1. Manuals
  2. Brands
  3. Multitech Manuals
  4. Security System
  5. RouteFinder RF650VPN
  6. Quick start manual

Multitech RouteFinder RF650VPN Quick Start Manual

Internet security appliance
Hide thumbs Also See for RouteFinder RF650VPN:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
RF650VPN
Internet Security Appliance
Quick Start Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RouteFinder RF650VPN and is the answer not in the manual?

Questions and answers

Related Manuals for Multitech RouteFinder RF650VPN

Summary of Contents for Multitech RouteFinder RF650VPN

  • Page 1 RF650VPN Internet Security Appliance Quick Start Guide...

  • Page 3: Quick Start Guide

    Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

  • Page 5: Table Of Contents

    Cabling Procedure ... Software Configuration ... Configure the RF650VPN as a Firewall... Configure the RF650VPN as a PPTP Server for VPN Remote Cient Access... Configure the RF650VPN as an IPSec VPN Gateway... IPSec VPN Gateway LAN to LAN Configuration ...
  • Page 6 Appendixes Appendix A - Windows PPTP Client Setup Appendix B - SSH IPSec Client Setup Appendix C - Regulatory Information Appendix D - License Agreements...

  • Page 7: Chapter 1 - Introduction And Description

    IPSec SSH client, the E-mail Anti-Virus Upgrade, etc. Note: This document contains links to Internet sites which are owned and operated by third parties. Multi-Tech Systems, Inc. is not responsible for the content of any such third-party site.

  • Page 8: Front Panel

    ALERT LED is not used. ALERT POWER LED is off when the RF650VPN is in a reset state. When the POWER LED is lit, the RF650VPN is not in a reset state. The RF650VPN Front panel LED is lit. If the Ethernet link is invalid, the...

  • Page 9: Back Panel

    Back Panel The RF650VPN back panel has a fan, a power plug, the Power Switch ( a DB-9 ( ) jack, a DB-15 High-density DSUB ( com1 jacks, an RJ-45 (optional ) jack, an RJ-45 ( The RF650VPN back panel is illustrated and described below.

  • Page 10: Typical Applications

    The RF650VPN combines VPN, firewall, and optional e-mail antivirus protection subscription in one box. The RF650VPN is a cost-effective, manageable way for a small- to medium-sized business to add Remote User VPN, Branch Office VPN, and/or Firewall Security applications to their network.

  • Page 11: Chapter 2 - Installation

    Gateway and other IP addresses used) into the appropriate field of the Address Table later in this chapter, and keep for future reference. The following administrator requirements must be met before installing the RF650VPN software: Correct configuration of the Default Gateway An HTTPS capable browser (e.g., Microsoft Internet Explorer 4.0 or higher, or Netscape Communicator...

  • Page 12: Address Table

    Enter the configuration information (e.g., the Default Gateway and other IP addresses used) into the appropriate field of the Address Table below. Please print this document and use it to fill in your specific RF650VPN and network information (e.g., the IP address used, e-mail lists, etc.) , and keep for future reference.

  • Page 13: Safety Warnings

    Ensure that the mains supply circuit is capable of handling the load of the RF650VPN. Refer to the power label on the equipment for load requirements.

  • Page 14: Hardware Installation Procedure

    RF650VPN power plug to a live power outlet. 5. Place the RF650VPN Power switch to the on ( ) position to turn on the RF650VPN. Wait for the RF650VPN to beep a few times, indicating that it is ready to be configured with a web browser.

  • Page 15: Software Configuration

    PN 82013251 Software Configuration The RouteFinder software is pre-installed on your RF650VPN. Initial configuration is required in order for you to run the software and begin operation. WebAdmin Note: Read the legal information and license agreement at the beginning of the installation.
  • Page 16 RF650VPN Quick Start Guide (If Windows displays the AutoComplete tell the Windows OS to not remember the Password.) The displayed. You can now configure the RouteFinder as any or all of the following: a Firewall, a PPTP server for VPN remote client access, and/or an IPSec VPN Gateway.

  • Page 17: Configure The Rf650Vpn As A Firewall

    PN 82013251 To Configure the RF650VPN to work as a Firewall Use this procedure to configure the RF650VPN firewall function as illustrated below. 1. At the screen, click on Welcome to WebAdmin System Settings a) Add your own email address for alerts and notification.
  • Page 18 RF650VPN Quick Start Guide c) Optional: you can change the password on WebAdmin. d) Set the System Time and Date to match your current location. 2. Click on Definitions Networks...
  • Page 19 a) Define the IP network that is configured on the LAN port (the Private LAN on For example: = LAN Name = 192.168.2.0 IP address = 255.255.255.0 Subnet mask 3. Click on Network Interfaces Required changes: a) Change the Default gateway the Internet.
  • Page 20 RF650VPN Quick Start Guide Required changes: f) Change the IP address for the address. g) Click for the Save Network card (eth1) Optional changes: h) Change the IP address on Static IP address. i) Click for the Save Network card (eth2) 4.
  • Page 21 . This allows any service from any server to Allow any client. b) Click on the circle to enable the rule; the circle will turn green indicating the rule is enabled. The RF650VPN is now configured as a Firewall.

  • Page 22: Configure The Rf650Vpn As A Pptp Server For Vpn Remote Cient Access

    RF650VPN Quick Start Guide To Configure the RF650VPN as a PPTP Server for VPN Remote Cient Access Use this procedure to configure the RF650VPN as a PPTP server for VPN Remote Client Access (aka, PPTP roadwarrior configuration). 1. Check the following on the Microsoft web site for PPTP updates and patches: http://support.microsoft.com/support/kb/articles/Q285/1/89.ASP...
  • Page 23 a. Enable PPTP Status b. Enable Debug c. Select an Encryption Strength d. Click on Definitions Networks. In the column on the Command and click Save line click on to edit the PPTP-Pool Edit PN 82013251 settings. PPTP-Pool...
  • Page 24 , and click Add. Remote Access (PPTP) f. You might have to change the if you do not have it set to Packet Filter Rules – – – Allow The RF650VPN is now configured as a PPTP server for VPN remote client access.

  • Page 25: Configure The Rf650Vpn As An Ipsec Vpn Gateway

    To Configure the RF650VPN as an IPSec VPN Gateway The RF650VPN configured as an IPSec VPN Gateway supports both LAN-to-LAN and Client-to-LAN connections. A Client-to-LAN configuration is shown below; a LAN-to-LAN configuration is shown at the end of this section. The IPSec VPN Gateway Client-to-LAN configuration (aka, IPSec Roadwarrior configuration) is shown below.
  • Page 26 RF650VPN Quick Start Guide 1. Click on Definitions Networks a. Define all the Networks and Hosts for the VPN connection. Click on IPSEC Configurations a. Enable VPN Status b. Enable IKE-Debugging c. At , enter a new IPSec connection New connection...
  • Page 27 d. Select Perfect Secret Fowarding e. Select IKE mode Secure Association f. Select as the Secret Authentication method g. Enter a shared using alphanumeric, the dash (-) or the underline (_) characters. Secret h. Select the Local Interface of the WAN port; Local subnet i.

  • Page 28: Ipsec Vpn Gateway Lan To Lan Configuration

    (root). SuperUser Note: This document contain links to sites on the Internet which are owned and operated by third parties. Multi-Tech Systems, Inc. is not responsible for the content of any such third-party site.

  • Page 29: Chapter 3 - Application Examples

    Chapter 3 - Application Examples Introduction This section provides sample RouteFinder configuration drawings and related address schemes for applications employing: Firewall and NAT Firewall, NAT and DMZ Firewall, NAT and DNAT Virtual Server Firewall, NAT and PPTP Client Remote Access Firewall, NAT and IPSec Client Remote Access Firewall, NAT and IPSec LAN to LAN Firewall, NAT and SMTP Proxy...
  • Page 30 RF650VPN Quick Start Guide The RouteFinder plugs in at the Internet connection of each office and provides three independent network interfaces (LAN, WAN and DMZ) that separate the protected office network from the Internet. The RouteFinder’s DMZ port permits connecting of Voice over IP gateways, like MultiVOIPs, and public servers such as email and web to be safely connected.
  • Page 31 PN 82013251 is used to operate a private network behind a firewall and make network DNAT (Dynamic NAT) services that only run there available to the Internet. The use of private IP addresses in combination with Network Address Translation (NAT) in the form of Masquerading, Source NAT (SNAT), and Destination NAT (DNAT) allows a whole network to hide behind one or a few IP addresses preventing the identification of your network topology from the outside.
  • Page 32 RF650VPN Quick Start Guide The RouteFinder supports remote users that want to use the PPTP VPN client that is built into the Windows operating system. This provides 40-bit or 128-bit encryption, user name and password authentication and support for up to 128 PPTP tunnels.
  • Page 33 PN 82013251 For Client-to-LAN connectivity, the RF650VPN includes an optional easy-to-use IPSec VPN client that transparently secures your Internet communications anytime, anywhere. VPN client software is ideal for business users who travel frequently or work from home providing secure remote access through the RouteFinder VPN gateway for applications such as remote access, file transfer, email, Web browsing, messaging or IP telephony.
  • Page 34 RF650VPN Quick Start Guide Firewall, NAT, and LAN-to-LAN configuration (1 of 2)
  • Page 35 PN 82013251 Firewall, NAT, and LAN-to-LAN configuration (2 of 2) For LAN-to-LAN connectivity, the RouteFinder utilizes the IPSec protocol to provide up to 256 tunnels with strong 168- bit 3DES encryption using IKE and PSK key management. In addition, it provides very high performance with 15M bps of 3DES encryption throughput.
  • Page 36 RF650VPN Quick Start Guide The SMTP proxy is responsible for email distribution and e-mail virus-checking. In the menu you configure the SMTP proxy, including the optional e-mail virus scanner. Proxies SMTP The SMTP proxy acts as an email relay; it accepts e-mail for your internet domains and passes them on to your internal e-mail distribution system (e.g., a Microsoft Exchange Server).

  • Page 37: Chapter 4 - Service, Warranty And Tech Support

    Multi-Tech has an excellent staff of technical support personnel available to help you get the most out of your Multi-Tech product. If you have any questions about the operation of this unit, call 1-800-972-2439. Please fill out the RouteFinder information (below), and have it available when you call.

  • Page 38: Recording Routefinder Information

    RF650VPN Quick Start Guide Recording RouteFinder Information Please fill in the following information on your Multi-Tech RouteFinder. This will help tech support in answering your questions. (The same information is requested on the Warranty Registration Card.) Model No.: _________________________ Serial No.: _____________________________________ Software Version: ____________________ License Key No.: _____-_____-_____-_____-_____-_____-_____...

  • Page 39: Service

    Service If your tech support specialist decides that service is required, your RouteFinder may be sent (freight prepaid) to our factory. Return shipping charges will be paid by Multi-Tech Systems. Include the following with your RouteFinder: • a description of the problem.

  • Page 40: Ordering Accessories

    RF650VPN Quick Start Guide Ordering Accessories SupplyNet, Inc. supplies replacement transformers, cables and connectors for select Multi-Tech products. You can place an order with SupplyNet via mail, phone, fax or the Internet at: : SupplyNet, Inc. Mail 614 Corporate Way...

  • Page 41: Appendix A - Windows Pptp Client Setup

    Appendix A - Windows PPTP Client Setup Introduction This appendix covers installing the Windows PPTP Client for connection to a RouteFinder. Windows 98 Windows NT Windows 2000 Windows ME Windows 98 VPN PPTP Client Configuration If you are running the original edition of Windows 98, install the Windows 98 Dial-Up Networking Security Upgrade Release dated August 1998.
  • Page 42 RF650VPN Quick Start Guide 3. Click and the files install. 4. Restart the computer when prompted. 5. After restarting, click , then click My Computer Dial-Up Networking 6. Click on the icon. Make New Connection 7. Under enter . In the...
  • Page 43 8. In the Host name or IP Address Click Next 9. Click after the message that the configuration was successful. Finish 10. Right click on the new icon for the VPN server in the properties 11. Click on the tab. Server Types Log on to network Enable software compression...
  • Page 44 RF650VPN Quick Start Guide 12. Under Allowed network protocols 13. Click on , and check: TCP/IP Settings... Server assigned IP address Server assigned name server addresses Use IP header compression Use default gateway on remote network check TCP/IP...
  • Page 45 14. Click Connecting 1. Connect as you normally would. 2. Go to My Computer Dial-Up Networking 3. Enter your username and password: Username : < firstname.lastname Password: < DAS password then click the button. Connect 4. The window displays after successful connection. Connection Established For more information see Microsoft's Double-click the...
  • Page 46 RF650VPN Quick Start Guide Windows NT VPN PPTP Client Configuration Your computer requires NT Service Pack 6a; if it is not installed you must install it before setting up your VPN connection. Windows NT VPN PPTP Installation 1. From the...
  • Page 47 10. From the Remote Access Setup Verify that is the only option selected under Dial out only You are returned to the Remote Access Setup 11. Ensure that the VPN1 port 12. In the Network Configuration and click Dial Out Protocols 13.
  • Page 48 RF650VPN Quick Start Guide 6. Click on the check the following checkboxes, then click tab, Server TCP/IP Enable software compression Enable PPP LCP extensions 7. Click on and check the following, then click TCP/IP Settings... Server assigned IP address Server assigned name server address...
  • Page 49 Connecting 1. Connect as you normally would. 2. Return to the Dial-Up Networking pull-down menu. Phonebook entry to dial 3. Click on Dial 4. Enter your username, password and Domain name, then click User Name: <firstname.lastname>. Password: <DAS password>. Domain: <domain name> The dialing process is started.
  • Page 50 RF650VPN Quick Start Guide Windows 2000 VPN PPTP Client Configuration 1. Double click on My Computer 2. Double click on . When the window opens, double click on the Control Panel Control Panel icon. Network and Dial-Up Connections 3. When the...
  • Page 51 PN 82013251 6. Make a selection for how the initial connection is to be handled and click Next > 7. Assign a Host name (e.g., ) to the connection and click Windows VPN Next >...
  • Page 52 RF650VPN Quick Start Guide 8. Select a connection availability: either make this available under your log-in only or make this connection available for everyone. Click 9. Type the name you want to use for this connection (e.g., . The newly-created connection is saved in the...
  • Page 53 PN 82013251 then click 10. Enter your User name Password Connect The message displays if you specified an invalid destination Error Connecting to <connection name> name or address, or if the server is down. If you specified a valid destination name (or address) the connection is made. For more information see Microsoft's Windows 2000 Security web page.
  • Page 54 RF650VPN Quick Start Guide Windows ME VPN PPTP Client Configuration Configuration 1. From the menu, select Start tab, then click Windows Setup Communications 2. In the window, click Communications and click . You are returned to the 3. Click and the files will be installed.
  • Page 55 7. Click on the Make A New Connection 8. Under Type a name for the computer you are dialing down, choose Microsoft VPN Adapter 9. In the Host name or IP Address 10. Click after the message that the configuration was successful displays. Finish 11.
  • Page 56 RF650VPN Quick Start Guide 12. Click on the tab. Networking 13. Under Allowed Network Protocols checkboxes, then click Server assigned IP address Server assigned name server addresses Use IP header compression Use default gateway on remote network check Click on...
  • Page 57 Connecting 1. Connect to your ISP as you normally would. 2. Go to -> My Computer Dial-Up Networking 3. Enter your username and password and click the : < User name firstname.lastname : < Password DAS password 4. A window displays after successful connection. Connection Established and double click the new Windows VPN icon.
  • Page 58 RF650VPN Quick Start Guide...

  • Page 59: Appendix B - Ssh Ipsec Client Setup

    Appendix B - SSH IPSec Client Setup Introduction The RouteFinder supports VPN (Virtual Private Networking), which provides the ability to encrypt IP network traffic. Host 1 <----> Router <----> Internet <----> Router <----> Host 2 <----------------- encrypted -------------------> All communication between the hosts uses strong encryption, so that nobody is able to listen to this communication.
  • Page 60 RF650VPN Quick Start Guide Host to NET using SSH Sentinel 1.2.x (Static IP) to connect to a RouteFinder using Pre Shared Keys (PSK) This section describes how to set up a Host to Net connection between a Sentinel SSH version 1.1.1 client and a RouteFinder using IKE, PSK and static IPs.
  • Page 61 PN 82013251 Sentinel Configuration 4. Right click the SSH Sentinel tray icon ( ) and select 5. At select Key Management Authentication Keys...
  • Page 62 RF650VPN Quick Start Guide 6. Click 7. Click to create a new Authentication Key.
  • Page 63 PN 82013251 8. Check the checkbox and click Create new preshared key 9. Enter the and click Preshared key information 10. Select and click VPN Connection...
  • Page 64 RF650VPN Quick Start Guide 11. Select the information and click Security Gateway Intranet IP Address Note that the System routing is set automatically. The RouteFinder looks for the Subnet Mask that you entered. Intranet IP address If the the that you entered is not found, the...
  • Page 65 PN 82013251 12. Click screen is displayed. Details>> Connection Properties General 13. Edit the and the then change the IP Address settings Proposal parameters Rule Comment (if necessary) to . Click Secured VPN connection to network...
  • Page 66 RF650VPN Quick Start Guide 15. Click on the tab. Advanced 16. Check the check box and click Use perfect forward secrecy (PFS) in IKE rekey...
  • Page 67 PN 82013251 The Probe Results screen displays. 17. Click . Details of the newly-created connection are displayed. Details>>...
  • Page 68 RF650VPN Quick Start Guide 18. Verify the connection details information and click Close...
  • Page 69 PN 82013251 The Security Policy begins updating. 19. When the Security Policy is done updating, click to Ping the new connection. Diagnostics ... If the ping is successful, the Host to NET using SSH Sentinel 1.2.x (static IP) to connect to a RouteFinder using Pre Shared Keys (PSK) process is complete.
  • Page 70 RF650VPN Quick Start Guide About SSH Sentinel SSH Sentinel is a software product for securing Internet traffic with the IPSec protocol as specified by the IETF standards. This security product is easily deployed by end users. It enables the user to secure arbitrary Internet connections such as remote access to the corporation network, remote administration, file transfer and sending and receiving email (smtp, imap).

  • Page 71: Appendix C - Regulatory Information

    PN 82013251 Appendix C – Regulatory Information Class A Statement FCC Part 15 This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.

  • Page 72: Fcc Part 68 Telecom

    If the equipment is causing harm to the network, the phone company may request that you remove the equipment from the network until the problem is resolved. 8. No repairs are to be made by you. Repairs are to be made only by Multi-Tech Systems or its licensees. Unauthorized repairs void registration and warranty.

  • Page 73: Canadian Limitations Notice

    PN 82013251 Canadian Limitations Notice Ringer Equivalence Number Notice: The ringer equivalence number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a phone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the ringer equivalence numbers of all the devices does not exceed 5.
  • Page 74 RF650VPN Quick Start Guide...

  • Page 75: Appendix D - License Agreements

    Multi-Tech Systems, Inc. End User License Agreement (EULA) IMPORTANT - READ BEFORE OPENING THE SOFTWARE PACKAGE This is a legal agreement between you (either an individual or a single entity) and Multi-Tech Systems, Inc. for the Multi-Tech software product enclosed, which includes computer software and may include associated media, printed materials, and "online"...
  • Page 76 RF650VPN Quick Start Guide MULTI-TECH SOFTWARE LICENSE AGREEMENT Multi-Tech Systems, Inc. (MTS) agrees to grant and Customer agrees to accept on the following terms and conditions, a non-transferable and non-exclusive license to use the software program(s) delivered with this Agreement.
  • Page 77 2205 Woodale Drive, Mounds View, MN 55112. The software contained in this package is licensed by Multi-Tech Systems, Inc., to the original end-user purchaser, hereafter referred to as Licensee, of this product for site use. A site is defined as a single business, government, or academic location, such as a building, a floor of a building, a campus, etc., and covers no more than 250 users at that location.
  • Page 78 Multi-Tech Systems, Inc. It is hereby expressly agreed that Licensee’s remedy is limited to replacement or refund of the license fee, at the option of Multi-Tech Systems, Inc., for defective distribution media. There is no warranty for misused materials.
  • Page 79 PN 82013251 GNU General Public License Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
  • Page 80 RF650VPN Quick Start Guide if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty;...
  • Page 81 PN 82013251 The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
  • Page 82 RF650VPN Quick Start Guide 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
  • Page 83 PN 82013251...
  • Page 84 RF650VPN Quick Start Guide 82013251...

Table of Contents