Download
Share
Print this page
Billion Router User Manual
  1. Manuals
  2. Brands
  3. Billion Manuals
  4. Network Router
  5. Router
  6. User manual

Billion Router User Manual

Voip/(802.11g) adsl2+ (vpn) firewall router
Hide thumbs

Advertisement

Quick Links

Download this manual
BiPAC 7404V Series
VoIP/(802.11g) ADSL2+ (VPN)
Firewall Router
User's Manual
Version Release 5.51.rc3
Last Revision Date: 25-09-2009

Advertisement

loading
Need help?

Need help?

Do you have a question about the Router and is the answer not in the manual?

Questions and answers

Related Manuals for Billion Router

Summary of Contents for Billion Router

  • Page 1 BiPAC 7404V Series VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User’s Manual Version Release 5.51.rc3 Last Revision Date: 25-09-2009...

  • Page 2: Table Of Contents

    CHAPTER 1: INTRODUCTION ....................4 INTRODUCTION TO YOUR ROUTER..................4 FEATURES ..........................4 CHAPTER 2: INSTALLING THE ROUTER .................7 IMPORTANT NOTE FOR USING THIS ROUTER..............7 PACKAGE CONTENTS......................7 THE FRONT LEDS ........................8 THE REAR PORTS ........................9 CABLING ..........................10 CHAPTER 3: BASIC INSTALLATION..................11 CONNECTING YOUR ROUTER....................12 FACTORY DEFAULT SETTINGS ...................17...
  • Page 3 VoIP - Voice over Internet Protocol ...................104 Wizard...........................105 General Settings ......................107 Phone Port ........................110 PSTN Dial Plan (Router with LINE port only) ..............112 VoIP Dial Plan ....................... 115 Ring & Tone........................119 Special Dial Codes ......................120 QoS - Quality of Service ....................121 Prioritization ........................121...
  • Page 4 PROBLEMS WITH THE LAN INTERFACE ................148 APPENDIX A: PRODUCT SUPPORT AND CONTACT INFORMATION ........149 Table of Contents...

  • Page 5: Chapter 1: Introduction

    User can use embedded PPTP and L2TP client/server, IKE and IPSec which are supported by this router to make a VPN connection or users can run the PPTP client in PC and the router already provides IPSec and PPTP pass through function to establish a VPN connection if the user likes to run the PPTP client in his local computer.
  • Page 6 Along with the built-in NAT natural firewall feature, the router also provides advanced hacker pattern-filtering protection. It can automatically detect and block Denial of Service (DoS) attacks. The router is built with Stateful Packet Inspection (SPI) to determine if a data packet is allowed through the firewall to the private LAN.
  • Page 7 It has routing capability and supports easy static routing table or RIP1/2 routing protocol. Simple Network Management Protocol (SNMP) It is an easy way to remotely manage the router via SNMP. Web based GUI It supports web based GUI for configuration and management. It is user-friendly and comes with on-line help.

  • Page 8: Chapter 2: Installing The Router

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 2: Installing the Router Important note for using this router Package Contents VoIP/(802.11g) ADSL2+ (VPN) Firewall Router CD-ROM containing the online manual RJ-11 ADSL/telephone Cable Ethernet (CAT-5 LAN) Cable RJ-45 to RS-232 Console tool kit...

  • Page 9: The Front Leds

    Meaning Lit orange when power is ON. Lit green when the device is ready. Lit red means system failure. Restart the device or contact Billion for support. Lit green when the system is ready. Flash when system is booting up or in firmware upgrading stage.

  • Page 10: The Rear Ports

    1-3 seconds: quick reset the device. 6 seconds above, and power off, power on the device: RESET restore to factory default settings. (Cannot login to the router or forgot your Username/Password. Press the button for more than 6 seconds).

  • Page 11: Cabling

    ADSL line LEDs are lit. If they are not, verify that you are using the proper cables. Ensure that all other devices connected to the same telephone line as your router (e.g. telephones, fax machines, analogue modems) have a line filter connected between them and the wall socket (unless you are using a Central Splitter or Central Filter installed by a qualified and licensed electrician), and ensure that all line filters are correctly installed and the right way around.

  • Page 12: Chapter 3: Basic Installation

    You ought to configure your PCs to obtain an IP address through a DHCP server or a fixed IP address that must be in the same subnet as the router. The default IP address of the router is 192.168.1.254 and the subnet mask is 255.255.255.0 (i.e. any attached PC must be in the same subnet, and have an IP address in the range of 192.168.1.1 to 192.168.1.253).

  • Page 13: Connecting Your Router

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Connecting Your Router 1. Connect this router to a LAN (Local Area Network) and the ADSL/telephone (ADSL) network. 2. Power on the device. 3. Make sure the PWR and SYS LEDs are lit steadily and that the LAN LED is lit.
  • Page 14 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows in Window XP Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection In the LAN Area Connection Status window, click Properties.

  • Page 15: Configuring Pcs In Windows 2000

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PCs in Windows 2000 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and Dial-up Connections. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection In the LAN Area Connection Status window, click Properties.

  • Page 16: Configuring Pc In Windows 95/98/Me

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows 95/98/ME Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Configuration tab. Select TCP / IP -> NE2000 Compatible, or the name of any Network Interface Card (NIC) in your PC.
  • Page 17 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PC in Windows NT4.0 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Protocols tab. Select TCP/IP Protocol and click Properties. (See Figure 3.12) Figure 3.12: TCP / IP Select the Obtain an IP address from a DHCP server radio button and click OK.

  • Page 18: Factory Default Settings

    Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds to restore the factory default settings.

  • Page 19: Information From Your Isp

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) and PPPoE.

  • Page 20: Configuring With Your Web Browser

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Go”, a user name and password window prompt will appear. The default username and password are “admin”...

  • Page 21: Chapter 4: Configuration

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Chapter 4: Configuration At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including: Status ARP Table Wireless Association Routing Table DHCP Table PPTP Status...

  • Page 22: Status

    Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall – MAC Address Filter function. See the Firewall section of this manual for more information on this feature.

  • Page 23: Dhcp Table

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Destination: The IP address of the destination network. Netmask: The destination Netmask address. Gateway/Interface: The IP address of the gateway or existing interface that this route will use. Cost: The number of hops counted as the cost of the route.

  • Page 24: Pptp Status (Only The 7404Vgo Has Vpn Features)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Name: The name you assigned to the Permanent configuration. IP Address: The fixed IP address for the specify client. MAC Address: The MAC Address that you want to assign the fixed IP address. Maximum Lease Time: The maximum lease time interval you allow to clients.

  • Page 25: L2Tp Status (Only The 7404Vgo Has Vpn Features)

    Encryption: The encryption type used for this VPN connection. Email Status Details and status for the Email Account you have configured the router to check. Please see the Advanced section of this manual for details on this function. VoIP Status Here you can check details and status of VoIP Account you have configured.

  • Page 26: Voip Call Log

    (Dialed Calls List: 10, Received Calls List: 10, Missed Calls List: 10). Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s ADSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration –...

  • Page 27: Error Log

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Error Log Any errors encountered by the router (e.g. invalid names given to entries) are logged to this window. NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN).

  • Page 28: Upnp Portmap

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play. See Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options. Chapter 4: Configuration...

  • Page 29: Quick Start

    Your ISP will be able to supply all the details you need, alternatively, if you have deleted the current WAN Connection in the WAN – ISP section of the interface, you can use the router’s PVC Scan feature to attempt to determine the Encapsulation types offered by your ISP.
  • Page 30 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.

  • Page 31: Configuration

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuration When you click this item, you get following sub-items to configure the ADSL router. - LAN, Wan, System, Firewall, VPN, VoIP, QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections.

  • Page 32: Ethernet

    RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. IP Alias This function supports to create multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. In this case, an internal router is not required.

  • Page 33: Ethernet Client Filter

    The number 0 - 9 and letters a - f are acceptable. Note: Follow the MAC Address Format xx:xx:xx:xx:xx:xx. Semicolon ( : ) must be included. Candidates: automatically detects devices connected to the router through the Ethernet. . → Active PC in LAN...

  • Page 34: Wireless (Wireless Router Only)

    For security propose, change the default wlan-ap to a unique ID name to the AP which is already built-in to the router’s wireless interface. It is case sensitive and must not excess 32 characters. Make sure your wireless clients have exactly the ESSID as the device, in order to get connected to your network.
  • Page 35 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router America (N.America), Europe, France, etc. The Channel ID will be different based on this setting. Channel ID: Select the wireless connection ID channel that you would like to use. Use the Scan Channel Usage to help to select non-occupied wireless channel.

  • Page 36: Wireless Security (Wireless Router Only)

    Idle Timeout: The default idle timeout is 3600 seconds. A Timeout value base on the case of no data traffic is send or received. If Router detects no traffic in the wireless, it will start timing the clock and drop the session as it reaches to the defined timeout value.
  • Page 37 Key (1-4): Enter the key to encrypt wireless data. To allow encrypted data transmission, the WEP Encryption Key values on all wireless stations must be the same as the router. There are four keys for your selection. The input format is in HEX style, 5 and 13 HEX codes are required for WEP64 and WEP128 respectively.

  • Page 38: Wireless Client / Mac Address Filter

    The number 0 - 9 and letters a - f are acceptable. Note: Follow the MAC Address Format xx:xx:xx:xx:xx:xx. Semicolon ( : ) must be included. Candidates: it automatically detects devices connected to the router through the Wireless. . →Associated Wireless Clients Associate Wireless Client displays a list of individual wireless device’s MAC Address that currently...

  • Page 39: Port Setting

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well allowing users to tweak the performance of their network.

  • Page 40: Dhcp Server

    Server is disabled you will need to manually assign a fixed IP address to each PCs on your network, and set the default gateway for each PCs to the IP address of the router (by default this is 192.168.1.254). To configure the router’s DHCP Server, check DHCP Server and click Next. You can then configure...

  • Page 41: Wan - Wide Area Network

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router WAN - Wide Area Network WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the WAN section: ISP, DNS ADSL. The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters as below.
  • Page 42 ISP. IP Assignment Obtain an IP address automatically via DHCP client: specify if the Router can get an IP address from the ISP (Internet Service Provider) automatically. Use the following IP Address: Specify the IP address manually; the IP should be given by you our ISP.
  • Page 43 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router RFC 1483 Bridged Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP.
  • Page 44 Pap. Connection: Always on: If you want the router to establish a PPPoA session when starting up and to automatically re-establish the PPPoA session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoA session only when there is a packet requesting access to the Internet (i.e.
  • Page 45 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time. Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer.
  • Page 46 Internet directly, the NAT function can be disabled. IP Assignment Obtain an IP address automatically via DHCP client: specify if the Router can get an IP address from the ISP (Internet Service Provider) automatically. Use the following IP Address: Specify the IP address manually; the IP should be given by you our ISP.

  • Page 47: Pppoe Connections

    Authentication Protocol: Default is Chap (Auto). Your ISP will advise you whether to use Chap or Pap. Connection Always on: If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP.
  • Page 48 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time. Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer.
  • Page 49 PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one WAN address to the router. With the PPPoE and PPPoE pass-through, concurrently, it allows user to have a WAN address assigned to the router but also able to get another WAN IP from ISP using PPPoE dialer (e.g WinPoETor Windows XP PPPoE Dialer) at...
  • Page 50 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time.

  • Page 51: Dns

    If you choose one of the other three protocols ─ RFC1483 Routed/Bridged and IPoA check with your ISP, it may provide you with an IP address for their DNS server. You must enter the DNS IP address if you set the DNS of your PC to the LAN IP address of this router. Chapter 4: Configuration...

  • Page 52: Adsl

    Activate Line: Aborting (false) your ADSL line and making it active (true) again for taking effect with setting of Connect Mode. Coding Gain: It reduces router’s transmit power which will effect to router’s downstream performance. Higher the gain will increase the downstream rate but it sometimes causes unstable ADSL line. The configurable ADSL coding gain is from 0 dB to 7dB, or automatic.
  • Page 53 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced Options ADSL Parameters help to interpret your ADSL line statistics. SNR Margin: It is known as Signal to Noise Ration Margin. It is the relative of DSL strength to Noise ratio. This margin is measured in decibels (dB). Higher the dB figures better the DSL strength and better chance to get faster speed.

  • Page 54: System

    User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network. Choose your local time zone, click Enable and click the Apply button.

  • Page 55: Remote Access

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI.

  • Page 56: Firmware Upgrade

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Firmware Upgrade Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and modified, and your router allows you to upgrade the software it runs to take advantage of these changes.

  • Page 57: Backup / Restore

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes.

  • Page 58: Restart Router

    Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.

  • Page 59: User Management

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Create new users who are able to access the device’s configuration interface.

  • Page 60: Firewall And Access Control

    LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the router acts as a “natural” Internet firewall, as all PCs on your LAN will use private IP addresses that cannot be directly accessed from the Internet.

  • Page 61: General Settings

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router General Settings You can choose not to enable Firewall and still able to access to URL Filter and IM/P2P Blocking or enable the Firewall using preset filter rules and modify the port filter rules as required. The Packet Filter is used to filter packets based-on Applications (Port) or IP addresses.

  • Page 62: Packet Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The preset port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected.
  • Page 63 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
  • Page 64 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router MSN (7001) UDP(17) 7001 7001 YES VEDIO TCP(6) 9000 9000 NO (9000) Inbound: Internet to LAN ; Outbound: LAN to Internet. YES: Allowed ; NO: Blocked ; N/A: Not Applicable Packet Filter – Add TCP/UDP Filter...
  • Page 65 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 66 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring your firewall to allow for a publicly accessible web server on your LAN The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level.
  • Page 67 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring Packet Filter: Click Port Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own.
  • Page 68 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router The new port filter rule for HTTP is shown below: Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more details.

  • Page 69: Intrusion Detection

    Blacklist: If the router detects a possible attack, the source IP or destination IP address will be added to the Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the Block Duration.
  • Page 70 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Table 2: Hacker attack types recognized by the IDS Type of Block Intrusion Name Detect Parameter Blacklist Drop Packet Show Log Duration Ascend Kill Ascend Kill data Src IP Src IP WinNuke Port 135, 137~139,...

  • Page 71: Url Filter

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
  • Page 72 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router dropped. 3. If the packet does not match either of the above two items, it is sent to the remote web server. 4. Please be note that the completed URL, “www” + domain name shall be specified. For example to block traffic to www.google.com.au, enter “www.google”...

  • Page 73: Im / P2P Blocking

    Internet. Both Instant Message and Peer-to-peer applications make communication faster and easier but your network can become increasingly insecure at the same time. Billion’s IM and P2P blocking helps users to restrict LAN PCs to access to the commonly used IM, Yahoo and MSN, and P2P, BitTorrent and eDonkey, applications over the Internet.

  • Page 74: Firewall Log

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling.

  • Page 75: Vpn - Virtual Private Networks (Bipac 7404Vgo Only)

    Disable radio button and click Apply button to deactivate the connection. Name: User-defined name of the connection. Type: This refers to your router operates as a client or a server, Dialout or Dialin in respectively. Status: It informs your PPTP tunnel connection condition.
  • Page 76 Connection Name: User-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
  • Page 77 Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out...
  • Page 78 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Item Function Description Connection Name VPN_PPTP Given name of PPTP connection...
  • Page 79 PPTP Connection - LAN to LAN Connection Name: User-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
  • Page 80 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly.
  • Page 81 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN.
  • Page 82 Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 83: Ipsec (Ip Security Protocol)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). Enable / Disable: This function activates or deactivates the IPSec connection. To wish interrupting the tunnel, check Disable radio button and click Apply button to deactivate the connection.
  • Page 84 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IPSec VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to office”). Local Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host.
  • Page 85 Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides (router or hosts).
  • Page 86 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced Option This function is only available after completed creating an IPSec account. Click Advanced Option to change the following settings: IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management.
  • Page 87 Disconnection Time after no traffic: It is the NO Response time clock. When no traffic stage time is beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-establish it base on the Reconnection Time set. 180 seconds is minimum time interval for this function.
  • Page 88 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3...
  • Page 89 Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office router (in 69.121.1.30 (or Hostname) WAN side) Subnet Check Subnet radio button IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0...
  • Page 90 Subnet Check Subnet radio button IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0 Secure Gateway Address IP address of the head office router (in WAN 69.121.1.3 (or Hostname) side) Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0...
  • Page 91 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring a IPSec Host-to-LAN VPN Connection Chapter 4: Configuration...
  • Page 92 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring IPSec VPN in the Office Item Function Description Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address 69.121.1.30...

  • Page 93: L2Tp (Layer Two Tunneling Protocol)

    Disable radio button and click Apply button to deactivate the connection. Name: This is the user-defined name of the connection. Type: This refers to your router operates as a client or a server, Dialout or Dialin in respectively. Status: It informs your L2TP tunnel connection condition.
  • Page 94 Connection Name: User-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
  • Page 95 Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped. Cautious: This is only when the router performs as a VPN server. This option should be used by advanced users only.
  • Page 96 Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 97 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Item Function Description Connection Name...
  • Page 98 Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out...
  • Page 99 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring the L2TP VPN in the Office Item Function Description Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out Server IP Address (or 69.121.1.33 An Dialed server IP Hostname) Username username A given username &...
  • Page 100 L2TP VPN Connection Connection Name: User-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server.
  • Page 101 Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will be connected; otherwise, it will be dropped. Cautious: This is only when the router performs as a VPN server. This option should be used by advanced users only.
  • Page 102 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly.
  • Page 103 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN.
  • Page 104 Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 105: Voip - Voice Over Internet Protocol

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VoIP - Voice over Internet Protocol VoIP enables telephone calls through existing Internet connection instead of going through the PSTN (Public Switched Telephone Network). It is not only cost-effective, especially for a long distance telephone charges, but also toll-quality voice calls over the Internet.

  • Page 106: Wizard

    Marking allows users to assign specific application traffic to be executed in priority by the next Router based on the DSCP value. Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network.
  • Page 107 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Setting for Phone Port 2 Click box of Same as Phone Port 1 to set phone port 2 be identical as phone port 1. Please refer to descriptions in “Setting for Phone Port 1”. User-defined Profiles Note: User defined profiles are limited to 8 only.

  • Page 108: General Settings

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Authentication Password: This parameter holds the password used for authentication within VoIP SIP registrar. Confirm Password: Re-enter the password for confirmation. Display Name: This parameter will be appeared on the Caller ID. General Settings This section reflects and contains basic settings for the VoIP module from selected provider in the Wizard section.
  • Page 109 Marking allows users to assign specific application traffic to be executed in priority by the next Router based on the DSCP value. See Table 4. The DSCP Mapping Table: Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network.
  • Page 110 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Advanced – Parameters VoIP through IP Interface: IP Interface decides where to send/receive the voip traffic; it includes: ipwan and iplan. Easy way to select the interface is to check the location of the SIP server. If it locates some where in the Internet then select ipwan.

  • Page 111: Phone Port

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router OFFHOOK voltage to the lowest setting registered for all your telephones, e.g. if your telephones return values of 4, 5 and 7 then you should set your OFFHOOK voltage to 4. Note: The detected values will not automatically be set by the Check Level function; you must enter the lowest level detected after testing all your telephones.
  • Page 112 0 to 9 and the pound sign (#) on the phone keypad to activate the function. For example, speed dial to phone number lists on 9, just press keypad 9 then #. Your router will automatically call out to number listed on entry 9.

  • Page 113: Pstn Dial Plan (Router With Line Port Only)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PSTN Dial Plan (Router with LINE port only) This section enables you to configure “VoIP with PSTN switching” on your system. You can define a range of dial plans to make regular call from VoIP switching to PSTN line. Prefix numbers is essential key to make a distinguishing between VoIP and Regular phone call.
  • Page 114 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router PSTN Dial Plan Examples: 1) Dial with Prefix If you dial 01223 707070, number 01223707070 will be dialed out via FXO to make a regular phone call. 2) Dial without Prefix If you dial 9102, the number 102 will only be dialed out via FXO port to make a regular phone call.
  • Page 115 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router 4) Dial at Timeout no Prefix If you only dial 97070 and no more numbers, after the timeout activates, 7070 will be dialed without prefix to make a regular call via FXO port. Even though 7070 (only 4 digits) does not match with number of digits 6 defined in the filed, 7070 is still a valid phone number since it has not exceed 6 digits.

  • Page 116: Voip Dial Plan

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router VoIP Dial Plan This section helps you to make a telephony number dialed as making a regular call via VoIP. You no longer need to memorize a long dial string of number for making a VoIP call.
  • Page 117 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Note: Refer to Special Dial Code section in this Manual for more details. Test: It is a tool to help to identify the call number is being properly being processed prior to making an actual call.
  • Page 118 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router # (pound sign): It is normal character ‘#’ on phone key pad. Please check if it is provided by your VoIP Service Provider or Local Telephone Service Provider for special service(s). <@ Current Profile>: Referring to the VoIP account registered on the VoIP Wizard for Port 1 / 2.
  • Page 119 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Localcheap.com is the default VoIP provider I set on phone port 1. When I call out any number start with 1 or 2 or 3 and plus rest of the phone number for local call, 03 is always prepended in front of these number.

  • Page 120: Ring & Tone

    (dial tone, busy tone, answer tone and etc.) Country Specific Ring & Tone Region: Select a country ring-tone, from the drop-down list, where you are located. This VoIP router provides default parameter of ring tones according to different countries. The ring-tone parameters are automatically displayed after entering a specific country.

  • Page 121: Special Dial Codes

    The code needed to dial a speed dial from a *74<x><number># phone connected to a VoIP Router is: <x>#, where <x> is a number between 2 and 9. The settings will infect to your setting in Speed Dial on WEB GUI.

  • Page 122: Qos - Quality Of Service

    Outbound / Inbound IP Throttling (bandwidth management). Prioritization There are three priority settings to be provided in the Router: High Normal (The default is normal priority for all of traffic without setting) And the balances of utilization for each priority are High (60%), Normal (30%) and Low (10%).
  • Page 123 Marking allows users to assign specific application traffic to be executed in priority by the next Router based on the DSCP value. See Table 4. The DSCP Mapping Table: Note: To be sure the router(s) in the backbones network have the capability in executing and checking the DSCP through-out the QoS network.

  • Page 124: Outbound Ip Throttling (Lan To Wan)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps.

  • Page 125: Inbound Ip Throttling (Wan To Lan)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps.
  • Page 126 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 Throughput VoIP/VPN HIGH...

  • Page 127: Voice Application

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth.
  • Page 128 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application. Chapter 4: Configuration...

  • Page 129: Virtual Server (Known As Port Forwarding)

    The reason for this is that when using NAT, your publicly accessible IP address will be used by and point to your router, which then needs to deliver all traffic to the private IP addresses used by your PCs. Please see the WAN configuration section of this manual for more information on NAT.

  • Page 130: Add Virtual Server

    When your router needs to allow outside users to access internal servers, e.g. a web server, FTP server, Email server or game server, the router can act as a “virtual server”. You can set up a local server with a specific port number for the service to use, e.g.

  • Page 131: Edit Dmz Host

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: If you like to remote accessing your Router through the Web/HTTP at all time, you would need to enable port number 80 (Web/HTTP) and map to Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.168.1.254.
  • Page 132 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.

  • Page 133: Edit One-To-One Nat (Network Address Translation)

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses.
  • Page 134 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Time Schedule: User-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section...
  • Page 135 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Example: List of some well-known and registered port numbers. The Internet Assigned Numbers Authority (IANA) is the central coordinator for the assignment of unique parameter values for Internet protocols. Port numbers range from 0 to 65535, but only ports numbers 0 to 1023 are reserved for privileged services and are designated as “well-known ports”...

  • Page 136: Time Schedule

    Internet by users or applications. This Time Schedule correlates closely with router’s time, since router does not have a real time clock on board; it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server from the Internet.

  • Page 137: Configuration Of Time Schedule

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s).

  • Page 138: Advanced

    Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff.

  • Page 139: Dynamic Dns

    IP address, which changes from time to time. This dynamic IP address is the WAN IP address of the router, which is assigned to you by your ISP. You will first need to register and establish an account with the Dynamic DNS provider using their website, for example http://www.dyndns.org/...

  • Page 140: Check Email

    This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status – Email Checking section of the web interface, which also provides details on the number of new messages waiting.

  • Page 141: Device Management

    User A changes HTTP port number to 100, specifies their own IP address of 192.168.1.55, For Example: and sets the logout time to be 100 seconds. The router will only allow User A access from the IP Chapter 4: Configuration...
  • Page 142 Both the user’s Operating System and the relevant application must support UPnP in addition to the router. Windows XP and Windows Me natively support UPnP (when the component is installed), and Windows 98 users may install the Internet Connection Sharing client from Windows XP in order to support UPnP.
  • Page 143 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Address Translation group IP group ICMP group TCP group UDP group EGP (not applicable) Transmission SNMP group From RFC1650 (EtherLike-MIB): dot3Stats From RFC 1493 (Bridge MIB): dot1dBase group dot1dTp group dot1dStp group (if configured as spanning tree)

  • Page 144: Igmp

    VoIP/(802.11g) ADSL2+ (VPN) Firewall Router IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable.
  • Page 145 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Ethernet1: P2, P3 and P4 (Port 2, 3, 4) Please uncheck P2, P3, P4 from Ethernet VLAN Port first. Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order.
  • Page 146 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Spaces next to VPI and VCI, type 0 and 33 in respectively. Select appropriate ATM Class, Encapsulation Method, Acceptable Frame Type, Filter Type and PVID for Untagged Frames. VPI and VCI: Enter the information provided by your ISP.
  • Page 147 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router Step 3: Setup VLAN Service Go to Configuration Advanced VLAN Bridge DefaultVlan lists all member ports. It is necessary to group specific member ports for each VLAN. From the example, two VLAN groups are requested: Data and Video.

  • Page 148: Save Configuration To Flash

    Save Configuration to Flash After changing the router’s configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router. Click Save to write your new configuration to FLASH.

  • Page 149: Chapter 5: Troubleshooting

    Ensure that the telephone cable is connected properly from the ADSL port connection to the wall jack. The ADSL LED on the front panel of the router should be (“linesync”) failed. on. Check that your VPI, VCI, encapsulation type and type of multiplexing settings are the same as those provided by your ISP.
  • Page 150 VoIP/(802.11g) ADSL2+ (VPN) Firewall Router APPENDIX A: Product Support and Contact Information Most problems can be solved by referring to the Troubleshooting section in the User’s Manual. If you cannot resolve the problem with the Troubleshooting chapter, please contact the dealer where you purchased this product.

This manual is also suitable for:

Bipac 7404v series