Page 1 LTE Industrial Router ICR-1601 CONFIGURATION MANUAL...
Page 2 Information, notice – Useful tips or information of special interest. Example – Example of function, command or script. Advantech B+B SmartWorx s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech Republic Document No. MAN-0040-EN, revision from February 12, 2019. Released in the Czech Republic.
Page 3: Table Of Contents
ICR-1601 Contents 1. Introduction........................... 6 Basic HW Information ......................6 Installation & Maintenance Notice ..................7 1.2.1 System Requirements ...................... 7 1.2.2 Warnings .......................... 7 1.2.3 Hot Surface Caution ......................7 Access to the Web Configuration .................... 8 2. Basic Network ..........................9 WAN &...
Page 4 ICR-1601 Certificate ..........................120 3.3.1 My Certificate ......................120 3.3.2 Trusted Certificate ....................... 126 4. Security ............................132 VPN ............................132 4.1.1 IPSec ..........................133 4.1.2 OpenVPN ........................144 4.1.3 L2TP ..........................152 4.1.4 PPTP ..........................157 4.1.5 GRE ..........................161 Firewall ..........................
Page 5 ICR-1601 6.2.2 Managing Events......................242 6.2.3 Notifying Events ......................245 7. Status ............................248 Basic Network ........................248 7.1.1 WAN & Uplink Status ....................248 7.1.2 LAN & VLAN Status ...................... 252 7.1.3 WiFi Status ........................253 7.1.4 DDNS Status ......................... 255 Security ..........................
Page 6: Introduction
ICR-1601 1. Introduction Cellular router ICR-1601 is designed for wireless communication in the mobile networks that make use of traditional cellular technologies. The primary purpose of this router is its use in the newest Category 4 (Cat.4) services on the cellular LTE network. LTE Category 4 (Cat.4) is the next step in 4G LTE device capability.
Page 7: Installation & Maintenance Notice
ICR-1601 1.2 Installation & Maintenance Notice 1.2.1 System Requirements  A fast Ethernet RJ45 cable Network Requirements  3G/4G cellular service subscription  IEEE 802.11b/g/n wireless client  10/100 Ethernet adapter on PC Web-based Configuration Utility Computer with the following: Requirements ...
Page 8: Access To The Web Configuration
ICR-1601 1.3 Access to the Web Configuration Attention! Wireless transmissions work only when you activate the SIM card for data traffic and insert it into the router. Remove the power source before inserting the SIM card. You may use the web interface to monitor, configure and manage the router. To do so, enter the router’s IP address in your browser.
Page 9: Basic Network
ICR-1601 2. Basic Network 2.1 WAN & Uplink The router provides multiple WAN interfaces to let all client hosts in Intranet of the router access the Internet via ISP. But ISPs in the world apply various connection protocols to let routers or user's devices dial in ISPs and then link to the Internet via different kinds of transmit media.
Page 10 ICR-1601 The first step to configure one WAN interface is to specify which kind of connection media to be used for the WAN connection, as shown in "Physical Interface" page. In "Physical Interface" page, there are two configuration windows, "Physical Interface List" and "Interface Configuration".
Page 11 ICR-1601 Seamless Failover: In addition, there is a "Seamless" option for Failover operation mode. When seamless option is activated by checking on the "Seamless" box in configuration window, both primary connection and the failover connection are started up after system rebooting. But only the primary connection executes the data transfer, while the failover one just keeps alive of connection line.
Page 12 ICR-1601 Physical Interface Setting Go to Basic Network > WAN & Uplink > Physical Interface tab. The Physical Interface allows user to setup the physical WAN interface and to adjust WAN’s behavior. When Edit button is applied, an Interface Configuration screen will appear. WAN-1 interface is used in this example.
Page 13: Connection Setup
ICR-1601 2.1.2 Connection Setup After specifying the physical interface for each WAN connection, administrator must configure their connection profile to meet the dial in process of ISP, so that all client hosts in the Intranet of the router can access the Internet. In "Connection Setup"...
Page 14 ICR-1601 Internet Connection List - Ethernet WAN WAN Type for Ethernet Interface: Ethernet is the most common WAN and uplink interface for ICR-1601 routers. Usually it is connected with xDSL or cable modem for you to setup the WAN connection. There are various WAN types to connect with ISP: ...
Page 15 ICR-1601 Configure Ethernet WAN Setting When Edit button is applied, Internet Connection Configuration screen will appear. WAN-1 interface is used in this example. WAN Type = Dynamic IP When you select it, "Dynamic IP WAN Type Configuration" will appear. Items and setting is explained below. Dynamic IP WAN Type Configuration Item Value setting...
Page 16 ICR-1601 Static IP WAN Type Configuration Item Value setting Description WAN IP Address A Must filled setting Enter the WAN IP address given by your Service Provider WAN Subnet Mask A Must filled setting Enter the WAN subnet mask given by your Service Provider WAN Gateway A Must filled setting Enter the WAN gateway IP address given by your Service Provider...
Page 17 ICR-1601 PPPoE WAN Type Configuration Item Value setting Description PPPoE Account A Must filled setting Enter the PPPoE User Name provided by your Service Provider. PPPoE Password A Must filled setting Enter the PPPoE password provided by your Service Provider. Primary DNS An optional setting Enter the IP address of Primary DNS server.
Page 18 ICR-1601 Connection ID An optional setting Enter a name to identify the PPTP connection. Select Enable to enable MPPE (Microsoft Point-to-Point Encryption) MPPE An optional setting security for PPTP connection. WAN Type = L2TP When you select it, "L2TP WAN Type Configuration" will appear. Items and setting is explained below L2TP WAN Type Configuration Item Value setting...
Page 19 ICR-1601 Enter the service port that the Internet service. There are three options can be selected :  Auto: Port will be automatically assigned.  Service Port 1701 (For Cisco): Set service port to port 1701 to connect to A Must filled setting CISCO server.
Page 20 ICR-1601 Connect-on-demand: This gateway won’t start to establish Internet connection until local data is going to be sent to WAN side. After normal data transferring between LAN and WAN sides, this gateway will disconnect WAN connection if idle time reaches value of Maximum Idle Time.
Page 21 ICR-1601 Network Monitoring It is necessary to monitor connection status continuous. To do it, "ICMP Check" and "FQDN Query" are used to check. When there is traffic of connection, checking packet will waste bandwidth. Response time of replied packets may also increase. To avoid "Network Monitoring"...
Page 22 ICR-1601 Check the Enable box to enable the MTU (Maximum Transmission Unit) limit, and specify the MTU for the 3G/4G connection. 1. An Optional setting MTU Setup MTU refers to Maximum Transmission Unit. It specifies the largest packet 2. Uncheck by default size permitted for Internet transmission.
Page 23 ICR-1601 Enable WAN IP Alias then enter the IP address provided by your service 1. An optional setting provider. WAN IP Alias 2. Uncheck by default WAN IP Alias is used by the device router and is treated as a second set of WAN IP to provide dual WAN IP address to your LAN network.
Page 24 ICR-1601 SIM-A / SIM-B first without enable Failback By default, “SIM-A First” scenario is used to connect to cellular ISP for data transfer. In the case of “SIM-A First” or “SIM-B First” scenario, the gateway will try to connect to the Internet by using SIM-A or SIM-B card first.
Page 25 ICR-1601 3G/4G Connection Configuration Item Value setting Description 1. A Must filled From the dropdown box, select Internet connection method for 3G/4G setting WAN Connection. Only 3G/4G is available. WAN Type 3G/4G is set by default. Choose which SIM card you want to use for the connection. When SIM-A First or SIM-B First is selected, it means the connection is built first by using SIM A/SIM B.
Page 26 ICR-1601 Configure SIM-A / SIM-B Card Here you can set configurations for the cellular connection according to your situation or requirement. Note_1: Configurations of SIM-B Card follows the same rule of Configurations of SIM-A Card, here we list SIM-A as the example. Note_2: Both Connection with SIM-A Card and Connection with SIM-B Card will pop up only when the SIM-A First or SIM-B First is selected, otherwise it only pops out one of them.
Page 27 ICR-1601 Specify the type of dial-up profile for your 3G/4G network. It can be Manual-configuration, APN Profile List, or Auto-detection. Select Manual-configuration to set APN (Access Point Name), Dial Number, Account, and Password to what your carrier provides. Select APN Profile List to set more than one profile to dial up in turn, until the connection is established.
Page 28 ICR-1601 Check the box to establish the connection even the registration status is The box is unchecked roaming, not in home network. Roaming by default Note: It may cost additional charges if the connection is under roaming. Create/Edit SIM-A / SIM-B APN Profile List You can add a new APN profile for the connection, or modify the content of the APN profile you added.
Page 29 ICR-1601 1. A Must filled setting Select the Authentication method for the 3G/4G connection. It can be Auto, PAP, CHAP, or None. 2. By default Auto is Authentication selected Enter the value for the dialing-up order. The valid value is from 1 to 16. It 1.
Page 30 ICR-1601 Note: This field is available only when Connect-on-demand or Connect Manually is selected as the connection control scheme. 1. A Must filled setting When (0) Always is selected, it means this WAN is under operation all the Time Schedule 2.
Page 31 ICR-1601 Network Monitoring Configuration Item Value setting Description 1. An optional setting Check the Enable box to activate the network monitoring function. Network Monitoring 2. Box is checked by Configuration default Choose either DNS Query or ICMP Checking to detect WAN link. 1.
Page 32 ICR-1601 Internet Connection – WiFi Uplink WAN If the device connects to Internet through WiFi Uplink, this section will help you to complete WiFi Uplink connection setup. Go to Basic Network > WAN & Uplink > Connection Setup tab. WiFi Uplink interface: The Uplink network is a wireless network, and the gateway can connect to the Uplink network through WiFi connection.
Page 33 ICR-1601 WiFi Uplink WiFi Uplink WAN Type Configuration Item Value setting Description Display the information of AP for connecting. You can Click the Scan button and select an AP for the uplink network. Connect to AP Besides, you can also create uplink profile(s) for ease of connecting to an available Uplink network.
Page 34 ICR-1601 Network Monitoring Network Monitoring Configuration Item Value setting Description 1. An Optional setting Click the Enable checkbox to activate the function. Network Monitoring 2. The box is checked Configuration by default. Choose either DNS Query or ICMP Checking method and specify a Query/Check Interval to detect WAN link.
Page 35 ICR-1601 Specify a time interval as the ICMP Checking Interval. Query Interval defines the transmitting interval between two DNS Query 1. An Optional setting or ICMP checking packets. Check Interval 2. 5 seconds is selected With ICMP Checking, the system will check connection by sending ICMP by default.
Page 36: Lan & Vlan
ICR-1601 2.2 LAN & VLAN This section provides the configuration of LAN and VLAN. VLAN is an optional feature, and it depends on the product specification of the purchased gateway. 2.2.1 Ethernet LAN The Local Area Network (LAN) can be used to share data or files among computers attached to a network.
Page 37 ICR-1601 Select the subnet mask for this gateway from the dropdown list. Subnet mask defines how many clients are allowed in one network or subnet. The default subnet mask is 255.255.255.0 (/24), and it means 1. A Must filled setting maximum 254 IP addresses are allowed in this subnet.
Page 38: Vlan
ICR-1601 Select the subnet mask for this gateway from the dropdown list. Subnet mask defines how many clients are allowed in one network or subnet. The default subnet mask is 255.255.255.0 (/24), and it means 1. A Must filled setting maximum 254 IP addresses are allowed in this subnet.
Page 39 ICR-1601 A port-based VLAN is a group of ports on an Ethernet or Virtual APs of Wired or Wireless Gateway that form a logical LAN segment. Following is an example. For example, in a company, administrator schemes out 3 network segments, Lobby/Meeting Room, Office, and Data Center.
Page 40 ICR-1601 Above is the general case for 3 Ethernet LAN ports in the gateway. But if the device just has one Ethernet LAN port, there will be only one VLAN group for the device. Under such situation, it still supports both the NAT and Bridge mode for the Port-based VLAN configuration.
Page 41 ICR-1601  VLAN Groups Access Control Administrator can specify the Internet access permission for all VLAN groups. He can also configure which VLAN groups are allowed to communicate with each other. VLAN Group Internet Access Administrator can specify members of one VLAN group to be able to access Internet or not. Following is an example that VLAN groups of VID is 2 and 3 can access Internet but the one with VID is 1 cannot access Internet.
Page 42 ICR-1601 Inter VLAN Group Routing In Port-based tagging, administrator can specify member hosts of one VLAN group to be able to communicate with the ones of another VLAN group or not. This is a communication pair, and one VLAN group can join many communication pairs. But communication pair doesn’t have the transitive property. That is, A can communicate with B, and B can communicate with C, it doesn’t imply that A can communicate with C.
Page 43 ICR-1601 VLAN Setting Go to Basic Network > LAN & VLAN > VLAN Tab. The VLAN function allows you to divide local network into different virtual LANs. There are Port- based and Tag-based VLAN types. Select one that applies. Configuration Item Value setting Description...
Page 44 ICR-1601 System A Must filled setting Define the Start ID for the VLAN and the End ID will be automatically counted Reserved as Start ID + 4. VLAN ID Value Range: 1 ~ 4091 Save Click the Save button to save the configuration Port-based VLAN –...
Page 45 ICR-1601 Port-based VLAN - Configuration...
Page 46 ICR-1601 Port-based VLAN Configuration Item Value setting Description 1. A Must filled setting Define the Name of this rule. It has a default text and cannot be modified. Name 2. String format: already have default texts VLAN ID A Must filled setting Define the VLAN ID number, range is 1~4094.
Page 47 ICR-1601 The box is unchecked by Click Enable box to activate this rule. Enable default. Save Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the Undo previous setting. Besides, you can add some IP rules in the IP Fixed Mapping Rule List if DHCP Server for the VLAN groups is required.
Page 48 ICR-1601 Port-based VLAN – Inter VLAN Group Routing Click VLAN Group Routing button, the VLAN Group Internet Access Definition and Inter VLAN Group Routing screen will appear. When Edit button is applied, a screen similar to this will appear.
Page 49 ICR-1601 Inter VLAN Group Routing Item Value setting Description By default, all boxes are checked means all VLAN ID members are allow to VALN Group access WAN interface. Internet All boxes are checked by If uncheck a certain VLAN ID box, it means the VLAN ID member can’t access Access default.
Page 50 ICR-1601 Tag-based VLAN Configuration Item Value setting Description VALN ID A Must filled setting Define the VLAN ID number, range is 6~4094. Internet The box is checked by Click Enable box to allow the members in the VLAN group access to internet. Access default.
Page 51: Dhcp Server
ICR-1601 2.2.3 DHCP Server  DHCP Server The gateway supports up to 4 DHCP servers to fulfill the DHCP requests from different VLAN groups (please refer to VLAN section for getting more usage details). And there is one default setting for whose LAN IP Address is the same one of router LAN interface, with its default Subnet Mask setting as “255.255.255.0”, and its default IP Pool ranges is from “.100”...
Page 52 ICR-1601  Fixed Mapping User can assign fixed IP address to map the specific client MAC address by select them then copy, when targets were already existed in the DHCP Client List, or to add some other Mapping Rules by manually in advance, once the target's MAC address was not ready to connect.
Page 53 ICR-1601 DHCP Server Configuration Item Value setting Description 1. String format can be DHCP Server any text Enter a DHCP Server name. Enter a name that is easy for you to understand. Name 2. A Must filled setting LAN IP 1.
Page 54 ICR-1601 Secondary IPv4 format The Secondary WINS of this DHCP Server. WINS Gateway IPv4 format The Gateway of this DHCP Server. The box is unchecked by Server Click Enable box to activate this DHCP Server. default. Save Click the Save button to save the configuration Click the Undo button to restore what you just configured back to the Undo previous setting.
Page 55 ICR-1601 View / Copy DHCP Client List When DHCP Client List button is applied, DHCP Client List screen will appear. When the DHCP Client is selected and Copy to Fixed Mapping button is applied. The IP and MAC address of DHCP Client will apply to the Mapping Rule List on specific DHCP Server automatically. Enable / Disable DHCP Server Options The DHCP Server Options setting allows user to set DHCP OPTIONS 66, 72, or 114.
Page 56 ICR-1601 DHCP Server Option Configuration Item Value setting Description 1. String format can be any Enter a DHCP Server Option name. Enter a name that is easy for you to Option Name text understand. 2. A Must filled setting. DHCP Server Dropdown list Choose the DHCP server this option should apply to.
Page 57 ICR-1601 Create / Edit DHCP Relay The router supports up to a maximum of 6 DHCP Relay configurations. When Add/Edit button is applied, DHCP Relay Configuration screen will appear. DHCP Relay Configuration Item Value setting Description 1. String format can be any Enter a DHCP Relay name.
Page 58: Wifi
ICR-1601 WiFi The router provides WiFi interface for mobile devices or BYOD devices to connect for Internet/Intranet accessing. WiFi function is usually modularized design in a router, and there can be single or dual modules within a router. The WiFi system in the router complies with IEEE 802.11n/11g/11b standard in 2.4GHz single band.
Page 59: Wifi Configuration
ICR-1601 2.3.1 WiFi Configuration Due to optional module(s) and frequency band, you need to setup module one by one. For each module, you need to specify the operation mode, and then setup the virtual APs for wireless access. Hereunder are the scenarios for each wireless operation mode, you can get how it works, and what is the difference among them.
Page 60 ICR-1601 AP Router Mode This mode allows you to get your wired and wireless devices connected to form the Intranet of the wireless gateway, and the Intranet will link to the Internet with NAT mechanism of the router. So, this router is working as a WiFi AP, but also a WiFi hotspot for Internet accessing service.
Page 61 ICR-1601 WDS Hybrid Mode WDS hybrid mode includes both WDS and AP Router mode. WDS Hybrid mode can act as an access point for its WiFi Intranet and a WiFi bridge for its wired and WiFi Intranets at the same time.
Page 62 ICR-1601 Wi-Fi Security – Authentication & Encryption Wi-Fi security provides complete authentication encryption mechanisms to enhance the data security while your data is transferred wirelessly over the air. The wireless gateway supports Shared, WPA-PSK / WPA2-PSK WPA2 authentication. You can select one authentication scheme to validate the wireless clients while they are connecting to the AP.
Page 63 ICR-1601 Configure WiFi Setting Configuring Wi-Fi Settings Item Value setting Description The box is checked by Check the Enable box to activate Wi-Fi function. WiFi Module default Select a radio channel for the VAP. Each channel is corresponding to different radio band. The permissible channels depend on the Regulatory Domain.
Page 64 ICR-1601 AP Router Mode Item Value setting Description The box is unchecked Check the Enable box to activate Green AP function. Green AP by default. Check the Enable box to activate this function. The box is checked by VAP Isolation By default, the box is checked;...
Page 65 ICR-1601 For others: VAP Configuration Item Value setting Description Enter the SSID for the VAP, and decide whether to broadcast the SSID or not. 1. String format : Any SSID The SSID is used for identifying from another AP, and client stations will text associate with AP according to SSID.
Page 66 ICR-1601 When WPA or WPA2 is selected They are implementation of IEEE 802.11i. WPA only had implemented part of IEEE 802.11i, but owns the better compatibility. WPA2 had fully implemented 802.11i standard, and owns the highest security.  RADIUS Server The client stations will be authenticated by RADIUS server.
Page 67 ICR-1601 Save Click the Save button to save the current configuration. Click the Undo button to restore configuration to previous setting before Undo saving. Apply Click the Apply button to apply the saved configuration. WDS Only Mode For the WDS Only mode, the device only bridges the connected wired clients to another WDS-enabled WiFi device which the device associated with.
Page 68 ICR-1601 The default WiFi key is printed on both the device label and the Security Card. It is created randomly and differs from devices. So, you can connected to the VAP1 (SSID: Staff_2.4G) with the provided key. However, it is strongly recommended that you have to change the security key to an easy-to- remember one by clicking the Edit button.
Page 69 ICR-1601 WDS Hybrid Mode For the WDS Hybrid mode, the device bridges all the wired LAN and WLAN clients to another WDS or WDS hybrid enabled WiFi devices which the device associated with. WDS Hybrid Mode Item Value setting Description Check the Enable box to activate this function.
Page 70 ICR-1601 The default WiFi key is printed on both the device label and the Security Card. It is created randomly and differs from devices. So, you can connected to the VAP1 (SSID: Staff_2.4G) with the provided key. However, it is strongly recommended that you have to change the security key to an easy-to- remember one by clicking the Edit button.
Page 71: Wireless Client List
ICR-1601 For others: For the detail description about VAP configuration, please refer to the description stated in AP-Router section. 2.3.2 Wireless Client List The Wireless Client List page shows the information of wireless clients which are associated with this device. Go to Basic Network >...
Page 72: Advanced Configuration
ICR-1601 Specify the VAP to show the associated clients information in the following Client List. 1. A Must filled By default, All VAP is selected. Multiple AP setting. Names 2. All is selected by default. Show Client List The following Client List shows the information for wireless clients that is associated with the selected VAP(s).
Page 73 ICR-1601 Target Configuration Item Value setting Description Select the WiFi module to check the information of connected clients. Module Select A Must filled setting. For those single WiFi module products, this option is hidden. Specify the intended operation band for the WiFi module. Basically, this setting is fixed and cannot be changed once the module is Operation Band A Must filled setting.
Page 74: Uplink Profile
ICR-1601 Short GI (Guard Interval) is defined to set the sending interval between By default 400ns is Short GI each packet. Note that lower Short GI could increase not only the transition selected rate but also error rate. By default Best is It means the data transition rate.
Page 75 ICR-1601 Specify the intended operation band for the WiFi module. Basically, this setting is fixed and cannot be changed once the module is integrated into the router product. However, there are some module with Operation Band A Must filled setting. selectable band for user to choose according to his network environment.
Page 76 ICR-1601 Profile Configuration Item Value setting Description 1. String format can Enter a profile name for the uplink network specified below. It is a name that be any text Profile Name is easy for you to understand. 2. A Must filled Value Range: 1 ~ 64 characters.
Page 77 ICR-1601 Select a suitable encryption method and enter the required key(s). The available method in the dropdown list depends on the Authentication you selected. None It means that the device is open system without encrypting. Up to 4 WEP keys can be set, and you have to select one as current key. The key type can set to HEX or ASCII.
Page 78 ICR-1601 Once you selected an AP from the AP list, the channel, SSID, Authentication, Encryption, and MAC address will be automatically filled into the profile, you just have to enter a key for the uplink connection, if required.
Page 79: Gnss
ICR-1601 2.4 GNSS The configuration steps include following items.  Activate GNSS feature in gateway and finish settings of cellular WAN.  Support NMEA 0183 (compatible to 3.0) protocol, and allow customized prefix and suffix.  Configurable GPS data logging on local microSD card storage for route record tracking. ...
Page 80 ICR-1601 Data to Storage Besides transmitting location data to remote server, you can also store location data into internal storage (e.g. microSD card) or external storage (e.g. USB drive) if any. Regarding to data format, either can be NMEA 0183 raw data format or save it as GPX file format. The location data will be saved to a new file if the original file size is bigger than the pre-defined file size.
Page 81 ICR-1601 GNSS Setting Go to Service>Location Tracking> GNSS Tab. The GNSS allows user to set the configuration of GNSS, log NMEA data to storage, and send data to remote host.Ensure GNSS is enabled and saved Setup GNSS Configuration GNSS Configuration Item Value setting Description...
Page 82 ICR-1601  Data to Storage Recommended Minimum Enable (The box is unchecked by default) Data Check Enable box to activate data to storage function.  Select Device (A Must filled setting) Select Internal or External device to store log data. ...
Page 83 ICR-1601 Remote Host Configuration Item Value setting Description Host Name String format: any text Enter the host name for the designated remote host. Value Range: -1 ~ 64 characters. Host IP A Must filled setting Specify the IP Addressof remote host. It will be use as destination IP for sending NMEA packets.
Page 84: Ipv6
ICR-1601 2.5 IPv6 The growth of the Internet has created a need for more addresses than are possible with IPv4. IPv6 (Internet Protocol version 6) is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
Page 85 ICR-1601 IPv6 WAN Connection Type Static IPv6 Static IPv6 does the same function as static IPv4. The static IPv6 provides manual setting of IPv6 address, IPv6 default router address, and IPv6 DNS. Above diagram depicts the IPv6 IP addressing, type in the information provided by your ISP to setup the IPv6 network.
Page 86 ICR-1601 PPPoEv6 PPPoEv6 in IPv6 does the same function as PPPoE in IPv4. The PPPoEv6 server provides configuration parameters based on PPPoEv6 client request. When PPPoEv6 server gets client request and successfully authenticates it, the server sends IP address, DNS server addresses and other required parameters to automatically configure the client.
Page 87 ICR-1601 IPv6 Configuration Setting Go to Basic Network > IPv6 > Configuration Tab. The IPv6 Configuration setting allows user to set the IPv6 connection type to access the IPv6 network. IPv6 Configuration Item Value setting Description The box is IPv6 unchecked by Check the Enable box to activate the IPv6 function.
Page 88 ICR-1601 LAN Configuration LAN Configuration Item Value setting Description Global Address Value auto-created Enter the LAN IPv6 Address for the router. Link-local Address Value auto-created Show the link-local address for LAN interface of router. Then go to Address Auto-configuration (summary) for setting LAN environment. If above setting is configured, click the Save button to save the configuration, and click Reboot button to reboot the router.
Page 89: Port Forwarding
ICR-1601 2.6 Port Forwarding Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host.
Page 90: Configuration
ICR-1601 2.6.1 Configuration NAT Loopback This feature allows you to access the WAN global IP address from your inside NAT local network. It is useful when you run a server inside your network. For example, if you set a mail server at LAN side, your local devices can access this mail server through router’s global IP address when enable NAT loopback feature.
Page 91: Virtual Server & Virtual Computer
ICR-1601 2.6.2 Virtual Server & Virtual Computer There are some important Pot Forwarding functions implemented within the router, including "Virtual Server", "NAT loopback" and "Virtual Computer". It is necessary for cooperate staffs who travel outside and want to access various servers behind office router.
Page 92 ICR-1601 Virtual Server & NAT Loopback "Virtual Server" allows you to access servers with the global IP address or FQDN of the gateway as if they are servers existed in the Internet. But in fact, these servers are located in the Intranet and are physically behind the gateway.
Page 93 ICR-1601 Virtual Server & Virtual Computer Setting Go to Basic Network > Port Forwarding > Virtual Server & Virtual Computer tab. Enable Virtual Server and Virtual Computer Configuration Item Value setting Description The box is unchecked by Virtual Server Check the Enable box to activate this port forwarding function default The box is checked by Virtual Computer...
Page 94 ICR-1601 Virtual Server Rule Configuration Item Value setting Description Define the selected interface to be the packet-entering interface of the router. If the packets to be filtered are coming from WAN-x then select WAN-x for 1. A Must filled setting this field.
Page 95 ICR-1601 When “UDP” is selected It means the option “Protocol” of packet filter rule is UDP. Public Port selected a predefined port from Well-known Service, and Private Port is the same with Public Port number. Public Port is selected Single Port and specify a port number, and Private Port can be set a Single Port number.
Page 96: Special Ap & Alg
ICR-1601 Create / Edit Virtual Computer The router allows you to custom your Virtual Computer rules. It supports up to a maximum of 20 rule- based Virtual Computer sets. When Add button is applied, Virtual Computer Rule Configuration screen will appear. Virtual Computer Rule Configuration Item Value setting...
Page 97 ICR-1601 security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria. Special AP The Special AP feature allows you to request the gateway open a pre-defined service ports for incoming packets to pass through once the trigger port is activated by local hosts.
Page 98 ICR-1601 As shown in the diagram, the calling starts from the SIP Phone #1 to the SIP server via the NAT gateway. Then the SIP server invites the SIP Phone #2 and finally, the SIP Phone #1 talks to the SIP Phone #2. But for the NAT gateway, SIP Phone #2 is an unknown host, so the active access from the Phone...
Page 99 ICR-1601 Create / Edit Special AP Rule The gateway allows you to custom your Special AP rules. It supports up to a maximum of 8 rule-based Special AP sets. When Add button is applied, Special AP Rule Configuration screen will appear. IP Translation Configuration Item Value setting...
Page 100: Dmz & Pass Through
ICR-1601 2.6.4 DMZ & Pass Through DMZ (De Militarized Zone) Host is a host that is exposed to the Internet cyberspace but still within the protection of firewall by router device. So, the function allows a computer to execute 2-way communication for Internet games, Video conferencing, Internet telephony and other special applications.
Page 101 ICR-1601 VPN Pass through Scenario Since VPN traffic is different from that of TCP or UDP connection, it will be blocked by NAT gateway. To support the pass through function for the VPN connections initiating from VPN clients behind NAT gateway, the gateway must implement some kind of VPN pass through function for such application.
Page 102: Routing
ICR-1601 Pass Through The boxes are checked Check the box to enable the pass through function for the IPSec, PPTP, Enable by default and L2TP. With the pass through function enabled, the VPN hosts behind the router still can connect to remote VPN servers. Save Click the Save button to save the settings.
Page 103: Static Routing
ICR-1601 2.7.1 Static Routing "Static Routing" function lets you define the routing paths for some dedicated hosts/servers or subnets to store in the routing table of the router. The router routes incoming packets to different peer gateways based on the routing table. You need to define the static routing information in gateway routing rule list.
Page 104 ICR-1601 Static Routing Setting Go to Basic Network > Routing > Static Routing Tab. There are three configuration windows for static routing feature, including "Configuration", "Static Routing Rule List" and "Static Routing Rule Configuration" windows. "Configuration" window lets you activate the global static routing feature. Even there are already routing rules, if you want to disable routing temporarily, just uncheck the Enable box to disable it.
Page 105 ICR-1601 IPv4 Static Routing Item Value setting Description Destination 1. IPv4 Format Specify the Destination IP of this static routing rule. 2. A Must filled setting 255.255.255.0 (/24) is set Subnet Mask Specify the Subnet Mask of this static routing rule. by default 1.
Page 106: Dynamic Routing
ICR-1601 2.7.2 Dynamic Routing Dynamic Routing, also called adaptive routing, describes the capability of a system, through which routes are characterized by their destination, to alter the path that the route takes through the system in response to a change in network conditions. This router supports dynamic routing protocols, including RIPv1/RIPv2 (Routing Information Protocol), and OSPF (Open Shortest Path First), for you to establish routing table automatically.
Page 107 ICR-1601 The supported dynamic routing protocols are described as follows: RIP Scenario The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols, which employs the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from the source to a destination.
Page 108 ICR-1601 Dynamic Routing Setting Go to Basic Network > Routing > Dynamic Routing Tab. The dynamic routing setting allows user to customize RIP, and OSPF protocols through the router based on their office setting. In the "Dynamic Routing" page, there are several configuration windows for dynamic routing feature. They are the "RIP Configuration"...
Page 109 ICR-1601 OSPF Configuration The OSPF configuration setting allows user to customize OSPF protocol through the router based on their office setting OSPF Configuration Item Value setting Description OSPF Disable is set by default Click Enable box to activate the OSPF protocol. 1.
Page 110 ICR-1601 Create / Edit OSPF Area Rules The router allows you to custom your OSPF Area List rules. It supports up to a maximum of 32 rule sets. When Add button is applied, OSPF Area Rule Configuration screen will appear. OSPF Area Configuration Item Value setting...
Page 111: Routing Information
ICR-1601 2.7.3 Routing Information The routing information allows user to view the routing table and policy routing information. Go to Basic Network > Routing > Routing Information Tab. Routing Table Item Value setting Description Destination Routing record of Destination IP. IPv4 Format. Subnet Routing record of Subnet Mask.
Page 112: Dns & Ddns
ICR-1601 2.8 DNS & DDNS How does user access your server if your WAN IP address changes all the time? One way is to register a new domain name, and maintain your own DNS server. Another simpler way is to apply a domain name to a third-party DDNS service provider.
Page 113 ICR-1601 DNS & DDNS Setting Go to Basic Network > DNS & DDNS > Configuration Tab. The DNS & DDNS setting allows user to setup Dynamic DNS feature and DNS redirect rules. Setup Dynamic DNS The router allows you to custom your Dynamic DNS settings. DDNS (Dynamic DNS) Configuration Item Value setting...
Page 114 ICR-1601 Setup DNS Redirect DNS redirect is a special function to redirect certain traffics to a specified host. Administrator can manage the internet / intranet traffics that are going to access some restricted DNS and force those traffics to be redirected to a specified host. DNS Redirect Configuration Item Value setting...
Page 115 ICR-1601 Redirect Rule Configuration Item Value setting Description 1. String format can be Enter a domain name to be redirect. The traffic to specified domain name will Domain Name any text be redirect to the following IP address. 2. A Must filled setting Value Range: at least 1 character is required;...
Page 116: Object Definition
ICR-1601 3. Object Definition 3.1 Scheduling Scheduling provides ability of adding/deleting time schedule rules, which can be applied to other functionality. 3.1.1 Scheduling Configuration Go to Object Definition > Scheduling > Configuration tab. Button description Item Value setting Description Click the Add button to configure time schedule rule Delete Click the Delete button to delete selected rule(s) When Add button is applied, Time Schedule Configuration and Time Period Definition screens will...
Page 117 ICR-1601 Time Period Definition Item Value Setting Description Week Day Select from menu Select everyday or one of weekday Start Time Time format (hh:mm) Start time in selected weekday End Time Time format (hh:mm) End time in selected weekday Save Click Save to save the settings Undo Click Undo to cancel the settings...
Page 118: External Server
ICR-1601 3.2 External Server Go to Object Definition > External Server > External Server tab. The External Server setting allows user to add external server. When Add button is applied, External Server Configuration screen will appear.
Page 119 ICR-1601 External Server Configuration Item Value setting Description 1. String format can be Sever Name any text Enter a server name. Enter a name that is easy for you to understand. 2. A Must filled setting Specify the Server Type of the external server, and enter the required settings for the accessing the server.
Page 120: Certificate
ICR-1601 3.3 Certificate In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are genuine.
Page 121 ICR-1601 can sign Certificate Signing Requests (CSR) to form corresponding certificates for others.  These certificates can be used for two remote peers to make sure their identity during establishing a VPN tunnel. Scenario Description  Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. Import a trusted certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Page 122 ICR-1601 Configuration Path [IPSec]-[Configuration] ■ Enable IPSec Configuration Path [IPSec]-[Tunnel Configuration] ■ Enable Tunnel s2s-101 Tunnel Name Interface WAN 1 Site to Site Tunnel Scenario Operation Mode Always on [IPSec]-[Local & Remote Configuration] Configuration Path 10.0.76.0 Local Subnet 255.255.255.0 Local Netmask Disable Full Tunnel 10.0.75.0...
Page 123 ICR-1601 [IPSec]-[Tunnel Configuration] Configuration Path ■ Enable Tunnel s2s-102 Tunnel Name WAN 1 Interface Site to Site Tunnel Scenario Always on Operation Mode Configuration Path [IPSec]-[Local & Remote Configuration] 10.0.75.0 Local Subnet Local Netmask 255.255.255.0 Disable Full Tunnel Remote Subnet 10.0.76.0 Remote Netmask 255.255.255.0...
Page 124 ICR-1601 My Certificate Setting Go to Object Definition > Certificate > My Certificate tab. The My Certificate setting allows user to create local certificates. In "My Certificate" page, there are two configuration windows for the "My Certificate" function. The "Local Certificate List" window shows the stored certificates or CSRs for representing the gateway.
Page 125 ICR-1601 Local Certificate Configuration Item Value setting Description Name 1. String format can be Enter a certificate name. It will be a certificate file name any text If Self-signed is checked, it will be signed by root CA. If Self-signed is not 2.
Page 126: Trusted Certificate
ICR-1601 Import Item Value setting Description Import A Must filled setting Select a certificate file from user’s computer, and click the Apply button to import the specified certificate file to the router. PEM Encoded 1. String format can be This is an alternative approach to import a certificate. any text You can directly fill in (Copy and Paste) the PEM encoded certificate string, 2.
Page 127 ICR-1601 Self-signed Certificate Usage Scenario Scenario Application Timing (same as the one described in "My Certificate" section)  When the enterprise router owns the root CA and VPN tunneling function, it can generate its own local certificates by being signed by itself. Also imports the trusted certificates for other CAs and Clients. ...
Page 128 ICR-1601 For Network-B at Branch Office  Following tables list the parameter configuration as an example for the "Trusted Certificate" function used in the user authentication of IPSec VPN tunnel establishing, as shown in above diagram.  The configuration example must be combined with the ones in "My Certificate" and "Issued Certificate" sections to complete the setup for the whole user scenario.
Page 129 ICR-1601 Trusted Certificate Setting Go to Object Definition > Certificate > Trusted Certificate tab. The Trusted Certificate setting allows user to import trusted certificates and keys. Import Trusted CA Certificate When Import button is applied, a Trusted CA import screen will appear. You can import a Trusted CA certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate.
Page 130 ICR-1601 Import Trusted Client Certificate When Import button is applied, a Trusted Client Certificate Import screen will appear. You can import a Trusted Client Certificate from an existed certificate file, or directly paste a PEM encoded string as the certificate. Trusted Client Certificate List Item Value setting...
Page 131 ICR-1601 Import Trusted Client Key When Import button is applied, a Trusted Client Key Import screen will appear. You can import a Trusted Client Key from an existed file, or directly paste a PEM encoded string as the key. Trusted Client Key List Item Value setting Description...
Page 132: Security
ICR-1601 4. Security 4.1 VPN A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefitting from the functionality, security and management policies of the private network.
Page 133: Ipsec
ICR-1601 4.1.1 IPSec Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Page 134 ICR-1601 Site to Host: Site to Host is suitable for tunneling between clients in a subnet and an application server (host). As in the diagram, the clients behind the M2M gateway can access to the host "Host-DC" located in the control center through Site to Host VPN tunnel. Host to Site: On the contrast, for a single host (or mobile user to) to access the resources located in an intranet, the Host to Site scenario can be applied.
Page 135 ICR-1601 IPSec Setting Go to Security > VPN > IPSec tab. The IPSec Setting allows user to create and configure IPSec tunnels. Enable IPSec Configuration Window Item Value setting Description Unchecked by IPsec Click the Enable box to enable IPSec function. default NetBIOS over Unchecked by...
Page 136 ICR-1601 Tunnel Configuration Window Item Value setting Description Unchecked by Tunnel Check the Enable box to activate the IPSec tunnel default 1. A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name 2.
Page 137 ICR-1601 Define operation mode for the IPSec Tunnel. It can be Always On, or Failover. 1. A Must fill setting If this tunnel is set as a failover tunnel, you need to further select a primary Operation Mode 2. Always on is tunnel from which to failover to.
Page 138 ICR-1601 Unchecked by Click Enable box to enable Full Tunnel. Full Tunnel default Note: Full tunnel is available only for Site-to-Site specified in Tunnel Scenario. Remote Subnet Specify the Remote Subnet IP address and Subnet Mask. A Must fill setting List Click the Add or Delete button to add or delete Remote Subnet setting.
Page 139 ICR-1601 IKE Phase Window Item Value setting Description 1. A must fill setting Specify the IKE version for this IPSec tunnel. Select v1 or v2 IKE Version 2. v1 is selected by Note: IKE versions will not be available when AH option in Encapsulation default Protocol is selected.
Page 140 ICR-1601 IKE Proposal Definition Window Item Value setting Description Specify the Phase 1 Encryption method. It can be DES / 3DES / AES-auto / AES-128 / AES-192 / AES-256. Specify the Authentication method. It can be None / MD5 / SHA1 / SHA2-256. IKE Proposal A Must fill setting Definition...
Page 141 ICR-1601 IPSec Proposal Definition Window Item Value setting Description Specify the Encryption method. It can be None / DES / 3DES / AES-auto / AES- 128 / AES-192 / AES-256. Note: None is available only when Encapsulation Protocol is set as AH; it is not available for ESP Encapsulation.
Page 142 ICR-1601 Authentication Window Item Value setting Description Select Key Management from the dropdown box for this IPSec tunnel. Key Management A Must fill setting In this section Manually is the option selected. Specify the Local ID for this IPSec tunnel to authenticate. Local ID An optional setting Select the Key ID for Local ID and enter the Key ID (English alphabet or...
Page 143 ICR-1601 Manual Proposal Window Item Value setting Description Specify the Outbound SPI for this IPSec tunnel. Outbound SPI Hexadecimal format Value Range: 0 ~ FFFF. Specify the Inbound SPI for this IPSec tunnel. Inbound SPI Hexadecimal format Value Range: 0 ~ FFFF. Specify the Encryption Method and Encryption key.
Page 144: Openvpn
ICR-1601 4.1.2 OpenVPN OpenVPN is an application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
Page 145 ICR-1601 OpenVPN TAP Scenario The term "TAP" is referred to bridge mode and operates with layer 2 packets. In bridge mode, the VPN client is given an IP address on the same subnet as the LAN resided under the OpenVPN server. Under such configuration, the OpenVPN client can directly access to the resources in LAN.
Page 146 ICR-1601 Open VPN Setting Go to Security > VPN > OpenVPN tab. The OpenVPN setting allows user to create and configure OpenVPN tunnels. Enable OpenVPN Configuration Item Value setting Description OpenVPN The box is unchecked by Check the Enable box to activate the OpenVPN function. default Client Client is selected by...
Page 147 ICR-1601 OpenVPN Client Configuration Item Value setting Description OpenVPN Client A Must filled setting The OpenVPN Client Name will be used to identify the client in the tunnel Name list. Value Range: 1 ~ 32 characters. Interface 1. A Must filled Define the physical interface to be used for this OpenVPN Client tunnel.
Page 148 ICR-1601 Tunnel Scenario 1. A Must filled Specify the type of Tunnel Scenario for the OpenVPN Client to use. It can be setting TUN for TUN tunnel scenario, or TAP for TAP tunnel scenario. 2. By default TUN is selected. Remote IP/FQDN A Must filled setting Specify the Remote IP/FQDN of the peer OpenVPN Server for this OpenVPN...
Page 149 ICR-1601 Hash Algorithm By default SHA-1 is Specify the Hash Algorithm. selected. It can be SHA-1/MD5/MD4/SHA2-256/SHA2-512/None/Disable. LZO Compression By default Adaptive Specify the LZO Compression scheme. is selected. It can be Adaptive/YES/NO/Default. Persis Key 1. An Optional Check the Enable box to activate the Persis Key function. setting.
Page 150 ICR-1601 When Advanced Configuration is selected, an OpenVPN Client Advanced Configuration screen will appear. OpenVPN Advanced Client Configuration Item Value setting Description TLS Cipher 1. A Must filled setting. Specify the TLS Cipher from the dropdown list. 2. TLS-RSA-WITH- It can be None / TLS-RSA-WITH-RC4-MD5 / TLS-RSA-WITH-AES128-SHA / AES128-SHA is TLS-RSA-WITH-AES256-SHA / TLS-DHE-DSS-AES128-SHA / TLS-DHE-DSS- selected by default...
Page 151 ICR-1601 By default Specify the setting of DNS. Automatically is It can be Automatically/Manually. selected Additional An Optional setting. Enter optional configuration string here. Up to 256 characters is allowable. Configuration Value Range: 0 ~ 256characters. Save Click Save to save the settings. Undo Click Undo to cancel the changes.
Page 152: L2Tp
ICR-1601 4.1.3 L2TP Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. This Router can only behave as a L2TP client for a L2TP VPN tunnel.
Page 153 ICR-1601 Besides, for the L2TP client peer, a Remote Subnet item is required. It is for the Intranet of L2TP server peer. So, at L2TP client peer, the packets whose destination is in the dedicated subnet will be transferred via the L2TP tunnel. Others will be transferred based on current routing policy of the gateway at L2TP client peer.
Page 154 ICR-1601 As a L2TP Client L2TP Client Configuration Item Setting Value setting Description L2TP Client The box is unchecked by Check the Enable box to enable L2TP client role of the gateway. default Save Click Save button to save the settings. Undo Click Undo button to cancel the settings.
Page 155 ICR-1601 L2TP Client Configuration Item Setting Value setting Description Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name A Must filled setting Value Range: 1 ~ 32 characters. Define the selected interface to be the used for this L2TP tunnel Interface A Must filled setting (WAN-1 is available only when WAN-1 interface is enabled)
Page 156 ICR-1601 1. A Must filled setting Enter the Remote LNS Port for this L2TP tunnel. Remote LNS Port 2. 1701 is set by Value Range: 1 ~ 65535. default Enter the User Name for this L2TP tunnel to be authenticated when connect User Name A Must filled setting to L2TP server.
Page 157: Pptp
ICR-1601 Unchecked by Check the Enable box to enable this L2TP tunnel. Tunnel default Save Click Save button to save the settings. Undo Click Undo button to cancel the settings. 4.1.4 PPTP Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
Page 158 ICR-1601 Besides, for the PPTP client peer, a Remote Subnet item is required. It is for the Intranet of PPTP server peer. So, at PPTP client peer, the packets whose destination is in the dedicated subnet will be transferred via the PPTP tunnel.
Page 159 ICR-1601 As a PPTP Client PPTP Client Configuration Item Value setting Description Unchecked by PPTP Client Check the Enable box to enable PPTP client role of the router. default Save Click Save button to save the settings. Undo Click Undo button to cancel the settings. Create/Edit PPTP Client When Add/Edit button is applied, a series PPTP Client Configuration will appear.
Page 160 ICR-1601 PPTP Client Configuration Window Item Value setting Description A Must fill setting Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name Value Range: 1 ~ 32 characters. 1. A Must fill setting Define the selected interface to be the used for this PPTP tunnel Interface 2.
Page 161: Gre
ICR-1601 Unchecked by Check the Enable box to enable this PPTP tunnel. Tunnel default Save Click Save button to save the settings. Undo Click Undo button to cancel the settings. Back Click Back button to return to the previous page. 4.1.5 GRE Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that encapsulates a wide variety of network layer protocols inside virtual point-to-point links over an Internet...
Page 162 ICR-1601 GRE Tunnel Scenario To set up a GRE tunnel, each peer needs to setup its global IP as tunnel IP and fill in the other's global IP as remote IP. Besides, each peer must further specify the Remote Subnet item. It is for the Intranet of GRE server peer.
Page 163 ICR-1601 Save Click Save button to save the settings Undo Click Undo button to cancel the settings Create/Edit GRE tunnel When Add/Edit button is applied, a GRE Rule Configuration screen will appear.
Page 164 ICR-1601 GRE Rule Configuration Window Item Value setting Description Enter a tunnel name. Enter a name that is easy for you to identify. Tunnel Name A Must fill setting Value Range: 1 ~ 9 characters. 1. A Must fill setting Select the interface on which GRE tunnel is to be established.
Page 165 ICR-1601 Specify IPSec Encapsulation Mode from the dropdown box. There are IPSec Unchecked by Transport mode and Tunnel mode supported. Encapsulation default Note: IPSec Encapsulation Mode will not be available when DMVPN is not Mode enabled. Unchecked by Tunnel Check Enable box to enable this GRE tunnel. default Save Click Save button to save the settings.
Page 166: Firewall
ICR-1601 4.2 Firewall The firewall functions include Packet Filter, URL Blocking, Content Filter, MAC Control, Application Filter, IPS and some firewall options. The supported function can be different for the purchased router. 4.2.1 Packet Filter "Packet Filter" function can let you define some filtering rules for incoming and outgoing packets. So the router can control what packets are allowed or blocked to pass through it.
Page 167 ICR-1601 Packet Filter with White List Scenario As shown in the diagram, specify "Packet Filter Rule List" as white list (Allow those match the following rules) and define the rules. Rule-1 is to allow HTTP packets to pass, and Rule-2 is to allow HTTPS packets to pass.
Page 168 ICR-1601 Create/Edit Packet Filter Rules The router allows you to customize your packet filtering rules. It supports up to a maximum of 20 filter rule sets. When Add button is applied, Packet Filter Rule Configuration screen will appear. Packet Filter Rule Configuration Item Name Value setting Description...
Page 169 ICR-1601 Define the selected interface to be the packet-leaving interface of the router. If the packets to be filtered are entering from LAN to WAN then select WAN 1. A Must filled setting for this field. Or VLAN-1 to WAN then select WAN for this field. Other To Interface 2.
Page 170: Url Blocking
ICR-1601 For Protocol, select SCTP to filter SCTP packets For Protocol, select User-defined to filter packets with specified port number. Then enter a pot number in Protocol Number box. Apply Time Schedule to this rule, otherwise leave it as Always. Time Schedule A Must filled setting If the dropdown list is empty ensure Time Schedule is pre-configured.
Page 171 ICR-1601 URL Blocking Rule with Black List When the administrator of the gateway wants to block the Web requests with some dedicated patterns, he can use the "URL Blocking" function to block specific Web requests by defining the black list as shown in above diagram.
Page 172 ICR-1601 URL Blocking Setting Go to Security > Firewall > URL Blocking Tab. In "URL Blocking" page, there are three configuration windows. They are the "Configuration" window, "URL Blocking Rule List" window, and "URL Blocking Rule Configuration" window. The "Configuration" window can let you activate the URL blocking function and specify to black listing or to white listing the packets defined in the "URL Blocking Rule List"...
Page 173 ICR-1601 Create/Edit URL Blocking Rules The Gateway supports up to a maximum of 20 URL blocking rule sets. Ensure that the URL Blocking is enabled before we can create blocking rules. When Add button is applied, the URL Blocking Rule Configuration screen will appear. URL Blocking Rules Configuration Item Value setting...
Page 174: Mac Control
ICR-1601 This field is to specify the Destination Port number.  Select Any to filter packets going to any Port.  Select Specific Service Port to filter packets going to a specific Port Destination 1. A Must filled setting Port 2.
Page 175 ICR-1601 MAC Control with Black List Scenario As shown in the diagram, enable the MAC control function and specify the "MAC Control Rule List" is a black list, and configure one MAC control rule for the gateway to deny the connection request from the "JP NB"...
Page 176 ICR-1601 Known MAC Select a MAC Address from LAN Client List. Click the Copy to to copy the from LAN PC selected MAC Address to the filter rule. List Save Click Save to save the settings Undo Click Undo to cancel the settings Create/Edit MAC Control Rules The router supports up to a maximum of 20 filter rule sets.
Page 177: Ips
ICR-1601 4.2.4 IPS To provide application servers in the Internet, administrator may need to open specific ports for the services. However, there are some risks to always open service ports in the Internet. In order to avoid such attack risks, it is important to enable IPS functions. Intrusion Prevention System (IPS) is network security appliances that monitor network and/or system activities for malicious activity.
Page 178 ICR-1601 IPS Setting Go to Security > Firewall > IPS Tab. The Intrusion Prevention System (IPS) setting allows user to customize intrusion prevention rules to prevent malicious packets. Enable IPS Firewall Configuration Window Item Value setting Description The box is unchecked by Check the Enable box to activate IPS function default The box is unchecked by...
Page 179 ICR-1601 Setup Intrusion Prevention Rules The router allows you to select intrusion prevention rules you may want to enable. Ensure that the IPS is enabled before we can enable the defense function. Setup Intrusion Prevention Rules Item Name Value setting Description SYN Flood Click Enable box to activate this intrusion prevention rule and...
Page 180: Options
ICR-1601 Block Land Attack Block Ping of Death Block IP Spoof Block TCP The box is unchecked by default. Click Enable box to activate this intrusion prevention rule. Flag Scan Block Smurf Block Traceroute Block Fraggle Attack 1. A Must filled setting 2.
Page 181 ICR-1601 There are some additional useful firewall options in this page: Stealth Mode lets router not to respond to port scans from the WAN so that makes it less susceptible to discovery and attacks on the Internet. ”SPI” enables router to record the packet information like IP address, port address, ACK, SEQ number and so on while they pass through the router, and the router checks every incoming packet to detect if this packet is valid.
Page 182 ICR-1601 Firewall Options Setting Go to Security > Firewall > Options Tab. The firewall options setting allows network administrator to modify the behavior of the firewall and to enable Remote Router Access Control. Enable Firewall Options Firewall Options Item Value setting Description Stealth Mode The box is unchecked by default...
Page 183 ICR-1601 Remote Administrator Host Definition Item Value setting Description Protocol HTTP is set by default Select HTTP or HTTPS method for router access. This field is to specify the remote host to assign access right for remote access. Select Any IP to allow any remote hosts A Must filled setting Select Specific IP to allow the remote host coming from a specific subnet.
Page 184: Administration
ICR-1601 5. Administration 5.1 Configure & Manage Configure & Manage refers to enterprise-wide administration of distributed systems including (and commonly in practice) computer systems. Centralized management has a time and effort trade-off that is related to the size of the company, the expertise of the IT staff, and the amount of technology being used. This device supports many system management protocols, such as Command Script, TR-069, SNMP, and Telnet with CLI.
Page 185: Command Script
ICR-1601 5.1.1 Command Script Command script configuration is the application that allows administrator to setup the pre-defined configuration in plain text style and apply configuration on startup. Go to Administration > Configure & Manage > Command Script Tab. Enable Command Script Configuration Configuration Item Value setting...
Page 186 ICR-1601 Plain Text Configuration Item Value setting Description Clean Clean text area. (You should click Save button to further clean the configuration already saved in the system.) Save Save configuration The supported plain text configuration items are shown in the following list. For the settings that can be executed with standard Linux commands, you can put them in a script file, and apply to the system configure with STARTUP command.
Page 187 ICR-1601 OPENVPN_PING_TOUT seconds Specify the timeout value for OpenVPN Client keep-alive checking. OPENVPN_COMP Adaptive Specify the LZO Compression algorithm for OpenVPN client. OPENVPN_AUTH Static Key/TLS Specify the authorization mode for the OpenVPN tunnel.  TLS ->The OpenVPN will use TLS authorization mode, and the following items CA Cert., Client Cert.
Page 188 ICR-1601 Plain Text System Configuration with Telnet In addition to the web-style plain text configuration as mentioned above, the router system also allow the configuration via Telnet CLI. Administrator can use the proprietary telnet command “txtConfig” and relat ed action items to perform the plain system configuration. The command format is: txtConfig (action) [option] Action Option...
Page 189 ICR-1601 5.1.2 TR-069 TR-069 (Technical Report 069) is a Broadband Forum technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end- user devices, like this router device. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer-premises equipment (CPE) and Auto Configuration Servers (ACS).
Page 190 ICR-1601 with "TR-069" enabling.  Use default value for those parameters that are not mentioned in the tables. [TR-069]-[Configuration] Configuration Path ■ Enable TR-069 ACS URL http://qa.acslite.com/cpe.php ACSUserName ACS User Name ACSPassword ACS Password 8099 ConnectionRequest Port ConnReqUserName ConnectionRequest User Name ConnReqPassword ConnectionRequest Password ■...
Page 191 ICR-1601 TR-069 Setting Go to Administration > Configure & Manage > TR-069 tab. In "TR-069" page, there is only one configuration window for TR-069 function. In the window, you must specify the related information for your security router to connect to the ACS. Drive the function to work by specifying the URL of the ACS server, the account information to login the ACS server, the service port and the account information for connection requesting from the ACS server, and the time interval for job inquiry.
Page 192 ICR-1601 TR-069 Item Value setting Description The box is unchecked TR-069 Check the Enable box to activate TR-069 function. by default When you finish set basic network WAN-1 ~ WAN-n, you can choose WAN- 1 ~ WAN-n WAN-1 is selected by Interface When you finish set Security >...
Page 193 ICR-1601 Enable STUN Server STUN Settings Configuration Item Value setting Description The box is checked by STUN Check the Enable box to activate STUN function. default 1. String format: any IPv4 address Specify the IP address for the expected STUN Server. Server Address 2.
Page 194: Snmp
ICR-1601 5.1.3 SNMP In brief, SNMP, the Simple Network Management Protocol, is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events. In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring or managing a group of hosts or devices on a computer network.
Page 195 ICR-1601 using a switch or a router with UDP forwarding.  If you want to manage some devices and they all have supported SNMP protocol, use either one application scenario, especially the management of devices in the Intranet.  In managing devices in the Internet, the TR-069 is the better solution. Please refer to last sub-section. Scenario Description ...
Page 196 ICR-1601 for configuring the "Gateway 1". Only the "UserName1" account can let the "Gateway 1" accept the configuration from the NMS since the authority of the account is "Read/Write".  Once a managed device has an urgent event to send, the device will issue a trap to the Trap Event Receivers.
Page 197 ICR-1601 Select the version for the SNMP 1.A Must filled When Check the v1 box. setting It means you can access SNMP by version 1. Supported 2.The boxes are When Check the v2c box. Versions unchecked by It means you can access SNMP by version 2c. default When Check the v3 box.
Page 198 ICR-1601 Multiple Community Rule Configuration Item Value setting Description 1. Read Only is selected by default Specify this version 1 or version v2c user’s community that will be allowed 2. A Must filled Read Only (GET and GETNEXT) or Read-Write (GET, GETNEXT and SET) access Community setting respectively.
Page 199 ICR-1601 User Privacy Rule Configuration Item Value setting Description User Name 1. A Must filled Specify the User Name for this version 3 user. setting Value Range: 1 ~ 32 characters. 2. String format: any text Password 1. String format: any When your Privacy Mode is authNoPriv or authPriv, you must specify the text Password for this version 3 user.
Page 200 ICR-1601 OID Filter Prefix 1. The default value The OID Filter Prefix restricts access for this version 3 user to the sub-tree is 1 rooted at the given OID. 2. A Must filled Value Range: 1 ~2080768. setting 3. String format: any legal OID Enable 1.The box is checked...
Page 201 ICR-1601 Trap Event Receiver Rule Configuration Item Value setting Description 1. A Must filled setting Specify the trap Server IP or FQDN. Server IP 2. String format: any The DUT will send trap to the server IP/FQDN. IPv4 address or FQDN 1.
Page 202 ICR-1601 1. A v3 Must filled setting Specify the User Name for this version 3 trap. User Name 2. String format: any Value Range: 1 ~ 32 characters. text 1. A v3 Must filled When your Privacy Mode is authNoPriv or authPriv, you must specify the setting Password Password for this version 3 trap.
Page 203 ICR-1601 Specify SNMP MIB-2 System If required, you can also specify the required information the MIB-2 System. SNMP MIB-2 System Configuration Item Value setting Description sysContact 1. An Optional filled Specify the contact information forMIB-2 system. setting Value Range: 0 ~ 64 characters. 2.
Page 204 ICR-1601 Options Item Value setting Description 1. The default value is Default Specify the Enterprise Name for the particular private MIB. Enterprise Name 2. A Must filled setting Value Range: 1 ~ 10 characters, and only string with A~Z, a~z, 0~9, ’–‘, ‘_’. 3.
Page 205: Telnet & Ssh
ICR-1601 5.1.4 Telnet & SSH A command-line interface (CLI), also known as command-line user interface, and console user interface are means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines). The interface is usually implemented with a command line shell, which is a program that accepts commands as text input and converts commands to appropriate operating system functions.
Page 206 ICR-1601 Parameter Setup Example  Following table lists the parameter configuration as an example for the Gateway in above diagram with "Telnet with CLI" enabling at LAN and WAN interfaces.  Use default value for those parameters that are not mentioned in the table. [Telnet &...
Page 207 ICR-1601 Configuration Item Value setting Description Check the Enable box to activate the Telnet function for connecting from LAN or WAN Telnet 1. The LAN Enable box interfaces. is checked by You can set which number of Service Port you want to provide for the default.
Page 208: System Operation
ICR-1601 5.2 System Operation System Operation allows the network administrator to manage system, settings such as web-based utility access password change, system information, system time, system log, firmware/configuration backup & restore, and reset & reboot. 5.2.1 Password & MMI Go to Administration > System Operation > Password & MMI tab. Change Host Name Change Host Name screen allows network administrator to change the web-based MMI login account to access router.
Page 209 ICR-1601 Change Password Change password screen allows network administrator to change the web-based MMI login password to access router. Password Configuration Item Value setting Description 1. String: any text 2. The default Old Password Enter the current password to enable you unlock to change password. password for web- based MMI is ‘admin’.
Page 210 ICR-1601 Change MMI Setting for Accessing This is the router’s web-based MMI access which allows administrator to access the router for management. The router’s web-based MMI will automatically logout when the idle time has elapsed. The setting allows administrator to enable automatic logout and set the logout idle time. When the login timeout is disabled, the system won’t logout the administrator automatically.
Page 211: System Information
ICR-1601 HTTP Binding A Must filled setting Select HTTP Binding. Select the system boot mode that will be adopted to boot up the device. Normal Mode: It takes longer boot up time, about 200 seconds, with complete firmware image check during the device booting. Fast Mode: It takes shorter boot up time, about 120 seconds, without checking the firmware image during the device booting.
Page 212: System Time
ICR-1601 Memory Usage It displays the percentage of device memory utilization. System Time It displays the current system time that you browsed this web page. Device Up-Time It displays the statistics for the device up-time since last boot up. Refresh Click the Refresh button to update the system Information immediately.
Page 213: System Log
ICR-1601 disabled by default. Synchronize Click the Active button to synchronize time immediately. immediately Save Click the Save button to save the settings. Refresh Click the Refresh button to update the system time immediately. Instead of manually configuring the system time for the router, there are two simple and quick solutions for you to set the correct time information and set it as the system time for the router.
Page 214 ICR-1601 View & Email Log History View button is provided for network administrator to view log history on the router. Email Now button enables administrator to send instant Email for analysis. View & Email Log History Item Value setting Description View button Click the View button to view Log History in Web Log List Window.
Page 215 ICR-1601 Web Log Type Category Web Log Type Category screen allows network administrator to select the type of events to log and be displayed in the Web Log List Window as described in the previous section. Click on the View button to view Log History in the Web Log List window.
Page 216 ICR-1601 Syslogd Syslogd screen allows network administrator to select the type of event to log and be sent to the designated Syslog server. Syslogd Setting Window Item Value Setting Description Un-checked by Enable Check Enable box to activate the Syslogd function, and send event logs to a syslog server default Select one syslog server from the Server dropdown box to send event log to.
Page 217: Backup & Restore
ICR-1601 5.2.5 Backup & Restore In the Backup & Restore window, you can upgrade the device firmware when new firmware is available and also backup / restore the device configuration. In addition to the factory default settings, you can also customize a special configuration setting as a customized default value.
Page 218 ICR-1601 Auto Upgrade via HTTP(S)/FTP(S) source can be configured in the bottom part. If the Firmware or Configuration found on the server is newer than the current one, it will be updated. Auto Upgrade Item Value Setting Description Enable Firmware or Configuration upgrade or both: Firmware: the router will look for a newer firmware file and update when found.
Page 219 ICR-1601 HTTP(S) / FTP(S) Server configuration: To make Auto Upgrade working, both the Firmware and Config file need to have a .ver file stored in the same folder on HTTP(S) / FTP(S) server. The updates are triggered by the content of the .ver files (newer date).
Page 220: Reboot & Reset
ICR-1601 5.2.6 Reboot & Reset For some special reason or situation, you may need to reboot the router or reset the device configuration to its default value. In addition to perform these operations through the Power ON/OFF, or pressing the reset button on the device panel, you can do it through the web GUI too. Go to Administration >...
Page 221: Diagnostic
ICR-1601 5.3 Diagnostic This router supports simple network diagnosis tools for the administrator to troubleshoot and find the root cause of the abnormal behavior or traffics passing through the router. There can be a Packet Analyzer to help record the packets for a designated interface or specific source/destination host, and another Ping and Tracert tools for testing the network connectivity issues.
Page 222: Packet Analyzer
ICR-1601 5.3.2 Packet Analyzer The Packet Analyzer can capture packets depend on user settings. User can specify interfaces to capture packets and filter by setting rule. Ensure the log storage is available (either embedded SD-Card or external USB Storage), otherwise Packet Analyzer cannot be enabled. Go to Administration >...
Page 223 ICR-1601...
Page 224 ICR-1601 Capture Fitters Item Value setting Description Filter Optional setting Check Enable box to activate the Capture Filter function. Source MACs Optional setting Define the filter rule with Source MACs, which means the source MAC address of packets. Packets which match the rule will be captured. Up to 10 MACs are supported, but they must be separated with “;”, e.g.
Page 225: Service
ICR-1601 6. Service 6.1 Cellular Toolkit Besides cellular data connection, you may also like to monitor data usage of cellular WAN, sending text message through SMS, changing PIN code of SIM card or doing a cellular network scan for diagnostic purpose.
Page 226: Data Usage
ICR-1601 6.1.1 Data Usage Most of data plan for cellular connection is with a limited amount of data usage. If data usage has been over limited quota, either you will get much lower data throughput that may affect your daily operation, or you will get a ‘bill shock’...
Page 227 ICR-1601 Data Usage Setting Go to Service > Cellular Toolkit > Data Usage tab. Before finished settings for Data Usage, you need to know bill start date, bill period, and quota limit of data usage according to your data plan. You can ask this information from your carrier or ISP. Create / Edit 3G/4G Data Usage Profile When Add button is applied, 3G/4G Data Usage Profile Configuration screen will appear.
Page 228: Sms
ICR-1601 Connection Un-Checked by default. Check the Enable box to activate the connection restriction function. Restrict During the specified cycle period, if the actual data usage exceeds the allowable data limitation, the cellular connection will be forced to disconnect. Enable Un-Checked by default.
Page 229 ICR-1601 SMS Summary Show Unread SMS, Received SMS, Remaining SMS, and edit SMS context to send, read SMS from SIM card. SMS Summary Item Value setting Description If SIM card insert to router first time, unread SMS value is zero. When Unread SMS received the new SMS but didn’t read, this value plus one.
Page 230 ICR-1601 New SMS You can set the SMS setting from this screen. New SMS Item Value setting Description Write the receivers to send SMS. User need to add the semicolon and Receivers compose multiple receivers that can group send SMS. Write the SMS context to send SMS.
Page 231: Sim Pin
ICR-1601 Timestamp What time receive SMS SMS Text Preview the SMS text. Click the Detail button to read a certain message. Preview Click the Detail button to read the SMS detail; Click the Reply / Forward The box is unchecked by button to reply/forward SMS.
Page 232 ICR-1601 Unlock SIM card by PUK Code If you entered incorrect PIN code at configuration page for 3G/4G- 1 WAN over three times, and then it will cause SIM card to be locked by PUK code. Then you have to call service number to get a PUK code to unlock SIM card.
Page 233 ICR-1601 Enable / Change PIN Code Enable or Disable PIN code (password) function, and even change PIN code function. SIM function Window Item Setting Value setting Description SIM lock Depend on SIM card Click the Enable button to activate the SIM lock function. For the first time you want to enable the SIM lock function, you have to fill in the PIN code as well, and then click Save button to apply the setting.
Page 234 ICR-1601 Note: If you changed the PIN code for a certain SIM card, you must also change the corresponding PIN code specified in the Basic Network > WAN & Uplink > Internet Setup > Connection with SIM Card page. Otherwise, it may result in wrong SIM PIN trials with invalid (old) PIN code. Unlock with a PUK Code The PUK Function window is only available for configuration if that SIM card is locked by PUK code.
Page 235: Network Scan
ICR-1601 6.1.4 Network Scan "Network Scan" function can let administrator specify the device how to connect to the mobile system for data communication in each 3G/4G interface. For example, administrator can specify which generation of mobile system is used for connection, 2G, 3G or LTE. Moreover, he can define their connection sequence for the router device to connect to the mobile system automatically.
Page 236 ICR-1601 The second window is the "Network Provider List" window and it appears when the Manually Scan Approach is selected in the Configuration window. By clicking on the "Scan" button and wait for 1 to 3 minutes, the found mobile operator system will be displayed for you to choose. Click again on the "Apply" button to drive system to connect to that mobile operator system for the dedicated 3G/4G interface.
Page 237: Event Handling
ICR-1601 6.2 Event Handling Event handling is the application that allows administrator to setup the pre-defined events, handlers, or response behavior with individual profiles. With properly configuring the event handling function, administrator can easily and remotely obtain the status and information via the purchased router. The supported events are categorized into two groups: the managing events and notifying events.
Page 238: Configuration
ICR-1601 6.2.1 Configuration Go to Service > Event Handling > Configuration Tab. Event handling is the service that allows administrator to setup the pre-defined events, handlers, or response behavior with individual profiles. Enable Event Management Configuration Item Value setting Description Event The box is unchecked by Check the Enable box to activate the Event Management function.
Page 239 ICR-1601 Create / Edit SMS Account Setup the SMS Account for managing the router through the SMS. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the SMS account. SMS Account Configuration Item Value setting Description...
Page 240 ICR-1601 Create / Edit Email Service Account Setup the Email Service Account for event notification. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the Email account. Email Service Configuration Item Value setting Description...
Page 241 ICR-1601 Create / Edit Remote Host Setup the Remote Host for managing the router through the remote host. It supports up to a maximum of 5 accounts. You can click the Add / Edit button to configure the host account. Remote Host Configuration Item Value setting...
Page 242: Managing Events
ICR-1601 6.2.2 Managing Events Managing Events allow administrator to define the relationship (rule) among event trigger, handlers and response. Go to Service > Event Handling > Managing Events Tab. Enable Managing Events Configuration Item Value setting Description Managing The box is unchecked by Check the Enable box to activate the Managing Events function.
Page 243 ICR-1601 Create / Edit Managing Event Rules Setup the Managing Event rules. It supports up to a maximum of 128 rules. When Add or Edit button is applied, the Managing Event Configuration screen will appear.
Page 244 ICR-1601 Managing Event Configuration Item Value setting Description Event SMS (or SNMP Trap) by Specify the Event type (SMS, SNMP Trap) and an event identifier / profile. default SMS: Select SMS and fill the message in the textbox to as the trigger condition for the event;...
Page 245: Notifying Events
ICR-1601 6.2.3 Notifying Events Go to Service > Event Handling > Notifying Events Tab. Notifying Events Setting allows administrator to define the relationship (rule) between event trigger and handlers. Enable Notifying Events Configuration Item Value setting Description Notifying Events The box is unchecked by Check the Enable box to activate the Notifying Events function.
Page 246 ICR-1601 Notifying Event Configuration Item Value setting Description Event WAN is selected by Specify the Event type and corresponding event configuration. The default supported Event Type could be: WAN: Select WAN and a trigger condition to specify a certain WAN Event; LAN&VLAN: Select LAN&VLAN and a trigger condition to specify a certain LAN&VLAN Event;...
Page 247 ICR-1601 Syslog: Select Syslog and select/unselect the Enable Checkbox to as the action for the event; SNMP Trap: Select SNMP Trap, and the router will send out SNMP Trap to the defined SNMP Event Receivers as the action for the event; Email Alert: Select Email Alert, and the router will send out an Email to the defined Email accounts as the action for the event;...
Page 248: Status
ICR-1601 7. Status 7.1 Basic Network 7.1.1 WAN & Uplink Status Go to Status > Basic Network > WAN & Uplink tab. The WAN & Uplink Status window shows the current status for different network type, including network configuration, connecting information, modem status and traffic statistics. The display will be refreshed on every five seconds.
Page 249 ICR-1601 It displays the connection status of the device to your ISP. Conn. Status Status are Connected or disconnected. This area provides functional buttons. Renew button allows user to force the device to request an IP address from the DHCP server. Note: Renew button is available when DHCP WAN Type is used and WAN connection is disconnected.
Page 250 ICR-1601 It displays the connection status. The status can be connected, disconnected Conn. Status and connecting. This area provides functional buttons. Action Edit Button when pressed, web-based utility will take you to the IPv6 configuration page. (Basic Network > IPv6 > Configuration.) LAN Interface Network Status LAN Interface Network Status screen shows IPv4 and IPv6 information of LAN network.
Page 251 ICR-1601 3G/4G Modem Status 3G/4G Modem Status List screen shows status information for 3G/4G WAN network(s). 3G/4G Modem Status List Item Value setting Description It displays the type of WAN physical interface. Physical Note: Some device model may support two 3G/4G modules. Their physical interface Interface name will be 3G/4G-1 and 3G/4G-2.
Page 252: Lan & Vlan Status
ICR-1601 Interface Traffic Statistics Item Value setting Description It displays corresponding WAN interface WAN IDs. It displays the type of WAN physical interface. Interface Depending on the model purchased, it can be Ethernet, 3G/4G, etc… It displays the downstream packets (Mb). It is reset when the device is Received Packets (Mb) rebooted.
Page 253: Wifi Status
ICR-1601 7.1.3 WiFi Status Go to Status > Basic Network > WiFi tab. The WiFi Status window shows the overall statistics of WiFi VAP entries. WiFi Virtual AP List The WiFi Virtual AP List shows all of the virtual AP information. The Edit button allows for quick configuration changes.
Page 254 ICR-1601 WiFi IDS Status The WiFi Traffic Statistic shows all the received and transmitted packets on WiFi network. WiFi IDS Status Item Value setting Description Authentication It displays the receiving Authentication Frame count. Frame Association It displays the receiving Association Request Frame count. Request Frame Re-association It displays the receiving Re-association Request Frame count.
Page 255: Ddns Status
ICR-1601 WiFi Traffic Statistic Item Value setting Description Op. Band It displays the Wi-Fi Operation Band 2.4G of VAP. It displays the VAP ID. Received Packets It displays the number of received packets. Transmitted Packet It displays the number of transmitted packets. Action Click the Reset button to clear individual VAP statistics.
Page 256: Security
ICR-1601 7.2 Security 7.2.1 VPN Status Go to Status > Security > VPN tab. The VPN Status widow shows the overall VPN tunnel status. The display will be refreshed on every five seconds. IPSec Tunnel Status IPSec Tunnel Status windows show the configuration for establishing IPSec VPN connection and current connection status.
Page 257 ICR-1601 OpenVPN Client Status OpenVPN Client Status Item Value setting Description OpenVPN It displays the Client name you have entered for identification. Client Name Interface It displays the WAN interface specified for the OpenVPN client connection. Remote It displays the peer OpenVPN Server’s Public IP address (the WAN IP address) IP/FQDN or FQDN.
Page 258 ICR-1601 PPTP Client Status PPTP Client Status shows the configuration for establishing PPTP tunnel and current connection status. PPTP Client Status Item Value setting Description Client Name It displays Name for the PPTP Client specified. It displays the WAN interface with which the gateway will use to request Interface PPTP tunneling connection to the PPTP server.
Page 259: Firewall Status
ICR-1601 7.2.2 Firewall Status Go to Status > Security > Firewall Tab. The Firewall provides user a quick view of the firewall status and current firewall settings. It also keeps the log history of the dropped packets by the firewall rule policies, and includes the administrator remote login settings specified in the Firewall Options.
Page 260 ICR-1601 MAC Control Status MAC Control Status Item Value setting Description Activated This is the MAC Control Rule name. Control Rule Blocked MAC This is the MAC address of the logged packet. Addresses The Source IP (IPv4) of the logged packet. The Date and Time stamp of the logged packet.
Page 261 ICR-1601 Firewall Options Status Firewall Options Status Item Value setting Description Enable or Disable setting status of Stealth Mode on Firewall Options. Stealth Mode String Format: Disable or Enable Enable or Disable setting status of SPI on Firewall Options. String Format : Disable or Enable Enable or Disable setting status of Discard Ping from WAN on Firewall Discard Ping...
Page 262: Administration
ICR-1601 7.3 Administration 7.3.1 Configure & Manage Status Go to Status > Administration > Configure & Manage tab. The Configure & Manage Status window shows the status for managing remote network devices. The type of management available in your device is depended on the device model purchased. The commonly used ones are the SNMP, TR-069, and UPnP.
Page 263 ICR-1601 SNMP Trap Information SNMP Trap Information screen shows the status of current received SNMP traps. SNMP Trap Information Item Value setting Description Trap Level It displays the trap level. Time It displays the timestamp of trap event. Trap Event It displays the IP address of the trap sender and event type.
Page 264: Statistics & Report
ICR-1601 7.4 Statistics & Report 7.4.1 Connection Session Go to Status > Statistics & Reports > Connection Session tab. Internet Surfing Statistic shows the connection tracks on this router. Internet Surfing Statistic Item Value setting Description Previous Click the Previous button; you will see the previous page of track list. Next Click the Next button;...
Page 265: Device Administration
ICR-1601 7.4.2 Device Administration Go to Status > Statistics & Reports > Login Statistics tab. Login Statistics shows the login information. Device Manager Login Statistic Item Value setting Description Previous Click the Previous button; you will see the previous page of login statistics. Next Click the Next button;...
Page 266: Cellular Usage
ICR-1601 7.4.3 Cellular Usage Go to Status > Statistics & Reports > Cellular Usage tab. Cellular Usage screen shows data usage statistics for the selected cellular interface. The cellular data usage can be accumulated per hour or per day.
Page 267: Gpl Written Offer
ICR-1601 8. GPL Written Offer This product incorporates open source software components covered by the terms of third party copyright notices and license agreements contained below. GPSBabel Version 1.4.4 Copyright (C) 2002-2005 Robert Lipe<robertlipe@usa.net> GPL License: https://www.gpsbabel.org/ Curl Version 7.19.6 Copyright (c) 1996-2009, Daniel Stenberg, <daniel@haxx.se>.
Page 268 ICR-1601 dnsmasq - A lightweight DHCP and caching DNS server. Simon Kelley <simon@thekelleys.org.uk> version:2.72 dnsmasq is Copyright (c) 2000-2014 Simon Kelley socat - Multipurpose relay Version: 2.0.0-b8 GPLv2 http://www.dest-unreach.org/socat/ LibModbus Version: 3.0.3 LGPL v2 http://libmodbus.org/news/ LibIEC60870 GPLv2 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111- 1307 USA https://sourceforge.net/projects/mrts/ Openswan...
Page 269 ICR-1601 IPSec-tools Version: v0.8 No GPL be written http://ipsec-tools.sourceforge.net/ PPTP Version: pptp-1.7.1 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 270 ICR-1601 Libncurses: The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0 (SVr4), and more. Version: 5.9 Copyright: (c) 1998, 2000, 2004, 2005, 2006, 2008, 2011, 2015 Free Software Foundation, Inc., 51 Franklin Street, Boston, MA 02110-1301, USA MiniUPnP: The miniUPnP daemon is an UPnP IGD (internet gateway device) which provide NAT traversal services to any UPnP enabled client on the network.
Page 271 ICR-1601 ONTFS_3G: The NTFS-3G driver is an open source, freely available read/write NTFS driver for Linux, FreeBSD, Mac OS X, NetBSD, Solaris and Haiku. Version: 2009.4.4 Copyright: (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110- 1301 USA mysql-5_1_72: a release of MySQL, a dual-license SQL database server Version: 5.1.72...
Page 272: Recommended Literature
ICR-1601 9. Recommended literature [1] Advantech B+B SmartWorx: Start Guide for ICR-1601, [2] Advantech B+B SmartWorx: ICR-1601 User Manual. Product related documents and applications can be obtained on Engineering Portal at https://ep.advantech-bb.cz/ address.
Page 273: Customers Support
 During cleaning of the router do not use aggressive chemicals, solvents and abrasive cleaners! Hereby, Advantech Co., Ltd. company declares that the radio equipment type ICR-1601 is in compliance with EU Directive 2014/53/EU. The full text of the EU Declaration of Conformity is available at the following internet address:...

This manual is also suitable for:

Icr-1601

Advantech ICR-1601G Configuration Manual

Quick Links

Related Manuals for Advantech ICR-1601G

Summary of Contents for Advantech ICR-1601G

This manual is also suitable for:

Table of Contents