LevelOne FBR-1430 User Manual
  1. Manuals
  2. Brands
  3. LevelOne Manuals
  4. Wireless Router
  5. FBR-1430
  6. User manual

LevelOne FBR-1430 User Manual

Vpn broadband router, 1w 4l
Hide thumbs Also See for FBR-1430:
Table of Contents

Advertisement

Quick Links

Download this manual
LevelOne
FBR-1430
VPN Broadband Router, 1W 4L

User Manual

V1.0

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FBR-1430 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for LevelOne FBR-1430

Summary of Contents for LevelOne FBR-1430

  • Page 1: User Manual

    LevelOne FBR-1430 VPN Broadband Router, 1W 4L User Manual V1.0...

  • Page 2: Table Of Contents

    Table of Contents CHAPTER 1 INTRODUCTION ............................... 1 VPN B ............................1 ROADBAND OUTER EATURES Internet Access Features ................................1 Advanced Internet Functions ..............................1 LAN Features ....................................2 Configuration & Management ..............................2 Security Features ..................................2 IPSec VPN Gateway Features ..............................2 Microsoft VPN Gateway Support ..............................
  • Page 3 URL Filter ....................................41 URL Filter Screen ..................................42 DNS (D ) ............................. 43 YNAMIC OMAIN ERVER Dynamic DNS Screen ................................43 ..................................45 IRTUAL ERVERS IP Address seen by Internet Users ............................. 45 Virtual Servers Screen ................................45 Defining your own Virtual Servers ............................46 Connecting to the Virtual Servers .............................
  • Page 4 CHAPTER 10 OTHER FEATURES & SETTINGS ........................114 ....................................114 VERVIEW ....................................115 ONFIG ................................116 ETWORK IAGNOSTICS PC D ....................................117 ATABASE PC Database Screen ................................117 PC Database (Admin) ................................119 ................................121 EMOTE DMINISTRATION ...................................... 123 OUTING Overview....................................

  • Page 6: Chapter 1 Introduction

    Introduction Chapter 1 Introduction This Chapter provides an overview of the VPN Broadband Router's features and capabilities. Congratulations on the purchase of your new VPN Broadband Router. The VPN Broadband Router is a multi-function device providing the following services:  Shared Broadband Internet Access for all LAN users.

  • Page 7: Lan Features

    VPN Broadband Router User Manual  Multi-DMZ. For each WAN (Internet) IP address allocated to you, one (1) PC on your local LAN can be confi- gured to allow unrestricted 2-way communication with Servers or individual users on the Internet. This provides the ability to run programs which are incompatible with Firewalls.

  • Page 8: Package Contents

    Introduction Package Contents The following items should be included:  FBR-1430  Power Adapter  Quick Installation Guide  CD Manual If any of the above items are damaged or missing, please contact your dealer immediately.

  • Page 9: Physical Details

    VPN Broadband Router User Manual Physical Details Front-mounted LEDs Figure 2: Front Panel Power On - Power on. Off - No power. Status (Red) On - Error condition. Off - Normal operation. Blinking - This LED blinks during start up. Each port has 2 LEDs ...

  • Page 10: Rear Panel

    Introduction Rear Panel Figure 3: Rear Panel This button has two (2) functions: Reset Button  Reboot. When pressed and released, the VPN Broadband Router will reboot (restart).  Clear All Data. This button can also be used to clear ALL data and restore ALL settings to the factory default values.

  • Page 11: Chapter 2 Installation

    VPN Broadband Router User Manual Chapter 2 Installation This Chapter covers the physical installation of the VPN Broadband Router. Requirements  Network cables. Use standard 10/100BaseT network (UTP) cables with RJ45 connectors.  TCP/IP protocol must be installed on all PCs. ...
  • Page 12 Installation 5. Check the LEDs  The Power LED should be ON.  The Status LED should blink during start up, then turn Off. If it stays on, there is a hardware error.  For each LAN (PC) connection, the LAN Link/Act LED should be ON (provided the PC is also ON.) ...

  • Page 13: Chapter 3 Setup

    VPN Broadband Router User Manual Chapter 3 Setup This Chapter provides Setup details of the VPN Broadband Router. Overview This chapter describes the setup procedure for:  Internet Access  LAN configuration PCs on your local LAN may also require configuration. For details, see Chapter 4 - PC Configuration. Other configuration may also be required, depending on which features and functions of the VPN Broadband Router you wish to use.

  • Page 14: Configuration Program

    Setup Configure or use any of the following: Chapter 9: Other Features and Set-  Configuration File backup and restore. tings  Network Diagnostic  PC Database  Remote Administration  Routing  Upgrade Firmware  UPnP Where use of a certain feature requires that PCs or other LAN devices be configured, this is also explained in the relevant chapter.
  • Page 15 VPN Broadband Router User Manual If you can't connect If the VPN Broadband Router does not respond, check the following:  The VPN Broadband Router is properly installed, LAN connection is OK, and it is powered ON. You can test the connection by using the "Ping" command: ...

  • Page 16: Setup Wizard

    Setup Setup Wizard The first time you connect to the VPN Broadband Router, you should click the WAN Wizard to begin initial setup. 1. Step through the Wizard until finished.  You need to know the type of Internet connection service used by your ISP. Check the data supplied by your ISP.
  • Page 17 VPN Broadband Router User Manual Other Modems (e.g. Broadband Wireless) Type Details ISP Data required Dynamic Your IP Address is allo- Usually, none. IP Address cated automatically, when However, some ISP's may you connect to you ISP. require you to use a particu- lar Hostname, Domain name, or MAC (physical) address.

  • Page 18: Home Screen

    Setup Home Screen After finishing or exiting the WAN Wizard setup, you will see the Home screen. When you connect in future, you will see this screen when you connect. An example screen is shown below. Figure 6: Home Screen Navigation &...

  • Page 19: Lan Screen

    VPN Broadband Router User Manual LAN Screen Use the LAN link on the main menu to reach the LAN screen an example screen is shown below. Figure 7: LAN Screen Data - LAN Screen TCP/IP IP address for the VPN Broadband Router, as seen from the IP Address local LAN.

  • Page 20: Dhcp

    Setup DHCP What DHCP Does A DHCP (Dynamic Host Configuration Protocol) Server allocates a valid IP address to a DHCP Client (PC or device) upon request.  The client request is made when the client device starts up (boots).  The DHCP Server provides the Gateway and DNS addresses to the client, as well as allocating an IP Address.
  • Page 21 VPN Broadband Router User Manual Figure 8: Password Screen 1. The default login name is "admin". Change this to the desired value. 2. The default password is “password”. Enter the desired password in the New Password and Verify Password fields. 3.

  • Page 22: Chapter 4 Pc Configuration

    PC Configuration Chapter 4 PC Configuration This Chapter details the PC Configuration required on the local ("Internal") LAN. Overview For each PC, the following may need to be configured:  TCP/IP network settings  Internet Access configuration Windows Clients This section describes how to configure Windows clients for Internet access via the VPN Broadband Router. The first step is to check the PC's TCP/IP settings.

  • Page 23: Checking Tcp/Ip Settings - Windows 9X/Me

    VPN Broadband Router User Manual Checking TCP/IP Settings - Windows 9x/ME: 1. Select Control Panel - Network. You should see a screen like the following: Figure 10: Network Configuration 2. Select the TCP/IP protocol for your network card. 3. Click on the Properties button. You should then see a screen like the following. Figure 11: IP Address (Win 95) Ensure your TCP/IP settings are correct, as follows: Using DHCP...
  • Page 24 PC Configuration Figure 12: Gateway Tab (Win 95/98)  On the DNS Configuration tab, ensure Enable DNS is selected. If the DNS Server Search Order list is empty, enter the DNS address provided by your ISP in the fields beside the Add button, then click Add. Figure 13: DNS Tab (Win 95/98)

  • Page 25: Checking Tcp/Ip Settings - Windows 2000

    VPN Broadband Router User Manual Checking TCP/IP Settings - Windows 2000: 1. Select Control Panel - Network and Dial-up Connection. 2. Right - click the Local Area Connection icon and select Properties. You should see a screen like the following: Figure 14: Network Configuration (Win 2000) 3.
  • Page 26 PC Configuration Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.  Enter the VPN Broadband Router 's IP address in the Default gateway field and click OK. (Your LAN administrator can advise you of the IP Address they assigned to the VPN Broadband Router.) ...

  • Page 27: Checking Tcp/Ip Settings - Windows Xp

    VPN Broadband Router User Manual Checking TCP/IP Settings - Windows XP 1. Select Control Panel - Network Connection. 2. Right click the Local Area Connection and choose Properties. You should see a screen like the following: Figure 16: Network Configuration (Windows XP) 3.
  • Page 28 PC Configuration Using DHCP To use DHCP, select the radio button Obtain an IP Address automatically. This is the default Windows setting. Using this is recommended. By default, the VPN Broadband Router will act as a DHCP Server. Restart your PC to ensure it obtains an IP Address from the VPN Broadband Router. Using a fixed IP Address ("Use the following IP Address") If your PC is already configured, check with your network administrator before making the following changes.

  • Page 29: Internet Access

    VPN Broadband Router User Manual Internet Access To configure your PCs to use the VPN Broadband Router for Internet access:  Ensure that the DSL modem, Cable modem, or other permanent connection is functional.  Use the following procedure to configure your Browser to access the Internet via the LAN, rather than by a Dial-up connection.

  • Page 30: Macintosh Clients

    PC Configuration Macintosh Clients From your Macintosh, you can access the Internet via the VPN Broadband Router. The procedure is as follows. 1. Open the TCP/IP Control Panel. 2. Select Ethernet from the Connect via pop-up menu. 3. Select Using DHCP Server from the Configure pop-up menu. The DHCP Client ID field can be left blank. 4.

  • Page 31: Chapter 5 Operation And Status

    VPN Broadband Router User manual Chapter 5 Operation and Status This Chapter details the operation of the VPN Broadband Router and the status screens. Operation Once both the VPN Broadband Router and the PCs are configured, operation is automatic. However, there are some situations where additional Internet configuration may be required: ...

  • Page 32: Connection Status - Pppoe

    Operation and Status  Failed If there is an error, you can click the "Connection Details" button to find out more information. Internet IP Address This IP Address is allocated by the ISP (Internet Service Provider). Click this button to open a sub-window and view a detailed "Connection De- description of the current connection.
  • Page 33 VPN Broadband Router User manual Figure 19: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address The hardware address of this device, as seen by remote devices on the Internet. (This is different to the hardware address seen by devices on the local LAN.) The IP Address of this device, as seen by Internet users.
  • Page 34 Operation and Status Connection Log Messages Message Description Connect on Demand Connection attempt has been triggered by the "Connect automatically, as required" setting. Manual connection Connection attempt started by the "Connect" button. Reset physical connec- Preparing line for connection attempt. tion Connecting to remote Attempting to connect to the ISP's server.

  • Page 35: Connection Status - Pptp

    VPN Broadband Router User manual Connection Status - PPTP If using PPTP (Peer-to-Peer Tunneling Protocol), a screen like the following example will be displayed when the "Con- nection Details" button is clicked. Figure 20: PPTP Status Screen Data - PPTP Screen Connection The hardware address of this device, as seen by remote devic- Physical Ad-...

  • Page 36: Connection Status - Telstra Big Pond

    Operation and Status Connection Status - Telstra Big Pond An example screen is shown below. Figure 21: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection The hardware address of this device, as seen by remote Physical Address devices.

  • Page 37: Connection Details - Singtel Ras

    VPN Broadband Router User manual Connection Details - SingTel RAS If using the SingTel RAS access method, a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 22: Connection Details - SingTel RAS Data - SingTel RAS Screen Internet RAS Plan...
  • Page 38 Operation and Status Router (by the ISP's DHCP Server), this button will say "Release". Clicking the "Release" button will break the connection and release the IP Address. Update the data shown on screen. Refresh...

  • Page 39: Connection Details - Fixed/Dynamic Ip Address

    VPN Broadband Router User manual Connection Details - Fixed/Dynamic IP Address If your access method is "Direct" (no login), a screen like the following example will be displayed when the "Connection Details" button is clicked. Figure 23: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Internet The hardware address of this device, as seen by remote devic-...
  • Page 40 Operation and Status Refresh Update the data shown on screen.

  • Page 41: Chapter 6 Internet Features

    VPN Broadband Router User manual Chapter 6 Internet Features This Chapter explains when and how to use the VPN Broadband Router's "Internet" Features. Overview The following advanced features are provided.  WAN Port Configuration  Advanced Internet  Communication Applications ...

  • Page 42: Wan Port Configuration

    Internet Features WAN Port Configuration The WAN Port Configuration screen provides an alternative to using the Wizard. It can be accessed from the Internet menu under Advanced section. An example screen is shown below. Figure 24: WAN Port Configuration Screen Data –...
  • Page 43 VPN Broadband Router User manual Specified Also called Static IP Address. Select this if your ISP has IP Address allocated you a fixed IP Address. If this option is selected, the following data must be entered.  IP Address. The IP Address allocated by the ISP. ...

  • Page 44: Advanced Setup

    Internet Features Server Address If using PPTP or Big Pond Cable, enter the address of your ISP's server. For PPPoE or SingTel RAS, the Server address in not required. Connection Select the desired option: behavior  Automatic Connect/Disconnect An Internet connection is automatically made when re- quired, and disconnected when idle for the time period specified by the "Auto-disconnect Idle Time-out".

  • Page 45: Communication Applications

    VPN Broadband Router User manual Communication Applications Most applications are supported transparently by the VPN Broadband Router. But sometimes it is not clear which PC should receive an incoming connection. This problem could arise with the Communication Applications listed on this screen.

  • Page 46: Multi-Dmz

    Internet Features Name Enter a descriptive name to identify this Special Application.  Type - Select the protocol (TCP or UDP) used when you receive Incoming data from the special application or service. (Note: Some applica- Ports tions use different protocols for outgoing and incoming data). ...

  • Page 47: Url Filter Screen

    VPN Broadband Router User manual  Enabling the URL Filter also affects the Internet Access Log. If Enabled, the "Destination" field in the log will display the URL. Otherwise, it will display the IP Address.  The URL Filter can be Enabled or Disabled on the Advanced Internet screen. URL Filter Screen Click the "Configure URL Filter"...

  • Page 48: Dynamic Dns (Domain Name Server)

    Internet Features Dynamic DNS (Domain Name Server) This free service is very useful when combined with the Virtual Server feature. It allows Internet users to connect to your Virtual Servers using a URL, rather than an IP Address. This also solves the problem of having a dynamic IP address. With a dynamic IP address, your IP address may change whenever you connect, which makes it difficult to connect to you.
  • Page 49 VPN Broadband Router User manual some DDNS Service providers.)  From the Internet, users will now be able to connect to your Virtual Servers (or DMZ PC) using your Domain name. DDNS Data DDNS Service Select the desired DDNS Service provider. Enter your Username for the DDNS Service.

  • Page 50: Virtual Servers

    Internet Features Virtual Servers This feature allows you to make Servers on your LAN accessible to Internet users. Normally, Internet users would not be able to access a server on your LAN because:  Your Server does not have a valid external IP Address. ...

  • Page 51: Defining Your Own Virtual Servers

    VPN Broadband Router User manual Figure 30: Virtual Servers Screen This screen lists a number of pre-defined Servers, providing a quick and convenient method to set up the common server types. Data - Virtual Servers Screen Servers Servers This lists a number of pre-defined Servers, plus any Servers you have defined.

  • Page 52: Options

    Internet Features Options This screen allows advanced users to enter or change a number of settings. For normal operation, there is no need to use this screen or change any settings. Figure 31: Options Screen Data - Options Screen Backup DNS IP Address Enter the IP Address of the DNS (Domain Name Servers) here.

  • Page 53: Chapter 7 Security Configuration

    VPN Broadband Router User manual Chapter 7 Security Configuration This Chapter explains the settings available via the “Advanced” configuration section of the "Security" menu. Overview The following advanced configurations are provided.  Access Control  Firewall Rules  Logs  E-mail ...

  • Page 54: Access Control

    Security Configuration Access Control This feature is accessed by the Access Control link on the Advanced, Security menu. The Access Control feature allows administrators to restrict the level of Internet Access available to PCs on your LAN. With the default settings, everyone has unrestricted Internet access. To use this feature: 1.
  • Page 55 VPN Broadband Router User manual "Members" Button Click this button to add or remove members from the current Group.  If the current group is "Default", then members can not be added or deleted. This group contains PCs not allocated to any other group.

  • Page 56: Group Members Screen

    Security Configuration Group Members Screen This screen is displayed when the Members button on the Access Control screen is clicked. Figure 33: Group Members Use this screen to add or remove members (PCs) from the current group.  The "Del >>" button will remove the selected PC (in the Members list) from the current group. ...

  • Page 57: Firewall Rules

    VPN Broadband Router User manual Firewall Rules For normal operation and LAN protection, it is not necessary to use this screen. The Firewall will always block DoS (Denial of Service) attacks. A DoS attack does not attempt to steal data or damage your PCs, but overloads your Internet connection so you can not use it - the service is unavailable.
  • Page 58 Security Configuration For each rule, the following data is shown: Data  Name - The name you assigned to the rule.  Source - The traffic covered by this rule, defined by the source IP address. If the IP address is followed by ... this in- dicates there is range of IP addresses, rather than a single address.

  • Page 59: Define Firewall Rule

    VPN Broadband Router User manual Define Firewall Rule Clicking the "Add" button in the Firewall Rules screen will display a screen like the example below. Figure 35: Define Firewall Rule Data - Define Firewall Rule Screen Name Enter a suitable name for this rule. This determines the source and destination ports for traffic Type covered by this rule.
  • Page 60 Security Configuration Dest. IP These settings determine which traffic, based on their destination IP address, is covered by this rule. Select the desired option:  Any - All traffic from the source port is covered by this rule.  Single address - Enter the required IP address in the "Start IP address"...

  • Page 61: Logs

    VPN Broadband Router User manual Logs The Logs record various types of activity on the VPN Broadband Router. This data is useful for troubleshooting, but enabling all logs will generate a large amount of data and adversely affect performance. Since only a limited amount of log data can be stored in the VPN Broadband Router, log data can also be E-mailed to your PC or sent to a Syslog Server.
  • Page 62 Security Configuration Outgoing Select the desired option: Traffic  All IP traffic - - this will log all outgoing TCP/IP connections, of any type. This will generate the largest logs, and fill the in- ternal log buffer more quickly.  All TCP/UDP/ICMP traffic - These 3 protocols are used by most internet traffic.

  • Page 63: E-Mail

    VPN Broadband Router User manual E-mail Figure 37: E-Mail Screen Data – E-Mail Screen E-Mail Alerts If enabled, an E-mail will be sent immediately if a DoS Send E-Mail alert (Denial of Service) attack is detected. If enabled, the E-mail address information must be provided.
  • Page 64 Security Configuration E-mail address Enter the E-mail address the Log is to be sent to. The E- mail will also show this address as the Sender's address. Enter the text string to be shown in the "Subject" field for the Subject E-mail.

  • Page 65: Security Options

    VPN Broadband Router User manual Security Options This screen allows you to set Firewall and other security-related options. Figure 38: Security Options Screen Data - Security Options Screen Firewall If enabled, DoS (Denial of Service) attacks will be detected and Enable DoS blocked.
  • Page 66 Security Configuration If enabled, PCs on the LAN can use VPN software to connect Allow VPN pass- to remote clients via the Internet connection. The protocols through supported are:  IPSec IPSec protocol is used to establish a secure connection, and is widely used by VPN (Virtual Private Networking) programs.

  • Page 67: Scheduling

    VPN Broadband Router User manual Scheduling  This schedule can be (optionally) applied to any Access Control Group.  Blocking will be performed during the scheduled time (between the "Start" and "Finish" times.)  Two (2) separate sessions or periods can be defined. ...

  • Page 68: Services

    Security Configuration Services Services are used in defining traffic to be blocked or allowed by the Access Control or Firewall Rules features. Many common Services are pre-defined, but you can also define your own services if required. To view the Services screen, select the Services link on the Security menu. Figure 40: Services Screen Data - Services Screen Available Services...

  • Page 69: Chapter 8 Vpn (Ipsec)

    VPN Broadband Router User manual Chapter 8 VPN (IPSec) This Chapter describes the VPN capabilities and configuration required for common situations. Overview This section describes the VPN (Virtual Private Network) support provided by your VPN Broadband Router. A VPN (Virtual Private Network) provides a secure connection between 2 points, over an insecure network - typically the Internet.

  • Page 70: Vpn Configuration

    Microsoft VPN  The traffic which is allowed to use the VPN connection.  The parameters (settings) for the IPsec SA (Security Association)  If IKE is used, the parameters (settings) for the IKE SA (Security Association) Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connec- tions.

  • Page 71: Client Pc To Vpn Gateway

    VPN Broadband Router User manual Client PC to VPN Gateway Figure 42: Client PC to VPN Server In this situation, the PC must run appropriate VPN client software in order to connect, via the Internet, to the VPN Broadband Router. Once connected, the client PC has the same access to LAN resources as PCs on the local LAN (unless restricted by the network administrator).

  • Page 72: Vpn Configuration

    Microsoft VPN VPN Configuration This section covers the configuration required on the VPN Broadband Router when using Manual Key Exchange (Ma- nual Policies) or IKE (Automatic Policies). Details of using Certificates are covered in a later section. VPN Policies Screen To view this screen, select VPN Policies from the VPN menu.

  • Page 73: Adding A New Policy

    VPN Broadband Router User manual Move The order in which policies are listed is only important if you have multiple polices for the same remote site. In that case, the first matching policy is used. There are 2 ways to change the order of policies: ...
  • Page 74 Microsoft VPN Figure 46: VPN Wizard – General Screen General Settings Enter a suitable name. This name is not supplied to the remote Policy Name VPN. It is used only to help you manage the policies. Enable or disable the policy as required. For each remote VPN, Enable Policy only 1 policy can be enabled at any time.
  • Page 75 VPN Broadband Router User manual Figure 47: VPN Wizard - Traffic Selector Screen  For outgoing VPN connections, these settings determine which traffic will cause a VPN tunnel to be created, and which traffic will be sent through the tunnel. ...
  • Page 76 Microsoft VPN Remote IP addresses  Single address - enter an IP address in the "Start IP Type address" field.  Range address - enter the starting IP address in the "Start IP address" field, and the finish IP address in the "Finish IP address"...
  • Page 77 VPN Broadband Router User manual  Each SPI (Security Parameter Index) must be unique.  The "in" SPI here must match the "out" SPI on the remote VPN, and the "out" SPI here must match the "in" SPI on the remote VPN. ...
  • Page 78 Microsoft VPN Figure 49: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity This setting must match the "Remote Identity" on the remote VPN. Select the desired option, and enter the required data in the "Local Identity Data" field. ...
  • Page 79 VPN Broadband Router User manual Authentication Select the desired option, and ensure that both endpoints have the same settings. Algorithm Select the desired method, and ensure the remote VPN end- Encryption point uses the same method. Algorithm  The 3DES algorithm provides greater security than DES, but is slower.
  • Page 80 Microsoft VPN IKE Phase 2 Screen This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for IKE and IPSec. Figure 50: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life This setting does not have to match the remote VPN end- point;...
  • Page 81 VPN Broadband Router User manual For IKE, configuration is now complete. Click "Next" to view the final screen. Figure 51: VPN Wizard - Final Screen On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.

  • Page 82: Vpn Examples

    Microsoft VPN VPN Examples This section describes some examples of using the VPN Broadband Router in common VPN situations. Example 1: Connecting 2 VPN Broadband Routers In this example, 2 LANs are connected via VPN. Figure 52: Connecting 2 VPN Broadband Routers Note ...
  • Page 83 VPN Broadband Router User manual mode DH Group Group 1 (768 Group 1 (768 Must match bit) bit) IKE SA Life time 28800 28800 Does not have to match. Shorter period will be used. IKE PFS Disable Disable Must match IPSec SA Parameters IPSec SA Life 28800...

  • Page 84: Example 2: Windows 2000/Xp Client To Lan

    Microsoft VPN Example 2: Windows 2000/XP Client to LAN In this example, a Windows 2000/XP client connects to the VPN Broadband Router and gains access to the local LAN. Figure 53: Windows 2000/XP Client to VPN Broadband Router To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
  • Page 85 VPN Broadband Router User manual IPSec SA Life 28800 Do not have to match. Shorter period will time be used. IPSec PFS Disable Must match client PC AH authentication Disabled AH is rarely used ESP authentica- Enable/MD5 Must match client PC tion ESP encryption Enable/DES...
  • Page 86 Microsoft VPN Figure 55: Windows 2000/XP - Policy Properties  Note that no rules are in use. Two (2) rules are required - incoming and outgoing.  The outgoing rule will be added first. 6. Deselect the "Use Add Wizard" checkbox, then click "Add" to view the screen below. Figure 56: IP Filter List 7.
  • Page 87 VPN Broadband Router User manual Figure 57: Filter Properties: Addressing 8. Enter the Source IP address and the Destination IP address.  Since this is the outgoing filter, the Source IP address is "My IP address" and the Destination IP address is the address range used on the remote LAN.
  • Page 88 Microsoft VPN Figure 59: New Rule Properties: Filter Action 11. Select Require Security, then click the "Edit" button, to view the Require Security Properties screen. Figure 60: Require Security Properties 12. Select Negotiate security (this selects IKE), then click "Add".
  • Page 89 VPN Broadband Router User manual Figure 61: Modify Security Method 13. On the resulting screen (above), select High [ESP] then click "OK" to save your changes and return to the Require Security Properties screen. Figure 62: Require Security Properties 14. Ensure the following settings are correct, then click "OK" to return to the Filter Action tab of the Edit Rule Properties screen.
  • Page 90 Microsoft VPN 15. Click the Tunnel Setting tab, then select The tunnel endpoint is specified by this IP address. Enter the WAN (Inter- net) IP address of the VPN Broadband Router, as shown below. Figure 63: Tunnel Setting 16. Click the Authentication Methods tab, then click the "Edit" to see the screen like the example below. Figure 64: Authentication Method 17.
  • Page 91 VPN Broadband Router User manual Figure 65: Windows 2000/XP Client to VPN Broadband Router 20. To add the second (incoming) rule, click "Add". For the name, enter "To Win2K", then click "Add". Figure 66: Windows 2000/XP Client to VPN Broadband Router 21.
  • Page 92 Microsoft VPN Figure 67: Filter Properties: Addressing 22. Click "OK" to save your changes, then "Close". Figure 68: Filter List 23. Ensure the "To Win2K" filter is selected, then click the Filter Action tab.
  • Page 93 VPN Broadband Router User manual Figure 69: Filter Action 24. Select Require Security, then click "Edit". On the Require Security Methods screen below, select Negotiate securi- Figure 70: Security Methods 25. Click the "Add" button. On the resulting Modify Security Method screen below, select High [ESP].
  • Page 94 Microsoft VPN Figure 71: Modify Security Method 26. Click "OK" to save your changes, then click "OK" again to return to the Filter Action screen. 27. Select the Tunnel Setting tab, and enter the WAN (Internet) IP address of this PC (172.16.9.10 in this example). Figure 72: Tunnel Setting 28.
  • Page 95 VPN Broadband Router User manual Figure 73: Authentication Method 29. Select Use this string to protect the key exchange (preshared key), then enter your preshared key in the field provided. 30. Click "OK" to save your settings, then "Close" to return to the DUT to Win2K Properties screen. There should now be 2 IP Filers listed, as shown below.
  • Page 96 Microsoft VPN Figure 75: Properties - General Tab 32. Click the "Advanced" button to see the screen below. Figure 76: Key Exchange Settings 33. Click the "Methods" button to see the screen below. Figure 77: Key Exchange Security Methods...

  • Page 97: Example 3: Windows 2000 Server To Vpn Gateway

    VPN Broadband Router User manual 34. Select the first entry, and click the "Edit" button to see the following screen. Figure 78: IKE Security Algorithms 35. Select "SHA1" for Integrity Algorithm, "3DES" for Encryption algorithm, and "Low(1)" for the Diffie-Hellman Group. 36.
  • Page 98 Microsoft VPN VPN Broadband Router Configuration This is the same as for the client setup earlier, with the exception of the IP address range for the remote endpoint. Setting Single Client Server/Gateway Remote 172.16.9.10 Subnet address: IP addresses 11.5.0.0 For a single client, this is 255.255.0.0 the same as the Gateway address...
  • Page 99 VPN Broadband Router User manual Windows 2000 Server Configuration Configuration is the same as for Example 2: Windows 2000/XP Client to except for specifying the Source and Desti- nation addresses for the "Filter Properties". Instead, for both IP Filters, the Filter Properties- Addressing should be completed as follows.

  • Page 100: Certificates

    Microsoft VPN Certificates Certificates are used to authenticate users. Certificates are issued to you by various CAs (Certification Authorities). These Certificates are called "Self Certificates". Each CA also issues a certificate to itself. This Certificate is required in order to validate communication with the CA. These certificates are called "Trusted Certificates."...

  • Page 101: Self Certificates

    VPN Broadband Router User manual Figure 83: Add Trusted Certificate 3. Click the "Browse" button, and locate the certificate file on your PC 4. Select the file. The name will appear in the "Certificate File" field. 5. Click "Upload" to upload the certificate file to the VPN Broadband Router. 6.

  • Page 102: Requesting A Self Certificate

    Microsoft VPN Self Certificate Requests Any current requests are listed. These requests are generated Request List by using the New Request button described below.  After you have received the Certificate file for a request, you must select the request in the list, and upload the cer- tificate file.
  • Page 103 VPN Broadband Router User manual 2. Complete this screen. Enter a name which helps to identify this particular Name certificate. This name is only for your reference, it is not visible to other people. Subject Name This is the name which other organizations will see as the Holder (owner) of this Certificate.

  • Page 104: Crls

    Microsoft VPN  Connect to the CA's web site.  Start the Self Certificate request procedure.  When prompted for the request data, supply the data you copied and saved in step 5 above.  Submit the CA's form.  If there are no problems, the Certificate will then be issued.

  • Page 105: Status

    VPN Broadband Router User manual Figure 89: Upload CRL 4. Upload the CRL file:  Click the "Browse" button, and locate the CRL file on your PC  Select the file. The name will appear in the "File to Upload" field. ...
  • Page 106 Microsoft VPN Buttons Update the data shown on screen. Refresh Open a new window and view the contents of the VPN log. View Log...

  • Page 107: Chapter 9 Microsoft Vpn

    VPN Broadband Router User manual Chapter 9 Microsoft VPN This Chapter explains the screens and settings available for the Microsoft VPN function. Overview Microsoft VPN uses the Microsoft VPN Adapter which is provided in recent versions of Windows. This feature can be used to provide remote access to your LAN by individual PCs.

  • Page 108: Client Database

    Microsoft VPN Data – Microsoft VPN Screen PPTP Server Enable Use this checkbox to enable or disable this feature as required. To allow connection by remote Windows clients, you must ena- ble this feature, and enter the client details (on the Clients screen) to allow them to login to this Server.
  • Page 109 VPN Broadband Router User manual Properties Use this to enable or disable access by this user, as required. Allow connec- tion Login Name Enter the login name. The remote user must provide this name when they connect. The name must not contain spaces, punctu- ation, or special characters.

  • Page 110: Status Screen

    Microsoft VPN Status Screen The Status screen is accessed by selecting the Status option on the Microsoft VPN menu. Figure 93: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status This indicates whether or not the PPTP (VPN) Server is enabled. Status This indicates the number of remote clients currently logged into Current Con-...

  • Page 111: Windows Client Setup

    VPN Broadband Router User manual Windows Client Setup To connect to the PPTP (VPN) Server in the VPN Broadband Gateway:  The Microsoft VPN feature in the VPN Broadband Gateway must be enabled and configured, as described in the previous section. ...
  • Page 112 Microsoft VPN Windows ME VPN Dialing Properties To establish a connection: 1. Ensure you are connected to the Internet. 2. Select Start - Settings - Dial-up Networking 3. Double-click the new VPN entry in Dial-up Networking. 4. Enter your User name and Password, as recorded in the Client database on the VPN Broadband Router. 5.

  • Page 113: Windows 2000

    VPN Broadband Router User manual Windows 2000 Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open "Network Connections", and start the "New Connection" Wizard. Figure 96: Windows 2000 Network Connection 2. Select the VPN option ("Connect to a private network through the Internet"), as shown above, and click Next. Figure 97: Windows 2000 Public Network 3.
  • Page 114 Microsoft VPN Figure 98: Windows 2000 VPN Host 4. On the screen above, enter the Domain Name or Internet IP address of the VPN Broadband Router you wish to connect to. Click Next to continue. Figure 99: Windows 2000 Connection Availability 5.
  • Page 115 VPN Broadband Router User manual 6. Enter a suitable name, and click "Finish" to save and exit. Setup is now complete. To establish a connection: 1. Right-click the connection in "Network Connections", and select "Connect". 2. You will then be prompted for the username and password. Enter the username and password assigned to you, as recorded in the VPN client database on the VPN Broadband Router.

  • Page 116: Windows Xp

    Microsoft VPN Windows XP Ensure you have logged on with Administrator rights before attempting this procedure. 1. Open Network Connections (Start-Settings-Network Connections), and start the New Connection Wizard. Figure 101: Windows XP Network Connection Type 2. Select the option "Connect to the network at my workplace", as shown above, and click Next. Figure 102: Windows XP Network Connection 3.
  • Page 117 VPN Broadband Router User manual Figure 103: Windows XP Connection Name 4. Enter a suitable name for this connection. Click Next to continue. Figure 104: Windows XP Public Network 5. On the screen above, select "Do not dial the initial connection". Click Next to continue.
  • Page 118 Microsoft VPN Figure 106: Windows XP Connection Availability 7. Choose whether to allow this connection for everyone, or only for yourself, as required. Click Next to continue. 8. On the final screen, click Finish to save and exit. Setup is now complete. To establish a connection: 1.

  • Page 119: Chapter 10 Other Features & Settings

    VPN Broadband Router User manual Chapter 10 Other Features & Settings This Chapter explains the screens and settings available via the "Other" menu. Overview Normally, it is not necessary to use these screens, or change any settings. These screens and settings are provided to deal with non-standard situations, or to provide additional options for advanced users.

  • Page 120: Config File

    Other Features and Settings Config File This feature allows you to backup (download) the current settings from the VPN Broadband Router, and save them to a file on your PC. You can restore a previously-downloaded configuration file to the VPN Broadband Router, by uploading it to the VPN Broadband Router.

  • Page 121: Network Diagnostics

    VPN Broadband Router User manual Network Diagnostics This screen allows you to perform a "Ping" or a "DNS lookup". These activities can be useful in solving network prob- lems. An example Network Diagnostics screen is shown below. Figure 108: Network Diagnostics Screen Data - Network Diagnostics Screen Ping Enter the IP address you wish to ping.

  • Page 122: Pc Database

    Other Features and Settings PC Database The PC Database is used whenever you need to select a PC (e.g. for the "DMZ" PC). It eliminates the need to enter IP addresses. Also, you do not need to use fixed IP addresses on your LAN. PC Database Screen An example PC Database screen is shown below.
  • Page 123 VPN Broadband Router User manual Data - PC Database Screen This lists all current entries. Data displayed is name (IP Address) Known PCs type. The "type" indicates whether the PC is connected to the LAN. Name If adding a new PC to the list, enter its name here. It is best if this matches the PC's "hostname".

  • Page 124: Pc Database (Admin)

    Other Features and Settings PC Database (Admin) This screen is displayed if the "Advanced Administration" button on the PC Database is clicked. It provides more control than the standard PC Database screen. Figure 110: PC Database (Admin) Data - PC Database ( Admin) Screen This lists all current entries.
  • Page 125 VPN Broadband Router User manual MAC Address Select the appropriate option  Automatic discovery - Select this to have the VPN Broad- band Router contact the PC and find its MAC address. This is only possible if the PC is connected to the LAN and po- wered On.

  • Page 126: Remote Administration

    Other Features and Settings Remote Administration Remote Administration allows you to connect to this interface via the Internet, using your Web browser. Figure 111: Remote Administration Screen Data - Remote Administration Screen Information To establish a connection from the Internet: Information 1.
  • Page 127 VPN Broadband Router User manual  Have your ISP allocate you a Fixed IP address.  Use the DDNS feature (Internet menu) so you can connect using a Domain Name, rather than an IP address. Port Number Enter a port number between 1024 and 65535. The default for HTTP connections is port 80, and for HTTPS port 443.

  • Page 128: Routing

    Other Features and Settings Routing Overview  If you don't have other Routers or Gateways on your LAN, you can ignore the "Routing" page completely.  If the VPN Broadband Router is only acting as a Gateway for the local LAN segment, ignore the "Routing" page even if your LAN has other Routers.
  • Page 129 VPN Broadband Router User manual Figure 112: Routing Screen Data - Routing Screen Enable RIP Check this to enable the RIP (Routing Information Protocol) feature of the VPN Broadband Router. The VPN Broadband Router supports RIP 1 only. Static Routing Static Routing This list shows all entries in the Routing Table.

  • Page 130: Configuring Other Routers On Your Lan

    Other Features and Settings  Destination Network - The network address of the remote Properties LAN segment. For standard class "C" LANs, the network address is the first 3 fields of the Destination IP Address. The 4th (last) field can be left at 0. ...

  • Page 131: Static Routing - Example

    VPN Broadband Router User manual Other Routers on the Local LAN Other routers on the local LAN must use the VPN Broadband Router 's Local Router as the Default Route. The entries will be the same as the VPN Broadband Router 's local router, with the exception of the Gateway IP Address. ...
  • Page 132 Other Features and Settings Interface For Router B's Default Route Destination IP Address 0.0.0.0 Network Mask 0.0.0.0 Gateway IP Address 192.168.1.80 (VPN Broadband Router 's local router) Interface...

  • Page 133: Upgrade Firmware

    VPN Broadband Router User manual Upgrade Firmware Use this screen to upgrade your VPN Broadband Router's firmware.  You must download the required firmware file, and store it on your PC.  During the upgrade process, all existing Internet connections will be terminated. ...

  • Page 134: Upnp

    Other Features and Settings UPnP An example UPnP screen is shown below. Figure 115: UPnP Screen Data - UPnP Screen UPnP  UPnP (Universal Plug and Play) allows automatic discovery Enable UPnP and configuration of equipment attached to your LAN. UPnP Services is by supported by Windows ME, XP, or later.

  • Page 135: Appendix A Troubleshooting

    Appendix A Troubleshooting This Appendix covers the most likely problems and their solutions. Overview This chapter covers some common problems that may be encountered while using the VPN Broadband Router and some possible solutions to them. If you follow the suggested steps and the VPN Broadband Router still does not func- tion properly, contact your dealer for further advice.
  • Page 136 Appendix A - Troubleshooting applications which do not function correctly. If this does solve the problem you can use the DMZ function. This should work with almost every application, but:  It is a security risk, since the firewall is disabled. ...

  • Page 137: Appendix B Specifications

    Appendix B Specifications VPN Broadband Router Model FBR-1430 VPN Broadband Router Dimensions 141mm(W) * 100mm(D) * 27mm(H) Operating Tempera- 0 C to 40 C ture Storage Temperature -10 C to 70 C Network Protocol: TCP/IP Network Interface: 5 Ethernet: 4 * 10/100BaseT (RJ45) LAN connection...

  • Page 138: Ce Marking Warning

    Appendix B - Specifications CE Marking Warning CE Standards This product complies with the 99/5/EEC directives, including the following safety and EMC standards:  EN301489-1/-17  EN60950 This is a Class B product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

Table of Contents