets transmitted / received / loss and Round Trip Time (Minimum, Maximum, and Average).

  • Page 69: Factory Default

    VR-200 16-Port Multi-WAN VPN Router The recommended method of restarting your 16-Port Multi-WAN VPN Router is to use this "Restart" tool. Restarting with this button will send out your log file before the box is reset. 16-Port Multi-WAN VPN Router provides Active Firmware and Backup Firmware, and users can choose the firmware version for the router to restart with.

  • Page 70: Firmware Upgrade

    VR-200 16-Port Multi-WAN VPN Router Firmware Upgrade Users can use the following download function to download the new version of firmware into computer in advance, and then select the file. Finally, click the Firmware Upgrade Right Now button. • 65 •...

  • Page 71: Setting Backup

    VR-200 16-Port Multi-WAN VPN Router Setting Backup Import Configuration File: You will need to specify where your preferences file is located. When you click "Browse", your browser will bring up a dialog which will allow you to select a file which you had previously saved using the "Export Settings"...

  • Page 72: Port Management

    VR-200 16-Port Multi-WAN VPN Router Port Management In this router, users can choose the number of WAN ports and configure the connection status for each port, such as Priority, Speed, Duplex and Auto-Negotiation. Port Setup Basic Per Port Config. Please choose how many WAN ports you prefer to use (Default value is 4): Users can choose from 2~ 4.
  • Page 73 VR-200 16-Port Multi-WAN VPN Router Setting page. If User change the number of WAN ports here and click the Apply button, the confirm message will be shown. Users have to make sure the General Setting configurations match the number of WAN port settings here. Port ID: There are LAN1~LAN 11, WAN1~WAN4, and DMZ.

  • Page 74: Port Status

    VR-200 16-Port Multi-WAN VPN Router Port Status Users can choose the port ID from pull down menu to see the status of the selected port. In Summary table, it will show the setting for the port selected by users, such as Type, Interface, Link Status(up or down), Port Activity (Enabled or Disabled), Priority (High or Normal), Speed Status(10Mbps or 100Mbps), Duplex Status(half or full), Auto negotiation(on or off).

  • Page 75: Firewall

    VR-200 16-Port Multi-WAN VPN Router Firewall General From the Firewall Tab, you can configure the Router to deny or allow specific internal users from accessing the Internet. You can also configure the Router to deny or allow specific Internet users from accessing the internal servers. You can set up different packet filters for different users that are located on internal (LAN) side or external (WAN) side based on their IP addresses or their network Port number.
  • Page 76 VR-200 16-Port Multi-WAN VPN Router SPI (Stateful Packet Inspection): The Router's Firewall uses Stateful Packet Inspection to maintain connection information that passes through the firewall. It will inspect all packets based on the established connection, prior to passing the packets for processing through a higher protocol layer. DoS (Denial of Service): Protect internal networks from Internet attacks, such as SYN Flooding, Smurf, LAND, Ping of Death, IP Spoofing and reassembly attacks.

  • Page 77: Access Rules

    VR-200 16-Port Multi-WAN VPN Router Active X: Active X is a programming language for websites. Some web sites contain small programs, and it may be dangerous to run an unknown program on your machine. You can check the Active X box to filter the Active X for security reason, but you may take the risk of not having access to Internet sites which created using this programming language if Active X is blocked.
  • Page 78 VR-200 16-Port Multi-WAN VPN Router All traffic from the LAN to the DMZ is allowed. All traffic from the DMZ to the LAN is denied. All traffic from the WAN to the DMZ is allowed. All traffic from the DMZ to the WAN is allowed. Custom rules can be created to override the above 16-Port Multi-WAN VPN Router default rules, but there are four additional default rules that will be always active, and custom rule can not override the four rules.
  • Page 79 VR-200 16-Port Multi-WAN VPN Router Besides the Default Rules, all configured Network Access Rules are listed in the table, and you can choose the Priority for each custom rule. Click the Edit button to Edit the rule, and click the Trash Can icon to delete the rule. Click Add New Rule button to add new Access Rules, or click the Restore to Default Rules button to restore to the default rules, and all custom rules will be deleted.
  • Page 80 VR-200 16-Port Multi-WAN VPN Router Add a new Rule Services Action: Select the Allow or Deny button depending on the intent of the rule. Service: Select the service from the Service pull-down menu. If the service you need is not listed in the menu, click the Service Management button to add new Service.
  • Page 81 VR-200 16-Port Multi-WAN VPN Router Log: User can decide whether the Router keeps a log tracking this type of activity or not. If users want to keep a long, select Log packet to match this rule. If not, select Not log. Source Interface: Select the Source Interface (LAN, WAN1, WAN2, WAN3, WAN4, Any) from the pull-down menu.

  • Page 82: Content Filter

    VR-200 16-Port Multi-WAN VPN Router Content Filter Forbidden Domains When the Block Forbidden Domains check box is selected, the 16-Port Multi-WAN VPN Router will forbid web access to sites on the Forbidden Domains list. Scheduling The Time of Day feature allows you to define specific times when Content Filtering is enforced.
  • Page 83 VR-200 16-Port Multi-WAN VPN Router Apply this rule: Always: When selected, Content Filtering is enforced at all times. From: When selected, Content Filtering is enforced during the time and days specified. Enter the time period, in 24-hour format, and select the day of the week that Content Filtering is enforced.
  • Page 84 VR-200 16-Port Multi-WAN VPN Router Website Blocking by Keywords: When the Website Blocking by keyword button check box is selected, VR-200 will forbid web access to sites on the website blocking list Add: Enter keyword Add to List: Click the Add to List button, and configure as many entries as you would like.

  • Page 85: Vpn

    VR-200 16-Port Multi-WAN VPN Router Summary The VPN Summary displays the Summary, Tunnel Status and GroupVPN Status. Summary: It shows the number of Tunnel(s) Used and Tunnel(s) Available. 16-Port Multi-WAN VPN Router supports up to 200 tunnels. Detail: • 80 •...
  • Page 86 VR-200 16-Port Multi-WAN VPN Router Click the Detail button to see the details of VPN Summary as below, and users can use the tools on the top to save, export or print the details of VPN Summary. Tunnel Status: Add New Tunnel: Add Gateway to Gateway Tunnel or Add Client to Gateway Tunnel.
  • Page 87 VR-200 16-Port Multi-WAN VPN Router Client to Gateway: The following figure illustrates the Client to Gateway tunnel, a tunnel created between the VPN Router and the Client user using VPN client software that supports IPSec. When click “Add Now”, it will show Client to Gateway page. Page: Previous page, Next page, Jump to page / 200 pages and entries per page.
  • Page 88 VR-200 16-Port Multi-WAN VPN Router Waiting for Connection. If users select Manual in IPSec Setup page, the Status will show Manual and no Tunnel Test function for Manual Keying Mode. Phase2 Encrypt/Auth/Group: It shows the Encryption (DES/3DES/AES), Authentication (MD5/SHA1) and Group (1/2/5) that you chose in IPSec Setup field. If you chose Manual mode, there will be no Phase 2 DH Group, and it will show the Encryption and Authentication method that you set up in Manual mode.

  • Page 89: Gateway To Gateway

    VR-200 16-Port Multi-WAN VPN Router Group ID Name: It shows the name you enter in Add new client to gateway tunnel page. Connected Tunnels: It shows the number of connected tunnels. Phase2 Encrypt/Auth/Group: It shows the Encryption (DES/3DES/AES), Authentication (MD5/SHA1) and Group (1/2/5) that you chose in IPSec Setup field. Local Group: It shows the IP address and Subnet of Local Group you set up.
  • Page 90 VR-200 16-Port Multi-WAN VPN Router Tunnel Name: Enter the Tunnel Name, such as LA Office, Branch Site, Corporate Site, etc. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel. Interface: You can select the Interface from the pull-down menu.
  • Page 91 VR-200 16-Port Multi-WAN VPN Router tunnel. The WAN IP of 16-Port Multi-WAN VPN Router will come out in this filed automatically, and you do not need to enter. 2. IP + Domain Name (FQDN) Authentication: If you select this type, enter the FQDN (Fully Qualified Domain Name), and IP address will come out automatically.
  • Page 92 VR-200 16-Port Multi-WAN VPN Router and the Domain Name must be same with the Remote Security Gateway of the remote VPN device. The same Domain Name can be only for one tunnel connection, and users cannot use the same Domain Name to create a new tunnel connection. 5.
  • Page 93 VR-200 16-Port Multi-WAN VPN Router 2. Subnet: If you select Subnet (which is the default), this will allow all computers on the local subnet to access the tunnel. Enter the IP Address and the Subnet Mask. The default IP is 192.168.1.0, and default Subnet Mask is 255.255.255.0.
  • Page 94 VR-200 16-Port Multi-WAN VPN Router communicate. The remote VPN device can be another VPN Router or a VPN Server. The IP Address will be the static, fixed IP Only. If you know the static IP address of remote client, select IP address from drop-down menu. If you do not know the static IP address of remote client but the domain name of remote client is known, you can select IP by DNS Resolved, and enter the real domain name on the Internet.
  • Page 95 VR-200 16-Port Multi-WAN VPN Router 3. IP + E-mail Addr. (USER FQDN) Authentication: If you select this type, enter the E-mail address and IP address of the VPN device at the other end of the tunnel. If you know the static IP address of remote client, select IP address from drop-down menu. If you do not know the static IP address of remote client but the domain name of remote client is known, you can select IP by DNS Resolved, and enter the real domain name on the Internet.
  • Page 96 VR-200 16-Port Multi-WAN VPN Router 5. Dynamic IP + E-mail Addr. (USER FQDN) Authentication: If you select this type, the Remote Security Gateway will be a dynamic IP, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with 16-Port Multi-WAN VPN Router, the 16-Port Multi-WAN VPN Router will work as a responder.
  • Page 97 VR-200 16-Port Multi-WAN VPN Router remote subnet to access the tunnel. Enter the remote IP Address and the Subnet Mask. The default Subnet Mask is 255.255.255.0. IPSec Setup In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted.
  • Page 98 VR-200 16-Port Multi-WAN VPN Router hexadecimal value is acceptable, and the valid range is 100~ffffffff. Each tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa Encryption: There are two methods of encryption, DES and 3DES.
  • Page 99 VR-200 16-Port Multi-WAN VPN Router Keying Mode: IKE is an Internet Key Exchange protocol that used to negotiate key material for SA (Security Association). IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Phase 1 DH Group: Phase 1 is used to create a security association (SA). DH (Diffie-Hellman) is a key exchange protocol that is used during phase 1 of the authentication process to establish pre-shared keys.
  • Page 100 VR-200 16-Port Multi-WAN VPN Router Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest. Phase 1 SA Life Time: SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure. This field allows you to configure the length of time a VPN tunnel is active in Phase 1.
  • Page 101 VR-200 16-Port Multi-WAN VPN Router produces a 160-bit digest. If users enable the AH Hash Algorithm in Advanced, it’s recommended to select Null to disable authenticate the ESP packets in Phase 2, but both sides of tunnel must use the same setting. Phase 2 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active in Phase 2.
  • Page 102 VR-200 16-Port Multi-WAN VPN Router Aggressive Mode: There are two types of Phase 1 exchanges: Main mode and Aggressive mode. Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If network security is preferred, select Main mode.
  • Page 103 VR-200 16-Port Multi-WAN VPN Router default Interval is 10-sec. Click the Apply button when you finish the settings or click the Cancel button to undo the changes. • 98 •...

  • Page 104: Client To Gateway

    VR-200 16-Port Multi-WAN VPN Router Client to Gateway By setting this page, you can create a new tunnel between Local VPN device and mobile user. You can select Tunnel to create tunnel for single mobile user, or select Group VPN to create tunnels for multiple VPN clients.
  • Page 105 VR-200 16-Port Multi-WAN VPN Router Local Group Setup Local Security Gateway Type (In Tunnel Condition) There are five types. They are IP Only, IP + Domain Name (FQDN) Authentication, IP + E-mail Addr. (USER FQDN) Authentication, Dynamic IP + Domain Name (FQDN) Authentication, Dynamic IP + E-mail Addr.
  • Page 106 VR-200 16-Port Multi-WAN VPN Router 3. IP + E-mail Addr. (USER FQDN) Authentication: If you select this type, enter the E-mail address, and IP address will come out automatically. 4. Dynamic IP + Domain Name (FQDN) Authentication: If the Local Security Gateway is with a dynamic IP, you can select this type.
  • Page 107 VR-200 16-Port Multi-WAN VPN Router Local Security Group Type (In Tunnel condition) Select the local LAN user(s) behind the router that can use this VPN tunnel. Local Security Group Type may be a single IP address, a Subnet or an IP range. The Local Secure Group must match the other router's Remote Secure Group.
  • Page 108 VR-200 16-Port Multi-WAN VPN Router Authentication, Dynamic IP + E-mail Addr. (USER FQDN) Authentication. The type of Remote Security Gateway should match with the Local Security Gateway Type of VPN devices in the other end of tunnel. 1. IP Only: If you select IP Only, only the specific IP Address that you enter will be able to access the tunnel.
  • Page 109 VR-200 16-Port Multi-WAN VPN Router If you know the static IP address of remote client, select IP address from drop-down menu. If you do not know the static IP address of remote client but the domain name of remote client is known, you can select IP by DNS Resolved, and enter the real domain name on the Internet.
  • Page 110 VR-200 16-Port Multi-WAN VPN Router 4. Dynamic IP + Domain Name (FQDN) Authentication: If you select this type, the Remote Security Gateway will be a dynamic IP, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with 16-Port Multi-WAN VPN Router, the 16-Port Multi-WAN VPN Router will work as a responder.
  • Page 111 VR-200 16-Port Multi-WAN VPN Router Group VPN Group No.: The group no. will be generated automatically from 1~2. Two GroupVPNs are supported by 16-Port Multi-WAN VPN Router. Group ID Name: Enter the Group ID Name. Such as, American Sales Group. Interface: Select the Interface from the drop-down menu.
  • Page 112 VR-200 16-Port Multi-WAN VPN Router you enter will be able to access the tunnel. The default IP is 192.168.1.0. 2. Subnet: If you select Subnet (which is the default), this will allow all computers on the local subnet to access the tunnel. Enter the IP Address and the Subnet Mask. The default IP is 192.168.1.0, and default Subnet Mask is 255.255.255.0.
  • Page 113 VR-200 16-Port Multi-WAN VPN Router 2. E-mail Address (USER FQDN): Enter the E-mail address of USER FQDN. 3. Microsoft XP/2000 VPN Client: This option is used for Dynamic IP users which use Microsoft VPN client. The difference between Microsoft and other VPN client is that Microsoft client does not support Aggressive mode and FQDN/USER FQDN ID options.
  • Page 114 VR-200 16-Port Multi-WAN VPN Router Keying Mode: If you select Manual, it allows you to generate the key yourself, and no key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key Management method.
  • Page 115 VR-200 16-Port Multi-WAN VPN Router Encryption Key is 16-bit. If users do not fill up to 16-bit, this filed will be filled up to 16-bit automatically by 0. If 3DES is selected, the Encryption Key is 48-bit. If users do not fill up to 48-bit, this filed will be filled up to 48-bit automatically by 0. Authentication Key: This field specifies a key used to authenticate IP traffic and the Authentication Key is generated by users.
  • Page 116 VR-200 16-Port Multi-WAN VPN Router 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. Phase 1 Encryption: There are three methods of encryption, DES, 3DES and AES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets.
  • Page 117 VR-200 16-Port Multi-WAN VPN Router encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. In addition, AES includes three types of encryptions, AES-128, AES-192, and AES-256. Both sides must use the same Encryption method. 3DES or AES is recommended because it is more secure.
  • Page 118 VR-200 16-Port Multi-WAN VPN Router Aggressive Mode: There are two types of Phase 1 exchanges: Main mode and Aggressive mode. Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If network security is preferred, select Main mode.
  • Page 119 VR-200 16-Port Multi-WAN VPN Router of the entire packet by use of portions of the original IP header in the hashing process. There are two algorithms, MD5 and SHA1. MD5 produces a 128-bit digest to authenticate packet data and SHA1 produces a 160-bit digest to authenticate packet data.

  • Page 120: Vpn Pass Through

    VR-200 16-Port Multi-WAN VPN Router VPN Pass Through IPSec Pass Through: Internet Protocol Security (IPSec) is a suite of protocols used to implement secure exchange of packets at the IP layer. To allow IPSec tunnels to pass through the Router, IPSec Pass Through is enabled by default. PPTP Pass Through: Point to Point Tunneling Protocol (PPTP) Pass Through is the method used to enable VPN sessions.

  • Page 121: Log

    VR-200 16-Port Multi-WAN VPN Router System Log There are three parts in System Log, Syslog, E-mail and Log Setting. Syslog Enable Syslog: If check the box, Syslog will be enabled. Syslog Server: In addition to the standard event log, the 16-Port Multi-WAN VPN Router can send a detailed log to an external Syslog server.
  • Page 122 VR-200 16-Port Multi-WAN VPN Router E-mail Enable E-Mail Alert: If check the box, E-Mail Albert will be enabled. Mail Server: If you wish to have any log or alert information E-mailed to you, then you must enter the name or numerical IP address of your SMTP server. Your Internet Service Provider can provide you with this information.
  • Page 123 VR-200 16-Port Multi-WAN VPN Router Flooding, IP Spoofing, Win Nuke, Ping of Death and Unauthorized Login Attempt. General Log: Check the following event boxes for receiving log, including System Error Messages, Deny Policies, Allow Policies, Content Filtering, Data Inspection, Authorized Login, and Configuration Changes. There are four buttons following the Log Setting section.

  • Page 124: System Statistics

    VR-200 16-Port Multi-WAN VPN Router you do not mind losing your log information. System Statistics 16-Port Multi-WAN VPN Router is able to perform the system statistics includes the Device Name, Status, IP Address, MAC Address, Subnet Mask, Default Gateway, Received Packets, Sent Packets, Total Packets, Received Bytes, Sent Bytes, Total Bytes, Error Packets Received and Dropped Packets Received for LAN, DMZ and WAN ports.
  • Page 125 VR-200 16-Port Multi-WAN VPN Router Logout The Logout button is located on the lower right corner of the Web Interface. This button will terminate the management session and the Authentication window will be displayed. You will need to re-enter your User Name and Password to login and continue to manage the 16-Port Multi-WAN VPN Router.

Table of Contents