SMC Networks BR14VPN - annexe 3 Manual

Vpn cable/dsl broadband router
Hide thumbs Also See for BR14VPN - annexe 3:

Advertisement

Quick Links

Copyright
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or
other rights of third parties which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of SMC. SMC reserves the right to change
specifications at any time without notice.
The products and programs described in this User Guide are licensed products of SMC. This User
Guide contains proprietary information protected by copyright, and this User Guide and all
accompanying hardware and documentation are copyrighted.
SMC does not warrant that the hardware will work properly in all environments and applications,
and makes no warranty and representation, either implied or expressed, with respect to the
quality, performance, merchantability, or fitness for a particular purpose.
Information in this User Guide is subject to change without notice and does not represent a
commitment on the part of SMC. SMC assumes no responsibility for any inaccuracies that may be
contained in this User Guide.
SMC makes no commitment to update or keep current the information in this User Guide, and
reserves the right to make changes to this User Guide and/or product without notice.
No part of this manual may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or information storage and retrieval
systems, for any purpose other than the purchaser's personal use, without the express written
permission of SMC.
Copyright © 2004 by
SMC Networks, Inc.
38 Tesla
Irvine, California 92618
All rights reserved.
Trademarks
SMC® is a registered trademark; and EZ-Stream, EZ Connect, Barricade and EZ Hub are
trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.
i

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the BR14VPN - annexe 3 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for SMC Networks BR14VPN - annexe 3

  • Page 1 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
  • Page 2 Note: In order to maintain compliance with the limits of a Class B digital device, SMC requires that you use a quality interface cable when connecting to this device. Changes or modifications not expressly approved by SMC could void the user’s authority to operate this equipment.
  • Page 3 EC Conformance Declaration – Class B SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II Calle Fructuos Gelabert 6-8, 2o, 4a 08970 – Sant Joan Despi Barcelona, Spain This equipment complies with the requirements relating to electromagnetic compatibility, EN 55022/A1 Class B, and EN 50082-1.
  • Page 4: Table Of Contents

    1 | SYSTEM REQUIREMENTS 2 | EQUIPMENT CHECKLIST 3 | FUNCTIONS AND FEATURES 4 | PANEL LAYOUT 5 | HARDWARE INSTALLATION 6 | NETWORK SETTINGS AND SOFTWARE INSTALLATION 6.1 | Installing TCP/IP 6.2 | Setting up TCP/IP 6.3 | Obtaining an IP Address 6.4 | Configuring a Macintosh Computer 6.5 | Verifying Your TCP/IP Connection 7 | CONFIGURING YOUR BROADBAND VPN ROUTER...
  • Page 5 7.8.5 | Advanced 7.8.6 | DMZ 7.9 | Advanced Setup - VPN 7.9.1 | IPSec Tunnel 7.9.2 | IKE Proposal 7.9.3 | IPSec Proposal 7.9.4 | Dynamic VPN 7.9.5 | PPTP/L2TP Server 7.10 | Advanced Setup - SNMP 7.11 | Advanced Setup - ROUTING 7.12 | Advanced Setup - MISCELLANEOUS 7.13 | Advanced Setup –...
  • Page 6: System Requirements

    Immediately inform your dealer in the event of any incorrect, missing or damaged parts. If possible, please retain the carton and original packing materials in case there is a need to return the product. Please register this product and upgrade the product warranty at SMC's Web site: http://www.smc.com...
  • Page 7: Functions And Features

    3 | Functions and Features Broadband Modem and NAT Connects multiple computers to a broadband (cable or DSL) Router modem, and/or Ethernet router to access the Internet. 10/100 Mbps Ethernet Interface Provides a 10/100 Base-TX interface to connect to a DSL or cable modem for broadband Internet access.
  • Page 8: Panel Layout

    4 | Panel Layout The following figure shows the front panel layout, which is followed by a table describing in detail the status and function of each LED. SMCBR14VPN Front Panel SMCBR18VPN Front Panel Function Color Status Description Power Power Green Steady Power is being applied to this device...
  • Page 9: Hardware Installation

    SMCBR18VPN Front Panel: 8 LAN, 1 WAN, and 1 COM port Port Type Description 5 VDC Receptor for power adapter: 5 VDC, 2 A (minimum) This is the connection for the Ethernet cable to the Ethernet port on the cable or DSL modem Port 1–4/8 These are the connections for Ethernet cables to your Ethernet enabled computers...
  • Page 10: Installing Tcp/Ip

    You must first verify that the TCP/IP communication protocol is properly installed and the computer is configured to get its IP address via the DHCP Server that is built-into this router. If you have not previously installed TCP/IP protocols on your client PCs, refer to the following section.
  • Page 11: Obtaining An Ip Address

    9. Windows may prompt you to restart the PC. If so, click the Yes button. If Windows does not prompt you to restart your computer, do so to insure your settings. Windows NT 1. From the Windows desktop click Start/Settings/Control Panel. 2.
  • Page 12: Configuring A Macintosh Computer

    6.4 | Configuring a Macintosh Computer You may find that the instructions here do not exactly match your screen. This is because these steps and screen shots were created using Mac OS 10.2. Mac OS 7.x and above are all very similar, but may not be identical to Mac OS 10.2.
  • Page 13: Configuring Your Broadband Vpn Router

    7 | Configuring Your Broadband VPN Router Before you attempt to log into the web-based Administration, please verify the following. 1. Your browser is configured properly (see below). 2. Disable any firewall or security software that may be running. 3. Confirm that you have a good link LED where your computer is plugged into the Router. If you don’t have a link light, then try another cable until you get a good link.
  • Page 14: Setup Wizard

    Note that there are two different Web user interfaces, one for general users and one for the system administrator. To log on as an administrator, enter the system password (default password is smcadmin) and click the LOGIN button. If you typed the password correctly, the left panel of the Web user interface changes to the administrator configuration mode as shown in the following figures.
  • Page 15 Cable Modem The cable modem option allows you to configure a host name and MAC Address. The Host Name is optional, but may be required by some ISPs. The default MAC address is set to the WAN’s physical interface on the Router. Use this address when registering for Internet service, and do not change it unless required by your ISP.
  • Page 16 Some xDSL Internet Service Providers may assign a fixed (static) IP address. If you have been provided with this information, choose this option and enter the assigned IP address, gateway IP address, DNS IP addresses, and subnet mask. PPPoE xDSL Enter the PPPoE User Name and Password assigned by your Service Provider.
  • Page 17 PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary. If you have been provided with the information as shown on the screen, enter the assigned IP address, subnet mask, default gateway IP address, user ID and password, and PPTP Gateway.
  • Page 18 connection is inactive for longer than the Maximum Idle Time, it will be dropped and will automatically re-establish the connection as soon as you attempt to access the Internet again. BigPond If you use the BigPond Internet Service which is available in Australia, enter your username and password and apply the changes.
  • Page 19 connection is inactive for longer than the Maximum Idle Time, it will be dropped and will automatically re-establish the connection as soon as you attempt to access the Internet again. Dial-Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem.
  • Page 21: Advanced Setup - System

    7.4 | Advanced Setup – SYSTEM Time Zone Use the section below to configure the Barricade's system time. Select your timezone and configure the daylight savings option based on your location. This information is used for the time/date parental rules you can configure with the Barricade's Advanced Firewall. This information is also used for your network logging.
  • Page 22 Password Settings Use this section to configure the 2 password accounts and idle time-out setting for your Barricade Router. There are 2 levels of admin access for this VPN Router: The Administrator account has Read/Write permission to view and change any settings. The default password for this account is "smcadmin".
  • Page 23 Syslog Server The Syslog Server tool will automatically download the Barricade log to the server IP address specified by the user. Enter the Server LAN IP Address and select the Enable radio button to enable this function. The broadband router is also able to send the log files to a specific email address.
  • Page 24: Advanced Setup - Wan

    7.5 | Advanced Setup - WAN Dynamic IP The cable modem option allows you to configure a host name and MAC Address. The Host Name is optional, but may be required by some ISPs. The default MAC address is set to the WAN’s physical interface on the Router.
  • Page 25 PPPoE Enter the PPPoE User Name and Password assigned by your Service Provider. The Service Name is normally optional, but may be required by some service providers. Leave the Maximum Transmission Unit (MTU) at the default value unless you have a particular reason to change it. Enter a Maximum Idle Time (in minutes) to define a maximum period of time for which the Internet connection is maintained during inactivity.
  • Page 26 PPTP Point-to-Point Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary. If you have been provided with the information as shown on the screen, enter the assigned IP address, subnet mask, default gateway IP address, user ID and password, and PPTP Gateway.
  • Page 27 BigPond If you use the BigPond Internet Service which is available in Australia, enter your username and password and apply the changes. L2TP Layer 2 Tunneling Protocol is a common connection method used for xDSL connections in Europe. It can be used to join different physical networks using the Internet as an intermediary. If you have been provided with the information as shown on the screen, enter the assigned IP address, subnet mask, default gateway IP address, user ID and password, and L2TP Gateway.
  • Page 28 Dial Up Most Dial-up users will select this option to connect to their ISP through an analog dial-up modem. This feature can be used as a back-up when your broadband connectivity is unavailable. Enter the phone number, account name and password assigned to you by your ISP. The baud rate is the communication rate between the broadband router and your modem.
  • Page 29: Advanced Setup - Lan

    7.6 | Advanced Setup - LAN This is the local IP address of the router. All networked computers must use the LAN IP address of the router as their default Gateway. However, if necessary, it can be changed. Here you can configure the LAN IP address for the router and enable/disable the DHCP server for dynamic client address allocation.
  • Page 30 of the Router in the client address pool. Also remember to configure your client PCs for dynamic IP address allocation. Lastly, you can enter a local domain suffix in the Domain Name field. You also have the option to configure more advanced settings by clicking the “More” button. You can configure the router’s DHCP server to give out specific Primary and Secondary DNS, Primary and Secondary WINS, and an alternate Gateway (in the event that the router is not the Internet gateway).
  • Page 31: Advanced Setup - Nat

    7.7 | Advanced Setup - NAT 7.7.1 | Virtual Server The firewall of the router filters out unrecognized packets to protect your intranet. This means that all network hosts are invisible to the outside world. However, some of the hosts can be made accessible by enabling the Virtual Server mapping.
  • Page 32: Special Applications

    For example, if you have an FTP server (port 21) at 192.168.123.1, a Web server (port 80) at 192.168.123.2, and a VPN server at 192.168.123.6, you need to specify the following virtual server mapping as shown in the table below: Service Port Server IP Enable...
  • Page 33: Virtual Computer

    For a full list of ports and the services that run on them, see http://www.iana.org/assignments/port-numbers 7.7.3 | Virtual Computer Use the “Virtual Computer” option to maintain the privacy and security of the local network. Virtual Computer enables you to use the original NAT feature, and allows you to setup the one- to-one mapping of multiple global IP address and local IP address.
  • Page 34: Url Blocking

    You can select one of the two filtering policies: • Allow all to pass except those that match the specified rules • Deny all to pass except those that match the specified rules You can apply up to 8 rules for each direction, inbound or outbound. For each rule you can define the following: •...
  • Page 35: Mac Filter

    7.8.3 | MAC Filter MAC Address Filtering allows you assign different access rights to various users and you can also assign a specific IP address to a certain MAC address. Select the Enable radio button to enable the MAC Address Control. All of the settings on this screen take effect when Enable is checked.
  • Page 36: Schedule Rule

    7.8.4 | Schedule Rule Set scheduled times to be used to control what time of day a service or set of services is enabled. Use this section to configure up to 10 Schedule Rules to limit network access based on time and day.
  • Page 37: Advanced

    The Schedule Rule screen appears. It now shows your setting for Rule 1. If you need to make changes to your setting, click the Edit button. If you want to delete Rule 1, click the Delete button. 7.8.5 | Advanced In this section you can enable/disable Stateful Packet Inspection (SPI), Discard Ping from WAN, and PPTP and IPSec VPN Passthrough types.
  • Page 38: Dmz

    7.8.6 | DMZ If you have a local client PC that cannot run an Internet application properly from behind the NAT firewall, then you can open the client up to unrestricted two-way Internet access by defining a Virtual DMZ Host. 7.9 | Advanced Setup - VPN 7.9.1 | IPSec Tunnel VPN settings are used to create virtual private tunnels to remote VPN gateways.
  • Page 39 • VPN: VPN protects network information from intruders. However, it greatly decreases network throughput. Enable it only when a security tunnel is absolutely necessary. This feature is disabled by default. • Max. Number of Tunnels: Set the number of tunnels that are allowed to be in operation simultaneously.
  • Page 40: Ike Proposal

    • Pre-shared key: The first key that supports the IKE mechanism of both VPN gateways to negotiate further security keys. The pre-shared key must be the same for both end gateways. Options • Select IKE proposal: Click this button to setup a set of frequently used IKE proposals for the dedicated tunnel.
  • Page 41: Ipsec Proposal

    • Authentication algorithm - Two algorithms can be selected: SHA1 • Life Time: The unit of Life time is based on the value of the life time unit, which can be seconds or KB. If the value of the unit is seconds, the value of life time represents the life time of the dedicated VPN tunnel between both end gateways.
  • Page 42 button next to Proposal ID roll-down list. A maximum of four indexes can be selected from the proposal pool for the dedicated tunnel. • Proposal Name: The proposal name indicates which IPSec proposal will be monitored. The first character of the name with the value of 0x00 stands for the IPSec proposal that is not available.
  • Page 43: Dynamic Vpn

    7.9.4 | Dynamic VPN When using the VPN Dynamic IP Setting, the router functions as a Dynamic VPN server. The Dynamic VPN server does not check the VPN client IP information - this means that you can build a VPN tunnel with a VPN gateway from any remote host, regardless of the IP information.
  • Page 44: Pptp/L2Tp Server

    7.9.5 | PPTP/L2TP Server Point-to-Point and Layer 2 Tunneling Protocols (PPTP / L2TP) allows the secure remote access over the Internet by simply dialing in a local point provided by an ISP. The following screen displays the management interface where you enter username and passwords for authorized remote users, the authentication protocol, and the IP address range to assign to those users: The VPN Broadband Router supports PAP, CHAP and MS-CHAP authentication protocols.
  • Page 45: Advanced Setup - Snmp

    7.10 | Advanced Setup - SNMP The Simple Network Management Protocol (SNMP) lets you manage a computer network remotely by polling and setting terminal values and monitoring network events. • Enable SNMP: You can check Local, Remote, or both options to enable the SNMP function.
  • Page 46: Advanced Setup - Routing

    7.11 | Advanced Setup - ROUTING The Routing Table lets you determine which physical interface address to use for outgoing IP data grams. If you have more than one router and subnet, you will have to enable the routing table to allow packets to find the routing path. This allows different subnets to communicate with each other.
  • Page 47: Advanced Setup - Miscellaneous

    7.12 | Advanced Setup - MISCELLANEOUS If you experience difficulties accessing an FTP server that is running on a port other than 21, you can enter that port in the “Non-standard FTP port” and apply the changes. Wake-on-LAN is a technology that lets you power up a networked router remotely. To use this feature, the target network adapter must be Wake-on-LAN enabled and you have to know the MAC address of the adapter.
  • Page 48: Advanced Setup - Display Status

    7.13 | Advanced Setup – DISPLAY STATUS Enable the Display Status option to view the WAN connectivity settings on the login page. When this is enabled, the login page appears as follows: 7.14 | DDNS (Dynamic DNS) Dynamic DNS provides users on the Internet a method to tie their domain name(s) to computers or servers.
  • Page 49: Upnp (Universal Plug-And-Play)

    7.15 | UPnP (Universal Plug-and-Play) The Universal Plug and Play architecture offers pervasive peer-to-peer network connectivity of PCs of all form factors, intelligent appliances, and wireless devices. UPnP enables seamless proximity networking in addition to control and data transfer among networked devices in the home, office and everywhere in between.
  • Page 50: Status

    7.17 | Status You can use the Status screen to see the connection status for Barricade's WAN/LAN interfaces, firmware and hardware version numbers, any illegal attempts to access your network, as well as information on all DHCP client PCs currently connected to your network.
  • Page 52: Ipsec Settings Guide (For Reference/Example Only)

    Step 9: Preshare key value is used to determine the network encryption • Step 10: SAVE SETTINGS and then configure the IKE PROPOSAL and IPSEC PROPOSAL • 8.1.1 | Settings for Router 1 VPN Router 1 WAN IP Address: ip1.smc.com LAN IP Address: 192.168.1.1 192.168.1.xxx...
  • Page 53 Set the VPN settings as follows: VPN: Enable Max. number of tunnels: Tunnel Name: Method: When finished, click “More”. VPN Settings – Tunnel 1 – IKE...
  • Page 54: Settings For Router 2

    Local Subnet: 192.168.1.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip2.smc.com Preshare Key: mypresharedkey When finished, save your settings. 8.1.2 | Settings for router 2 VPN Router 2 WAN IP Address: ip2.smc.com LAN IP Address: 192.168.2.1 192.168.2.xxx...
  • Page 55 Set the VPN settings as follows: VPN: Enable Max. number of tunnels: Tunnel Name: Method: When finished, click “More”. VPN Settings – Tunnel 1 – IKE...
  • Page 56 Set the Tunnel 1 IKE settings as follows: Tunnel 1: Local Subnet: 192.168.2.0 Local Netmask: 255.255.255.0 Remote Subnet: 192.168.1.0 Remote Netmask: 255.255.255.0 Remote Gateway: ip1.smc.com Preshare Key: mypresharedkey When finished, save your settings.
  • Page 57: Common Settings For Both Routers

    8.1.3 | Common Settings for both routers VPN Settings – Tunnel 1 – Set IKE Proposal Set the Tunnel 1 IKE Proposal settings as follows: Proposal Name: DH Group: Group2 Encypt. algorithm: 3DES Auth. algorithm: SHA1 Life Time: 10000 Life Time Unit: Sec.
  • Page 58: Tunnel Between A Smcbr14Vpn And Standalone Client

    VPN Settings – Tunnel 1 – Set IPSec Proposal Set the Tunnel 1 IPSec Proposal settings as follows: Proposal Name: DH Group: Group2 Encap. protocol: Encrypt. algorithm: Auth. Algorithm: Life Time: 10000 Life Time Unit: Sec. When finished, save the settings. Now to view the VPN connection process, go to the STATUS page and view the System Log.
  • Page 59: Pptp/ L2Tp Configuration Example

    8.3 | PPTP/ L2TP configuration example Pease note that the virtual address of the L2TP and PPTP server have to be different. PPTP Step 1: Go to the PPTP Server section and select the Enable radio button • Step 2: Change the virtual IP value if necessary (this is the IP network that your PPTP •...
  • Page 60: Changes In 1.04 Releases

    The FQDN must be in ASCII format. For example, myhost.sm.com. User-FQDN. The User-Fully Qualified Domain Name (User-FQDN) of the subject of the certificate. The User-FQDN must be in SMTP mail address format. For example: user@smc.com. (Not usable between two SMCBR14VPNs)
  • Page 62 Configuration example: SMCBR14VPN-1...
  • Page 63 SMCBR14VPN-2...
  • Page 64: Troubleshooting

    9 | Troubleshooting A. Verifying your connection to the router If you are unable to access the Router’s web-based administration pages, then you may not be properly connected or configured. To determine your TCP/IP configuration status please follow the steps below: 1.
  • Page 65 This is true in most scenarios. Please verify with AOL that your particular connection type is PPPoE. If yes, then the SMC VPN Broadband Router should work with your WAN connection. Follow the normal procedures as described in Section 7.3 of this manual, but while doing so, set the MTU value to 1400.
  • Page 66 TOOLS, then click FIRMWARE UPGRADE and browse to the new firmware file. Then click the “BEGIN UPGRADE” button to upload the firmware to the SMC Router. Once this is completed, be sure to reset the router to factory defaults and reconfigure your WAN connection before continuing to use it.
  • Page 67: Questions And Awnsers

    2.On Windows TCP/IP setting If you use this setting but still can't see VPN other side computers ,please use "ipconfig /release" and "ipconfig /renew" to re-get IP again and they should could see each other. 9.1 | Questions and Awnsers What is the difference between SMCBR14VPN and SMCBR18VPN? The SMCBR14VPN has 4 LAN ports and the SMCBR18VPN HAS 8 LAN ports.
  • Page 68 How many tunnels can be configured? 40 IPSEC tunnels 5 PPTP tunnels 5 L2TP : Important, not L2TP/IPSEC, but just L2TP alone In total: 50 Do I need two routers to establish a VPN connection? No. PPTP tunnels and L2TP tunnels can be created with the built in Windows VPN tools Although it is possible to use the built in IPSEC of Windows, it is much easier to use IPSEC client programs.
  • Page 69: Technical Specifications

    10 | Technical Specifications Standards: IEEE 802.3 10Base-T Ethernet IEEE 802.3u 100Base-TX Fast Ethernet Hardware / Ports: LAN Port 4x RJ45, 10/100 Mbps with Auto-MDI/MDIX (BR14VPN) 8x RJ45, 10/100 Mbps with Auto-MDI/MDIX (BR18VPN) WAN Port 1x RJ45, 10/100 Mbps with Auto-MDI/MDIX COM Port 1x DB9 (male), Up to 115200bps Input Power...
  • Page 70 Routing: Static Route Dynamic Route (RIP1/2) WAN Connection Types: Dial-Up ISDN PPPoE Dynamic IP L2TP PPTP BigPond Static IP Input Power: 5V 2A Operating Temperature: 0~40 Humidity: 10%~90% non-condensing Compliances: VCCI...
  • Page 71: Terminology

    11 | Terminology 10BaseT - Physical Layer Specification for Twisted-Pair Ethernet using Unshielded Twisted Pair wire at 10Mbps. This is the most popular type of LAN cable used today because it is very cheap and easy to install. It uses RJ-45 connectors and has a cable length span of up to 100 meters. There are two versions, STP (Shielded Twisted Pair) which is more expensive and UTP (Unshielded Twisted Pair), the most popular cable.
  • Page 72 DNS server keeps a database of host computers and their respective domain names and IP addresses, so that when a domain name is requested (as in typing " www.smc.com" into your Internet browser), the user is sent to the proper IP address. The DNS server address used by the computers on your home network is the location of the DNS server your ISP has assigned.
  • Page 73 IP Address - IP stands for Internet Protocol. An IP address consists of a series of four numbers separated by periods, that identifies an single, unique Internet computer host. Example: 192.34.45.8. IP Security - Provides IP network-layer encryption. IPSec can support large encryption networks (such as the Internet) by using digital certificates for device authentication.
  • Page 74 MPEG – Moving Pictures Experts Group. MPEG is a standard for compressing video. MPEG-1 can provide resolution of 352x240 at 30 frames/second (fps) with 24-bit color and CD-quality sound. MPEG-2 can provide resolution of 704x480. MPEG uses the same intraframe coding as JPEG for individual frames, but also uses interframe coding which can help to further compress the video data, thereby reducing the overall size of the video.
  • Page 75 incoming data matches the predefined set of characteristics the incoming traffic is allowed. If no match is found the incoming traffic is discarded. Subnet Mask - A subnet mask, which may be a part of the TCP/IP information provided by your ISP, is a set of four numbers configured like an IP address.

This manual is also suitable for:

Br18vpn - annexe 2Barricade smcbr18vpnSmcbr14vpn

Table of Contents