Icom SR-VPN1 Instruction Manual
  1. Manuals
  2. Brands
  3. Icom Manuals
  4. Network Router
  5. SR-VPN1
  6. Instruction manual
Icom SR-VPN1 Instruction Manual

Icom SR-VPN1 Instruction Manual

Vpn router
Hide thumbs Also See for SR-VPN1:
Table of Contents

Advertisement

Quick Links

Download this manual
INSTRUCTION MANUAL
VPN ROUTER
INTRODUCTION
SR-VPN1
1 BEFORE USING THE SR-VPN1
2 ABOUT THE INTERNET CONNECTION
3 IPsec Wizard
4 OTHER BASIC FUNCTIONS
5 ABOUT THE SETTING SCREEN
6 MAINTENANCE
7 FOR YOUR INFORMATION

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SR-VPN1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Icom SR-VPN1

Summary of Contents for Icom SR-VPN1

  • Page 1 INSTRUCTION MANUAL VPN ROUTER INTRODUCTION SR-VPN1 1 BEFORE USING THE SR-VPN1 2 ABOUT THE INTERNET CONNECTION 3 IPsec Wizard 4 OTHER BASIC FUNCTIONS 5 ABOUT THE SETTING SCREEN 6 MAINTENANCE 7 FOR YOUR INFORMATION...
  • Page 2 Adobe and Reader are registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Icom, Icom Inc. and the Icom logo are registered trademarks of Icom Incorporated (Japan) in Japan, the United States, the United Kingdom, Germany, France, Spain, Russia and/or other countries.
  • Page 3 - When the same network address is assigned to the WAN1 (Main line) and WAN2 (Sub line), this function doesn’t properly work. - Icom is not responsible for any result of using this function. • Supports SNMP. • Access restriction with the IP Filter function.

  • Page 4: Default Values

    INTRODUCTION DEFAULT VALUES (As of February 2013) Network Settings IP Address IP Address IP Address 192.168.0.1 Subnet Mask 255.255.255.0 DHCP Server DHCP Server DHCP Server Enable Router Settings WAN1/WAN2 Connection Type Connection Type None WAN Failover WAN Failover WAN1 Failure Detection Disable Management Administrator...
  • Page 5 INTRODUCTION SETTING PROCEDURE Set up the SR-VPN1 following the procedure below. Step.1 Connect to a PC and turn ON the power CONNECTION GUIDE (Separated) Step.2 Access the setting screen CONNECTION GUIDE (Separated)/Section 1 Step.3 Configure the network connection Section 2 Step.4...
  • Page 6 • When cloning the SR-VPN1s settings using a USB flash drive, you need to create folders whose names are each SR- VPN1’s LAN MAC address. (☞P6-11) • When your ISP requires you to register the MAC address. SR-VPN1 LAN MAC address 0090C7...

  • Page 7: Table Of Contents

    Section BEFORE USING THE SR-VPN1 1. Panel description ………………………………………………………………………………………………………………………… 1-2 M Front panel …………………………………………………………………………………………………………………………… 1-2 M Rear panel …………………………………………………………………………………………………………………………… 1-4 2. Feature description ……………………………………………………………………………………………………………………… 1-5 M About the Routing function ………………………………………………………………………………………………………… 1-5 M About the VPN function……………………………………………………………………………………………………………… 1-6...

  • Page 8: Panel Description

    Doesn’t light: Power is OFF Lights green: Power is ON Lights orange: An error has occurred or the SR-VPN1 is booting. Blinks orange: Initialization is in progress. (Green and Orange LEDs alternately light.) Firmware update is in progress. e [MSG] ………………………...
  • Page 9 • A USB flash drive such as one with biometric authentication, or one with password protection is not supported. • Turn OFF the SR-VPN1's power before inser ting or removing the USB flash drive, to prevent data corruption. • Either one of the USB slots accepts the USB flash drive, but insert only one USB flash drive at a time.

  • Page 10: M Rear Panel

    BEFORE USING THE SR-VPN1 1. Panel description (continued) M Rear panel q [CONSOLE] port ………… Connect an RS-232C serial communication interface to externally configure (RJ-11 type) the SR-VPN1. (Optional OPC-1402 is required.) w [LAN] ports ……………… Connect the network devices such as a HUB.

  • Page 11: Feature Description

    SR-VPN1 NOTE If a private WAN IP address is assigned to the SR-VPN1*, you need to use a modem which has the IPsec Pass Through function, or use the NAT Traversal function (+P5-64). *Example; When using a router which doesn’t have the PPPoE Bridge function.

  • Page 12: M About The Vpn Function

    BEFORE USING THE SR-VPN1 2. Feature description (continued) M About the VPN function A VPN (Virtual Private Network) enables a host computer to send and receive data across shared or public net- works like the Internet as if it were a private network.
  • Page 13 Section ABOUT THE INTERNET CONNECTION Step 1. About the ISP (Internet Service Provider) ……………………………………………………………………………………… 2-2 Step 2. About the type of modem ………………………………………………………………………………………………………… 2-2 Step 3. Selecting the internet connection method ……………………………………………………………………………………… 2-3 Step 4. Connecting the modem …………………………………………………………………………………………………………… 2-3 Step 5.

  • Page 14: Step 1. About The Isp (Internet Service Provider)

    ABOUT THE INTERNET CONNECTION Step 1. About the ISP (Internet Service Provider) Before configuring the SR-VPN1, ask your ISP or dealer for the required equipment and network connection method. Step 2. About the type of modem [Connecting a Bridge modem] Connect a Bridge modem or DCE (FTTH) to the [WAN1] port.

  • Page 15: Step 3. Selecting The Internet Connection Method

    The WAN IP address is specified by your ISP in the PPPoE method. [When using a Router mode] When the router modem’s LAN IP address is the same as that of the SR-VPN1, you need to change the SR- VPN1’s LAN IP address (default: 192.168.0.1). (+P2-5) •...

  • Page 16: Step 5. Select The Network Line Type

    Click <Apply>. Click Click <Reboot>. Click • When you are asked to reboot the SR-VPN1, follow the instructions. After rebooting, verify that "Connecting" appears in the [Connection Status] item. • Click <Refresh> to update the screen. Verify • If “Connected” doesn't appear, verify the setting.

  • Page 17: M When Using A Static Ip Address

    ABOUT THE INTERNET CONNECTION Step 5. Select the network line type (continued) M When using a static IP address Click [Router Settings], then [WAN1]. • The [WAN1] screen appears. Select [Static IP] in the [Connection Type] item. Select Enter the values into the items in the [Connection Settings] field, as specified by your ISP. Enter Click <Apply>.
  • Page 18 M When using a static IP address (continued) Click <Reboot>. Click • When you are asked to reboot the SR-VPN1, follow the instructions. After rebooting, verify that "Connecting" appears in the [Connection Status] item. • Click <Refresh> to update the screen.

  • Page 19: M When The Ip Address Is Obtained In The Pppoe Method

    ABOUT THE INTERNET CONNECTION Step 5. Select the network line type (continued) M When the IP address is obtained in the PPPoE method Click [Router Settings], then [WAN1]. • The [WAN1] screen appears. Select [PPPoE] in the [Connection Type] item. Select Select or enter the value into the items in the [Connection Settings] field.
  • Page 20 M When the IP address is obtained in the PPPoE method (continued) Click <Reboot>. Click • When you are asked to reboot the SR-VPN1, follow the instructions. After rebooting, select the destination and then click <Connect>. the destination if one of the PPPoE connections is Note: You cannot change established.

  • Page 21: Information About The Wan Failover Function

    After rebooting, you can monitor the connectivity status in the [Current Status] field. NOTE • When the same subnet mask is assigned to the [WAN1] and [WAN2] ports, the WAN Failover function may not properly work. • Icom is not responsible for the result of using the WAN Failover function.
  • Page 22 Section IPsec Wizard Step 1. About the network connection type ……………………………………………………………………………………………… 3-2 Step 2. About the setting items …………………………………………………………………………………………………………… 3-3 Step 3. Configure the IPsec tunnel ……………………………………………………………………………………………………… 3-4...

  • Page 23: Step 1. About The Network Connection Type

    Static IP–Dynamic IP Static WAN IP address is assigned to one SR-VPN1 (Site A). Site A Site B Dynamic WAN IP address is assigned to the other SR-VPN1 (Site B). IP Network Static IP WAN IP Address: Dynamic IP Site A...

  • Page 24: Step 2. About The Setting Items

    VPN1 (Site B). • One or the other SR-VPN1 needs to be registered to the dynamic DNS server and obtain the host name. If the SR-VPN1 (Site A) has been registered to the dynamic DNS server and is ready for the IPsec connec- tion, leave the [Remote Address] item blank.

  • Page 25: Step 3. Configure The Ipsec Tunnel

    Step 3. Configure the IPsec tunnel The following procedure is an example to configure the IPsec tunnel connecting two sites (A and B), using static IP addresses. • Configure both SR-VPN1 by following the same procedure. LAN IP address :192.168.0.1 LAN IP address :192.168.1.1...

  • Page 26: Ipsec Wizard

    IPsec Wizard Step 3. Configure the IPsec tunnel (continued) Enter the values, and then click <Next>. wClick (This is an example.) qEnter Confirm the entry, and the click <Apply>. • Click <Back> if you want to change the entry. qConfirm wClick Click •...
  • Page 27 About the DHCP server function The SR-VPN1's DHCP server function is enabled as the default. • Before connecting the SR-VPN1 to a network, make sure that the addresses of the devices on the network don’t over- lap or conflict. If a DHCP server is already connected to the network, and there is an address conflict, a network problem will occur.

  • Page 28: How To Restrict Access

    OTHER BASIC FUNCTIONS 1. How to restrict access If you set a new administrator password, you can restrict access to the SR-VPN1’s setting screen. The default administrator password is “admin.” Setting password Click the [Management] menu, then [Administrator]. • The [Administrator] screen appears.

  • Page 29: How To Set The Sr-Vpn1'S Internal Clock Time

    OTHER BASIC FUNCTIONS 2. How to set the SR-VPN1’s internal clock time You can set the SR-VPN1’s internal clock time. Setting date and time (Manual setting) Click the [Management] menu, then [Date and Time]. • The [Date and Time] screen appears.

  • Page 30: Changing The Ip Pool Start Address

    About the DHCP server function The SR-VPN1's DHCP server function is enabled as the default. • Before connecting the SR-VPN1 to a network, make sure that the addresses of the devices on the network don’t over- lap or conflict. If a DHCP server is already connected to the network, and there is an address conflict, a network problem will occur.
  • Page 31 ABOUT THE SETTING SCREEN Section 1. About the setting screen ……………………………………………………………………………………………………… 5-4 2. [TOP] Menu …………………………………………………………………………………………………………………… 5-5 M System Status ……………………………………………………………………………………………………………… 5-5 M Network Status …………………………………………………………………………………………………………… 5-5 M Port Status ………………………………………………………………………………………………………………… 5-6 3. [Information] Menu …………………………………………………………………………………………………………… 5-7 M SYSLOG …………………………………………………………………………………………………………………… 5-7 M IPsec Status ………………………………………………………………………………………………………………...
  • Page 32 ABOUT THE SETTING SCREEN (Continued from the previous page) 5. [Router Settings] Menu …………………………………………………………………………………………………… 5-21 M Connection Status …………………………………………………………………………………… 5-21 DHCP Client M Connection Status ……………………………………………………………………………………… 5-22 Static IP M Connection Status ……………………………………………………………………………………… 5-23 PPPoE M Connection Type ……………………………………………………………………………………………………… 5-24 M Connection Settings ……………………………………………………………………………………...
  • Page 33 ABOUT THE SETTING SCREEN (Continued from the previous page) 7. [Management] Menu ……………………………………………………………………………………………………… 5-71 M Administrator …………………………………………………………………………………………………………… 5-71 M USB ……………………………………………………………………………………………………………………… 5-72 M HTTP/HTTPS …………………………………………………………………………………………………………… 5-73 M Telnet/SSH ……………………………………………………………………………………………………………… 5-74 M SSH Public Key Management ………………………………………………………………………………………… 5-75 M SSH Public Key Registration Status ………………………………………………………………………………… 5-75 M Date and Time ……………………………………………………………………………………………………………...

  • Page 34: About The Setting Screen

    Setting buttons Link to the Icom website Setting buttons Click the Icom logo to open the Icom website if your PC is Save or cancel setting values. connected to the Internet. If “A reboot is required to apply all the new settings.” is displayed on the screen when you click the [Apply] button, click the [OK] button.

  • Page 35: About The Setting Screen

    Displays the firmware version and MAC addresses (WAN/LAN). (This is an example.) • The MAC addresses are also printed on the label on the bottom of the SR-VPN1. M Network Status Displays the network information such as IP addresses (WAN/LAN).

  • Page 36: M Port Status

    (This is an example.) NOTES • The SR-VPN1’s [LAN] and [WAN] ports are auto-negotiation enabled and can automatically select the optimal speed and duplex mode if the peer devices are auto-negotiation enabled as well. • We recommend to always enable auto-negotiation on the peer devices. If a peer device is fixed to full-duplex mode, auto-negotiation enabled devices (including the SR-VPN1) may generally take it for half-duplex mode and cannot com- municate properly.

  • Page 37: Information] Menu

    <Refresh> ………………… Click to delete all log entries. e <Clear> …………………… Note: All log entries are also deleted when the SR-VPN1 is turned OFF or initialized. Click to save the log to a PC with a text file (extension: “txt”).

  • Page 38: M Ipsec Status

    Disconnected. • IPsec Disabled The SR-VPN1’s IPsec function is disabled. The ID of the SR-VPN1 (Site B in the illustration below). t Remote ID ……………… The ID of the SR-VPN1 (Site A in the illustration below). y Local ID ……………………...
  • Page 39 The version of the IKE used for the tunnel. eIKE Version ……………… The WAN IP address of the SR-VPN1 (Site A in the illustration below). r Local IP Address ……… The WAN IP address of the SR-VPN1 (Site B in the illustration below).

  • Page 40: M Ipsec Route Status

    ABOUT THE SETTING SCREEN 3. [Information] Menu (continued) 3. [Information] Menu (continued) [Information]–[VPN Status] [Information]–[VPN ] M IPsec Route Status Displays the IPsec routing status. (This is an example.) The network address of the route's destination network. q Destination ……………… The subnet mask of the route's destination network.

  • Page 41: M Memory Usage

    ABOUT THE SETTING SCREEN 3. [Information] Menu (continued) [Information]–[Statistics] M Memory Usage Display a statistical graph of the memory usage. • These setting items are reset when you leave this screen. Select the plot interval. (Default: 2 minutes) q Plot Interval ……………… Select "Enable"...

  • Page 42: M Traffic Statistics

    ABOUT THE SETTING SCREEN 3. [Information] Menu (continued) [Information]–[Statistics] M Traffic Statistics Displays the traffic graph for each port (WAN/LAN). • These setting items are reset when you leave this screen. Select the interface to display the graph. q Interfaces ………………… •...
  • Page 43 ABOUT THE SETTING SCREEN 3. [Information] Menu [Information]–[Statistics] Traffic Statistics (continued) Click to open the traffic graph window. t <Open> …………………… • The X axis represents the date and time, and the Y axis represents the usage (%). Incoming traffic Out: Outgoing traffic (This is an example.) 5-13...

  • Page 44: Network Settings] Menu

    [Network Settings]–[IP Address] M Host Name Enter the host name. Enter the host name. (Up to 31 characters) (Default: SR-VPN1) Host Name ………………… Note: The name must start with an alphanumeric character, and must NOT start or end with a “–.”...

  • Page 45: M Ip Address

    ABOUT THE SETTING SCREEN 4. [Network Settings] Menu (continued) [Network Settings]–[IP Address] M IP Address Enter the SR-VPN1’s IP Address. Enter the LAN IP address according to your network environment. q IP Address ……………… (Default: 192.168.0.1) Note: When using the DHCP Server function, the network part of the IP address must be the same as that set in the [IP Pool Start Address] item in the [DHCP Server] menu.

  • Page 46: M Dhcp Server

    ABOUT THE SETTING SCREEN 4. [Network Settings] Menu (continued) [Network Settings]–[DHCP Server] M DHCP Server Configure the DHCP Server function. Select “Enable” to use the DHCP Server function. q DHCP Server …………… (Default: Enable) Enter the IP pool start address. (Default: 192.168.0.10) w IP Pool Start Address …...
  • Page 47 ABOUT THE SETTING SCREEN 4. [Network Settings] Menu [Network Settings]–[DHCP Server] M DHCP Server (continued) Enter the default gateway IP address. u Default Gateway ………… Select “Enable” to use the DNS Proxy function. (Default: Enable) i DNS Proxy ……………… When “Enable” is selected, you don’t need to change the DHCP clients’ setting even when the DNS server address has changed.

  • Page 48: M Static Dhcp

    ABOUT THE SETTING SCREEN 4. [Network Settings] Menu (continued) [Network Settings]–[DHCP Server] M Static DHCP Enter MAC and static IP addresses to the DHCP server. • You can enter up to 32 entries. Enter the MAC and IP addresses, and then click <Add>. Static DHCP …………………...

  • Page 49: M Routing Table

    ABOUT THE SETTING SCREEN 4. [Network Settings] Menu (continued) [Network Settings]–[Static Routing] M Routing Table Displays the routing information. The network address of the route's destination network. q Destination ……………… The subnet mask of the route's destination network. w Subnet Mask …………… The route’s gateway address.

  • Page 50: M Static Routing

    ABOUT THE SETTING SCREEN 4. [Network Settings] Menu (continued) [Network Settings]–[Static Routing] M Static Routing Enter the static routing destinations. • You can enter up to 32 entries. (This is an example.) The network address of the route's destination network. q Destination ………………...

  • Page 51: Router Settings] Menu

    Displays the SR-VPN1's WAN IP address. r IP Address ……………… Displays the gateway IP address obtained by the DHCP. t Peer IP Address ………… Displays the elapsed time the SR-VPN1 has been connected to the network. y Uptime …………………… • Click <Refresh> to refresh. 5-21...
  • Page 52 Displays the SR-VPN1's WAN IP address. r IP Address ……………… Displays the gateway IP address which is manually set. t Peer IP Address ………… Displays the elapsed time the SR-VPN1 has been connected to the network. y Uptime …………………… • Click <Refresh> to refresh. 5-22...
  • Page 53 Displays the SR-VPN1's WAN IP address. t IP Address ……………… Displays the IP address specified by your service provider. y Peer IP Address ………… Displays the elapsed time the SR-VPN1 has been connected to the network. u Uptime …………………… • Click <Refresh> to refresh. 5-23...

  • Page 54: M Connection Type

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN1/WAN2] M Connection Type Select the WAN connection type. Select the WAN connection type as specified by your ISP. Connection Type ………… (Default: No Connection) • "No Connection" Select this when the WAN port is not connected to the network. •...

  • Page 55: M Connection Settings Pppoe

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN1/WAN2] M Connection Settings DHCP Client Configure the WAN connection. Enter the name of the connection. (Up to 31 characters) q Nickname ………………… Enter the primary DNS server address as specified by your ISP. w Primary DNS Server ……...
  • Page 56 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN1/WAN2] M Connection Settings Static IP Configure the WAN connection. Enter the ISP's name. (Up to 31 characters) q Nickname ………………… Enter the WAN IP address as specified by your ISP. w IP Address ………………...
  • Page 57 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN1/WAN2] M Connection Settings PPPoE Configure the WAN connection. (Up to 8 destinations can be registered.) Select the WAN connection. (Default: WAN01) q Select Connection ……… Enter the ISP's name. (Up to 31 characters) w Nickname …………………...
  • Page 58 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[WAN1/WAN2] M Connection Settings (continued) PPPoE Enter the WAN IP address, if specified by your ISP. y IP Address ……………… Enter the primary DNS server address as specified by your ISP. u Primary DNS Server ……...
  • Page 59 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[WAN1/WAN2] M Connection Settings (continued) PPPoE Enter the MSS limit, if specified by your ISP. (Default: 1322) !0 MSS Limit ………………… Range: "536"–"1452" (Bytes) Enter the access concentrator name, if specified by your ISP. !1 AC-Name …………………...

  • Page 60: M List Of Connection Settings

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN1/WAN2] M List of Connection Settings Click to delete the entry. <Delete> …………………… 5-30...

  • Page 61: M Wan Failover

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN Failover] M WAN Failover Configure the WAN Failover function. The WAN Failover function automatically switches the default gateway port to maintain Internet connectivity. (☞P2-9) Note: This screen appears when "Ping" is selected in the [WAN1 Failure Detection] item. Select the detecting option, depending on your network environment.
  • Page 62 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN Failover] M WAN Failover (continued) Enter the maximum number of retry attempts. (Default: 4) e Failover after …………… Range: "1"–"10" Enter the retry period. (Default: 30) r Retry Interval …………… Range: "1"–"300"...

  • Page 63: M Current Status

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[WAN Failover] M Current Status Displays the WAN Failover function and WAN connection status. (This is an example.) Click to refresh the screen. q <Refresh> ………………… Displays the monitoring status. ("Disabled," "Enabled (Suspending)" or "Enabled") w Detection Status …………...

  • Page 64: M Nat

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[NAT] M NAT Configure the NAT function. • This function can be used when the connection type (☞P5-24) is set to [DHCP Client], [Static IP] or [PPPoE]. Select "Enable" to use the NAT function. (Default: Enable) NAT …………………………...

  • Page 65: M Port Forwarding

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[NAT] M Port Forwarding The Port Forwarding function forwards the packets from a masquerade IP (Router Global IP) address to a private IP address. Select the mnemonic for the WAN port number. q WAN Port …………………...

  • Page 66: M Ip Filter Setting

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[IP Filter] M IP Filter Setting Configure the Packet Filtering function. • This function can be used when the connection type (☞P5-24) is set to [DHCP Client], [Static IP] or [PPPoE]. Select the filtering order.
  • Page 67 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Select the filtering method. (Default: Pass) e Action …………………… • Block: Blocks all packets matched to the filtering condition. Passes all packets matched to the filtering condition. •...
  • Page 68 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Enter the source IP Address (and mask) to filter. y Source IP Address ……… The all packets from the entered IP address are filtered (blocked or passed). Leave this item blank to filter all packets.
  • Page 69 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) i Protocol (continued) …… Only ICMP • ICMP: Enter the ICMP type and code to the [Type] and [Code] items. Range: "0"–"255" Only IGMP •...
  • Page 70 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Select the source port, or enter the TCP/UDP source port number. o Source Port ……………… 5-40...
  • Page 71 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Select the destination port, or enter the TCP/UDP destination port number. !0 Destination Port ………… 5-41...
  • Page 72 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Select the TCP flags. !1 TCP Flags ………………… • The selected flags' first character is displayed in [List of IP Filter Entries] (☞P5-45). (Example: "ACK" and "RST" are selected.) 5-42...
  • Page 73 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) !2 Stateful Packet Inspection (SPI) Select "Enable" to temporary pass through the response packets. …………………………… (Default: Disable) !3 Quick Select whether to stop or continue matching when a packet matches a ……………………………...
  • Page 74 ABOUT THE SETTING SCREEN 5. [Router Settings] Menu [Router Settings]–[IP Filter] M IP Filter Setting (continued) Select "Enable" to output the SYSLOG. (Default: Disable) !4 SYSLOG ………………… • The log information is displayed on the [SYSLOG] screen in the [Information] Menu. (☞P5-7) Note: This function may affect the system performance.

  • Page 75: M List Of Ip Filter Entries

    ABOUT THE SETTING SCREEN 5. [Router Settings] Menu (continued) [Router Settings]–[IP Filter] M List of IP Filter Entries (This is an example.) Click to edit the entry. q <Edit> …………………… • The entry contents are loaded to the IP Filter Setting field (☞P5-36). Click to remove the entry.

  • Page 76: M Dynamic Dns

    Select the entry number. (Default: 1) q No. ………………………… Select "Enable" to automatically notify the dynamic DNS server of the change w Automatic Update ……… of the SR-VPN1's global IP address. (Default: Disable) Select the update interval. (Default: 10) e Update Interval …………...
  • Page 77 Enter the password to access the dynamic DNS server. (Up to 31characters) o Password ………………… • The entered characters are displayed as an * (asterisk) or a • (dot). Select "Offline" to inform the dynamic DNS server of the SR-VPN1's offline !0 Connection Status ……… status.

  • Page 78: M Dynamic Dns Updates

    [Router Settings]–[Dynamic DNS] M Dynamic DNS Updates Displays the update status of the dynamic DNS servers. Displays the time when the SR-VPN1 notified the dynamic DNS server of the q Time ……………………… SR-VPN1's global IP address. Displays the update status.

  • Page 79: Vpn Settings] Menu

    ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec Wizard] M IPsec Wizard The IPsec Wizard allows you to easily configure the VPN connection. See Section 3 for details. NOTE • Connect the WAN line to the [WAN] port, and then configure the Router function to use the VPN function. •...

  • Page 80: M Ipsec Common Settings

    Two SR-VPN1s with an IPsec connection must have global IP addresses. An IPsec connection is basically impossible if one of them has a private IP address. This is because the NAT (Network Address Translation) of the upper router of the SR-VPN1 with a private IP address overwrites the port number of the IPsec packets.

  • Page 81: M Tunnel

    Nickname ………………… Enter the tunnel name. r PSK (Pre-Shared Key) … Enter the key of the other SR-VPN1 (Site B in the illustration below). (Up to 128 characters) t Remote Address ……… Enter the IP address or host name of the other SR-VPN1 (Site B in the illustration below).
  • Page 82 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec] M Tunnel (continued) i Permanent Connection … Select the IPsec tunnel connection type. (Default: Enable) • "Enable" Connects to the IPsec tunnel when the WAN IP address is obtained. • "Disable" Connects to the IPsec tunnel only when clicking <Connect>...

  • Page 83: M Routes

    Enter the subnet to connect to the IPsec tunnel. (This is an example.) q Destination ……………… Enter the network address of the other SR-VPN1 (Site B in the illustration below). w Subnet Mask …………… Enter the subnet mask to connect to the IPsec tunnel.

  • Page 84: M List Of Ipsec Settings

    The tunnel is disabled. • IPsec Disabled The SR-VPN1's IPsec function is disabled. The ID of the SR-VPN1 (Site B in the illustration below). t Remote ID ……………… The ID of the SR-VPN1 (Site A in the illustration below). y Local ID ……………………...
  • Page 85 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec] M List of IPsec Settings (continued) (This is an example.) u Status button …………… <Disconnect>/<Down> Click to disconnect. <Connect>/<Up> Click to connect. Click to edit the entry. i <Edit> …………………… •...

  • Page 86: M Ipsec (Detail)

    ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu (continued) [VPN Settings]–[IPsec (Detail)] M IPsec (Detail) Configure the IPsec tunnel details. Select the tunnel entry number. q No ………………………… • The selected tunnel's settings are reloaded. (Continued on the next page.) 5-56...
  • Page 87 The initiator and responder use version 2. • 1 (Initiator) and 1, 2 (Responder): If the SR-VPN1 is set as the responder, the IKE version is automatically selected according to the initiator's version. If the SR-VPN1 is set as the initiator, version 1 is used.
  • Page 88 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec (Detail)] M IPsec (Detail) (continued) Select the IKE key exchange mode. (Default: Automatic) e IKE Mode ………………… • Automatic The exchange mode is automatically selected. • Main Mode A more secure exchange mode than the aggressive mode. •...
  • Page 89 • Select "0" to disable the IKE keepalive. Select the IKE key exchange method. (Default: Initiator) t IKE Session ……………… • Responder The SR-VPN1 waits for the key exchange from other SR-VPN1s. • Initiator The SR-VPN1 initiates the key exchange procedure. 5-59...
  • Page 90 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec (Detail)] M IPsec (Detail) (continued) Select "Enable" to send the INITIAL-CONTACT notification message. y INITIAL-CONTACT ……… (Default: Enable) Note: Only for IKE version 1. Select "Enable" to use the PFS (Perfect Forward Security) function for a more u PFS ………………………...
  • Page 91 ABOUT THE SETTING SCREEN 6. [VPN Settings Menu [VPN Settings]–[IPsec (Detail)] M IPsec (Detail) (continued) Select "Enable" to negotiate a new SA on the ISAKMP SA re-authentication. i ISAKMP SA Reauth …… (Default: Enable) Note: Only for IKE version 2. •...
  • Page 92 Use AES-CBC (192 bit). • AES-CBC (256 bit) Use AES-CBC (256 bit). Select the DH (Diffie-Hellman) group. (Default: Group 1 (768 bit)) !1 DH Group ………………… Note: The SR-VPN1 supports Group 1 (768 bit) and Group 2 (1024 bit). 5-62...
  • Page 93 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[IPsec (Detail)] M IPsec (Detail) (continued) Enter the SA lifetime. !2 Lifetime …………………… Note: Specify the lifetime or lifesize. (Default: 28800 (seconds)) Phase 1: • Seconds Range: "300"–"691200" (seconds) • kbytes Range: "100"–"100000"...

  • Page 94: M About The Ike Version

    ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu (continued) [VPN Settings]–[IPsec (Detail)] M About the IKE version The setting items differ, depending on the IKE version. IKE version 1 IKE version 2 IKE Mode IKE Keepalive Interval IKE Session INITIAL-CONTACT ISAKMP SA Reauth 5-64...

  • Page 95: M List Of Ipsec Settings

    Disconnected. • Disabled The tunnel is disabled. • IPsec Disabled The SR-VPN1's IPsec function is disabled. Displays the phase 1 (ISAKMP SA) settings in three lines. t Phase 1 …………………… Displays the phase 2 (IPsec SA) settings in three lines.

  • Page 96: M Multicast

    ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu (continued) [VPN Settings]–[Multicast] M Multicast Configure the IPsec tunnel to pass through the multicast packets. Select "Enable" to use the Multicast Routing function. q Multicast Routing ……… (Default: Disable) Select the Multicast Routing function mode. (Default: Client) w Mode ………………………...
  • Page 97 ABOUT THE SETTING SCREEN 6. [VPN Settings] Menu [VPN Settings]–[Multicast] M Multicast (continued) Enter the IGMP query interval. (Default: 60) t IGMP Query Interval …… Range: "30"–"28800" (seconds) 5-67...

  • Page 98: M Setting Example

    M Setting example This is an example to configure the IPsec tunnel connecting two sites (A and B) in the Multicast mode. Site A Site B Network LAN IP address: LAN IP address: SR-VPN1 SR-VPN1 192.168.0.1/24 192.168.1.1/24 Client Server Multicast...

  • Page 99: M Status Client

    • Disconnected The IPsec tunnel is disconnected or the server is not activated. The SR-VPN1's LAN IP address. e IP Address ……………… The multicast group addresses of the devices which are connected to the r Group Address …………...

  • Page 100: M Status Server

    (This is an example.) Displays the list of client IP addresses to transfer multicast packets to. q IP Address ……………… Note: The SR-VPN1's LAN IP address is displayed on the first line. Displays the multicast group addresses. w Group Address …………...

  • Page 101: Management] Menu

    New Password (confirm) CAUTION If you have forgotten the password, you cannot access the SR-VPN1’s setting screen again. In this case, you have to initialize the SR-VPN1 using the <INIT> button. See the supplied “Precautions“ leaflet for details. To prevent unauthorized access You must be careful when choosing your password.

  • Page 102: M Usb

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Management Tools] M USB Select the USB flash drive option. q USB Flash Drive ………… Select "Enable" to use a USB flash drive. (Default: Enable) Note: If you use the Automatic firmware update function or Automatic Setting Load function, select “Enable.”...

  • Page 103: M Http/Https

    Select the protocol to access the SR-VPN1's setting screen. Note: If you select "Disable" in both [HTTP] (q) and [HTTPS] (w), you cannot access the SR-VPN1's setting screen again. In this case, you have to initialize the SR-VPN1 using the <INIT> button. See the supplied “Precautions“...

  • Page 104: M Telnet/Ssh

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Management Tools] M Telnet/SSH Select the protocol option to access the SR-VPN1's setting screen from a Telnet or SSH client. q Telnet ……………………… Select “Disable” to block the Telnet protocol. (Default: Enable) See the 7-3 page for the Telnet details.

  • Page 105: M Ssh Public Key Management

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Management Tools] M SSH Public Key Management Submit the SSH public key. Public Key File …………… Select a public key file to submit. 1. Click <Browse...> and then select the file location to save the key in. 2.

  • Page 106: M Date And Time

    7. [Management] Menu (continued) [Management]–[Date and Time] M Date and Time You can set the SR-VPN1’s internal clock time. (See Section 4 for details.) Displays the current time. q Current Time …………… Displays the time when you have opened this screen.

  • Page 107: M Time Zone

    Select "Disable" if not necessary. (Default: Enable) w Use Daylight Savings Time • If "Enable" is selected, the SR-VPN1 automatically adjusts the time according to your time zone. • If the Daylight Savings Time is not used in your area, this selection doesn't affect the time setting.

  • Page 108: M Ntp

    Enter the time management server’s IP address. (Default: 210.173.160.27) • If the SR-VPN1 cannot access this address, then the address set in the [NTP Server 2] (e) item is used. Note: The default NTP servers are provided by INTERNET MULTIFEED Co.

  • Page 109: M Syslog

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[SYSLOG] M SYSLOG Select the information to be saved to the SYSLOG host. q DEBUG …………………… Select “Enable” to display the debug information. (Default: Disable) w INFO ………………………… Select “Enable” to display the INFO messages. (Default: Enable) e NOTICE ………………………...

  • Page 110: M Snmp

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[SNMP] M SNMP Configure the SNMP function. q SNMP ………………………… Select “Enable” to use the SNMP function. (Default: Enable) w Get Community …………… Enter the SNMP GET community string. (Up to 31 characters) (Default: public) e System Location …………...
  • Page 111 DESCRIPTION “” ::= { enterprises 11905 } -- ********************************************************************** -- * Major sections -- ********************************************************************** events OBJECT IDENTIFIER ::= { icom 21 } -- ********************************************************************** -- * events sections -- ********************************************************************** value OBJECT IDENTIFIER ::= { events 1 } trap...
  • Page 112 VARIABLES { vTunnelId, vTunnelOper } DESCRIPTION “a ipsec if up/down event.” ::= 2 icomNewfirmTrap TRAP-TYPE ENTERPRISE trap VARIABLES { vNewfirmMsg } DESCRIPTION “a new firmware detect event.” ::= 3 -- ********************************************************************** -- * End of ICOM MIB -- ********************************************************************** 5-82...

  • Page 113: M Ping Test

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Network Test] M Ping Test Run the Ping test. q Host ……………………… Enter the IP address to send the Ping packets to. w Number of Times ………… Select the number of times to send. (Default: 4) e Packet Size …………………...

  • Page 114: M Traceroute Test

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Network Test] M Traceroute Test Run the Traceroute test. q Node ……………………… Enter the node's (device's) IP address. w Max Hop Count …………… Select the maximum hop number. (Default: 16) e Timeout …………………… Select the response time.

  • Page 115: M Reboot

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Reboot] M Reboot Click <Reboot> to reboot the SR-VPN1. • When clicking <Reboot>, the "Do you want to reboot the system?" message appears. Click <OK> to continue. 5-85...

  • Page 116: M Backup Settings

    Save to File ………………… Click <Backup> to save the settings to a PC as a backup file (Extension: sav). See the topic below to load the saved file into the SR-VPN1. NOTE DO NOT write the saved file to any other devices.

  • Page 117: M List Of Settings

    ABOUT THE SETTING SCREEN 7. [Management] Menu (continued) [Management]–[Backup/Restore Settings] M List of Settings Displays the changed settings. Note: The list is clear when the SR-VPN1 is initialized. (This is an example.) 5-87...

  • Page 118: M Factory Defaults

    Language and Time Zone. See the supplied leaflet for details. • If the network part of the PC IP address is different from that of the SR-VPN1, you cannot access the SR-VPN1 setting screen. In such case, change the PC IP address according to your network environment,...

  • Page 119: M Firmware Status

    7. [Management] Menu (continued) [Management]–[Firmware Update] NOTES • NEVER turn OFF the power until the updating has been completed. Otherwise, the SR-VPN1 may be damaged. • Ask your dealer for updated function or specification details. M Firmware Status Displays the firmware version.

  • Page 120: M Online Update

    Note: To use this function, an internet connection, DNS and default gateway settings are necessary. Check for Updates ………… Click <Check> to access the update management server. When the SR-VPN1 has successfully accessed the server, the latest firmware version is displayed as shown below. (This is an example.) About the firmware information: •...

  • Page 121: M Automatic Update

    Update Firmware using File Click <Browse...> to select the firmware file (extension: “dat”). • The selected file appears in the [Update Firmware using File] item. Click <Update> to update the firmware. w Firmware Update ………… Note: After updating, the SR-VPN1 automatically reboots. 5-91...
  • Page 122 Section MAINTENANCE 1. How to save the SR-VPN1’s setting to a PC ………………………………………………………………………………………… 6-2 Saving the setting ……………………………………………………………………………………………………………………… 6-2 2. How to load the saved file to a SR-VPN1 ……………………………………………………………………………………………… 6-3 Reloading the settings file into the SR-VPN1 ………………………………………………………………………………………… 6-3 3.

  • Page 123: How To Save The Sr-Vpn1'S Setting To A Pc

    Select the desired folder/location, then click [Save] in the File Saving window. • The setting file (extension: “sav”) is saved to the selected folder. • The default file name is composed of the model name (SR-VPN1), version number and date.

  • Page 124: How To Load The Saved File To A Sr-Vpn1

    2. How to load the saved file to a SR-VPN1 You can load the SR-VPN1's settings from a PC. • The settings can be directly loaded into the SR-VPN1 from the USB flash drive. (☞P6-12) Reloading the settings file into the SR-VPN1 Click [Management], then [Backup/Restore Settings].

  • Page 125: How To Restore The Settings

    Initializing clears all the settings. • If the network part of the PC IP address is different from that of the SR-VPN1, you cannot access the SR-VPN1 setting screen. In such case, change the PC IP address according to your network environment.

  • Page 126: B: Using The Sr-Vpn1'S Setting Screen

    Click About the initializing condition You can restore all the SR-VPN1’s settings. The SR-VPN1’s IP address is set to “192.168.0.1,” when initialized. Set the PC’s IP address to “192.168.0.xxx.” (You can set xxx to any number from 2 to 254.)

  • Page 127: How To Update The Firmware

    Version number NOTE: • NEVER turn OFF the power until the updating has been completed. Otherwise, the SR-VPN1 may be dam- aged. • If the firewall is running, stop it before updating the firmware. If you want to stop the firewall, ask your network administrator for the detail.

  • Page 128: A: Update The Firmware On The Setting Screen

    • NEVER turn OFF the power until the updating has been completed. Otherwise, the SR-VPN1 may be dam- aged. • The SR-VPN1’s IP address is set to “192.168.0.1,” when initialized by the firmware update. Set the PC’s IP address to “192.168.0.xxx.” (You can set xxx to any number from 2 to 254.)

  • Page 129: B: Use The Firmware Update Function

    MAINTENANCE 4. How to update the firmware (continued) B: Use the Firmware Update function When [MSG] lights green, a firmware update is ready. See the “Precautions” leaflet for details. • To use this function, an internet connection, DNS and default gateway settings are necessary. •...

  • Page 130: About The Automatic Restore Using A Usb Flash Drive

    • Insert the USB flash drive securely. • NEVER remove the USB flash drive or turn OFF the SR-VPN1’s power, while transferring data. It will cause data corruption, or damage the USB flash drive. While transferring data, the [MSG] LED blinks in orange.
  • Page 131 • The latest settings backup file is saved as “bakdata.sav” (with no revision number). • If the content of settings file is the same as the SR-VPN1’s current settings, no setting backup file is saved. (Continued on the next page.)
  • Page 132 Note: The firmware and settings files in any other folders are not loaded. • If inserting the USB flash drive (Figure 1 and 2 in the picture below) into the SR-VPN1 (0090C7000002), the set- ting backup file is automatically created in the root directory as there is no folder whose name is SR-VPN1’s LAN MAC address.

  • Page 133: How To Restore The Configuration Using A Usb Flash Drive

    Note: Before using a USB flash drive, see page 6-9. Saving the settings file to a USB flash drive Insert the USB flash drive securely to the PC. Access the SR-VPN1's setting screen. Click [Management], then [Backup/Restore Settings]. • The [Backup/Restore Settings] screen appears.

  • Page 134: Loading The Settings From The Usb Flash Drive

    Lights in orange while accessing the device. Note: NEVER remove the USB flash drive or turn OFF the SR-VPN1’s power, while transferring data. It will cause data corruption, or damage the USB flash drive. (Continued on the next page.) 6-13...
  • Page 135 Loading the settings from the USB flash drive (continued) When the all data has been loaded into, the [MSG] Turn OFF the power LED blacks out and the SR-VPN1 automatically re- starts. Verify that the [PWR] LED lights green, then turn OFF the power.

  • Page 136: How To Update The Firmware Using A Usb Flash Drive

    Turn ON the power Insert the USB flash drive NOTE: • NEVER turn OFF the power until the updating has been completed. Otherwise, the SR-VPN1 may be dam- aged. • Icom is not responsible on the consequence of the updating the firmware.
  • Page 137 All LEDs light while the firmware update is in progress. Note: NEVER remove the USB flash drive or turn OFF the SR-VPN1’s power Lights in orange while updating the firmware. When the update has been finished, the SR-VPN1 automatically reboots.
  • Page 138 Section FOR YOUR INFORMATION 1. Trouble shooting ………………………………………………………………………………………………………………………… 7-2 2. How to connect to the SR-VPN1 using Telnet ………………………………………………………………………………………… 7-4 M How to connect ……………………………………………………………………………………………………………………… 7-4 M How to use the [CONSOLE] port ………………………………………………………………………………………………… 7-4 M About Telnet commands …………………………………………………………………………………………………………… 7-4 M How to reset the protocol settings …………………………………………………………………………………………………...

  • Page 139: Trouble Shooting

    FOR YOUR INFORMATION 1. Trouble shooting If the SR-VPN1 seems to be malfunctioning, please check the following before sending it to a service center. The [PWR] LED does not light. • The AC adapter is not connected to the SR-VPN1.
  • Page 140 • The IPsec tunnel setting is wrong. - Check the other SR-VPN1's WAN IP address (Host name), pre-shared key, LAN subnet, and so on. - Check the routes (☞5-53). (If the routes are incorrectly set, a VPN connection is successful but no communi- cation is available.)

  • Page 141: How To Connect To The Sr-Vpn1 Using Telnet

    (The SR-VPN1's default password) t When the telnet access is successful, “SR-VPN1 #” is displayed on the telnet screen. M How to use the [CONSOLE] port The SR-VPN1 can be configured using a terminal software. (Optional OPC-1402 is required.) Set the COM port as shown below, to communicate with the SR-VPN1.

  • Page 142: Specifications

    FOR YOUR INFORMATION 5. Specifications Note: All specifications are the subject to change without notice. M General Power supply: DC12 V ±10% [Plug polarity: (Supplied AC adapter AC100 V ±10%) Less than 15 Watts Usable condition: Temperature; 0–40°C, Humidity; 5–95% (At no condensation) Dimension: Approximately 232 (W) ×...
  • Page 143 A-7072-1EX 1-1-32 Kamiminami, Hirano-ku, Osaka 547-0003, Japan © 2013 Icom Inc.

Table of Contents