AirLive IP-2000VPN User Manual
  1. Manuals
  2. Brands
  3. AirLive Manuals
  4. Network Router
  5. IP-2000VPN
  6. User manual

AirLive IP-2000VPN User Manual

Internet vpn router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
6. Specifications
IP-2000VPN
Internet VPN Router
User's Manual
1
AirLive WLA-9000AP User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IP-2000VPN and is the answer not in the manual?

Questions and answers

Related Manuals for AirLive IP-2000VPN

Summary of Contents for AirLive IP-2000VPN

  • Page 1 6. Specifications IP-2000VPN Internet VPN Router User’s Manual AirLive WLA-9000AP User’s Manual...

  • Page 2: Declaration Of Conformity

    OvisLink Corp. 5F., NO.6, Lane 130, Min-Chuan Rd., Hsin-Tien City, Taipei County, Taiwan Declare that the product Internet VPN Router AirLive IP-2000VPN is in conformity with In accordance with 89/336 EEC-EMC Directive and 1999/5 EC-R & TTE Directive Clause Description...
  • Page 3 Directiva 1999/5/CE. disposiciones aplicables o exigibles de la Directiva 1999/5/CE. ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ OvisLink Corp. ΔΗΛΩΝΕΙ OvisLink Corp izjavlja, da je ta AirLive IP-2000VPN v Ελληνική [Greek] ΟΤΙ AirLive IP-2000VPN ΣΥΜΜΟΡΦΩΝΕΤΑΙ Slovensko skladu z bistvenimi zahtevami in ostalimi relevantnimi ΠΡΟΣ...
  • Page 4 They are used for identification purpose only. Specifications are subject to be changed without prior notice. FCC Interference Statement The IP-2000VPN has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against radio interference in a commercial environment.

  • Page 5: Table Of Contents

    7.2 Windows PPTP Clients Setup......................79 Chapter 8 VPN Example......................92 8.1 Office-to-office IPSec VPN – Connecting to 2 IP-2000VPN ............. 93 8.2 Office-to-office IPSec VPN – Connecting IP-2000VPN and RS-1200..........99 8.3 Getting into Office Network from Internet (PPTP) – Windows XP PPTP Client ......105 8.4 Getting into Office Network from Internet (IPSec) –...
  • Page 6 10.4 Remote Administration........................152 10.5 Routing............................154 10.6 Upgrade Firmware ........................158 10.7 UPnP............................. 159 Appendix A PC Configuration ....................160 Appendix B VPN Overview ...................... 169 Appendix C Troubleshooting ....................172 Appendix D Specifications ...................... 174 AirLive IP-2000VPN User’s Manual...

  • Page 7: Chapter 1 Introduction

    IPSec VPN, and it will not be the difficult job to set up your own VPN environment. The IP-2000VPN does not only feature VPN function, it is also a router built-in with SPI and DoS firewall to protect internal device; with VPN and router’s feature, you can deploy AirLive IP-2000VPN in several environment such as SMB office, branch office, SOHO user and the home user.

  • Page 8: Features

    IPSec Authentication and Encryption. Support DES, 3DES, AES-128, 192, 256 bits Encryption, and MD5, SHA-1 Authentication. Microsoft VPN Gateway Support • The IP-2000VPN emulates a Microsoft PPTP VPN Server, allowing clients to use PPTP Server. the Microsoft VPN client provided in Windows. •...

  • Page 9: Advanced Internet Functions

    Shared Internet Access. All users on the LAN or WLAN can access the Internet through the IP-2000VPN, using only a single external IP Address. The local (invalid) IP Addresses are hidden from external sources. This process is called NAT (Network Address Translation).

  • Page 10: Lan Features

    LAN. • DHCP Server Support. Dynamic Host Configuration Protocol provides a dynamic IP address to PCs and other devices upon request. The IP-2000VPN can act as a DHCP Server for devices on your local LAN and WLAN. •...

  • Page 11: Installation Of The Router

    10BaseT and 100BaseTX connections can be used simultaneously. • If required, you can connect any LAN port to another Hub. Any LAN port on the IP-2000VPN will automatically function as an "Uplink" port when required. Just connect any LAN port to a normal port on the other hub, using a standard LAN cable.
  • Page 12 Power on the Broadband modem. • Connect the supplied power adapter to the IP-2000VPN and power up. Please note that you should use only the power adapter provided. Using a different one may cause hardware damage. 5. Check the LEDs •...

  • Page 13: Front Panel And Rear Panel

    PCs or devices connected to the DMZ port are isolated from the LAN. You can deploy one or more servers to be accessed by Internet users. Press this button to reset system settings to factory defaults. Reset AirLive IP-2000VPN User’s Manual...

  • Page 14: Packing List

    1.4 Packing List The following items should be included: • IP-2000VPN Internet VPN Router • Installation CD-ROM • Quick Installation Guide • AC Adapter When you open your package, make sure all of the above items are included and not damaged. If you see that any components are damaged, please notify your dealer immediately.

  • Page 15: Chapter 2 Deployment

    PCs on your local LAN may also require configuration. For details, see Appendix A - PC Configuration. Other configuration may also be required, depending on which features and functions of the IP-2000VPN you wish to use. Use the table below to locate detailed instructions for the required functions.

  • Page 16: Configuration Program

    • UPnP Configuration Program The IP-2000VPN contains an HTTP server. This enables you to connect to it, and configure it using your Web Browser. Your Browser must support JavaScript. The configuration program has been tested on the following browsers: •...

  • Page 17: Using Your Web Browser

    To establish a connection from your PC to the IP-2000VPN: 1. Start your WEB browser. 2. In the Address box, enter "http://" and the IP Address of the IP-2000VPN, as in this example, which uses the IP-2000VPN's default IP Address: http://192.168.1.1...

  • Page 18: Chapter 3 Configure Router

    Home Screen The first time you connect to the IP-2000VPN, you will see the Home screen shown below: • Use the menu bar on the top of the screen, and the "Back" button on your Browser, for navigation. • Changing to another screen without clicking "Save" does NOT save any changes you may have made.

  • Page 19: Setup Wizard

    User name and password. Address permanent IP Address IP Address, mask, gateway and DNS to you. address allocated to you. Some ISP's may also require you to use a particular Hostname, Domain name, or MAC (physical) address. AirLive IP-2000VPN User’s Manual...
  • Page 20 User name and password. • Static IP Your ISP allocates a permanent IP L2TP Server IP Address or Address Address to you. domain name • User name and password. • IP Address allocated to you. AirLive IP-2000VPN User’s Manual...
  • Page 21 User name and password. connect to you ISP. • Static IP Address Your ISP allocates a permanent Big Pond Server IP Address. • IP Address to you. User name and password. • IP Address allocated to you. AirLive IP-2000VPN User’s Manual...

  • Page 22: Singtel Ras

    SingTel RAS For this connection method, the following data is required: • User Name • Password • RAS Plan AirLive IP-2000VPN User’s Manual...
  • Page 23 However, some ISP's may require you to use connect to you ISP. a particular Hostname, Domain name, or MAC (physical) address. Static IP Address Your ISP allocates a IP Address, mask, gateway and DNS address permanent IP Address to you. allocated to you. AirLive IP-2000VPN User’s Manual...

  • Page 24: Lan

    Use the LAN link on the main menu to reach the LAN screen. An example screen is shown below. Data - LAN Screen TCP/IP IP address for the IP-2000VPN, as seen from the local LAN. Use the IP Address default value unless the address is already in use or your LAN is using a different IP address range.

  • Page 25: Using Another Dhcp Server

    You can only use one (1) DHCP Server per LAN segment. If you wish to use another DHCP Server, rather than the IP-2000VPN's, the following procedure is required. • Disable the DHCP Server feature in the IP-2000VPN. This setting is on the LAN screen. • Configure the DHCP Server to provide the IP-2000VPNs IP Address as the Default Gateway.
  • Page 26 Applications which use non-standard connections or port numbers may be blocked by the IP-2000VPN's built-in firewall. You can define such applications as Special Applications to allow them to function normally. Refer to Chapter 4 - Internet Features for further details.

  • Page 27: Chapter 4 Internet Features

    Dynamic DNS • Virtual Servers • Options WAN Port Configuration The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Internet menu. An example screen is shown below. AirLive IP-2000VPN User’s Manual...
  • Page 28 Also called Dynamic IP Address. This is the default, and the most IP Address is assigned common. automatically Leave this selected if your ISP allocates an IP Address to the IP-2000VPN upon connection. Also called Static IP Address. Select this if your ISP has allocated you a Specified fixed IP Address.
  • Page 29 "Auto-disconnect Idle Time-out". • Manual Connect/Disconnect You must manually establish and terminate the connection. • Keep alive (maintain connection) The connection will never be disconnected by this device. If AirLive IP-2000VPN User’s Manual...

  • Page 30: Advanced Internet

    After the connection to your ISP has been idle for this time period, the connection will be terminated. 4.2 Advanced Internet This screen allows configuration of all advanced features relating to Internet access. • Communication Applications • Special Applications • Multi-DMZ • URL Filter AirLive IP-2000VPN User’s Manual...

  • Page 31: Communication Applications

    If you use Internet applications with non-standard connections or port numbers, you may find that they do not function correctly because they are blocked by the IP-2000VPN's firewall. In this case, you can define the application as a "Special Application".

  • Page 32: Using A Special Application

    This feature, if enabled, allows one (1) or more computers on your LAN to be exposed to all users on the Internet. You can set a DMZ PC for each WAN IP address. If you only have 1 WAN IP addresses, only 1 DMZ PC can be used. AirLive IP-2000VPN User’s Manual...

  • Page 33: Url Filter

    The URL Filter can be Enabled or Disabled on the Advanced Internet screen URL Filter Screen Click the "Configure URL Filter" button on the Advanced Internet screen to access the URL Filter screen. An example screen is shown below. AirLive IP-2000VPN User’s Manual...

  • Page 34: Dynamic Dns

    3. Enter your DDNS data on the IP-2000VPN's DDNS screen (shown below). 4. The IP-2000VPN will then automatically ensure that your current IP Address is recorded and updated at the DDNS server. If the DDNS Service provides software to perform this "IP address update"; you should disable the "Update"...

  • Page 35: Dynamic Dns Screen

    DDNS Status • Normally, this message should be something like "Update successful" or "IP address updated". • If the message indicates some problem, you need to connect to the DDNS Service provider and correct this problem. AirLive IP-2000VPN User’s Manual...

  • Page 36: Virtual Server

    This address should be static, rather than dynamic, to make it easier for Internet users to connect to your Servers. However, you can use the DDNS (Dynamic DNS) feature to allow users to connect to your Virtual Servers using a URL, instead of an IP Address. AirLive IP-2000VPN User’s Manual...
  • Page 37 The Virtual Servers screen is reached by the Virtual Servers link on the Internet menu. An example screen is shown below. This screen lists a number of pre-defined Servers, providing a quick and convenient method to set up the common server types. AirLive IP-2000VPN User’s Manual...

  • Page 38: Defining Your Own Virtual Servers

    It is more convenient if you are using a Fixed IP Address from your ISP, rather than Dynamic. However, you can use the Dynamic DNS feature, described in the following section, to allow users to connect to your Virtual Servers using a URL, rather than an IP Address. AirLive IP-2000VPN User’s Manual...

  • Page 39: Options

    This device will still auto-negotiate with the remote server, to set the MTU size. The smaller of the 2 values (auto-negotiated, or entered here) will be used. • For direct connections (not PPPoE or PPTP), the MTU used is always 1500. AirLive IP-2000VPN User’s Manual...

  • Page 40: Chapter 5 Security

    Services 5.1 Admin Login The Admin Login screen allows you to assign a user name and password to the IP-2000VPN. 1. The default login name is "admin". Change this to the desired value. 2. The default password is airlive. Enter the desired password in the New Password and Verify Password fields.
  • Page 41 Enter the "User Name" and "Password" you set on the Admin Login screen above. AirLive IP-2000VPN User’s Manual...

  • Page 42: Access Control

    Restrictions are imposed by blocking "Services", or types of connections. All common Services are pre-defined. If required, you can also define your own Services. Access Control Screen To view this screen, select the Access Control link on the Security menu. AirLive IP-2000VPN User’s Manual...
  • Page 43 Click this to open a sub-window where you can view the "Access Control" log. View Log This log shows attempted Internet accesses which have been blocked by the Access Control feature. Click this to clear and restart the "Access Control" log, making new entries easier Clear Log to read. AirLive IP-2000VPN User’s Manual...

  • Page 44: Group Members Screen

    The IP Address of the PC or device whose access request was blocked Source IP address The hardware or physical address of the PC or device whose access request was MAC address blocked The destination URL or IP address Destination AirLive IP-2000VPN User’s Manual...

  • Page 45: Firewall Rule

    LAN => WAN only makes sense in combination with another rule. For example, the screen below shows a rule blocking all traffic to a MSN Game Server, followed by another rule allowing access by a specific PC. AirLive IP-2000VPN User’s Manual...
  • Page 46 Clicking the "System Rules" button will open a new window and display the default System Rules firewall rules currently applied by the system. These rules cannot be edited, but any rules you create will take precedence over the default rules. AirLive IP-2000VPN User’s Manual...
  • Page 47 Define Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below. AirLive IP-2000VPN User’s Manual...
  • Page 48 Service on the "Services" screen, by defining the protocols and port numbers used by the Service. Select the desired action for packets covered by this rule: Action This determines whether packets covered by this rule are logged. Select the desired option. AirLive IP-2000VPN User’s Manual...

  • Page 49: Logs

    Since only a limited amount of log data can be stored in the IP-2000VPN, log data can also be E-mailed to your PC or sent to a Syslog Server.
  • Page 50 Attempted access to blocked sites - This will only log Web connections which are blocked by the URL filter. • Websites and news groups - This logs successful (allowed) connections to Web Sites and newsgroup servers. AirLive IP-2000VPN User’s Manual...
  • Page 51 If enabled, log data will be sent to your Syslog Server. Enable Syslog Enter the IP address of your Syslog Server. Syslog Server Select the logs you wish to be included in the data sent to the Syslog Server. Include AirLive IP-2000VPN User’s Manual...

  • Page 52: E-Mail

    If the log is full before the time specified to send it, it will be sent regardless. Enter the E-mail address the Log is to be sent to. The E-mail will also show this E-mail address address as the Sender's address. AirLive IP-2000VPN User’s Manual...
  • Page 53 Enter the address or address or IP address of the SMTP (Simple Mail Transport SMTP Server Protocol) Server you use for outgoing E-mail. Enter the port number used to connect to the SMTP Server. The default value is Port No. AirLive IP-2000VPN User’s Manual...

  • Page 54: Security Options

    While the optimum number of "half-open" connections allowed (the "Threshold") depends on many factors, the most important factor is the available bandwidth of your Internet connection. • Select the setting to match the bandwidth of your Internet connection. AirLive IP-2000VPN User’s Manual...
  • Page 55 Respond to network monitoring and diagnostic programs. ICMP (ping) • If checked, the IP-2000VPN will respond to ICMP packets received from the Internet. • If not checked, ICMP packets from the Internet will be ignored. Disabling this option provides a slight increase in security.

  • Page 56: Scheduling

    Two (2) separate sessions or periods can be defined. Session 2 can be left blank if Session 1 not required. Session 2 Enter the start using a 24 hr clock. Start Time Enter the finish time using a 24 hr clock. Finish Time AirLive IP-2000VPN User’s Manual...

  • Page 57: Services

    Finish Port end of range of port numbers. This can be left blank if not required. If the "Type" (above) is ICMP, enter the ICMP type here. Otherwise, this field ICMP Type should be left blank. AirLive IP-2000VPN User’s Manual...

  • Page 58: Chapter 6 Ipsec Vpn

    In this situation, the PC must run appropriate VPN client software in order to connect, via the Internet, to the IP-2000VPN. Once connected, the client PC has the same access to LAN resources as PCs on the local LAN (unless restricted by the network administrator).
  • Page 59 The VPN Policies at each end determine when a VPN tunnel will be established, and what systems on the remote LAN can be accessed once the VPN connection is established. • It is possible to have simultaneous VPN connections to many remote sites. AirLive IP-2000VPN User’s Manual...

  • Page 60: Vpn Configuration

    6.2 VPN Configuration This section covers the configuration required on the IP-2000VPN when using Manual Key Exchange (Manual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu. This screen lists all existing VPN policies. If no policies exist, the list will be empty.
  • Page 61 Clicking the "View Log" button will open a new window and display the VPN log. View Log Adding a New Policy 1. To create a new VPN Policy, click the Add New Policy button on the VPN Policies screen. This will start the VPN Wizard, as shown below. AirLive IP-2000VPN User’s Manual...
  • Page 62 Domain Name. Select this if the remote endpoint has a Domain Name associated with it. If selected, enter the Domain Name of the remote endpoint. Select Manually assigned or IKE (Internet Key Exchange) as required. Keys If you are setting up both endpoints, using IKE is recommended. AirLive IP-2000VPN User’s Manual...
  • Page 63 Subnet address - enter the desired IP address in the "Start IP address" field, and the network mask in the "Subnet Mask" field. The remote VPN must have these IP addresses entered as its "Remote" addresses. AirLive IP-2000VPN User’s Manual...
  • Page 64 3. Click Next to continue. The screen you will see depends on whether you previously selected "Manual Key Exchange" or "IKE". Manual Key Exchange These settings must match the remote VPN. You cannot use both AH and ESP at the same time. AirLive IP-2000VPN User’s Manual...
  • Page 65 Keys can be in ASCII or Hex (0 ~ 9 and A ~ F) • For MD5, the keys should be 32 hex/16 ASCII characters. • For SHA-1, the keys should be 40 hex/20 ASCII characters. AirLive IP-2000VPN User’s Manual...
  • Page 66 On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard. IKE Phase 1 If you selected IKE, the following screen is displayed after the Traffic Selector screen. This screen sets the parameters for the IKE SA. AirLive IP-2000VPN User’s Manual...
  • Page 67 Select the desired option, and ensure the remote VPN endpoint uses the same IKE Exchange mode. Mode • Main Mode provides identity protection for the hosts initiating the IPSec session, but takes slightly longer to complete. • Aggressive Mode provides no identity protection, but is quicker. AirLive IP-2000VPN User’s Manual...
  • Page 68 VPN side’s device. Click Next to see the following IKE Phase 2 screen. IKE Phase 2 This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for IKE and IPSec. AirLive IP-2000VPN User’s Manual...
  • Page 69 Just ensure each endpoint with same setting. Authentication For IKE, configuration is now complete. Click "Next" to view the final screen. On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard. AirLive IP-2000VPN User’s Manual...

  • Page 70: Certificates

    Use this button to delete a Trusted Certificate. Select the checkbox in the Delete Delete button column for any Certificates you wish to delete, and then click the "Delete" button. Use this to add a new Trusted Certificate to the table. See below for details. Add Trusted Certificate button AirLive IP-2000VPN User’s Manual...

  • Page 71: Self Certificates

    Requesting a Trusted Certificate 1. After obtaining a new Certificate from the CA, you need to upload it to the IP-2000VPN. 2. On the "Certificates" screen, click the "Add Trusted Certificate" button to view the Add Trusted Certificate screen, shown below.
  • Page 72 Button Requesting a Self Certificate The IP-2000VPN must generate a request for the CA. This request must then be supplied to the CA. The procedure is as follows: 1. On the Self Certificates screen, click the New Request button to view the first screen of the Self Certificate Request procedure, shown below.
  • Page 73 Enter your public (Internet) IP address. IP address This is optional. If you have a domain name, enter it here. Domain Name This is optional. If you have permanent E-mail address, enter it here. E-mail Address AirLive IP-2000VPN User’s Manual...
  • Page 74 Submit the CA's form. • If there are no problems, the Certificate will then be issued. 8. After obtaining a new Certificate, as described above, you need to upload it the IP-2000VPN. • Return to the Self Certificates screen. •...
  • Page 75 Select the file. The name will appear in the Certificate File field. • Click the Upload button to upload the certificate file to the IP-2000VPN. • Click Back to return to the Self Certificates screen. The new Certificate will appear in the Active Self Certificates list 1.

  • Page 76: Clrs

    Select the file. The name will appear in the "File to Upload" field. • Click "Upload" to upload the CRL file to the IP-2000VPN. • Click "Back" to return to the CRL list. The new CRL will appear in the list.

  • Page 77: Status

    Measures the quantity of data which has been received via this SA. Data Rx Buttons Update the data shown on screen. Refresh Open a new window and view the contents of the VPN log. View Log AirLive IP-2000VPN User’s Manual...

  • Page 78: Chapter 7 Microsoft Vpn (Pptp)

    Status 7.1 PPTP Server The IP-2000VPN incorporates a PPTP (Peer-to-Peer Tunneling Protocol) server which is compatible with the "VPN Adapter" provided with recent versions of Microsoft Windows. Remote Windows clients are able to connect to this Server. Once connected, they can access the LAN as if they connected locally.

  • Page 79: Client Database

    To login to the PPTP Server (above) using the Microsoft Windows VPN Adapter, remote users must be entered in the VPN client database. The Client setup screen is accessed by selecting the Client option on the Microsoft VPN menu. AirLive IP-2000VPN User’s Manual...
  • Page 80 1. Select the desired user in the Existing Users list. Their information will be displayed in the Properties panel. 2. Change the data in the Properties panel as required. 3. Click the Update Selected User button to save your changes. AirLive IP-2000VPN User’s Manual...

  • Page 81: Status Screen

    This indicates the number of remote clients currently logged into the PPTP (VPN) Current Server. Connections Server Log This displays details of each connection or connection attempt. Server Log You can use the Clear Log button to re-start the log, making new messages easier to read. AirLive IP-2000VPN User’s Manual...

  • Page 82: Windows Pptp Clients Setup

    7.2 Windows PPTP Clients Setup To connect to the PPTP (VPN) Server in the IP-2000VPN: • The Microsoft VPN feature in the IP-2000VPN must be enabled and configured, as described in the previous section. • Each user must have a login (username and password) on the VPN client database on the IP-2000VPN.
  • Page 83 2. Select Start - Settings - Dial-up Networking. 3. Double-click the new VPN entry in Dial-up Networking. 4. Enter your User name and Password, as recorded in the Client database on the IP-2000VPN. 5. Click the "Connect" button. AirLive IP-2000VPN User’s Manual...

  • Page 84: Windows 2000

    Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and start the "New Connection" Wizard. 2. Select the VPN option ("Connect to a private network through the Internet"), as shown above, and click Next. AirLive IP-2000VPN User’s Manual...
  • Page 85 If using a PPPoE software client, select "Automatically dial this initial connection" and select the PPPoE connection. • Click Next to continue. 4. On the screen above, enter the Domain Name or Internet IP address of the IP-2000VPN you wish to connect to. Click Next to continue. AirLive IP-2000VPN User’s Manual...
  • Page 86 3. You can choose to have Windows remember the password if desired, so you do not have to enter it again. Changing the connection settings The PPTP (VPN) Server in the IP-2000VPN is designed to work with the default Windows settings. •...
  • Page 87 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network Connections), and start the New Connection Wizard. 2. Select the option "Connect to the network at my workplace", as shown above, and click Next. AirLive IP-2000VPN User’s Manual...
  • Page 88 3. On the next screen, shown above, select the "Virtual Private Network connection" option. Click Next to continue. 4. Enter a suitable name for this connection. Click Next to continue. AirLive IP-2000VPN User’s Manual...
  • Page 89 5. On the screen above, select "Do not dial the initial connection". Click Next to continue. 6. On the screen above, enter the Domain Name or Internet IP address of the IP-2000VPN you wish to connect to. Click Next to continue.
  • Page 90 3. You can choose to have Windows remember the password if desired, so you do not have to enter it again. Changing the connection settings The PPTP (VPN) Server in the IP-2000VPN is designed to work with the default Windows settings. •...

  • Page 91: Windows Vista

    Ensure you have logged on with Administrator rights before attempting this procedure. 1. Select Control Panel Network and Sharing Center, click “Set up a connection or network”. 2. Select “Connect to a workplace”, and press “Next”. AirLive IP-2000VPN User’s Manual...
  • Page 92 4. If PC was configured to dial up ISP with PPPoE or else, system will ask user to verify the connection which Internet connection will be used to connect. Select the specific one and press “Next”. AirLive IP-2000VPN User’s Manual...
  • Page 93 5. User should fill in the PPTP server IP address in the screen “Type the Internet address to connect to”. 6. Type in the user name and password of PPTP client, and then press “Connect” to connect with PPTP server. AirLive IP-2000VPN User’s Manual...
  • Page 94 7. If PPTP client connect successfully to PPTP server, user can see the following screen. 8. Ping the IP-2000VPN LAN IP address (192.168.1.1) and the IP address (192.168.1.2) of PC connected to IP-2000VPN, to verify the PPTP connection. The result is fine.

  • Page 95: Chapter 8 Vpn Example

    This section describes some examples of using the IP-2000VPN in common VPN situations. It is used to create IPSec VPN tunnel between two offices’ sites, and encrypted the data for the access. When the VPN tunnel is created, each user in the office can access another office’s data via VPN tunnel, so no more VPN must be created by individual user.

  • Page 96: Office-To-Office Ipsec Vpn - Connecting To 2 Ip-2000Vpn

    8.1 Office-to-office IPSec VPN – Connecting to 2 IP-2000VPN In this example, 2 IP-2000VPN will connect VPN with each other and gains access to the both LANs. Environment: IPSec Site A IPSec Site B 60.250.158.64 203.10.66.89 WAN IP address 192.168.1.x 192.168.0.x...
  • Page 97 Local IP addresses Address 255.255.255.0 Subnet 192.168.0.0 / Address range on other endpoint. Remote IP Address 255.255.255.0 Use a more restrictive definition if possible. addresses Step 2: IPSec VPN Site A – Authentication and Encryption AirLive IP-2 000VPN User’s Manual...
  • Page 98 Shorter period will be used. IKE SA Life time Enable 192.168.0.1 Used to set the LAN IP address of IKE Keep Alive IP-2000VPN at Site B. Disable Must match with Site B IKE PFS IPSec SA Parameters Shorter period will be used.
  • Page 99 Subnet Address 192.168.0.0 / Use a more restrictive definition if Local IP addresses 255.255.255.0 possible. Subnet Address 192.168.1.0 / Address range on other endpoint. Remote IP 255.255.255.0 Use a more restrictive definition if addresses possible. AirLive IP-2000VPN User’s Manual...
  • Page 100 ID method. Remote WAN IP System will detect the IP address and fill Remote Identify Address in the form automatically. It is the most common ID method. Pre-shared Key 12345678 Certificates are not widely used. IKE Authentication AirLive IP-2000VPN User’s Manual...
  • Page 101 Shorter period will be used. IKE SA Life time Enable 192.168.1.1 Used to set the LAN IP address of IKE Keep Alive IP-2000VPN at Site A. Disable Must match with Site A IKE PFS IPSec SA Parameters Shorter period will be used.

  • Page 102: Office-To-Office Ipsec Vpn - Connecting Ip-2000Vpn And Rs-1200

    8.2 Office-to-office IPSec VPN – Connecting IP-2000VPN and RS-1200 In this example, IP-2000VPN will connect VPN with RS-1200, and gains access to the both LAN. Environment: IP-2000VPN RS-1200 Airlive98.dyndns.org 60.250.158.64 WAN IP address 192.168.1.x 192.168.100.x LAN IP Subnet 12345678 12345678...
  • Page 103 Local IP addresses 255.255.255.0 more restrictive definition if possible. Subnet Address 192.168.100.0 / Address range on other endpoint. Remote IP 255.255.255.0 Use a more restrictive definition if addresses possible. Step 2: IP-2000VPN –Authentication and Encryption AirLive IP-2 000VPN User’s Manual...
  • Page 104 AH Authentication Enable Must match with RS-1200. ESP Authentication Enable 3DES Must match with RS-1200. ESP Encryption Step 3: RS-1200 Network Configuration 1. Define WAN port IP with PPPoE, and obtain the IP address from ISP. AirLive IP-2000VPN User’s Manual...
  • Page 105 3. Select Remote Gateway-Fixed IP or Domain Name in To Destination list and enter the IP Address. 4. Select Preshare in Authentication Method and enter the Preshared Key. 5. Both sides have to choose the same group. Here we select 3DES for ENC Algorithm, MD5 for AUTH Algorithm and GROUP2 for Group. AirLive IP-2000VPN User’s Manual...
  • Page 106 • To Destination Subnet / Mask: Enter 192.168.1.0 / 255.255.255.0. • IPSec / PPTP Setting: Select To_IP2KVPN • Enter 192.168.1.1 (the Default Gateway IP of IP-2000VPN) as the Keep alive IP. • Select Show remote Network Neighborhood. • Click OK.
  • Page 107 Step 6: Configure RS-1200 Outgoing and Incoming Policy 1. Enter the following setting in Outgoing Policy. • Tunnel: Select To_IP2K_Tunnel • Click OK. 2. Enter the following setting in Incoming Policy. • Tunnel: Select To_IP2K_Tunnel. • Click OK. AirLive IP-2000VPN User’s Manual...

  • Page 108: Getting Into Office Network From Internet (Pptp) - Windows Xp Pptp Client

    8.3 Getting into Office Network from Internet (PPTP) – Windows XP PPTP Client In this example, a Windows XP client connects to the IP-2000VPN and gains access to the local LAN. Environment: IP-2000VPN PC with PPTP VPN Software 60.250.158.65 WAN IP address 192.168.1.x...
  • Page 109 3. Click “Add as New User” button to update the account into “Existing Users” list. 4. Complete to set up PPTP VPN of IP-2000VPN. The IP address of IP-2000VPN PPTP Server is exact the same with its WAN IP address. AirLive IP-2000VPN User’s Manual...
  • Page 110 Wizard. 2. Select the option "Connect to the network at my workplace", as shown above, and click Next. 3. On the next screen, shown above, select the "Virtual Private Network connection" option. Click Next to continue. AirLive IP-2000VPN User’s Manual...
  • Page 111 4. Enter a suitable name for this connection. Click Next to continue. 5. On the screen above, select "Do not dial the initial connection". Click Next to continue. AirLive IP-2000VPN User’s Manual...
  • Page 112 6. On the screen above, enter the Domain Name or Internet IP address of the IP-2000VPN you wish to connect to. Click Next to continue. 7. Choose whether to allow this connection for everyone, or only for yourself, as required.
  • Page 113 Step 4: Connect Windows XP PPTP client to IP-2000VPN 1. When user finishes Windows XP PPTP client configuration, it will pop up a login windows for user’s access. 2. Enter the user name and password, for example user name with jacky and password with 1234, tick the selection “Save this user name and password for the following users”...
  • Page 114 5. User can run the Command Prompt in PPTP client’s PC to check the current status of PC’s IP address, and he will find two IP addresses are registered at client’s PC. 6. Try to ping IP-2000VPN LAN IP address (192.168.1.1) and obtain the response. AirLive IP-2000VPN User’s Manual...
  • Page 115 7. Try to connect the resource PC (192.168.1.4) and search for the shared folder. 8. When you find out the shared folder, PPTP client can access the resource as well. AirLive IP-2000VPN User’s Manual...

  • Page 116: Getting Into Office Network From Internet (Ipsec) - Windows Xp Ipsec Client

    8.4 Getting into Office Network from Internet (IPSec) – Windows XP IPSec Client In this example, a Windows 2000/XP client connects to the IP-2000VPN and gains access to the local LAN. To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
  • Page 117 Step 1: IP-2000VPN – Network Configuration Setting Type Value Notes To_XP Name does not affect operation. Name Select a meaningful name. Enable Enable Policy Enable Enable to allow NetBIOS passing Allow NetBIOS through VPN tunnel traffic Fixed IP 220.139.238.157 Other endpoint's WAN (Internet) IP Remote Endpoint address.
  • Page 118 Step 2: IP-2000VPN –Authentication and Encryption Setting Type Value Notes Both Directions Using "Responder only" is not possible. IKE Direction WAN IP Address System will detect the IP address and fill Local Identify in the form automatically. It is the most common ID method.
  • Page 119 Step 3: Windows XP IPSec Client Configuration 1. Select Start - Settings – Control Panel- Administrative Tools - Local Security Policy. 2. Right click IP Security Policy on Local Machine and select Create IP Security Policy. AirLive IP-2000VPN User’s Manual...
  • Page 120 3. Click "Next", and then enter a policy name, for example "2KVPN To XP", then click "Next". 4. Step through the Wizard: • Deselect Activate the default response rule. Click "Next". • Leave Edit Properties checked. Click "Finish". 5. The following "Properties - Rules" screen will be displayed. AirLive IP-2000VPN User’s Manual...
  • Page 121 6. Deselect the "Use Add Wizard" checkbox, and then click "Add" to view the screen below. 7. Click “Add” and type "To 2KVPN" for the name. 8. Deselect “Use Add Wizard” and then to click "Add" to enter the “Filter Properties” setting. AirLive IP-2000VPN User’s Manual...
  • Page 122 Since this is the outgoing filter, the Source IP address is "My IP address" and the Destination IP address is the address range used on the remote LAN. • Ensure the Mirrored option is checked, and click “OK” to save the setting. 10. Click "OK" to save your settings and close this dialog. AirLive IP-2000VPN User’s Manual...
  • Page 123 11. On the resulting screen (above), ensure the "To 2KVPN" filter is selected, then click the Filter Action tab to see a screen like the following 12. Select Require Security, then click the "Edit" button, to view the Require Security Properties screen, and select Negotiate Security (this selects IKE), then click "Add". AirLive IP-2000VPN User’s Manual...
  • Page 124 13. On the resulting screen (above), select Encryption and Integrity then click "OK" to save your changes and return to the Require Security Properties screen. AirLive IP-2000VPN User’s Manual...
  • Page 125 ESP authentication: Enable/SHA-1 ESP Integrity: SHA1 15. Click the Tunnel Setting tab, and then select The tunnel endpoint is specified by this IP address. Enter the WAN (Internet) IP address of the IP-2000VPN, as shown below. AirLive IP-2000VPN User’s Manual...
  • Page 126 16. Click the Authentication Methods tab. 17. Click the "Edit" and select Use this string (preshared key), then enter your preshared key in the field provided. AirLive IP-2000VPN User’s Manual...
  • Page 127 19. Click "Close" to return to the 2KVPN To XP properties screen. The "To 2KVPN" filter should now be listed, as shown below. 20. To add the second (incoming) rule, click "Add" to create a new rule. AirLive IP-2000VPN User’s Manual...
  • Page 128 Since this is the incoming filter, the Source IP address is the address range used on the remote LAN and the Destination IP address is "My IP address". • Ensure the Mirrored option is checked, and click “OK” to save the setting. AirLive IP-2000VPN User’s Manual...
  • Page 129 23. Click "OK" to save the setting. 24. Ensure the "To Win2K" filter is selected, and then click the Filter Action tab. AirLive IP-2000VPN User’s Manual...
  • Page 130 25. Select Require Security, then click "Edit". Check the Negotiate Security is selected. 26. Click "OK" to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (220.139.238.157 in this example). AirLive IP-2000VPN User’s Manual...
  • Page 131 28. Select the Authentication Methods tab, and click the "Edit" button. 29. Select Use this string (preshared key), then enter your preshared key in the field provided. AirLive IP-2000VPN User’s Manual...
  • Page 132 30. Click "OK" to save your settings, then "Close" to return to the 2KVPN to XP Properties screen. There should now be 2 IP Filers listed, as shown below. 31. Select the General tab. AirLive IP-2000VPN User’s Manual...
  • Page 133 34. Move up the fourth rule to the top, in order to define "MD5" for Integrity Algorithm, "DES" for Encryption algorithm, and "Low(1)" for the Diffie-Hellman Group. 35. Click "OK" to save, then "OK" again, and then "Close" to return to the Local Security Settings screen. AirLive IP-2000VPN User’s Manual...
  • Page 134 36. Right click the 2KVPN to XP Policy and select "Assign" to make your policy active. 37. Configuration is now complete. AirLive IP-2000VPN User’s Manual...

  • Page 135: Chapter 9 Status

    This IP Address is allocated by the ISP (Internet Service Provider). Internet IP Address Click this button to open a sub-window and view a detailed description of the "Connection current connection. Depending on the type of connection, a "log" may also be Details" Button available. AirLive IP-2000VPN User’s Manual...
  • Page 136 PC Database option on the Other menu. System This displays the current name of the IP-2000VPN. Device Name The current version of the firmware installed in the IP-2000VPN. Firmware Version Clicking this button will open a Window which lists all system details and "System Data"...

  • Page 137: Connection Status - Pppoe

    The Connection Log shows status messages relating to the existing Connection Log connection. • The most common messages are listed in the table below. • The "Clear Log" button will restart the Log, while the Refresh button will AirLive IP-2000VPN User’s Manual...

  • Page 138: Connection Log Messages

    The data received from the ISP's Server could not be processed. This could Error: Invalid or be caused by data corruption (from a bad link), or the Server using a protocol unknown packet type which is not supported by this device. AirLive IP-2000VPN User’s Manual...

  • Page 139: Connection Status - Pptp

    The Connection Log shows status messages relating to existing connection. Connection Log • The "Clear Log" button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons If not connected, establish a connection to your ISP. Connect AirLive IP-2000VPN User’s Manual...
  • Page 140 If connected to your ISP, hang up the connection. Disconnect Delete all data currently in the Log. This will make it easier to read new messages. Clear Log Update the data on screen. Refresh AirLive IP-2000VPN User’s Manual...

  • Page 141: Connection Status - Telstra Big Pond

    The Connection Log shows status messages relating to the existing Connection Log connection. • The Clear Log button will restart the Log, while the Refresh button will update the messages shown on screen. Buttons If not connected, establish a connection to Telstra Big Pond. Connect AirLive IP-2000VPN User’s Manual...
  • Page 142 If connected to Telstra Big Pond, terminate the connection. Disconnect Delete all data currently in the Log. This will make it easier to read new Clear Log messages. Update the data on screen. Refresh AirLive IP-2000VPN User’s Manual...

  • Page 143: Connection Status - Singtel Ras

    DHCP Server will expire. The lease is automatically renewed on expiry; use the "Renew" button if you wish to manually renew the lease immediately. Buttons This button is only useful if the IP address shown above is allocated Release/Renew AirLive IP-2000VPN User’s Manual...
  • Page 144 IP Address from the ISP's DHCP Server. • If an IP Address has been allocated to the IP-2000VPN (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connection and release the IP Address.

  • Page 145: Connection Status - Fixed/Dynamic Ip Address

    This button is only useful if the IP address shown above is allocated Release/Renew automatically on connection. (Dynamic IP address). If you have a Fixed (Static) Button will display IP address, this button has no effect. EITHER "Release" AirLive IP-2000VPN User’s Manual...
  • Page 146 IP Address from the ISP's DHCP Server. • If an IP Address has been allocated to the IP-2000VPN (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connection and release the IP Address.

  • Page 147: Connection Status - L2Tp

    Connection Log • The Connection Log shows status messages relating to the existing Connection Log connection. • The "Clear Log" button will restart the Log, while the Refresh button will update the messages shown on screen. AirLive IP-2000VPN User’s Manual...
  • Page 148 If not connected, establish a connection to your ISP. Connect If connected to your ISP, hang up the connection. Disconnect Delete all data currently in the Log. This will make it easier to read new messages. Clear Log Update the data on screen. Refresh AirLive IP-2000VPN User’s Manual...

  • Page 149: Chapter 10 Other Features & Settings

    IP-2000VPN. 10.1 Config file This feature allows you to backup (download) the current settings from the IP-2000VPN, and save them to a file on your PC. You can restore a previously-downloaded configuration file to the IP-2000VPN, by uploading it to the IP-2000VPN.
  • Page 150 WARNING ! ! Uploading a configuration file will destroy (overwrite) ALL of the existing settings. Clicking the Factory-e Defaults button will reset the IP-2000VPN to its factory Default Config default settings. WARNING ! ! This will delete ALL of the existing settings.

  • Page 151: Network Diagnostics

    Note that if the address in on the Internet and no connection currently exists, you could get a "Timeout" error. In that case, wait a few seconds and try again. After entering the Domain name/URL, click this button to start the "DNS Lookup" Lookup Button procedure. AirLive IP-2000VPN User’s Manual...

  • Page 152: Pc Database

    By default, non-Server versions of Windows act as "DHCP Clients"; this setting is called "Obtain an IP Address automatically". • The IP-2000VPN uses the "Hardware Address" to identify each PC, not the name or IP address. The "Hardware Address" can only change if you change the PC's network card or adapter. •...
  • Page 153 View the Advanced version of the PC database screen. See below for details. Advanced Administration PC Database (Admin) This screen is displayed if the "Advanced Administration" button on the PC Database is clicked. It provides more control than the standard PC Database screen. AirLive IP-2000VPN User’s Manual...
  • Page 154 • DCHP Client - Reserved IP Address - Select this if the PC is set to be a DCHP client, and you wish to guarantee that the IP-2000VPN will always allocate the same IP Address to this PC. Enter the required IP address. Only the last field is required; the other fields must match the IP-2000VPN's IP address.

  • Page 155: Remote Administration

    4. You should then be prompted for the password for this device. (You must assign a password!) Settings Check this to allow administration/management via the Internet. (To connect, see Enable above). If Disabled, this device will ignore management connection attempts from the Internet. AirLive IP-2000VPN User’s Manual...
  • Page 156 1. Ensure your Internet connection is established, and start your Web Browser. 2. In the Address bar, enter "https://" followed by the Internet IP Address of the IP-2000VPN. If the port number is not 80, the port number is also required. (After the IP Address, enter “:” followed by the port number).

  • Page 157: Routing

    LAN has other Routers. • If your LAN has a standard Router (e.g. Cisco) on your LAN, and the IP-2000VPN is to act as a Gateway for all LAN segments, enable RIP (Routing Information Protocol) and ignore the Static Routing table.
  • Page 158 Data – Routing Screen Select the RIP (Routing Information Protocol) type based on the request and save the setting to enable it. The IP-2000VPN supports RIP 1, RIP 2B, and RIP 2M. Static Routing This list shows all entries in the Routing Table.
  • Page 159 Configure others Router on your LAN It is essential that all IP packets for devices not on the local LAN be passed to the IP-2000VPN, so that they can be forwarded to the external LAN, WAN, or Internet. To achieve this, the local LAN must be configured to use the IP-2000VPN as the Default Route or Default Gateway.
  • Page 160 Other Routers on the Local LAN Other routers on the local LAN must use the IP-2000VPN's Local Router as the Default Route. The entries will be the same as the IP-2000VPN's local router, with the exception of the Gateway IP Address.

  • Page 161: Upgrade Firmware

    2. Select the upgrade file. Its name will appear in the Upgrade File field. 3. Click the "Start Upgrade" button to commence the firmware upgrade. The IP-2000VPN is unavailable during the upgrade process, and must restart when the upgrade is completed. Any connections to or through the IP-2000VPN will be lost.

  • Page 162: Upnp

    If Disabled, UPnP users can NOT disable Internet access via this device. But access to be currently, this restriction only applies to users running Windows XP, who disabled access the Properties via UPnP. (e.g. Right - click the IP-2000VPN in My Network Places, and select Properties) AirLive IP-2000VPN User’s Manual...

  • Page 163: Appendix A Pc Configuration

    This section describes how to configure Windows clients for Internet access via the IP-2000VPN. The first step is to check the PC's TCP/IP settings. The IP-2000VPN uses the TCP/IP network protocol for all functions, so it is essential that the TCP/IP protocol be installed and configured on each PC.
  • Page 164 To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting, and it is recommended to use it. By default, the IP-2000VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the IP-2000VPN.
  • Page 165 Checking TCP/IP Settings- Windows NT4.0 1. Select Control Panel - Network, and, on the Protocols tab, select the TCP/IP protocol, as shown below. 2. Click the Properties button to see a screen like the one below. AirLive IP-2000VPN User’s Manual...
  • Page 166 Address, as explained below. Obtain an IP address from a DHCP Server This is the default Windows setting, and it is recommended to use it. By default, the IP-2000VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the IP-2000VPN.
  • Page 167 6. The DNS should be set to the address provided by your ISP, as follows: • Click the DNS tab. • On the DNS screen, shown below, click the Add button (under DNS Service Search Order), and enter the DNS provided by your ISP. AirLive IP-2000VPN User’s Manual...
  • Page 168 2. Right click the Local Area Connection icon and select Properties. 3. Select the TCP/IP protocol for your network card. 4. Click on the Properties button. You should then see a screen like the following. 5. Ensure your TCP/IP settings are correct, as described below. AirLive IP-2000VPN User’s Manual...
  • Page 169 To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting, and it is recommended to use it. By default, the IP-2000VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the IP-2000VPN.

  • Page 170: Macintosh Clients

    To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting, and it is recommended to use it. By default, the IP-2000VPN will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the IP-2000VPN.

  • Page 171: Linux Clients

    Ensure your DNS settings are correct. Linux Clients To access the Internet via the IP-2000VPN, it is only necessary to set the IP-2000VPN as the "Gateway". Ensure you are logged in as "root" before attempting any changes. Fixed IP Address By default, most Unix installations use a fixed IP Address.

  • Page 172: Appendix B Vpn Overview

    A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet. This secure connection is called a VPN Tunnel. There are many standards and protocols for VPNs. The standard implemented in the IP-2000VPN is IPSec. IPSec IPSec is a near-ubiquitous VPN security standard, designed for use with TCP/IP networks.
  • Page 173 Proposal" have the same meaning. However, some vendors separate IKE Policies (Phase 1 parameters) from IPSec Policies (Phase 2 parameters). For the IP-2000VPN, each VPN policy contains both Phase 1 and Phase 2 parameters (if IKE is used). Each policy defines: •...
  • Page 174 The IPSec parameters at each endpoint must match. IPSec parameters AirLive IP-2000VPN User’s Manual...

  • Page 175: Appendix C Troubleshooting

    This chapter covers some common problems that may be encountered while using the IP-2000VPN and some possible solutions to them. If you follow the suggested steps and the IP-2000VPN still does not function properly, contact your dealer for further advice.
  • Page 176 Problem 2: Some applications do not run properly when using the IP-2000VPN. The IP-2000VPN processes the data passing through it, so it is not transparent. Solution 2: Use the Special Applications feature to allow the use of Internet applications which do not function correctly.

  • Page 177: Appendix D Specifications

    -10° C to 70° C Network Protocol: TCP/IP Network Interface: 5 Ethernet: 3 * 10/100BaseT (RJ45) LAN connection 1 * 10/100BaseT (RJ45) DMZ connection 1 * 10/100BaseT (RJ45) for WAN LEDs Power Adapter 12 V DC External AirLive IP-2000VPN User’s Manual...

Table of Contents