Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Network Router
  5. BiPAC 7404V series
  6. User manual

Billion BiPAC 7404V series User Manual

Voip/(802.11g) adsl2+ (vpn) firewall router
Hide thumbs Also See for BiPAC 7404V series:

Advertisement

Quick Links

Download this manual
BiPAC 7404V series
VoIP/(802.11g) ADSL2+
(VPN) Firewall Router
User's Manual
Version Release 2.06e

Advertisement

loading

Related Manuals for Billion BiPAC 7404V series

Summary of Contents for Billion BiPAC 7404V series

  • Page 1 BiPAC 7404V series VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User’s Manual Version Release 2.06e...

  • Page 2: Table Of Contents

    CHAPTER 1: INTRODUCTION ......................3 ......................3 NTRODUCTION TO YOUR OUTER ..............................3 EATURES CHAPTER 2: INSTALLING THE ROUTER..................6 ....................6 MPORTANT NOTE FOR USING THIS ROUTER ..........................6 ACKAGE ONTENTS ............................7 RONT ............................8 ORTS ..............................9 ABLING CHAPTER 3: BASIC INSTALLATION ....................
  • Page 3 System....................................57 Time Zone ............................57 Remote Access ..........................58 Firmware Upgrade.......................... 59 Backup / Restore..........................59 Restart Router..........................61 User Management........................... 62 Firewall and Access Control ............................. 63 General Settings..........................64 Packet Filter............................ 65 Intrusion Detection ......................... 71 URL Filter ............................74 Firewall Log ...........................

  • Page 4: Chapter 1: Introduction

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 1: Introduction Introduction to your Router Welcome to the VoIP/(802.11g) ADSL2+ (VPN) Firewall Router. The router is an “all-in-one” VoIP ADSL router, combining an ADSL modem, ADSL router, Ethernet network switch and 2 ports for Voice over IP functionalities, providing everything you need to get the machines on your network connected to the Internet over your ADSL broadband connection.
  • Page 5 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Multi-Protocol to Establish A Connection It supports PPPoA (RFC 2364 - PPP over ATM Adaptation Layer 5), RFC 1483 encapsulation over ATM (bridged or routed), PPP over Ethernet (RFC 2516), and IPoA (RFC1577) to establish a connection with the ISP.
  • Page 6 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Rich Packet Filter Not only filters the packet based on IP address, but also based on Port numbers. It will filter packets from and to the Internet, and also provides a higher level of security control. Dynamic Host Configuration Protocol (DHCP) client and server In the WAN site, the DHCP client can get an IP address from the Internet Service Provider (ISP) automatically.

  • Page 7: Chapter 2: Installing The Router

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 2: Installing the Router Important note for using this router Do not use this router in high humidity or high temperatures. Do not use the same power source for this router as other equipment. Do not open or repair the case yourself.

  • Page 8: The Front Leds

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router The Front LEDs Meaning Lit when power is ON. Lit when the system is ready. Lit when connected to an Ethernet device. LAN Port Green for 100Mbps; Orange for 10Mbps. 3 – 6 — Blinking when data is Transmitted / Received. (RJ-45 connector) Lit green when the wireless connection is established.

  • Page 9: The Rear Ports

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router The Rear Ports The Ethernet Port # 4 can be connected to the computer and console. You need a special console tool which is included in this package to connect the LAN cable of Port 4 when connecting to a PC’s RS-232 port (9-pin serial port). Port Meaning Power Switch...

  • Page 10: Cabling

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Cabling One of the most common causes of problems is bad cabling or ADSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and ADSL line LEDs are lit.

  • Page 11: Chapter 3: Basic Installation

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides a very easy and user-friendly interface for configuration. PCs must have an Ethernet interface installed properly and be connected to the router either directly or through an external repeater hub, and have TCP/IP installed and configured to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router.

  • Page 12: Connecting Your Router

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Connecting your router 1. Connect this router to a LAN (Local Area Network) and the ADSL/telephone (ADSL) network. 2. Power on the device. 3. Make sure the PWR and SYS LEDs are lit steadily and that the LAN LED is lit. 4.
  • Page 13 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows in Window XP Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection In the LAN Area Connection Status window, click Properties.
  • Page 14 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows 2000 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and Dial-up Connections. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection In the LAN Area Connection Status window, click Properties.
  • Page 15 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows 95/98/ME Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Configuration tab. Select TCP / IP -> NE2000 Compatible, or the name of any Network Interface Card (NIC) in your PC.
  • Page 16 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows NT4.0 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Protocols tab. Select TCP/IP Protocol and click Properties. (See Figure 3.12) Figure 3.12: TCP / IP Select the Obtain an IP address from a DHCP server radio button and click OK.

  • Page 17: Factory Default Settings

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Factory Default Settings Before configuring your, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the password to log in, you may press the RESET button up to 6 seconds to restore the factory default settings.
  • Page 18 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Gather the information as illustrated in the following table and keep it for reference. VPI/VCI, VC-based/LLC-based multiplexing, Username, Password, Service PPPoE / PPPoE Name, and Domain Name System (DNS) IP address (it can be automatically with Pass-through assigned by your ISP when you connect or be set manually).

  • Page 19: Configuring With Your Web Browser

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin”...

  • Page 20: Chapter 4: Configuration

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 4: Configuration At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including: Status (ARP Table, Wireless Association , Routing Table, DHCP Table, (Wireless Router only) PPTP Status, IPSec Status, L2TP Status , Email Status, VoIP (Only the 7404VGO has VPN features)

  • Page 21: Status

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Status ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall –...
  • Page 22 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Routing Table Routing Table Valid: It indicates a successful routing status. Destination: The IP address of the destination network. Netmask: The destination netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route.

  • Page 23: Dhcp Table

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router DHCP Table Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information Leased Table IP Address: The IP address that assigned to client.

  • Page 24: Ipsec Status (Only The 7404Vgo Has Vpn Features)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active.

  • Page 25: L2Tp Status (Only The 7404Vgo Has Vpn Features)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router L2TP Status (Only the 7404VGO has VPN features) This shows details of your configured L2TP VPN Connections. Name: The name you assigned to the particular L2TP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled.

  • Page 26: Voip Status

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VoIP Status Here you can check details and status of VoIP Account you have configured. Please see the VoIP Configuration section for more details. Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration –...

  • Page 27: Diagnostic

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the WAN Internet connection. If is shown FAIL and the rest is PASS, you ought to check your PC’s DNS settings is set PING www.google.com correctly.
  • Page 28 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 4: Configuration...

  • Page 29: Quick Start

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Quick Start For detailed instructions on configuring your WAN settings, please see the WAN section of this manual. Usually, the only details you will need for the Quick Start wizard to get you online are your login (often in the form of username@ispname), your password and the encapsulation type.
  • Page 30 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.

  • Page 31: Configuration

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuration When you click this item, you get following sub-items to configure the ADSL router. (Only the 7404VGO has VPN features) LAN, WAN, System, Firewall, VPN , VoIP, QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections.

  • Page 32: Ethernet

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Ethernet Primary IP Address IP Address: The default IP on this router. SubNetmask: The default subnet mask on this router. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports to create multiple virtual IP interfaces on this router.

  • Page 33: Ethernet Client Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules;...
  • Page 34 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which connecting to the router. You can easily by checking the box next to the IP address to be blocked or allowed. Then, Add to insert to the Ethernet Client Filter table.

  • Page 35: Wireless (Wireless Router Only)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Wireless (Wireless Router only) Parameters WLAN Service: Default setting is set to Enable. If you do not have any wireless, both 802.11g and 802.11b, device in your network, select Disable. Mode: The default setting is 802.11b+g (Mixed mode). If you do not know or have both 11g and 11b devices in your network, then keep the default in mixed mode.
  • Page 36 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router AP Firmware Version: The Access Point firmware version. Wireless Distribution System (WDS) It is a wireless access point mode that enables wireless link and communication with other access point. It is easy to be installed simply define peer’s MAC address of the connected AP. WDS takes advantages of cost saving and flexibility which no extra wireless client device is required to bridge between two access points and extending an existing wired or wireless infrastructure network to create a...

  • Page 37: Wireless Security (Wireless Router Only)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Wireless Security (Wireless Router only) You can disable or enable with WPA or WEP for protecting wireless network. The default mode of wireless security is disabled. WPA1 / WPA2 Pre-Shared Key WPA Algorithms: TKIP (Temporal Key Integrity Protocol) utilizes a stronger encryption method and incorporates Message Integrity Code (MIC) to provide protection against hackers.
  • Page 38 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router WEP Encryption: To prevent unauthorized wireless stations from accessing data transmitted over the network, the router offers highly secure data encryption, known as WEP. If you require high security for transmissions, there are two alternatives to select from: WEP 64 and WEP 128. WEP 128 will offer increased security over WEP 64.

  • Page 39: Wireless Client (Mac Address) Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Wireless Client (MAC Address) Filter (Wireless Router only) The MAC Address supports up to 16 wireless network machines and helps you to manage your network control to accept traffic from specific authorized machines or to restrict unwanted machine(s) to access your LAN.

  • Page 40: Port Setting

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Associate Wireless Client displays a list of individual wireless device’s MAC Address that currently connects to the router. You can easily by checking the box next to the MAC address to be blocked or allowed. Then, Add to insert to the Wireless Client (MAC Address) Filter table.

  • Page 41: Dhcp Server

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.

  • Page 42: Wan (Wide Area Network)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router WAN (Wide Area Network) WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. There are two items within the WAN section: ISP, DNS ADSL. The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters as below.
  • Page 43 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router RFC 1483 Routed Connections Description: Your description of this connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address.
  • Page 44 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router RFC 1483 Bridged Connections VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP. Acceptable Frame Type: Specify what kind of traffic can through this connection, all traffic or only VLAN tagged.
  • Page 45 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PPPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
  • Page 46 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Connection: Always on: If you want the router to establish a PPPoA session when starting up and to automatically re-establish the PPPoA session when disconnected by the ISP. Connect to Demand: If you want to establish a PPPoA session only when there is a packet requesting access to the Internet (i.e.
  • Page 47 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router server IP address, it automatically gives the address to the local DNS client so that a connection can be established. Give DNSto DHCP Server: Similar to the above, but gives the DNS server address to the DHCP server.
  • Page 48 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
  • Page 49 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PPPoE Connections Description: A user-definable name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single ISP account, sharing a single IP address.
  • Page 50 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router the IP address manually. The setting of this item is specified by your ISP. Authentication Protocol: Default is Chap(Auto). Your ISP will advise you whether to use Chap or Pap. Connection: Always on: If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP.
  • Page 51 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Discover Primary / Secondary DNS: This setting enables/disables whether the primary/secondary DNS server address is requested from a remote PPP peer using IPCP. The default setting for this command is enabled. Give DNS to Relay: Controls whether the PPP Internet Protocol Control Protocol (IPCP) can request the DNS server IP address for a remote PPP peer.
  • Page 52 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one WAN address to the router. With the PPPoE with pass-through, it allows user to have the WAN address assigned to the router but also able to get another WAN IP from ISP using PPPoE dialer (e.g WinPoETor Windows XP PPPoE Dialer) at the same time.
  • Page 53 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IP Address: specify if the Router can get an IP address from the Internet Server Provider (ISP) automatically or not. Please click Obtain an IP address automatically via DHCP client to enable the DHCP client function or click Specify an IP address to disable the DHCP client function, and specify the IP address manually.
  • Page 54 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Give DNS to Relay: Controls whether the PPP Internet Protocol Control Protocol (IPCP) can request the DNS server IP address for a remote PPP peer. Once IPCP has discovered the DNS server IP address, it automatically gives the address to the local DNS relay so that a connection can be established.

  • Page 55: Dns

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www.helloworld.com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx, for example 192.168.1.254.

  • Page 56: Adsl

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router ADSL Connect Mode: The default setting is Multimode. This mode will automatically detect your ADSL line code, G.dmt, G.lite, and T1.413. But in some area, multimode cannot detect the ADSL line code well. If it is the case, please adjust the ADSL line code to G.dmt or T1.413 first. If it still fails, please try the other values such as ALCTL, ADI, etc.
  • Page 57 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced Options ADSL Parameters help to interpret your ADSL line statistics. SNR Margin: It is known as Signal to Noise Ration Margin. It is the relative of DSL strength to Noise ratio. This margin is measured in decibels (dB). Higher the dB figures better the DSL strength and better chance to get faster speed.

  • Page 58: System

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router System There are six items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network.

  • Page 59: Remote Access

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI.

  • Page 60: Firmware Upgrade

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Firmware Upgrade Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and modified, and your router allows you to upgrade the software it runs to take advantage of these changes.
  • Page 61 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes.

  • Page 62: Restart Router

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.

  • Page 63: User Management

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Create new users who are able to access the device’s configuration interface.

  • Page 64: Firewall And Access Control

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT (Network Address Translation.

  • Page 65: General Settings

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router General Settings You can choose not to enable Firewall, to add all filter rules by yourself, or enable the Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter is used to filter packets based-on Applications (Port) or IP addresses.

  • Page 66: Packet Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected.
  • Page 67 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. (Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself.
  • Page 68 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 69 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 70 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level.
  • Page 71 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring Packet Filter: Click Port Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click the predefined rule instead of it.

  • Page 72: Intrusion Detection

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router The new port filter rule for HTTP is shown below: 7. Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Note: Server section for more details.
  • Page 73 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
  • Page 74 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks. Table 2: Hacker attack types recognized by the IDS Type of Block Intrusion Name Detect Parameter Blacklist Drop Packet...

  • Page 75: Url Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
  • Page 76 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router “abcde” occurs in the URL. Domains Filtering: This function checks the domain name only, not the IP address, in URLs accessed against your list of domains to block or allow. If it is matched, the URL request will be sent (Trusted) or dropped (Forbidden).
  • Page 77 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Andy wishes to disable all WEB traffic except for ones listed in the trusted domain, which would prevent Bobby from accessing other web sites. Andy selects both functions in the Domain Filtering and thinks that it will stop Bobby. But Bobby knows this function, Domain Filtering, ONLY disables all WEB traffic except for Trusted Domain, BUT not its IP address.

  • Page 78: Firewall Log

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling. Chapter 4: Configuration...

  • Page 79: Vpn (Virtual Private Networks) (Only The 7404Vgo Has Vpn Features)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VPN (Virtual Private Networks) (Only the 7404VGO has VPN features) Virtual Private Networks is ways to establish secured communication tunnels to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network), PPTP, IPSec L2TP.
  • Page 80 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PPTP Connection - Remote Access Connection Name: A user-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g.
  • Page 81 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Active as default route: Enables the default route. Click Apply button to apply your changes.
  • Page 82 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PPTP Connection - LAN to LAN Connection Name: A user-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router as a Client, enter the remote Server IP Address (or Hostname) you wish to connection to.
  • Page 83 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router when you select Stateful mode. If you select Stateless mode, the key will be changed in each packet. Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on. Click Apply button to apply your changes.

  • Page 84: Ipsec (Ip Security Protocol)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). Enable / Disable: This function activates or deactivates the IPSec connection. To wish interrupting the tunnel, check Disable radio button and click Apply button to deactivate the connection.
  • Page 85 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configure a new VPN Connection Connection Name: A user-defined name for the connection (e.g. “connection to office”). Local: Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host. Subnet: The subnet of the local network.
  • Page 86 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router MD5: A one-way hashing algorithm that produces a 128−bit hash. SHA1: A one-way hashing algorithm that produces a 160−bit hash. Encryption: Select the encryption method from the pull-down menu. There are several options, DES, 3DES, AES (128, 192 and 256) and NULL. NULL means it is a tunnel only with no encryption.
  • Page 87 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced Option This function is only available after completed creating an IPSec account. Click Advanced Option to change the following settings: IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management.
  • Page 88 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method. Diffie-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e.
  • Page 89 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Ping to the IP Internal (sec) Ping to the IP Action 0.0.0.0 0.0.0.0 2000 xxx.xxx.xxx.xxx (A valid IP Address) xxx.xxx.xxx.xxx(A valid IP Address) 2000 Yes, activate it in every 2000 second. Disconnection Time after no traffic: It is the NO Response time clock. When no traffic stage time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re- establish it base on the Reconnection Time set.

  • Page 90: L2Tp (Layer Two Tunneling Protocol)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported, Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to create a new VPN connection account. After you have created L2TP connection, account status will be displayed. (See example above). Enable / Disable: This function activates or deactivates the L2TP connection.
  • Page 91 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router L2TP Connection - Remote Access Connection Name: This allows you to identify this particular connection, e.g. “Connection to office”. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g.
  • Page 92 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE. SHA1 is more resistant to brute-force attacks than MD5, however it is slower.
  • Page 93 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router L2TP Connection - LAN to LAN Connection Name: A user-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router establish the connection to a remote LAN, enter the remote Server IP Address (or Hostname) you wish to connection to.
  • Page 94 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router predetermined period of time. 0 means this connection is always on. Click Apply after changing settings. IPSec: Enable for enhancing your LT2P VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit.
  • Page 95 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a Remote Access PPTP VPN Dial-in Connection A remote worker establishes a PPTP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows 2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 96 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Item Function Description Connection Name VPN_PPTP Given a name of PPTP connection Dial in...
  • Page 97 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out Chapter 4: Configuration...
  • Page 98 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Item Function Description Connection Name VPN_PPTP Given name of PPTP connection Dial out Check Dial out Server IP Address...
  • Page 99 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a LAN-to-LAN PPTP VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet.. The routers are installed in the head office and branch office accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application.
  • Page 100 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Function Description...
  • Page 101 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.
  • Page 102 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3 69.1.121.30 IKE Pre-shared Key...
  • Page 103 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Head Office Item Function Description Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office router (in WAN 69.121.1.30 (or Hostname)
  • Page 104 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Branch Office Item Function Description IPSec_Branch Connection Name Given a name of IPSec connection Office Subnet Check Subnet radio button IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office router (in WAN 69.121.1.3 side)
  • Page 105 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a IPSec Host-to-LAN VPN Connection Chapter 4: Configuration...
  • Page 106 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Office Item Function Description Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office router (in WAN 69.121.1.30 (or Hostname) side)
  • Page 107 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 108 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Item Function Description Connection Name VPN_L2TP Given a name of L2TP connection Dial in...
  • Page 109 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out Appendix A: Product Support and Contact Information...
  • Page 110 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring the L2TP VPN in the Office Item Function Description Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out Server IP Address (or 69.121.1.33 An Dialed server IP Hostname) Username username A given username &...
  • Page 111 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring your Router to Dial-in to the Server Currently, Microsoft Windows operation system does not support L2TP incoming service. Additional software may be required to set up your L2TP incoming service. Appendix A: Product Support and Contact Information...
  • Page 112 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring LAN-to-LAN L2TP VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application.
  • Page 113 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Function Description...
  • Page 114 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 115: Voip (Voice Over Internet Protocol)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VoIP (Voice over Internet Protocol) VoIP enables telephone calls through existing Internet connection instead of going through the PSTN (Public Switched Telephone Network). It is not only cost-effective, especially for a long distance telephone charges, but also toll-quality voice calls over the Internet. After completing VoIP configuration, remember to apply the changes, SAVE CONFIG and restart to activate your VoIP.

  • Page 116: Wizard

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Wizard This section provides easy setup for your VoIP service. Phone port 1 and 2 can be registered to different SIP Service Provider. Voice QoS Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP DSCP: Marking allows users to classify traffic based on DSCP value and send packets to next Router.
  • Page 117 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router NOTE: User defined profiles are limited to 8 only. Profile Name: A user-defined name is for identifying the Profile. Indicate the SIP registrar IP address. Registrar Address(or Hostname): Specify the port of the SIP registrar on which it will listen for register requests from Registrar Port: VoIP device.

  • Page 118: General Settings

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router General Settings This section reflects and contains basic settings for the VoIP module from selected provider in the Wizard section. Fail to provide correct information will halt making calls out to the Internet. SIP Device Parameters To use SIP as VoIP call signaling protocol.
  • Page 119 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Setting for Phone Port 1 Registrar Address(or Hostname): Indicate the SIP registrar IP address. Registrar Port: Specify the port of the SIP registrar on which it will listen for register requests from VoIP device. Expire: Expire time for the registration message sending. User Domain/Realm: Set different domain name for the SIP proxy server.
  • Page 120 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router values for your environment. You should use these if the default values are incorrect and result in PSTN calls not being detected properly, e.g. calls being terminated within 5 seconds of being answered. The actual levels are determined by your environment including the number and type of telephones used. Note: ONHOOK means hung up.

  • Page 121: Phone Port

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Phone Port This section displays status and allows you to edit the account information of your Phones. Click Edit to update your phone information. Login Account Configuration Phone Number: This parameter holds the registration ID of the user within the SIP registrar. Authentication Username: Same as Phone Number.
  • Page 122 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Display Name: This parameter will be appeared on the Caller ID. Codec Preference Codec is known as Coder-Decoder used for data signal conversion. Set the priority of voice compression; Priority 1 owns the top priority. G.729: It is used to encoder and decoder voice information into a single packet which reduces the bandwidth consumption.

  • Page 123: Pstn Dial Plan (Router With Line Port Only)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PSTN Dial Plan (Router with LINE port only) This section enables you to configure “VoIP with PSTN switching” on your system. You can define a range of dial plans to make regular call from VoIP switching to PSTN line. Prefix numbers is essential key to make a distinguishing between VoIP and Regular phone call.
  • Page 124 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Digits filed. Appendix A: Product Support and Contact Information...
  • Page 125 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PSTN Dial Plan Examples: 1) Dial with Prefix If you dial 01223 707070, number 01223707070 will be dialed out via FXO to make a regular phone call. 2) Dial without Prefix If you dial 9102, the number 102 will only be dialed out via FXO port to make a regular phone call. 3) Dial at Timeout If you only dial 01223 7070 and no more numbers, after the timeout activates, 012237070 will be dialed to make a regular call via FXO port.
  • Page 126 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router 4) Dial at Timeout no Prefix If you only dial 7070 and no more numbers, after the timeout activates, 7070 will be dialed without prefix to make a regular call via FXO port. Even though 0707 (only 4 digits) does not match with number of digits 6 defined in the filed, 7070 is still a valid phone number since it has not exceed 6 digits Appendix A: Product Support and Contact Information...

  • Page 127: Voip Dial Plan

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VoIP Dial Plan This section helps you to make a telephony number dialed as making a regular call via VoIP. You no longer need to memorize a long dial string of number for making a VoIP call. Parameters A listed of special dial feature comes handy when you have a miss call or need to transfer a call to a third party.
  • Page 128 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Prefix Processing: Prepend xxx unconditionally: xxx number is appended unconditionally to the front of the dialing number when making a call. If Prefix is xxx, delete it: Prefix xxx is removed from the dialing numbers before making a call. If Prefix is xxx, replace with: Prefix xxx is appended to the front of the dialing numbers when making a call.
  • Page 129 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Here are some Examples for your reference: Main Digit Sequence Lists: Description Any digit number between 0 and 9 in variable length. Maximum length is 16. Any 3 digit number only between 0 and 9. Total length is 3.
  • Page 130 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Intelligent Call Routing Example: VoIP Gateway let you use 3 VoIP/SIP providers at the same time. VoIP/SIP providers are localcheap.com, longdischeap.com and mobilecheap.com. Each provider has its price for different type of calls and I can set the following rule for each providers. 1) Phone 1: For Local calls: I use localcheap.com that charge $0.01 per minute to all local calls.
  • Page 131 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Mobilecheap.com is the default VoIP provider I set on phone port 2. When I call out 123-39- 45678 for an mobile call, 123 is replaced with 09. Therefore, 09-39-45678 is the actual phone number called out via Mobilecheap.com provider. The Intelligent Call Gateway not only saves time from changing VoIP settings to different provider to make call get routed to specific gateway(s) automatically but also taking advantage of different call rate.

  • Page 132: Ring & Tone

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Ring & Tone This section allows advanced user to change the existing or newly defined parameters for the various ring tones (dial tone, busy tone, answer tone and etc.) Country Specific Ring & Tone Region: Select a country ring-tone, from the drop-down list, where you are located. This VoIP router provides default parameter of ring tones according to different countries.

  • Page 133: Special Dial Codes

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Special dial codes The following table lists the special dial codes that are built-in to the system: Option Description Switch to PSTN line Flash-hook Note: A quick press of the hook. On some phones a button is provided (Wireless Router with LINE which provides Flash-hook functionality.

  • Page 134: Qos (Quality Of Service)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream.

  • Page 135: Prioritization

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Prioritization There are three priority settings to be provided in the Router: High Normal (The default is normal priority for all of traffic without setting) And the balances of utilization for each priority are High (60%), Normal (30%) and Low (10%). You can click Clear to delete the existing Application.
  • Page 136 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Table 4: DSCP Mapping Table DSCP Mapping Table (Wireless) ADSL Router Standard DSCP Disabled None Best Effort Best Effort (000000) Premium Express Forwarding (101110) Gold service (L) Class 1, Gold (001010) Gold service (M) Class 1, Silver (001100) Gold service (H) Class 1, Bronze (001110) Silver service (L)

  • Page 137: Outbound Ip Throttling (Lan To Wan)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. You can click Clear to delete the existing Application.

  • Page 138: Inbound Ip Throttling (Wan To Lan)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. You can click Clear to delete the existing Application.
  • Page 139 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 Throughput VoIP/VPN HIGH Others kbps NORMAL...
  • Page 140 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth. Voice application Voice is latency-sensitive application.

  • Page 141: Virtual Server ("Port Forwarding")

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Upstream: 928kbps (29*32kbps) Mission-critical Application: 192kbps (6*32kbps) Voice Application: 128kbps (4*32kbps) Restricted Application: 160kbps (5*32kbps) Other Applications: 448kbps (14*32kbps) 6+4+14+5=29, 29*32kbps=928kbps Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth.

  • Page 142: Add Virtual Server

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router machines on the Internet that are outside your local network), or any application that can accept incoming connections (e.g. Peer-to-peer/P2P software such as instant messaging applications and P2P file-sharing applications) and are using NAT (Network Address Translation), then you will usually need to configure your router to forward these incoming connection attempts using specific ports to the PC on your network running the application.
  • Page 143 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router server, Email server or game server, the router can act as a “virtual server”. You can set up a local server with a specific port number for the service to use, e.g. web/HTTP (port 80), FTP (port 21), Telnet (port 23), SMTP (port 25), or POP3 (port 110), When an incoming access request to the router for a specified port is received, it will be forwarded to the corresponding internal server.

  • Page 144: Edit Dmz Host

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router enable port number 80 (Web/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.168.1.254. Since port number 80 has already been predefined, next to the Application click Helper. A list of predefined rules window will pop and select HTTP_Sever.

  • Page 145: Edit Dmz Host

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.

  • Page 146: Edit One-To-One Nat (Network Address Translation)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses.
  • Page 147 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Application: Users-defined description to identify this entry or click to select existing predefined rules.
  • Page 148 For further information, please see IANA’s website at: http://www.iana.org/assignments/port-numbers For help on determining which private port numbers are used by common applications on this list, please see the FAQs (Frequently Asked Questions) at: http://www.billion.com Table 5: Well-known and registered Ports Port Number Protocol...

  • Page 149: Time Schedule

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.

  • Page 150: Configuration Of Time Schedule

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuration of Time Schedule Edit a Time Slot Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s).

  • Page 151: Advanced

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. There are four items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP...

  • Page 152: Dynamic Dns

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your ADSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.

  • Page 153: Check Email

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status –...

  • Page 154: Device Management

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Embedded Web Server ( 2 Management IP accounts) HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use.
  • Page 155 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router their web browser. After 100 seconds, the device will automatically logout User A. Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
  • Page 156 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Traps supported: Cold Start, Authentication Failure. The following MIBs are supported: From RFC 1213 (MIB-II): System group Interfaces group Address Translation group IP group ICMP group TCP group UDP group EGP (not applicable) Transmission SNMP group From RFC1650 (EtherLike-MIB): dot3Stats From RFC 1493 (Bridge MIB):...
  • Page 157 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router From RFC 1473 (PPP/IP MIB): PPP IP Group From RFC 1474 (PPP/Bridge MIB): PPP Bridge Group From RFC1573 (IfMIB): ifMIBObjects Group From RFC1695 (atmMIB): atmMIBObjects From RFC 1907 (SNMPv2): only snmpSetSerialNo OID Chapter 4: Configuration...

  • Page 158: Igmp

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Enable VLAN Bridge This section allows you to create VLAN group and specify the member.
  • Page 159 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Bridge Interface VLAN Port (Always starts with) Ethernet P1 / P2 / P3 / P4 Ethernet1 P2 / P3 / P4 Ethernet2 P3 / P4 Ethernet3 Step 2: Create WAN Interface Go to Configuration wanlink is the factory default WAN interface which in service for data/internet access. If your ISP uses this access protocol, click Edit to input other parameters if needed.
  • Page 160 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP. Acceptable Frame Type: Specify what kind of traffic can through this connection, all traffic or only VLAN tagged.
  • Page 161 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router From the example, two VLAN groups are requested: Data and Video. To create another VLAN group for Video by clicking Create VLAN. Given a name and ID (PVID) to identify the Video group. The valid value range for PVID is 1 ~ 4094. From the example: VLAN untagged ports for Data/Internet: ethernet, wireless and wireless_wds.

  • Page 162: Save Configuration To Flash

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Save Configuration to Flash After changing the router’s configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router. Click Save to write your new configuration to FLASH.

  • Page 163: Chapter 5: Troubleshooting

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 5: Troubleshooting If the router is not functioning properly, first check this chapter for simple troubleshooting before contacting your service provider or Billion support. Problems starting up the router Problem Corrective Action Check the connection between the adapter and the router. If the error None of the LEDs are persists, you may have a hardware problem.

  • Page 164: Problems With The Lan Interface

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Problems with the LAN Interface Problem Corrective Action Check the Ethernet LEDs on the front panel. The LED should be on for a Can’t ping any PCs on port that has a PC connected. If it is off, check the cables between your the LAN.

  • Page 165: Appendix A: Product Support And Contact Information

    Contact Billion AUSTRALIA http://www.billion.com.au/ ©2006 Billion Electric Co., Ltd. PC Range P/L. All Rights Reserved. WORLDWIDE http://www.billion.com/ Mac OS is a registered Trademark of Apple Computer, Inc. Windows 98, Windows NT, Windows 2000, Windows Me and Windows XP are registered Trademarks of Microsoft Corporation.