NetComm NB724 User Manual
  1. Manuals
  2. Brands
  3. NetComm Manuals
  4. Network Router
  5. NB724
  6. User manual
NetComm NB724 User Manual

NetComm NB724 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
CHAPTER 1: INTRODUCTION .............................................................................................................. 3
.................................................................................................................................................. 3
CHAPTER 2: INSTALLING THE ROUTER .......................................................................................... 6
.................................................................................................................................................... 9
CHAPTER 3: BASIC INSTALLATION................................................................................................. 10
Web Interface (Username and Password) .......................................................................................... 15
Device LAN IP settings: ..................................................................................................................... 15
ISP setting in WAN site:...................................................................................................................... 15
DHCP server ...................................................................................................................................... 15
LAN and WAN Port Addresses............................................................................................................ 15
CHAPTER 4: CONFIGURATION.......................................................................................................... 18
.................................................................................................................................................... 19
ARP Table ........................................................................................................................................... 19
Routing Table...................................................................................................................................... 19
DHCP Table........................................................................................................................................ 20
PPTP Status ........................................................................................................................................ 21
IPSec Status ........................................................................................................................................ 21
L2TP Status......................................................................................................................................... 22
Email Status........................................................................................................................................ 22
Event Log............................................................................................................................................ 23
Error Log............................................................................................................................................ 23
NAT Sessions ...................................................................................................................................... 24
Diagnostic........................................................................................................................................... 24
UPnP Portmap ................................................................................................................................... 25
........................................................................................................................................... 26
...................................................................................................................................... 28
LAN (Local Area Network)................................................................................................................. 28
Bridge Interface .............................................................................................................................. 28
Ethernet........................................................................................................................................... 29
IP Alias............................................................................................................................................ 30
Ethernet Client Filter ...................................................................................................................... 31
Port Setting ..................................................................................................................................... 33
DHCP Server .................................................................................................................................. 34
WAN - Wide Area Network.................................................................................................................. 35
ISP .................................................................................................................................................. 35
DNS ................................................................................................................................................ 45
SHDSL ........................................................................................................................................... 46
System ................................................................................................................................................. 47

Table of Contents

T
a
b
l
e
T
a
b
l
e
............................................................................................................. 3
................................................................................................ 6
................................................................................................................................. 6
NB724 ............................................................................................................. 7
NB724............................................................................................................... 8
................................................................................................................... 10
.................................................................................................................. 15
ISP ................................................................................................................ 16
.............................................................................................. 17
o
f
C
o
n
t
e
n
t
s
o
f
C
o
n
t
e
n
t
s
i

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NB724 and is the answer not in the manual?

Questions and answers

Related Manuals for NetComm NB724

Summary of Contents for NetComm NB724

  • Page 1: Table Of Contents

    EATURES CHAPTER 2: INSTALLING THE ROUTER ..................6 ....................6 MPORTANT NOTE FOR USING THIS ROUTER ..........................6 ACKAGE ONTENTS NB724 ......................7 RONT S OF THE NB724....................... 8 ORTS OF THE ..............................9 ABLING CHAPTER 3: BASIC INSTALLATION....................10 ........................
  • Page 2 Time Zone............................47 Remote Access..........................48 Firmware Upgrade.......................... 49 Backup / Restore..........................50 Restart Router ..........................51 User Management........................... 52 Firewall and Access Control ......................53 General Settings..........................54 Packet Filter............................ 55 Intrusion Detection ......................... 63 URL Filter............................65 IM / P2P Blocking .......................... 67 Firewall Log ...........................

  • Page 3: Chapter 1: Introduction

    Chapter 1: Introduction Introduction to your Router Thank you for purchasing the NetComm NB724 SHDSL Router. Your NetComm SHDSL router is an “all-in-one” unit, combining an SHDSL modem, SHDSL router and Ethernet network switch, providing everything you need to get the machines on your network connected to the Internet over your SHDSL broadband connection.
  • Page 4 SHDSL VPN Router It provides an easy way to map the domain name (a friendly name for users such as www.yahoo.com) and IP address. When a local machine sets its DNS server with this router’s IP address, every DNS conversion request packet from the PC to this router will be forwarded to the real DNS in the outside network.
  • Page 5 SHDSL VPN Router Rich Management Interfaces It supports flexible management interfaces with local console port, LAN port, and WAN port. Users can use terminal applications through the console port to configure and manage the device, or Telnet, WEB GUI, and SNMP through LAN or WAN ports to configure and manage the device. Chapter 1: Introduction...

  • Page 6: Chapter 2: Installing The Router

    SHDSL VPN Router Chapter 2: Installing the Router Important note for using this router Do not use this router in high humidity or high temperatures. Do not use the same power source for this router as other equipment. Do not open or repair the case yourself. If this router is too hot, turn off the power immediately and have it repaired at a qualified Warning service center.

  • Page 7: The Front Leds Of The Nb724

    SHDSL VPN Router The Front LEDs of the NB724 Meaning Lit when successfully connected to the SHDSL line and it is LINE 1 & 2 synchronized. Lit when connected to an Ethernet device. LAN Port Green for 100Mbps; Orange for 10Mbps.

  • Page 8: The Rear Ports Of The Nb724

    SHDSL VPN Router The Rear Ports of the NB724 Port Meaning Power Switch Power ON/OFF switch Connect the supplied power adapter to this jack. To be sure the device is being turned on press RESET button for: 1-3 seconds: quick reset the device.

  • Page 9: Cabling

    SHDSL VPN Router Cabling One of the most common causes of problems is bad cabling or SHDSL line(s). Make sure that all connected devices are turned on. On the front of the product is a bank of LEDs. Verify that the LAN Link and SHDSL line LEDs are lit.

  • Page 10: Chapter 3: Basic Installation

    SHDSL VPN Router Chapter 3: Basic Installation The router can be configured with your web browser. A web browser is included as a standard application in the following operating systems: Linux, Mac OS, Windows 98/NT/2000/XP/Me, etc. The product provides an easy and user-friendly interface for configuration. Please check your PC’s network components.
  • Page 11 SHDSL VPN Router Configuring PCs in Window XP Go to Start / Control Panel (in Classic View). In the Control Panel, double-click Network Connections. Double-click Local Area Connection. (See Figure 3.1) Figure 3.1: LAN Area Connection In the LAN Area Connection Status window, click Properties.

  • Page 12: Configuring Pcs In Windows 2000

    SHDSL VPN Router Configuring PCs in Windows 2000 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and Dial-up Connections. Double-click Local Area (“LAN”) Connection. (See Figure 3.5) Figure 3.5: LAN Area Connection In the LAN Area Connection Status window, click Properties.

  • Page 13: Configuring Pc In Windows 95/98/Me

    SHDSL VPN Router Configuring PC in Windows 95/98/ME Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Configuration tab. Select TCP / IP -> NE2000 Compatible, or the name of any Network Interface Card (NIC) in your PC. (See Figure 3.9) Click Properties.
  • Page 14 SHDSL VPN Router Configuring PC in Windows NT4.0 Go to Start / Settings / Control Panel. In the Control Panel, double-click Network and choose the Protocols tab. Select TCP/IP Protocol and click Properties. (See Figure 3.12) Figure 3.12: TCP / IP Select the Obtain an IP address from a DHCP server radio button and click OK.

  • Page 15: Factory Default Settings

    SHDSL VPN Router Factory Default Settings Before configuring your NB724, you need to know the following default settings. Web Interface (Username and Password) Username: admin Password: admin The default username and password are “admin” and “admin” respectively. If you ever forget the username/password to login to the router, you may press the RESET button up to 6 seconds to restore the factory default settings.

  • Page 16: Information From Your Isp

    SHDSL VPN Router Information from your ISP Before configuring this device, you have to check with your ISP (Internet Service Provider) to find out what kind of service is provided such as DHCP (Obtain an IP Address Automatically, Static IP (Fixed IP Address) and PPPoE.

  • Page 17: Configuring With Your Web Browser

    SHDSL VPN Router Configuring with your Web Browser Open your web browser, enter the IP address of your router, which by default is 192.168.1.254, and click “Enter”, a user name and password window prompt will appear. The default username and password are “admin”...

  • Page 18: Chapter 4: Configuration

    SHDSL VPN Router Chapter 4: Configuration At the configuration homepage, the left navigation pane where bookmarks are provided links you directly to the desired setup page, including: Status - ARP Table - Routing Table - DHCP Table - PPTP Status - IPSec Status - L2TP Status - Email Status...

  • Page 19: Status

    SHDSL VPN Router Status ARP Table This section displays the router’s ARP (Address Resolution Protocol) Table, which shows the mapping of Internet (IP) addresses to Ethernet (MAC) addresses. This is useful as a quick way of determining the MAC address of the network interface of your PCs to use with the router’s Firewall – MAC Address Filter function.

  • Page 20: Dhcp Table

    SHDSL VPN Router DHCP Table Leased: The DHCP assigned IP addresses information. IP Address: A list of IP addresses of devices on your LAN (Local Area Network). Expired: The expired IP addresses information. Permanent: The fixed host mapping information Leased Table IP Address: The IP address that assigned to client.

  • Page 21: Pptp Status

    SHDSL VPN Router PPTP Status This shows details of your configured PPTP VPN Connections. Name: The name you assigned to the particular PPTP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active.

  • Page 22: L2Tp Status

    SHDSL VPN Router L2TP Status This shows details of your configured L2TP VPN Connections. Name: The name you assigned to the particular L2TP connection in your VPN configuration. Type: The type of connection (dial-in/dial-out). Enable: Whether the connection is currently enabled. Active: Whether the connection is currently active.

  • Page 23: Event Log

    SHDSL VPN Router Event Log This page displays the router’s Event Log entries. Major events are logged to this window, such as when the router’s SHDSL connection is disconnected, as well as Firewall events when you have enabled Intrusion or Blocking Logging in the Configuration – Firewall section of the interface. Please see the Firewall section of this manual for more details on how to enable Firewall logging.

  • Page 24: Nat Sessions

    SHDSL VPN Router NAT Sessions This section lists all current NAT sessions between interface of types external (WAN) and internal (LAN). Diagnostic It tests the connection to computer(s) which is connected to LAN ports and also the WAN Internet connection. If PING www.google.com is shown FAIL and the rest is PASS, you ought to check your PC’s DNS settings is set correctly.

  • Page 25: Upnp Portmap

    SHDSL VPN Router UPnP Portmap The section lists all port-mapping established using UPnP (Universal Plug and Play). Please see the Advanced section of this manual for more details on UPnP and the router’s UPnP configuration options. Chapter 4: Configuration...

  • Page 26: Quick Start

    SHDSL VPN Router Quick Start For detailed instructions on configuring your WAN settings, please see the WAN section of this manual. Usually, the only details you will need for the Quick Start wizard to get you online are your login (often in the form of username@ispname), your password and the encapsulation type.
  • Page 27 SHDSL VPN Router Select the desired option from the list and click Apply to return to the Quick Start interface to continue configuring your ISP connection. Please note that the contents of this list will vary, depending on what is supported by your ISP.

  • Page 28: Configuration

    SHDSL VPN Router Configuration When you click this item, you get following sub-items to configure your router. LAN, WAN, System, Firewall, VPN, QoS, Virtual Server, Time Schedule and Advanced These functions are described below in the following sections. LAN (Local Area Network) Here are the items within LAN section: Bridge Interface, Ethernet, IP Alias, Ethernet Client Filter, Port Settings...

  • Page 29: Ethernet

    SHDSL VPN Router Ethernet Primary IP Address IP Address: The default IP on this router. SubNetmask: The default subnet mask on this router. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. Chapter 4: Configuration...

  • Page 30: Ip Alias

    SHDSL VPN Router IP Alias This function supports to create multiple virtual IP interfaces on this router. It helps to connect two or more local networks to the ISP or remote node. In this case, an internal router is not required. IP Address: Specify an IP address on this virtual interface.

  • Page 31: Ethernet Client Filter

    SHDSL VPN Router Ethernet Client Filter The Ethernet Client Filter supports up to 16 Ethernet network machines that helps you to manage your network control to accept traffic from specific authorized machines or can restrict unwanted machine(s) to access your LAN. There are no pre-define Ethernet MAC address filter rules;...
  • Page 32 SHDSL VPN Router Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which are connecting to the router. You can easily block or allow by checking the box next to the IP address. Then click Add to insert to the Ethernet Client Filter table.

  • Page 33: Port Setting

    SHDSL VPN Router Port Setting This section allows you to configure the settings for the router’s Ethernet ports to solve some of the compatibility problems that may be encountered while connecting to the Internet, as well as allowing users to tweak the performance of their network. Port # Connection Type: Six options to choose from: Auto, 10M half-duplex, 10M full-duplex, 100M half-duplex, 100M full-duplex and Disable.

  • Page 34: Dhcp Server

    SHDSL VPN Router DHCP Server You can disable or enable the DHCP (Dynamic Host Configuration Protocol) server or enable the router’s DHCP relay functions. The DHCP protocol allows your router to dynamically assign IP addresses to PCs on your network if they are configured to obtain IP addresses automatically. To disable the router’s DHCP Server, check Disabled and click Next, then click Apply.

  • Page 35: Wan - Wide Area Network

    SHDSL VPN Router WAN - Wide Area Network WAN refers to your Wide Area Network connection, i.e. your router’s connection to your ISP and the Internet. Here are the items within the WAN section: ISP, DNS SHDSL. The factory default is PPPoE. If your ISP uses this access protocol, click Edit to input other parameters as below.
  • Page 36 SHDSL VPN Router RFC 1483 Routed Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing the single IP address.
  • Page 37 SHDSL VPN Router RFC 1483 Bridged Connections Description: User-definable name for the connection. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. Encapsulation method: Select the encapsulation format, this is provided by your ISP. Acceptable Frame Type: Specify what kind of traffic can through this connection, all traffic or only VLAN tagged.
  • Page 38 SHDSL VPN Router PPPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.
  • Page 39 SHDSL VPN Router Detail: You can define the destination port and packet type (TCP/UDP) without checking by timer. It allows you to set which outgoing traffic will not trigger and reset the idle timer. RIP: RIP v1, RIP v2, and RIP v2 Multicast. Check to enable RIP function. MTU: Maximum Transmission Unit.
  • Page 40 SHDSL VPN Router IPoA Routed Connections Description: User-definable name for the connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single IP account, sharing a single IP address.

  • Page 41: Pppoe Connections

    SHDSL VPN Router PPPoE Connections Description: User-definable name for this connection. VPI/VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer. NAT: The NAT (Network Address Translation) feature allows multiple users to access the Internet through a single ISP account, sharing a single IP address.
  • Page 42 SHDSL VPN Router Connect on Demand: If you want to establish a PPPoE session only when there is a packet requesting access to the Internet (i.e. when a program on your computer attempts to access the Internet). Idle Timeout: Auto-disconnect the broadband firewall gateway when there is no activity on the line for a predetermined period of time.
  • Page 43 SHDSL VPN Router PPPoE with Pass-through Connections PPPoE with pass-through adapts the following method: PPPoE Routed mode + 1483 Bridge Mode. With pure PPPoE connection, the router can get one WAN address to the router. With the PPPoE and PPPoE pass-through, concurrently, it allows user to have a WAN address assigned to the router but also able to get another WAN IP from ISP using PPPoE dialer (e.g WinPoETor Windows XP PPPoE Dialer) at the same time.
  • Page 44 SHDSL VPN Router Authentication Protocol: Default is Chap(Auto). Your ISP will advise you whether to use Chap or Pap. Connection: Always on: If you want the router to establish a PPPoE session when starting up and to automatically re-establish the PPPoE session when disconnected by the ISP. Connect on Demand: If you want to establish a PPPoE session only when there is a packet requesting access to the Internet (i.e.

  • Page 45: Dns

    SHDSL VPN Router A Domain Name System (DNS) contains a mapping table for domain name and IP addresses. On the Internet, every host has a unique and user-friendly name (domain name) such as www.helloworld.com and an IP address. An IP address is a 32-bit number in the form of xxx.xxx.xxx.xxx, for example 192.168.1.254.

  • Page 46: Shdsl

    ISP first. Back – to –back: to be sure the Annex type is the same on the NB724 and the remote router. Bit Rate Mode: The mode selections are Adaptive and Fixed. Selecting the Adaptive mode, the best connection rate will be automatically negotiated with the CO / ISP.

  • Page 47: System

    SHDSL VPN Router System Here are items within the System section: Time Zone, Remote Access, Firmware Upgrade, Backup/Restore, Restart User Management. Time Zone The router does not have a real time clock on board; instead, it uses the Simple Network Time Protocol (SNTP) to get the current time from an SNTP server outside your network.

  • Page 48: Remote Access

    SHDSL VPN Router Remote Access To temporarily permit remote administration of the router (i.e. from outside your LAN), select a time period the router will permit remote access for and click Enable. You may change other configuration options for the web administration interface using Device Management options in the Advanced section of the GUI. If you wish to permanently enable remote access, choose a time period of 0 minutes.

  • Page 49: Firmware Upgrade

    SHDSL VPN Router Firmware Upgrade Your router’s “firmware” is the software that allows it to operate and provides all its functionality. Think of your router as a dedicated computer, and the firmware as the software it runs. Over time this software may be improved and modified, and your router allows you to upgrade the software it runs to take advantage of these changes.

  • Page 50: Backup / Restore

    SHDSL VPN Router Backup / Restore These functions allow you to save and backup your router’s current settings to a file on your PC, or to restore a previously saved backup. This is useful if you wish to experiment with different settings, knowing that you have a backup handy in the case of any mistakes.

  • Page 51: Restart Router

    SHDSL VPN Router Restart Router Click Restart with option Current Settings to reboot your router (and restore your last saved configuration). If you wish to restart the router using the factory default settings (for example, after a firmware upgrade or if you have saved an incorrect configuration), select Factory Default Settings to reset to factory default settings.

  • Page 52: User Management

    SHDSL VPN Router User Management In order to prevent unauthorized access to your router’s configuration interface, it requires all users to login with a password. You can set up multiple user accounts, each with their own password. You are able to Edit existing users and Create new users who are able to access the device’s configuration interface.

  • Page 53: Firewall And Access Control

    SHDSL VPN Router Firewall and Access Control Your router includes a full SPI (Stateful Packet Inspection) firewall for controlling Internet access from your LAN, as well as helping to prevent attacks from hackers. In addition to this, when using NAT, the router acts as a “natural”...

  • Page 54: General Settings

    SHDSL VPN Router General Settings You can choose not to enable Firewall, you will not be able to add filter rules by yourself in the Packet Filter, or enable the Firewall using preset filter rules and modify the packet filter rules as required. The Packet Filter is used to filter packets based-on Applications (Port) or IP addresses.

  • Page 55: Packet Filter

    SHDSL VPN Router Packet Filter This function is only available when the Firewall is enabled and one of these four security levels is chosen (All blocked, High, Medium and Low). The predefined port filter rules in the Packet Filter must modify accordingly to the level of Firewall, which is selected.
  • Page 56 SHDSL VPN Router Example: Predefined Port Filters Rules The predefined port filter rules for High, Medium and Low security levels are listed. See Table 1. Note: Firewall – All Blocked/User-defined, you must define and create the port filter rules yourself. No predefined rule is being preconfigured.
  • Page 57 SHDSL VPN Router MSN (7001) UDP(17) 7001 7001 MSN VEDIO TCP(6) 9000 9000 (9000) Inbound: Internet to LAN ; Outbound: LAN to Internet. YES: Allowed ; NO: Blocked ; N/A: Not Applicable Chapter 4: Configuration...
  • Page 58 SHDSL VPN Router Packet Filter – Add TCP/UDP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. The maximum name length is 32 characters. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 59 SHDSL VPN Router Packet Filter – Add Raw IP Filter Rule Name: Users-define description to identify this entry or click to select existing predefined rules. Time Schedule: It is self-defined time period. You may specify a time schedule for your prioritization policy.
  • Page 60 SHDSL VPN Router Example: Configuring your firewall to allow for a publicly accessible web server on your The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to a high, medium or low security level. To setup a web server located on the local network when the firewall is enabled, you have to configure the Port Filters setting for HTTP.
  • Page 61 SHDSL VPN Router Configuring Packet Filter: Click Port Filters. You will then be presented with the predefined port filter rules screen (in this case for the low security level), shown below: Note: You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter on your own.
  • Page 62 SHDSL VPN Router The new port filter rule for HTTP is shown below: Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be forwarded to the PC running your web server: Note: For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more details.

  • Page 63: Intrusion Detection

    SHDSL VPN Router Intrusion Detection The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
  • Page 64 SHDSL VPN Router Table 2: Hacker attack types recognized by the IDS Type of Block Intrusion Name Detect Parameter Blacklist Drop Packet Show Log Duration Ascend Kill Ascend Kill data Src IP WinNuke Port 135, 137~139, Src IP Flag: URG ICMP type 8 Victim Smurf...

  • Page 65: Url Filter

    SHDSL VPN Router URL Filter URL (Uniform Resource Locator – e.g. an address in the form of http://www.abcde.com or http://www.example.com) filter rules allow you to prevent users on your network from accessing particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to meet your requirements.
  • Page 66 SHDSL VPN Router If the packet does not match either of the above two items, it is sent to the remote web server. Please be note that the completed URL, “www” + domain name, shall be specified. For example block traffic www.google.com.au, enter...

  • Page 67: Im / P2P Blocking

    Internet. Both Instant Message and Peer-to-peer applications make communication faster and easier but your network can become increasingly insecure at the same time. NetComm’s IM and P2P blocking helps users to restrict LAN PCs to access to the commonly used IM, Yahoo and MSN, and P2P, BitTorrent and eDonkey, applications over the Internet.

  • Page 68: Firewall Log

    SHDSL VPN Router Firewall Log Firewall Log display log information of any unexpected action with your firewall settings. Check the Enable box to activate the logs. Log information can be seen in the Status – Event Log after enabling. Chapter 4: Configuration...

  • Page 69: Vpn - Virtual Private Networks

    SHDSL VPN Router VPN - Virtual Private Networks Virtual Private Networks is a way to establish secured communication tunnels to an organization’s network via the Internet. Your router supports three main types of VPN (Virtual Private Network), PPTP, IPSec L2TP. PPTP (Point-to-Point Tunneling Protocol) There are two types of PPTP VPN supported;...
  • Page 70 SHDSL VPN Router PPTP Connection - Remote Access Connection Name: User-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router as a Client, enter the remote Server IP Address (or Domain Name) you wish to connection to.
  • Page 71 SHDSL VPN Router Example: Configuring a Remote Access PPTP VPN Dial-out Connection A company’s office establishes a PPTP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out Chapter 4: Configuration...
  • Page 72 SHDSL VPN Router Configuring the PPTP VPN in the Office You can either input the IP address (69.1.121.33 in this case) or hostname to reach the server. Item Function Description Connection Name VPN_PPTP Given name of PPTP connection Dial out Check Dial out Server IP Address 69.121.1.33...
  • Page 73 SHDSL VPN Router PPTP Connection - LAN to LAN Connection Name: User-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router as a Client, enter the remote Server IP Address (or Hostname) you wish to connection to.
  • Page 74 SHDSL VPN Router Example: Configuring a PPTP LAN-to-LAN VPN Connection The branch office establishes a PPTP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application.
  • Page 75 SHDSL VPN Router Configuring PPTP VPN in the Head Office The IP address 192.168.1.201 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Function Description Connection Name HeadOffice...
  • Page 76 SHDSL VPN Router Configuring PPTP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 77: Ipsec (Ip Security Protocol)

    SHDSL VPN Router IPSec (IP Security Protocol) Click Create to create a new IPSec VPN connection account. After you have created the IPSec connection, account information will be displayed. (See example above). Enable / Disable: This function activates or deactivates the IPSec connection. To interrupt the tunnel, check Disable radio button and click Apply button to deactivate the connection.
  • Page 78 SHDSL VPN Router IPSec VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to office”). Local Network: Set the IP address, subnet or address range of the local network. Single Address: The IP address of the local host. Subnet: The subnet of the local network.
  • Page 79 SHDSL VPN Router 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method. AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption method. Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-key cryptography to change encryption keys during the second phase of VPN negotiation.
  • Page 80 SHDSL VPN Router Advanced Option This function is only available after you have created an IPSec account. Click Advanced Option to change the following settings: IKE (Internet key Exchange) Mode: Select IKE mode to Main mode or Aggressive mode. This IKE provides secured key generation and key management.
  • Page 81 SHDSL VPN Router encryption method. Diffie-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups. Local ID: Type: Specify local ID type.
  • Page 82 SHDSL VPN Router Example: Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24 Local Router IP 69.1.121.30 69.1.121.3 Remote Network ID 192.168.1.0/24 192.168.0.0/24 Remote Router IP 69.1.121.3 69.1.121.30 IKE Pre-shared Key 12345678...
  • Page 83 SHDSL VPN Router Configuring IPSec VPN in the Head Office Item Function Description Connection Name IPSec_HeadOffice Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the office router (in Branch 69.121.1.30...
  • Page 84 SHDSL VPN Router Configuring IPSec VPN in the Branch Office Item Function Description IPSec_Branch Connection Name Given a name of IPSec connection Office Subnet Check Subnet radio button IP Address 192.168.0.0 Branch office network Netmask 255.255.255.0 Secure Gateway Address IP address of the office router Branch 69.121.1.3...
  • Page 85 SHDSL VPN Router Example: Configuring a IPSec Host-to-LAN VPN Connection Chapter 4: Configuration...
  • Page 86 SHDSL VPN Router Configuring IPSec VPN in the Office Item Function Description Connection Name IPSec Given a name of IPSec connection Subnet Check Subnet radio button IP Address 192.168.1.0 Head office network Netmask 255.255.255.0 Secure Gateway Address IP address of the office router Branch 69.121.1.30...

  • Page 87: L2Tp (Layer Two Tunneling Protocol)

    SHDSL VPN Router L2TP (Layer Two Tunneling Protocol) Two types of L2TP VPN are supported Remote Access and LAN-to-LAN (please refer below for more information.). Click Create to create a new VPN connection account. After you have created L2TP connection, account status will be displayed. (See example above). Enable / Disable: This function activates or deactivates the L2TP connection.
  • Page 88 SHDSL VPN Router L2TP Connection - Remote Access L2TP VPN Connection Connection Name: User-defined name for the connection (e.g. “connection to office”). Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g.
  • Page 89 SHDSL VPN Router Click Apply after changing settings. L2TP over IPSec (L2TP/IPSec) VPN Connection IPSec: Enable for enhancing your L2TP VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE.
  • Page 90 SHDSL VPN Router Example: Configuring a L2TP VPN - Remote Access Dial-in Connection A remote worker establishes a L2TP VPN connection with the head office using Microsoft's VPN Adapter (included with Windows XP/2000/ME, etc.). The router is installed in the head office, connected to a couple of PCs and Servers.
  • Page 91 SHDSL VPN Router Configuring L2TP VPN in the Office The input IP address 192.168.1.200 will be assigned to the remote worker. Please make sure this IP is not used in the Office LAN. Item Function Description Connection Name VPN_L2TP Given a name of L2TP connection Dial in Check Dial in Private IP Address...
  • Page 92 SHDSL VPN Router Example: Configuring a Remote Access L2TP VPN Dial-out Connection A company’s office establishes a L2TP VPN connection with a file server located at a separate location. The router is installed in the office, connected to a couple of PCs and Servers. Dial-out Chapter 4: Configuration...
  • Page 93 SHDSL VPN Router Configuring the L2TP VPN in the Office Item Function Description Connection Name VPN_L2TP Given name of L2TP connection Dial out Check Dial out Server IP Address (or 69.121.1.33 An Dialed server IP Hostname) Username username A given username & password Password 123456 Auth.Type...
  • Page 94 SHDSL VPN Router Example: Configuring your Router to Dial-in to the Server Currently, Microsoft Windows operation system does not support L2TP incoming service. Additional software may be required to set up your L2TP incoming service. Chapter 4: Configuration...
  • Page 95 SHDSL VPN Router L2TP Connection - LAN to LAN L2TP VPN Connection Connection Name: User-define description of the connection. Type: Check Dial Out if you want your router to operate as a client (connecting to a remote VPN server, e.g. your office server), check Dial In operates as a VPN server. When configuring your router establish the connection to a remote LAN, enter the remote Server IP Address (or Hostname) you wish to connection to.
  • Page 96 SHDSL VPN Router Click Apply after changing settings. L2TP over IPSec (L2TP/IPSec) VPN Connection IPSec: Enable for enhancing your L2TP VPN security. Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE.
  • Page 97 SHDSL VPN Router Example: Configuring L2TP LAN-to-LAN VPN Connection The branch office establishes a L2TP VPN tunnel with head office to connect two private networks over the Internet. The routers are installed in the head office and branch office accordingly. Both office LAN networks MUST in different subnet with LAN to LAN application.
  • Page 98 SHDSL VPN Router Configuring L2TP VPN in the Head Office The IP address 192.168.1.200 will be assigned to the router located in the branch office. Please make sure this IP is not used in the head office LAN. Item Function Description Connection Name HeadOffice...
  • Page 99 SHDSL VPN Router Configuring L2TP VPN in the Branch Office The IP address 69.1.121.30 is the Public IP address of the router located in head office. If you registered the DDNS (please refer to the DDNS section of this manual), you can also use the domain name instead of the IP address to reach the router.

  • Page 100: Qos (Quality Of Service)

    SHDSL VPN Router QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality and speed of through put for each application when the system is running with full loading of upstream.
  • Page 101 SHDSL VPN Router Destination IP address Range: The destination IP address or range of packets to be monitored. DSCP Marking: Differentiated Services Code Point (DSCP), it is the first 6 bits in the ToS byte. DSCP Marking allows users to assign specific application traffic to be executed in priority by the next Router based on the DSCP value.

  • Page 102: Outbound Ip Throttling (Lan To Wan)

    SHDSL VPN Router Outbound IP Throttling (LAN to WAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. You can click Clear to delete the existing Application.

  • Page 103: Inbound Ip Throttling (Wan To Lan)

    SHDSL VPN Router Inbound IP Throttling (WAN to LAN) IP Throttling allows you to limit the speed of IP traffic. The value entered will limit the speed of the application that you set to the specified value’s multiple of 32kbps. You can click Clear to delete the existing Application.
  • Page 104 SHDSL VPN Router Example: QoS for your Network Connection Diagram VoIP Normal PCs Restricted PC Information and Settings Upstream: 928 kbps Downstream: 8 Mbps VoIP User : 192.168.1.1 Normal Users : 192.168.1.2~192.168.1.5 Restricted User: 192.168.1.100 Throughput VoIP/VPN HIGH kbps Others NORMAL Restricted VoIP/VPN...

  • Page 105: Voice Application

    SHDSL VPN Router Mission-critical application Mostly the VPN connection is mission-critical application for doing data exchange between head and branch office. The mission-critical application must be sent out smoothly without any dropping. Set priority as high level for preventing any other applications to saturate the bandwidth. Voice application Voice is latency-sensitive application.
  • Page 106 SHDSL VPN Router Sometime your customers or friends may upload their files to your FTP server and that will saturate your downstream bandwidth. The settings below help you to limit bandwidth for the restricted application. Chapter 4: Configuration...

  • Page 107: Virtual Server ("Port Forwarding")

    SHDSL VPN Router Virtual Server (“Port Forwarding”) In TCP/IP and UDP networks a port is a 16-bit number used to identify which application program (usually a server) incoming connections should be delivered to. Some ports have numbers that are pre-assigned to them by the IANA (the Internet Assigned Numbers Authority), and these are referred to as “well-known ports”.

  • Page 108: Add Virtual Server

    SHDSL VPN Router Add Virtual Server Because NAT can act as a “natural” Internet firewall, your router protects your network from being accessed by outside users when using NAT, as all incoming connection attempts will point to your router unless you specifically create Virtual Server entries to forward those ports to a PC on your network. When your router needs to allow outside users to access internal servers, e.g.

  • Page 109: Edit Dmz Host

    SHDSL VPN Router Example: If you like to remotely access your Router through the Web/HTTP at all times, you would need to enable port number 80 (Web/HTTP) and map to the Router’s IP Address. Then all incoming HTTP requests from you (Remote side) will be forwarded to the Router with IP address of 192.168.1.254.

  • Page 110: Edit Dmz Host

    SHDSL VPN Router Edit DMZ Host The DMZ Host is a local computer exposed to the Internet. When setting a particular internal IP address as the DMZ Host, all incoming packets will be checked by the Firewall and NAT algorithms then passed to the DMZ host, when a packet received does not use a port number used by any other Virtual Server entries.

  • Page 111: Edit One-To-One Nat (Network Address Translation)

    SHDSL VPN Router Edit One-to-One NAT (Network Address Translation) One-to-One NAT maps a specific private/local IP address to a global/public IP address. If you have multiple public/WAN IP addresses from you ISP, you are eligible for One-to-One NAT to utilize these IP addresses.
  • Page 112 SHDSL VPN Router Time Schedule: A self-defined time period to enable your virtual server. You may specify a time schedule or Always on for the usage of this Virtual Server Entry. For setup and detail, refer to Time Schedule section Application: Users-defined description to identify this entry or click to select existing predefined rules.
  • Page 113 For further information, please see IANA’s website at: http://www.iana.org/assignments/port-numbers For help on determining which private port numbers are used by common applications on this list, please see the FAQs (Frequently Asked Questions) at: http://www.NetComm.com Table 5: Well-known and registered Ports...

  • Page 114: Time Schedule

    SHDSL VPN Router Time Schedule The Time Schedule supports up to 16 time slots which helps you to manage your Internet connection. In each time profile, you may schedule specific day(s) i.e. Monday through Sunday to restrict or allowing the usage of the Internet by users or applications.

  • Page 115: Configuration Of Time Schedule

    SHDSL VPN Router Configuration of Time Schedule Edit a Time Slot 1. Choose any Time Slot (ID 1 to ID 16) to edit, click Edit. Click Edit Note: Watch it carefully, the days you have selected will present in capital letter. Lower case letter shows the day(s) is not selected, and no rule will apply on this day(s).

  • Page 116: Advanced

    SHDSL VPN Router Advanced Configuration options within the Advanced section are for users who wish to take advantage of the more advanced features of the router. Users who do not understand the features should not attempt to reconfigure their router, unless advised to do so by support staff. Here are items within the Advanced section: Static Route, Dynamic DNS, Check Email, Device Management, IGMP...

  • Page 117: Dynamic Dns

    SHDSL VPN Router Dynamic DNS The Dynamic DNS function allows you to alias a dynamic IP address to a static hostname, allowing users whose ISP does not assign them a static IP address to use a domain name. This is especially useful for hosting servers via your SHDSL connection, so that anyone wishing to connect to you may use your domain name, rather than having to use your dynamic IP address, which changes from time to time.

  • Page 118: Check Email

    SHDSL VPN Router Check Email This function allows you to have the router check your POP3 mailbox for new Email messages. The Mail LED on your router will light when it detects new messages waiting for download. You may also view the status of this function using the Status –...

  • Page 119: Device Management

    SHDSL VPN Router Device Management The Device Management advanced configuration settings allow you to control your router’s security options and device monitoring features. Embedded Web Server ( 2 Management IP accounts) HTTP Port: This is the port number the router’s embedded web server (for web-based configuration) will use.
  • Page 120 SHDSL VPN Router After 100 seconds, the device will automatically logout User A. Universal Plug and Play (UPnP) UPnP offers peer-to-peer network connectivity for PCs and other network devices, along with control and data transfer between devices. UPnP offers many advantages for users running NAT routers through UPnP NAT Traversal, and on supported systems makes tasks such as port forwarding much easier by letting the application control the required settings, removing the need for the user to control advanced configuration of their device.
  • Page 121 SHDSL VPN Router IP group ICMP group TCP group UDP group EGP (not applicable) Transmission SNMP group From RFC1650 (EtherLike-MIB): dot3Stats From RFC 1493 (Bridge MIB): dot1dBase group dot1dTp group dot1dStp group (if configured as spanning tree) From RFC 1471 (PPP/LCP MIB): pppLink group pppLqr group (not applicable) From RFC 1472 (PPP/Security MIB):...

  • Page 122: Igmp

    SHDSL VPN Router IGMP IGMP, known as Internet Group Management Protocol, is used to management hosts from multicast group. IGMP Forwarding: Accepting multicast packet. Default is set to Enable. IGMP Snooping: Allowing switched Ethernet to check and make correct forwarding decisions. Default is set to Disable.
  • Page 123 SHDSL VPN Router Ethernet1: P2, P3 and P4 (Port 2, 3, 4) Please uncheck P2, P3, P4 from Ethernet VLAN Port first. Note: You should setup each VLAN group with caution. Each Bridge Interface is arranged in this order. Bridge Interface VLAN Port (Always starts with) Ethernet P1 / P2 / P3 / P4...
  • Page 124 SHDSL VPN Router Spaces next to VPI and VCI, type 0 and 33 in respectively. Select appropriate ATM Class, Encapsulation Method, Acceptable Frame Type, Filter Type and PVID for Untagged Frames. VPI and VCI: Enter the information provided by your ISP. ATM Class: The Quality of Service for ATM layer.
  • Page 125 SHDSL VPN Router Step 3: Setup VLAN Service Go to Configuration Advanced VLAN Bridge DefaultVlan lists all member ports. It is necessary to group specific member ports for each VLAN. From the example, two VLAN groups are requested: Data and Video. To create another VLAN group for Video by clicking Create VLAN.

  • Page 126: Save Configuration To Flash

    SHDSL VPN Router Mapping the VLAN Bridge with Bridge Interface created in Step1, you will see the conformable relationship in these two screenshots. Step 4: IGMP Snooping Enable Go Configuration Advanced IGMP. IGMP Snooping must be enabled in order to allow video stream forwarding correctly. Save Configuration to Flash After changing the router’s configuration settings, you must save all of the configuration parameters to FLASH to avoid them being lost after turning off or resetting your router.

  • Page 127: Logout

    SHDSL VPN Router Logout To exit the router’s web interface, choose Logout. Please ensure that you have saved the configuration settings before you logout. Be aware that the router is restricted to only one PC accessing the configuration web pages at a time. Once a PC has logged into the web interface, other PCs cannot get access until the current PC has logged out of the web interface.

  • Page 128: Chapter 5: Troubleshooting

    SHDSL VPN Firewall Bridge/Router Chapter 5: Troubleshooting If the router is not functioning properly, first check this chapter for simple troubleshooting before contacting your service provider or NetComm support. Problems starting up the router Problem Corrective Action None of the LEDs are Check the connection between the adapter and the router.

  • Page 129: Appendix: Legal & Regulatory Information

    (3) The power supply that is provided with this unit is only intended for use with this product. Do not use this power supply with any other product or do not use any other power supply that is not approved for use with this product by NetComm. Failure to do so may cause damage to this product, fire or result in personal injury.
  • Page 130 To the extent permitted by the Relevant Acts, in relation to your product and any other materials provided with the product (“the Goods”) the liability of NetComm under the Relevant Acts is limited at the option of NetComm to: •...

Table of Contents