AirLive WN-300ARM-VPN User Manual
  1. Manuals
  2. Brands
  3. AirLive Manuals
  4. Network Router
  5. WN-300ARM-VPN
  6. User manual

AirLive WN-300ARM-VPN User Manual

11n adsl2/2+vpn router
Hide thumbs
Table of Contents

Advertisement

Quick Links

WN-300ARM-VPN
11n ADSL2/2+VPN Router
User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WN-300ARM-VPN and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for AirLive WN-300ARM-VPN

Summary of Contents for AirLive WN-300ARM-VPN

  • Page 1 WN-300ARM-VPN 11n ADSL2/2+VPN Router User’s Manual...

  • Page 2: Declaration Of Conformity

    5F., NO.6, Lane 130, Min-Chuan Rd., Hsin-Tien City, Taipei County, Taiwan Declare that the product 11n ADSL VPN Router (Annex A / Annex B) AirLive WN-300ARM-VPN is in conformity with In accordance with 1999/5 EC-R & TTE Directive Clause Description Electromagnetic compatibility and Radio spectrum Matters (ERM) ■...
  • Page 3 1999/5/EY oleellisten vaatimusten ja sitä koskevien pertinenti stabilite dalla direttiva 1999/5/CE. direktiivin muiden ehtojen mukainen Ar šo OvisLink Corp. deklarē, ka AirLive Hér með lýsir OvisLink Corp yfir því að AirLive Latviski [Latvian] WN-300ARM-VPN atbilst Direktīvas 1999/5/EK Íslenska [Icelandic] WN-300ARM-VPN er í samræmi við grunnkröfur og būtiskajām prasībām un citiem ar to saistītajiem...

  • Page 4: Fcc Interference Statement

    This equipment should be installed and operated with a minimum distance of 20 centimeters between the radiator and your body. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: AirLive WN-300ARM-VPN User’s Manual...

  • Page 5: Ce Declaration Of Conformity

    This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter. CE Declaration of Conformity This equipment complies with the requirements relating to electromagnetic compatibility, EN 300328 v1.7.1, EN 301489-1/-17, EN 50385, EN 60950, Class B. The specification is subject to change without notice. AirLive WN-300ARM-VPN User’s Manual...

  • Page 6: Table Of Contents

    Port Forward ..........................75 Port Range Forward........................77 QoS ............................78 6.10 VPN (IPSec)..........................80 6.11 VPN (IPSec) Example........................ 86 Chapter7. Administration ....................... 98 PC Database..........................99 Config File ..........................102 Logs ............................103 Email ............................105 AirLive WN-300ARM-VPN User’s Manual...
  • Page 7 Diagnostics..........................107 Remote Administration......................108 Routing............................110 Upgrade Firmware ........................114 Chapter8. Modem Mode ....................... 115 Appendix A Troubleshooting ....................120 Appendix B About Wireless LANs..................123 Appendix C About VPNs......................126 Appendix D Specifications ...................... 129 AirLive WN-300ARM-VPN User’s Manual...

  • Page 8: Introduction

    Chapter1. ntroduction Congratulations on the purchase of your new WN-300ARM-VPN, AirLive WN-300ARM-VPN. It is a high performance and multi-function device providing the following services:  ADSL 2/2+ Modem Router.  Shared Broadband Internet Access for all LAN users.  Wireless Access Point for 802.11n, 802.11b and 802.11g Wireless Stations.

  • Page 9: Features

    Shared Internet Access. All users on the LAN or WLAN can access the Internet through the WN-300ARM-VPN, using only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT (Network Address Translation).
  • Page 10 Easy Configuration. The configuration required to allow 2 Wireless ADSL Routers to establish a VPN connection between them is easy accomplished.  IPSec VPN Tunnels. WN-300ARM-VPN supports to be created up to 5 IPSec tunnels. Wireless Features  Standards Compliant.

  • Page 11: Lan Features

    LAN.  DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The WN-300ARM-VPN can act as a DHCP Server for devices on your local LAN and WLAN. Configuration & Management ...

  • Page 12: Front Panel And Rear Panel

    When pressed, the LED will stay On for 10~15 secon ds, then it will start blinking for 2 minutes. If any client is associated with the router successfully within 2 minutes, the LED will stay On, otherwise the LED will be Off. AirLive WN-300ARM-VPN User’s Manual...

  • Page 13: Packing List

    Wireless ON/OFF  To restore the factory default settings. Press the Wireless and WPS buttons simultaneously for 8 seconds, and wait the WN-300ARM-VPN to restart using the factory default values. .3 Packing List he following items should be included: ...

  • Page 14: Chapter2

    WN-300ARM-VPN. Note For bes t Wireless reception and performance, the WN-300ARM-VPN should be positioned in a central location with minimum obstructions between the WN-300ARM-VPN and the PCs. Also, if using multiple Access Points, adjacent Access Points should use different C hannels.
  • Page 15 . Connect LAN Cables Use standard LAN ca bles to connect PCs to the Switching Hub ports on the WN-300ARM-VPN. Both 10BaseT and 100BaseT connections can be used simultaneously. 3. C onnect ADSL Cable Connect the supplied AD SL cable from to the ADSL port on the WN-300ARM-VPN (the RJ11 connector) to the ADSL terminator provided by your phone company.

  • Page 16: Chapter3

    , see Chapter 4 - PC Configuration. Other configuration may also be required, depending on which features and functions of WN-300ARM-VPN you wish to use. Use the table below to locate detailed instructions for the required functions. To Do this:...

  • Page 17: Configuration Program

    Using your Web Browser To establish a connection from your PC to the WN-300ARM-VPN: 1. After installing the WN-300ARM-VPN in your LAN, start your PC. If your PC is already running, restart it. 2. Start your WEB browser. 3. In the Address box, enter "HTTP://" and the IP Address of the WN-300ARM-VPN, as in this example, which uses the WN-300ARM-VPN's default IP Address: http://192.168.0.1...
  • Page 18 Network Mask must be set to 255.255.255.0.  Ensure that your PC and the WN-300ARM-VPN are on the same network segment. (If you don't have a router, this must be the case.) Ensure you are using the wired LAN interface. The Wireless interface can only be used if its configuration matches your PC's wireless settings.

  • Page 19: Setup Wizard

    3.1 Setup Wizard The first time you connect to the WN-300ARM-VPN, you should run the Setup Wizard to configure the ADSL and Internet Connection. 1. Click the Setup Wizard link on the main menu 2. On the first screen, select VC 1 (Router - Primary Internet Connection), then click "Next"...
  • Page 20 Click "Next" and complete the configuration for your connection method.  You need the data supplied by your ISP. Your ISP's data will also have the DSL Multiplexing Method (LLC or VC) The common connection types are explained in the following table. AirLive WN-300ARM-VPN User’s Manual...

  • Page 21: Configuring Vcs

    Notes: Some ISP's allow multiple PPPoE connections. This allows multiple PCs to connect to the Internet using PPPoE client software. When using the WN-300ARM-VPN, multiple PPPoE connections are neither necessary nor supported. AirLive WN-300ARM-VPN User’s Manual...
  • Page 22 LAN. 4. When finished, click "Next" and complete the Wizard. 5. After completing the Wizard, you can check the Status screen to see the VC has been corrected established. AirLive WN-300ARM-VPN User’s Manual...

  • Page 23: Home Screen

    Changing to another screen without clicking "Save" does NOT save any changes you may have made. You must "Save" before changing screens or your data will be ignored. Notes: On each screen, clicking the "Help" button will display help for that screen. AirLive WN-300ARM-VPN User’s Manual...

  • Page 24: Lan Screen

    Figure 1: LAN Screen Data - LAN Screen TCP/IP IP address for the WN-300ARM-VPN, as seen from the local LAN. Use the IP Address default value unless the address is already in use or your LAN is using a different IP address range. In the latter case, enter an unused IP Address from within the range used by your LAN.
  • Page 25 You can only use one (1) DHCP Server per LAN segment. If you wish to use another DHCP Server, rather than the WN-300ARM-VPN's, the following procedure is required.  Disable the DHCP Server feature in the WN-300ARM-VPN. This setting is on the LAN screen.  Configure the DHCP Server to provide the WN-300ARM-VPN's IP Address as the Default Gateway.

  • Page 26: Wireless Screen

    Note that the WN-300ARM-VPN will automatically accept 802.11b, 11g and 11n connections, and no configuration is required for this feature. To change the WN-300ARM-VPN's default settings for the Wireless Access Point feature, use the Wireless link on the main menu to reach the Wireless screen. An example screen is shown below.
  • Page 27 Select the correct domain for your location. It is your responsibility to ensure:  That the WN-300ARM-VPN is only used in domains for which is licensed.  That you select the correct domain, so that only the legal channels for that domain can be selected.
  • Page 28 (40MHz). WMM Support System will auto enable the function. WMM works to classify the packets’ priority, so the WN-300ARM-VPN can allow more packets with top priority passing through. This function can only be available when client’s wireless card also supports WMM feature.
  • Page 29 SSID, as well as the wireless encryption method. Enter the MAC address(es) of the AP(s) into the fields to allow the following MAC Address List access points to be connected to the wireless router. AirLive WN-300ARM-VPN User’s Manual...

  • Page 30: Wireless Security

    Each user must have a "user login" on the Radius Server.  Each user's wireless client must support 802.1x and provide the login data when required.  All data transmission is encrypted using the WPA standard. Keys are automatically generated, so no key input is required. AirLive WN-300ARM-VPN User’s Manual...

  • Page 31: Wep Wireless Security

    Other stations must have the same key. Passphrase If desired, you can generate a key from a phrase, instead of entering the key value directly. Enter the desired phrase, and click the "Generate Keys" button. AirLive WN-300ARM-VPN User’s Manual...
  • Page 32 Other Wireless Stations must use the same network key. The PSK must be from 8 to 63 characters in length. Encryption The WPA2-PSK standard allows different encryption methods to be used. Select the desired option. Wireless Stations must use the same encryption. AirLive WN-300ARM-VPN User’s Manual...
  • Page 33 Enter the port number used for connections to the Radius Server. Enter the shared key. Data is encrypted using a key derived from the Shared Key network key. Other Wireless Stations must use the same key. The key must AirLive WN-300ARM-VPN User’s Manual...

  • Page 34: Trusted Wireless Stations

    The name assigned to the Trusted Wireless Station. Use this when adding or editing a Trusted Station. Address The MAC (physical) address of the Trusted Wireless Station. Use this when adding or editing a Trusted Station. AirLive WN-300ARM-VPN User’s Manual...
  • Page 35 To add a Trusted Station which is not in the "Other Wireless Stations" list, Add (Update) enter the required data and click this button. When editing an existing Wireless Station, this button will change from Add to Update. Clear Clear the Name and Address fields. AirLive WN-300ARM-VPN User’s Manual...

  • Page 36: Password Screen

    You will be prompted for the password when you connect, as shown below. Figure: Password Dialog  The "User Name" is always admin  Enter the password for the WN-300ARM-VPN, as set on the Password screen above. AirLive WN-300ARM-VPN User’s Manual...

  • Page 37: Mode Screen

    (Since the modem is transparent, it does not examine the traffic to determine whether the traffic is for the LAN or the WAN.)  For details on using Modem Mode, see Chapter 8. AirLive WN-300ARM-VPN User’s Manual...

  • Page 38: Binding Screen

    It displays the current VPI/VCI information of the selected PVC. It displays the current connection type of the selected PVC. Type Group It shows the group for one port when you have selected a PVC for this port. AirLive WN-300ARM-VPN User’s Manual...

  • Page 39: Chapter4

    This section describes how to configure Windows clients for Internet access via the WN-300ARM-VPN. The first step is to check the PC's TCP/IP settings. The WN-300ARM-VPN uses the TCP/IP network protocol for all functions, so it is essential that the TCP/IP protocol be installed and configured on each PC.
  • Page 40 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. Figure: Windows NT4.0 - TCP/IP 2. Click the Properties button to see a screen like the one below. Figure: Windows NT4.0 - IP Address AirLive WN-300ARM-VPN User’s Manual...
  • Page 41 Specify an IP Address If your PC is already configured, check with your network administrator before making the following changes. 1. The Default Gateway must be set to the IP address of the WN-300ARM-VPN. To set this:  Click the Advanced button on the screen above.
  • Page 42 Checking TCP/IP Settings - Windows 2000 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure: Network Configuration (Win 2000) AirLive WN-300ARM-VPN User’s Manual...
  • Page 43 To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the WN-300ARM-VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the WN-300ARM-VPN.
  • Page 44 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following. Figure: TCP/IP Properties (Windows XP) 5. Ensure your TCP/IP settings are correct. AirLive WN-300ARM-VPN User’s Manual...
  • Page 45 To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the WN-300ARM-VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the WN-300ARM-VPN.

  • Page 46: Internet Access

    (The Administrator should configure the Wireless Access Point with a fixed IP address from the same address range used on the PCs.) Internet Access To configure your PCs to use the WN-300ARM-VPN for Internet access:  Ensure that the DSL modem, Cable modem, or other permanent connection is functional.
  • Page 47 10. Setup is now completed. Accessing AOL To access AOL (America On Line) through the WN-300ARM-VPN, the AOL for Windows software must be configured to use TCP/IP network access, rather than a dial-up connection. The configuration process is as follows: ...

  • Page 48: Macintosh Clients

     Ensure your DNS settings are correct. 4.3 Linux Clients To access the Internet via the WN-300ARM-VPN, it is only necessary to set the WN-300ARM-VPN as the "Gateway". Ensure you are logged in as "root" before attempting any changes. Fixed IP Address By default, most Unix installations use a fixed IP Address.

  • Page 49: Wireless Station Configuration

    4.4 Wireless Station Configuration This section applies to all Wireless stations wishing to use the WN-300ARM-VPN's Access Point, regardless of the operating system which is used on the client. To use the Wireless Access Point in the WN-300ARM-VPN, each Wireless Station must have compatible...
  • Page 50 See the following section "If the SSID is not listed" for details of dealing with this situation. 4. The next step depends on whether or not Wireless security has been enabled on the WN-300ARM-VPN. If Wireless Security is Disabled If Wireless security on the WN-300ARM-VPN is disabled, Windows will warn you that the Wireless network is not secure.
  • Page 51 If using WEP Data Encryption If WEP data encryption has been enabled on the WN-300ARM-VPN, Windows will detect this, and show a screen like the following. Figure: WEP (Windows XP) To connect:  Enter the WEP key, as set on the WN-300ARM-VPN, in the Network Key field.
  • Page 52 WN-300ARM-VPN. (Windows will determine if 64bit or 128bit encryption is used.)  The Key index must match the default key index on the WN-300ARM-VPN. The default value is 1.  Ensure the options The key is provided for me automatically and This is a computer-to-computer (ad hoc) network are unchecked.
  • Page 53 Click OK to establish a connection to the WN-300ARM-VPN. If using WPA-PSK Data Encryption If WPA-PSK data encryption has been enabled on the WN-300ARM-VPN, it does not matter which network is selected on the screen below. Just click the Advanced button.
  • Page 54 You will then see a screen like the example below. Figure: Advanced - Wireless Networks Select the SSID for the WN-300ARM-VPN, and click Configure, to see a screen like the following: Figure: Wireless Network Properties- WPA-PSK AirLive WN-300ARM-VPN User’s Manual...
  • Page 55  Click OK to save and close this dialog.  This wireless network will now be listed in Preferred Networks on the screen below. Figure: Preferred Networks Click OK to establish a connection to the WN-300ARM-VPN. AirLive WN-300ARM-VPN User’s Manual...
  • Page 56 If the SSID is not listed If the "Broadcast SSID" setting on the WN-300ARM-VPN has been disabled, its SSID will NOT be listed on the screen below. Figure: Wireless Networks (Windows XP) In this situation, you need to obtain the SSID from your network administrator, then to follow this procedure: 1.
  • Page 57  Set Network Authentication and Data Encryption to match the WN-300ARM-VPN.  If using data encryption (WEP or WPA-PSK), enter the key used on the WN-300ARM-VPN. See the preceding sections for details of WEP and WPA-PSK.  Uncheck the options “The key is provided for me automatically” and “This is a computer-to-computer (ad hoc) network”.
  • Page 58 4. This wireless network will then be listed in Preferred Networks on the screen below. Figure: Preferred Networks 5. Click OK to establish a connection to the WN-300ARM-VPN. AirLive WN-300ARM-VPN User’s Manual...

  • Page 59: Chapter5

    Status Operation - Router Mode Once both the WN-300ARM-VPN and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required. Refer to Chapter 6 - Advanced Features for further details.
  • Page 60 Network Mask DHCP Server This shows the status of the DHCP Server function. The value will be "On" or "Off". This shows the MAC Address for the WN-300ARM-VPN, as seen on the MAC Address LAN interface. AirLive WN-300ARM-VPN User’s Manual...
  • Page 61 Click this button to view the details of multi PVC in the sub-screen. Attached Devices This will open a sub-window, showing all LAN and Wireless devices currently on the network. Refresh Screen Update the data displayed on screen. Help The description of Status item. AirLive WN-300ARM-VPN User’s Manual...
  • Page 62 Network Mask The Network Mask associated with the IP Address above. Buttons Connect If not connected, establish a connection to your ISP. Disconnect If connected to your ISP, hang up the connection. Close this window. Close AirLive WN-300ARM-VPN User’s Manual...
  • Page 63 IP address allocation (the DCHP lease) expires. Obtained Lease Expires Buttons If an IP Address has been allocated to the WN-300ARM-VPN (by the ISP's Release DHCP Server), clicking the "Release" button will break the connection and release the IP Address.
  • Page 64 The Subnet Mask associated with the IP Address above. Subnet Mask Default The IP Address of the remote Gateway or Router associated with the IP Address above. Gateway The IP Address of the Domain Name Server which is currently used. DNS Server AirLive WN-300ARM-VPN User’s Manual...

  • Page 65: Chapter6

    Options  Schedule  Port Trigger  Port Foward  Port Range Forward   VPN (IPSec) 6.1 Internet This screen provides the access to the DMZ, Special Applications and URL Filter features. Figure: Internet Screen AirLive WN-300ARM-VPN User’s Manual...

  • Page 66: Url Filter

    Click the Configure URL Filter button to open the URL Filter screen, allowing you to create or modify the filter strings which determine which sites will be blocked. The URL Filter screen is displayed when the Configure URL Filter button on the Advanced Internet screen is clicked. Figure: URL Filter Screen AirLive WN-300ARM-VPN User’s Manual...
  • Page 67 PC to Visit For this PC, the URL filter will be ignored. Blocked If enabled, you must select the PC to be the trusted PC. Sties Trusted PC Enter the PC to be the Trusted PC. AirLive WN-300ARM-VPN User’s Manual...

  • Page 68: Access Control

    Block all Internet access - All traffic via the WAN port is blocked. Use this to create the most restrictive group.  Block selected Services - You can select which Services are to block. Use this to gain fine control over the Internet access for a group. AirLive WN-300ARM-VPN User’s Manual...
  • Page 69 The "Del >>" button will remove the selected PC (in the Trusted PCs list) from the current group.  The "<< Add" button will add the selected PC (in the Other PCs list) to the Trusted PCs group. AirLive WN-300ARM-VPN User’s Manual...

  • Page 70: Dynamic Dns

    2. After registration, use the Service provider's normal procedure to obtain your desired Domain name. 3. Enter your DDNS data on the WN-300ARM-VPN's DDNS screen, and enable the DDNS feature. 4. The WN-300ARM-VPN will then automatically ensure that your current IP Address is recorded at the DDNS service provider's Domain Name Server.
  • Page 71 This message is returned by the DDNS Server.  Normally, this message should be "Update successful"  If the message indicates some problem, you need to connect to the DDNS Service provider and correct this problem. AirLive WN-300ARM-VPN User’s Manual...

  • Page 72: Option

    Figure: Options Screen Data - Options Screen Internet Respond to  If checked, the WN-300ARM-VPN will respond to Ping (ICMP) packets Ping received from the Internet.  If not checked, Ping (ICMP) packets from the Internet will be ignored. Disabling this option provides a slight increase in security.

  • Page 73: Schedule

    If your region uses Daylight Savings Time, you must manually check "Adjust Adjust for for Daylight Savings Time" at the beginning of the adjustment period, and Daylight Savings Time uncheck it at the end of the Daylight Savings period. AirLive WN-300ARM-VPN User’s Manual...
  • Page 74 "Use this NTP Server" and enter the Server's IP address in the fields provided. If this setting is not enabled, the default NTP Servers are used. This displays the current time on the WN-300ARM-VPN, at the time the page Current Time is loaded.

  • Page 75: Port Trigger

    If you use Internet applications which use non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the WN-300ARM-VPN's firewall. In this case, you can define the application as a "Port Trigger".
  • Page 76 If the application uses a single port number, enter it in both the "Start" and "Finish" fields.  Finish - Enter the end of the range of port numbers used by the application server, for data you receive. AirLive WN-300ARM-VPN User’s Manual...

  • Page 77: Port Forward

    "mapping" or "translation" function, allowing the server to use a different port to the clients. Enter the port numbers which the Server software is configured to use. Internal Port Select the protocol (TCP or UDP) used by the Server. Protocol AirLive WN-300ARM-VPN User’s Manual...
  • Page 78 IP Address Enter the desired IP address. Enabled Use this to Enable or Disable support for this Server, as required. AirLive WN-300ARM-VPN User’s Manual...

  • Page 79: Port Range Forward

    Enter the end of the range of port numbers used by the application server. Protocol Select the protocol (TCP, UDP or Both) used by the Server. IP Address Enter the desired IP address. Enable Use this to Enable or Disable support for this Server, as required. AirLive WN-300ARM-VPN User’s Manual...

  • Page 80: Qos

    WAN Setting DownStream Enter the desired value for the DownStream Connection. UpStream Enter the desired value for the UpStream Connection. Get from WAN Click this button to get the values for DownStream and UpStream from WAN. AirLive WN-300ARM-VPN User’s Manual...
  • Page 81 Priority: Select the option (High, Normal, Low) from the list.  Direct: Select Upstream or Downstream as required. Summary The priority of the application. Priority The Name of this Application or IP Address. Name The general Information of this Application or IP Address. Information AirLive WN-300ARM-VPN User’s Manual...

  • Page 82: Vpn (Ipsec)

    VPN (IPSec) VPN Setup The VPN (Virtual Private Network) feature in the WN-300ARM-VPN allows you to create a VPN connection between 2 WN-300ARM-VPN, or a remote PC to establish a VPN connection to the WN-300ARM-VPN. To establish a VPN connection from a remote PC to the Wireless ADSL Router, you need suitable (IPSec) VPN client software on your PC.
  • Page 83 An "Auto" VPN policy uses the IKE (Internet Key Protocol) to exchange and negotiate parameters for the IPsec SA (Security Association). Because of this negotiation, it is not necessary for all settings on this VPN Gateway to match the settings on the remote VPN endpoint. Where settings must match, this is indicated. AirLive WN-300ARM-VPN User’s Manual...
  • Page 84 Note: The remote VPN endpoint must have this VPN Gateway's address entered as its "Remote VPN Endpoint". NetBIOS Enable Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel. The NETBIOS protocol is used by Microsoft Networking. AirLive WN-300ARM-VPN User’s Manual...
  • Page 85 Exchange Mode IPSec has 2 possibilities - "Main Mode" and "Aggressive Mode". WN-300ARM-VPN only supports "Main Mode". So, user also has to ensure the remote VPN endpoint is set to use "Main Mode". Diffie-Hellman The Diffie-Hellman algorithm is used when exchanging keys. The DH Group setting determines the number of bit size used in the exchange.
  • Page 86 Group" used. For this device, the "Key Group" is the same as the "DH Group" setting in the IKE section. VPN Auto Policies Screen This screen is displayed when you click the VPN Log button on the VPN Policies screen, or on the Status AirLive WN-300ARM-VPN User’s Manual...
  • Page 87 The status bar on the bottom on the screen will indicate if auto-refresh is enabled or disabled. VPN Log Click this button to switch to the VPN log screen. The VPN log shows details of each connection as it is created. AirLive WN-300ARM-VPN User’s Manual...

  • Page 88: Vpn (Ipsec) Example

    In this situation, the PC must run appropriate VPN client software in order to connect, via the Internet, to the WN-300ARM-VPN or other VPN Gateway. Once connected, the client PC has the same access to LAN resources as PCs on the local LAN (unless restricted by the network administrator).
  • Page 89  Windows 2000 and Windows XP include an IPsec VPN client program. However, configuration of this client program for use with the WN-300ARM-VPN is very complex and beyond the scope of this document. Connecting 2 LANs via VPN Figure: Connecting 2 VPN Gateways This allows two (2) LANs to be connected.
  • Page 90 Some VPN Gateways or programs let you specify the following settings separately for IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.  Authentication  Encryption  SA Lifetime AirLive WN-300ARM-VPN User’s Manual...
  • Page 91 Configuration Settings - Gateway A Gateway A should be configured as shown below. Figure: Gateway A Configuration AirLive WN-300ARM-VPN User’s Manual...
  • Page 92 Configuration Settings - Gateway B Gateway B should be configured as shown below. Figure: Gateway B Configuration AirLive WN-300ARM-VPN User’s Manual...
  • Page 93 VPN Example - Connecting WN-300ARM-VPN and RS-1200 Settings Setting WN-300ARM-VPN RS-1200 Notes Policy Name wn-300 Name does not affect operation. Select a meaningful name. Remote VPN Fixed IP Address PPPoE Other endpoint's WAN Endpoint 60.250.158.64 DDNS enable (Internet) IP address.
  • Page 94 Configuration: RS-1200 1. Policy Object  VPN  IPSec Autokey: Define the IPSec setting 2. Policy Object  VPN  Tunnel: Configure the else VPN setting AirLive WN-300ARM-VPN User’s Manual...
  • Page 95 3. Policy  Outgoing: Enable IPSec VPN setting 4. Policy  Incoming: Enable IPSec VPN setting AirLive WN-300ARM-VPN User’s Manual...
  • Page 96 Configuration: WN-300ARM-VPN AirLive WN-300ARM-VPN User’s Manual...
  • Page 97 VPN Example - Connecting WN-300ARM-VPN and IP-2000VPN Settings Setting WN-300ARM-VPN IP-2000VPN Notes Policy Name To_IP2K To_WN300 Name does not affect operation. Select a meaningful name. Remote VPN Fixed IP Address PPPoE Other endpoint's WAN Endpoint 60.250.158.64 DDNS enable (Internet) IP address.
  • Page 98 Configuration: IP-2000VPN AirLive WN-300ARM-VPN User’s Manual...
  • Page 99 Configuration: WN-300ARM-VPN AirLive WN-300ARM-VPN User’s Manual...

  • Page 100: Chapter7

    Server". This database is maintained automatically, but you can add and delete entries for PCs which use a Fixed (Static) IP Address. Config File Backup or restore the configuration file for the WN-300ARM-VPN. This file contains all the configuration data. Logs & E-mail View or clear all logs, set E-Mailing of log files and alerts.

  • Page 101: Pc Database

    PCs which are "DHCP Clients" are automatically added to the database, and updated as required.  The WN-300ARM-VPN uses the "Hardware Address" to identify each PC, not the name or IP address. The "Hardware Address" can only change if you change the PC's network card or adapter.
  • Page 102 This lists all current entries. Data displayed is name (IP Address) type. The "type" indicates whether the PC is connected to the LAN. PC Properties Name If adding a new PC to the list, enter its name here. It is best if this matches the PC's "hostname". AirLive WN-300ARM-VPN User’s Manual...
  • Page 103  DCHP Client - Reserved IP Address - Select this if the PC is set to be a DCHP client, and you wish to guarantee that the WN-300ARM-VPN will always allocate the same IP Address to this PC. Enter the required IP address. Only the last field is required; the other fields must match the WN-300ARM-VPN's IP address.

  • Page 104: Config File

    7.2 Config File This feature allows you to download the current settings from the WN-300ARM-VPN, and save them to a file on your PC. You can restore a previously-downloaded configuration file to the WN-300ARM-VPN, by uploading it to the WN-300ARM-VPN.

  • Page 105: Logs

    Since only a limited amount of log data can be stored in the WN-300ARM-VPN, log data can also be E-mailed to your PC. Use the E-mail screen to configure this feature.
  • Page 106 Use this if your Syslog Server does not have a fixed IP address. If your Syslog server has a fixed IP address, select this option, and enter the Send to this Syslog Server IP address of your Syslog server. AirLive WN-300ARM-VPN User’s Manual...

  • Page 107: Email

    In this case, enable this checkbox, and enter the login information (User name and Password) in the fields below. authentication User Name If you have enabled "My SMTP Mail Server requires authentication" above, enter the User Name required to login to your SMTP Server. AirLive WN-300ARM-VPN User’s Manual...
  • Page 108 SMTP Server. E-mail Alerts Send E-mail alerts You can choose to have alerts E-mailed to you, by checking the desired checkboxes. The WN-300ARM-VPN can send an immediate alert when it immediately detects a significant security incident such as ...

  • Page 109: Diagnostics

    After entering the Domain name/URL, click this button to start the "DNS Lookup" procedure. Button Routing Click this button to display the internal routing table. This information can be Display used by Technical Support and other staff who understand Routing Tables. AirLive WN-300ARM-VPN User’s Manual...

  • Page 110: Remote Administration

    7.6 Remote Administration If enabled, this feature allows you to manage the WN-300ARM-VPN via the Internet. Figure: Remote Administration Screen Data - Remote Administration Screen Remote Administration Check to allow administration/management via the Internet. (To connect, Enable Remote Management see below).
  • Page 111 1. Ensure your Internet connection is established, and start your Web Browser. 2. In the "Address" bar, enter "http://" followed by the Internet IP Address of the WN-300ARM-VPN. If the port number is not 80, the port number is also required. (After the IP Address, enter ":" followed by the port number.)

  • Page 112: Routing

    You can ignore the Static Routing page if your network topology is constructed as following:  If your LAN has a standard Router (e.g. Cisco) on your LAN, and the WN-300ARM-VPN is to act as a Gateway for all LAN segments, you can enable RIP (Routing Information Protocol).
  • Page 113 Update the current Static Routing Table entry, using the data shown in the table area on screen. Delete the current Static Routing Table entry. Delete Save Save the RIP setting. This has no effect on the Static Routing Table. AirLive WN-300ARM-VPN User’s Manual...

  • Page 114: Configuring Other Routers On Your Lan

    Configuring Other Routers on your LAN It is essential that all IP packets for devices are not on the local LAN be passed to the WN-300ARM-VPN, so that they can be forwarded to the external LAN, WAN, or Internet. To achieve this, the local LAN must be configured to use the WN-300ARM-VPN as the Default Route or Default Gateway.
  • Page 115 Figure: Routing Example For the WN-300ARM-VPN's Routing Table For the LAN shown above, with 2 routers and 3 LAN segments, the WN-300ARM-VPN requires 2 entries as follows. Entry 1 (Segment 1) Destination IP Address 192.168.1.0 Network Mask 255.255.255.0 (Standard Class C) Gateway IP Address 192.168.0.100 (WN-300ARM-VPN's local...

  • Page 116: Upgrade Firmware

    7.8 Upgrade Firmware The firmware (software) in the WN-300ARM-VPN can be upgraded using your Web Browser. You must first download the upgrade file, then to select Upgrade Firmware on the Administration menu. You will see a screen like the following.

  • Page 117: Chapter8

    When you connect in future, just connect normally, using the IP address you assigned. 1. Start your WEB browser. 2. In the Address box, enter "http://" and the current IP Address of the WN-300ARM-VPN as in this example, which uses the WN-300ARM-VPN 's default IP Address: http://192.168.0.1...
  • Page 118 Upgrade FW - this screen is the same as in Router mode.  Status - displays current settings and status. See the following section for details.  Binding - this screen is the same as in Router mode. AirLive WN-300ARM-VPN User’s Manual...
  • Page 119 The modem will act like any other ADSL modem. No routing will be performed, and no client login will be done. If a client login is required, it must be performed by your Router/Gateway or by software on your PC. AirLive WN-300ARM-VPN User’s Manual...

  • Page 120: Status Screen

    Click this button to open a sub-window and view the details of each VC ADSL Details (Virtual Circuit). IP Address The IP Address of the WN-300ARM-VPN. The Network Mask (Subnet Mask) for the IP Address above. Network Mask AirLive WN-300ARM-VPN User’s Manual...
  • Page 121 This shows the MAC Address for the WN-300ARM-VPN, as seen on the MAC Address LAN interface. Wireless If using an ESS (Extended Service Set, with multiple access points) this ID SSID 1/2 is called an ESSID (Extended Service Set Identifier).

  • Page 122: Appendix A Troubleshooting

    This chapter covers some common problems that may be encountered while using the WN-300ARM-VPN and some possible solutions to them. If you follow the suggested steps and the WN-300ARM-VPN still does not function properly, contact your dealer for further advice.

  • Page 123: Wireless Access

    Problem 2: Some applications do not run properly when using the WN-300ARM-VPN. Solution 2: The WN-300ARM-VPN processes the data passing through it, so it is not transparent. For incoming connections, you must use the Virtual Server or Firewall Rules to specify the PC which will receive the incoming traffic.
  • Page 124 Off, and see if this helps. Any "noisy" devices should be shielded or relocated.  RF Shielding Your environment may tend to block transmission between the wireless stations. This will mean high access speed is only possible when close to the WN-300ARM-VPN. AirLive WN-300ARM-VPN User’s Manual...

  • Page 125: Appendix B About Wireless Lans

    The Wireless Channel sets the radio frequency used for communication.  Access Points use a fixed Channel. You can select the Channel used. This allows you to choose a Channel which provides the least interference and best performance. In the USA and Canada, 11 AirLive WN-300ARM-VPN User’s Manual...
  • Page 126 This is a later version of WPA (WPA-PSK). The major change is the use of AES (Advanced Encryption System) for protecting data. AES is very secure, considered to be unbreakable. The PSK (Pre-shared Key) must be entered on each Wireless station. AirLive WN-300ARM-VPN User’s Manual...

  • Page 127: Wireless Lan Configuration

    "any" or null (blank) to allow connection to any Access Point. Wireless The Wireless Stations and the Access Point must use the same settings for Wireless security. (None, WEP, WPA-PSK, Security WPA2-PSK, WPA-802.1x). AirLive WN-300ARM-VPN User’s Manual...

  • Page 128: Appendix C About Vpns

    A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet. This secure connection is called a VPN Tunnel. There are many standards and protocols for VPNs. The standard implemented in the WN-300ARM-VPN is IPSec.

  • Page 129: Vpn Configuration

    Proposal" have the same meaning. However, some vendors separate IKE Policies (Phase 1 parameters) from IPSec Policies (Phase 2 parameters). For the WN-300ARM-VPN; each VPN policy contains both Phase 1 and Phase 2 parameters (if IKE is used). Each policy defines: ...
  • Page 130 The 2 LANs MUST use different IP address ranges. IKE parameters If using IKE (recommended), the IKE parameters must match (except for the SA lifetime, which can be different). IPsec parameters The IPsec parameters at each endpoint must match. AirLive WN-300ARM-VPN User’s Manual...

  • Page 131: Appendix D Specifications

    CCK, DQPSK, DBPSK, BPSK, QPSK, 16-QAM, 64-QAM, OFDM Data Rate Up to 270 Mbps (802.11n Draft) Security WEP 64Bit, 128Bit, WPA-PSK, WPA2-PSK, WPA-802.1X, WPS Button Support, MAC address checking Output Power 13dBm (typical) Receiver Sensitivity -80dBm Min. AirLive WN-300ARM-VPN User’s Manual...

Table of Contents

Save PDF