NetComm VPN100 User Manual
  1. Manuals
  2. Brands
  3. NetComm Manuals
  4. Firewall
  5. VPN100
  6. User manual
NetComm VPN100 User Manual

NetComm VPN100 User Manual

Personal firewall vpn adaptor
Hide thumbs Also See for VPN100:
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the VPN100 and is the answer not in the manual?

Questions and answers

Related Manuals for NetComm VPN100

Summary of Contents for NetComm VPN100

  • Page 2 NetComm. Failure to do so may cause damage to this product, fire or result in personal injury.

  • Page 3: Table Of Contents

    Hardware ..............................1 0 Connecting your Router ..................... 1 0 Driver Installation ......................1 1 Configuring your VPN100 ........................1 8 Before you begin ......................... 1 8 Using the Web-based User Interface ................. 1 9 One Page Setup ........................2 0 Advanced Applications ..........................
  • Page 4 Appendix B: Frequently Asked Questions ..................... 6 7 Appendix C: Glossary ..........................6 8 Appendix D: Updating your Firmware ....................7 2 Appendix E: Cable Connections ......................7 3 Appendix F: Registering your NetComm Product ................7 6 www.netcomm.com.au Rev.2 - YML685 Page 4...

  • Page 5: Introduction

    Once you're connected over VPN, it's just like being part of the remote network. With a web-based UI (User Interface), this NetComm VPN100 is easy to setup and maintain via web browsers such as Netscape Communicator and Internet Explorer.

  • Page 6: Package Contents

    Package Contents The following items should be contained in your NetComm Personal Firewall VPN Adaptor Package: ■ NetComm Personal Firewall VPN Adaptor (VPN100) ■ Package Contents Note and Traveller’s Guide ■ NetComm Driver CD-ROM (including drivers and additional user guide) ■...

  • Page 7: Default Settings & Facts

    Password: admin Resetting While using or installing your NetComm VPN100 you may need to utilise the reset feature. There are two types of reset: Soft A soft reset will restart the unit and reconnect to the internet using the settings stored previously, none of your settings are deleted.
  • Page 8 Features of the NetComm VPN100 Your NetComm VPN100 contains the following features that make it excellent for the executive on the road. ■ A USB-attached network interface. ■ Provides network security through a powerful firewall engine. ■ Prevents hackers from launching a DoS attack to overwhelm your computer, offering advanced protection with SPI.

  • Page 9: Vpn100 Leds

    VPN100 LEDs The following figure shows the top view of the NetComm VPN100. The LEDs on the top indicate the status of the unit. Colour Description Session Orange. The Session LED indicates a successful VPN Tunnel has been established between two endpoints.

  • Page 10: Hardware

    4. Turn on the PC, cable or DSL modem and/or Router. 5. If this is the first time you have connected the VPN100 Adapter to this computer, you will be prompted to install drivers by Windows. Refer to the following section and follow the instructions for the version of Windows you are using.

  • Page 11: Driver Installation

    Driver Installation Windows XP 1. Insert the NetComm Driver CD-ROM in your CD-ROM drive and turn on your computer. 2. When prompted by the Found New Hardware Wizard confirm that “Install the software automatically (Recommended)” is selected and click on Next>.
  • Page 12 6. Windows will install the driver on your system. 7. Click on Finish to complete the installation. 8. Windows XP will advise that a new network device has been installed. www.netcomm.com.au Rev.2 - YML685 Page 12 VPN100 Mobile VPN Firewall...

  • Page 13: Windows 2000

    Windows 2000 1. Insert the NetComm Driver CD-ROM in your CD-ROM drive and turn on your computer. 2. The NetComm USB Adaptor will be located. 3. The Found New Hardware Wizard will appear. Click Next> to continue. 4. Select “Search for a suitable driver for my device (recommended)”...
  • Page 14 Click Next> to continue. 8. If the Digital Signature Not Found window appears, click Yes to continue. 9. The driver will be installed on your system. Click Finish to complete the installation. www.netcomm.com.au Rev.2 - YML685 Page 14 VPN100 Mobile VPN Firewall...
  • Page 15 Windows Me 1. Insert the NetComm Driver CD-ROM in your CD-ROM drive and turn on your computer. 2. The NetComm USB Adaptor will be located. 3. The Add New Hardware Wizard will appear. Select “Automatic search for a better driver [Recommended]” and click on Next>.
  • Page 16 Windows 98 - USB 1. Insert the NetComm Driver CD-ROM in your CD-ROM drive and turn on your computer. 2. The NetComm USB Adaptor will be located. 3. The Add New Hardware Wizard will appear. Select “Search for the best driver for your device [Recommended]”...
  • Page 17 7. The Add New Hardware Wizard will continue with the installation and will advise when it has completed the installation. Click on Finish. 8. You may be prompted to restart your machine. Click on Yes. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 17...

  • Page 18: Configuring Your Vpn100

    Internet via your NetComm VPN100. Before you begin In order to allow a quick reference point when setting up your NetComm VPN100, it is suggested you complete the table below with the necessary information, which should be supplied by your ISP: ✓...

  • Page 19: Using The Web-Based User Interface

    Using the Web-based User Interface The NetComm VPN100 uses a Web-based User Interface for configuration. Start your web browser and type http://192.168.1.1 in the browser’s address box. This address is the factory default IP Address of your NetComm VPN100. Press “Enter”.

  • Page 20: One Page Setup 2

    One Page Setup The “OnePage Setup” screen is the first screen you will see when you access the VPN100’s configuration. If the router has already been successfully installed and set up, this screen’s values will already be properly configured. Below is a description of each setting.
  • Page 21 Obtain IP automatically is the default option for the router. If your ISP automatically assigns the IP addresses and other values to the NetComm VPN100, use this option. This option is the most commonly used setting for connecting to a corporate LAN.
  • Page 22 ISP’s system may need time to restore. Check with your ISP to ascertain how much time is required before the router starts to re-build the PPPoE session and enter this into the “Redial Period” field. www.netcomm.com.au Rev.2 - YML685 Page 22 VPN100 Mobile VPN Firewall...
  • Page 23 ■ Heart Beat Server When you select the "HeartBeat (eg Telstra Cable)" option for your WAN connection type in the NetComm router One-Page Setup, you may also need to specify the Heart Beat Server's IP address. When you have properly configured the Setup page, click “Apply”. Your Router will then attempt to connect to the Internet.

  • Page 24: Advanced Applications

    If you block the use of proxies then all connections must be made directly through the router. www.netcomm.com.au Rev.2 - YML685 Page 24 VPN100 Mobile VPN Firewall...
  • Page 25 LAN servers that were set as virtual servers, port forwards or DMZ host. Check “Block Both” to restrict both connections. Check “Disable” to turn off this function. Set the time schedule from the drop-down list. Click Apply after making any changes. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 25...

  • Page 26: Dhcp Configuration

    ■ WINS Enter the WINS number you wish to be assigned to DHCP clients. ■ DHCP Clients Table Click the DHCP Clients Table button to show current DHCP client information. www.netcomm.com.au Rev.2 - YML685 Page 26 VPN100 Mobile VPN Firewall...

  • Page 27: Administration Settings

    SNMP communities so that only authorized persons are able to manage your NetComm VPN100. If the “Password” is left blank, all users on your network can access the router simply by entering the unit’s IP Address into their web browser’s location window.

  • Page 28: Status Monitor

    ■ DHCP Clients Table If the router is setup to act as a DHCP server, the LAN side IP Address distribution table will appear when this button is selected. www.netcomm.com.au Rev.2 - YML685 Page 28 VPN100 Mobile VPN Firewall...

  • Page 29: Log

    Send Log To Enter the IP address of the computer that you want to send the Log information to. Thiscomputer msut run a suitable “syslog” application (a copy of such an application can be downloaded from the NetComm website). Note: You must enable the log and click apply before you can use the “View Logs”...

  • Page 30: Back Up And Restore

    Back Up and Restore The VPN100 has the ability to store the current configuration to a file. This information can then be restored to the router at a later date. Note: Your configuration should be kept secret and in a secure location to prevent unwanted access to password or network topology information.
  • Page 31 1. Log into the router and click the Backup and Restore menu item from the left hand menu. 2. Click the Browse button to open a Choose file window, search and select your previously backed up file. Click Open. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 31...
  • Page 32 Note: You may not be able to restore a configuration that was backed up from a different version of firmware. It is strongly advised that you try to match the firmware version in your router to the version from which the backup file was made. www.netcomm.com.au Rev.2 - YML685 Page 32 VPN100 Mobile VPN Firewall...

  • Page 33: Configuring Ipsec/Vpn Tunnels

    After the packet is processed with IPSec, the new IP packet contains the old IP header (with the source and destination IP addresses unchanged) and the processed packet payload. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 33...

  • Page 34: Tunnel Mode

    IKE manages the process of refreshing keys; however, a user can control the key strength and the refresh frequency. Refreshing keys on a regular basis ensures data confidentiality between sender and receiver. www.netcomm.com.au Rev.2 - YML685 Page 34 VPN100 Mobile VPN Firewall...

  • Page 35: Vpn Application Types

    VPNs address the following applications ■ Provide telecommuting workers with access to central office resources. ■ Interconnect branch offices to enable corporate intranets. ■ Connect business partners over the Internet with significant cost savings. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 35...

  • Page 36: Vpn / Ipsec Setup

    VPN / IPSec Setup 1. Select the tunnel you wish to create in the Select Tunnel Entry drop-down box. It is possible to create up to 5 simultaneous tunnels with the VPN100. Then select Enable to enable the tunnel. Once the tunnel is enabled, enter the name of the tunnel in the Tunnel Name field. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel.
  • Page 37 VPN device. When connecting between two routers the remote security gateway will be the public (WAN) IP address of the remote router as given on the status page or by the remote ISP. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 37...
  • Page 38 The example shown below displays some sample entries for both the Encryption and Authentication Key fields. Again, up to 23 alphanumeric characters are allowed to create this key. www.netcomm.com.au Rev.2 - YML685 Page 38 VPN100 Mobile VPN Firewall...
  • Page 39 The VPN Log screen displays successful connections, transmissions and receptions, and the types of encryptions used. Once you no longer have need of the tunnel, simply click the Disconnect button on the bottom of the VPN page. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 39...

  • Page 40: Example1: Tunnel Between Two Vpn Routers

    Example1: Tunnel between Two VPN Routers Example2: Tunnel between VPN Router-and-VPN Client with Fix IP www.netcomm.com.au Rev.2 - YML685 Page 40 VPN100 Mobile VPN Firewall...

  • Page 41: Example3: Tunnel Between Vpn Router-And-Vpn Client

    Example3: Tunnel between VPN Router-and-VPN Client with dynamic IP Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 41...

  • Page 42: Configuring Ipsec On Windows 2000

    140.111.1.2 (Note: ISP provided IP Address; this is only an example.) Subnet Mask: 255.255.255.0 Cable/DSL Firewall Router IP Address: 140.111.1.1 (Note: ISP provided IP Address, this is only an example.) Subnet Mask: 255.255.255.0 IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 www.netcomm.com.au Rev.2 - YML685 Page 42 VPN100 Mobile VPN Firewall...
  • Page 43 3. Click Next, and then type a name for your policy (for example, “to_VPNRouter”). 4. Deselect the Activate the default response rule check box, and then click Next button. 5. Click the Finish button, making sure the Edit check box is checked. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 43...

  • Page 44: Build 2 Filter Lists: "Winxp To Cable/Dsl Firewall Router" And "Cable/Dsl Firewall Router To Winxp

    1. In the to_VPNRouter Properties, deselect the Use Add Wizard check box, and then click Add button to create a new rule. 2. From the IP Filter List tab, click the Add button. www.netcomm.com.au Rev.2 - YML685 Page 44 VPN100 Mobile VPN Firewall...
  • Page 45 6. If you want to type a description for your filter, click the Description tab. 7. Click OK button. Then click OK(for WinXP) or Close (for Win2000) button on the IP Filter List window. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 45...
  • Page 46 11. In the Destination address area, click My IP Address. 12. If you want to type a description for your filter, click the Description tab. 13. Click OK, and then click OK. www.netcomm.com.au Rev.2 - YML685 Page 46 VPN100 Mobile VPN Firewall...

  • Page 47: Configure Individual Rule Of 2 Tunnels

    2. From the Filter Action tab, click the filter action “Require Security”, and click the Edit button. 3. Check that the Negotiate security option is enabled, and deselect the Accept unsecured communication, but always respond using IPsec check box. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 47...
  • Page 48 4. Select the Session key Perfect Forward Secrecy (PFS) and remember to check the PFS option on the Cable/DSL Firewall Router, and then click the OK button. 5. From the Authentication Methods tab, click the Edit button. www.netcomm.com.au Rev.2 - YML685 Page 48 VPN100 Mobile VPN Firewall...
  • Page 49 6. Change the authentication method to “Use this string (preshared key)”, enter the string “Test”, and then click the OK button. This new Preshared key will be displayed in Authentication method preference order. Click the OK button to continue. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 49...
  • Page 50 Address; this is only an example.) of Cable/DSL Firewall Router. 8. From the Connection Type tab, select All network connections, and then click the OK or Close button to finish this rule. www.netcomm.com.au Rev.2 - YML685 Page 50 VPN100 Mobile VPN Firewall...
  • Page 51 9. In the to_VPNRouter Properties, deselect the Use Add Wizard check box, and then click the Add button to create the second IP Filter. 10. On the IP Filter List tab, click the filter list “Cable/DSL Firewall Router XP”. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 51...
  • Page 52 11. From the Filter Action tab, click the filter action “Require Security”. 12. From the Authentication Methods tab, click the Edit button. www.netcomm.com.au Rev.2 - YML685 Page 52 VPN100 Mobile VPN Firewall...
  • Page 53 OK button to continue. 14. From the Tunnel Setting tab, click The tunnel endpoint is specified by this IP Address box, and then type the Windows 2000/XP IP Address “140.111.1.2”. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 53...
  • Page 54 15. From the Connection Type tab, select All network connections, and then click the OK(for WinXP) or Close(for Win2000) button to finish. 16. From the Rules tab, click the OK button to back to the secpol screen. www.netcomm.com.au Rev.2 - YML685 Page 54 VPN100 Mobile VPN Firewall...

  • Page 55: Steps In Cable/Dsl Firewall Router

    2. When the User Name and Password field appears, skip the user name and enter the default password admin and press the Enter key. 3. Click the OnePage Setup tab to set the configuration as shown below. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 55...
  • Page 56 The following Figure is a sample configuration for the Router’s VPN tab. Once all these have been entered, click the Connect button to establish a VPN connection. The Status should indicate that the Router is Connected. www.netcomm.com.au Rev.2 - YML685 Page 56 VPN100 Mobile VPN Firewall...

  • Page 57: Network Administrator's Guide

    IPsec VPN tunnel back to a Head office. Of course you can configure more than one tunnel in your VPN100 and allow the end user access to the Head office as well as their home office. The VPN100 can work with many types of NetComm routers as well as virtually any other VPN router that supports ‘IPSec using Preshared key’, even Windows servers can be...

  • Page 58: Remote Secure Group

    The VPN100 can only service one computer on it’s LAN side (because it connects via USB) - when using the default settings your computer is usually going to be assigned 192.168.1.100. You may wish to differentiate each VPN100 by changing the next octet in the Device IP address (e.g.

  • Page 59: Manual Or Automatic 'Keep Alive' Tunnels

    If you wish to have the End user log into the Windows domain via the VPN tunnel you may need to ensure your MTU in the VPN100 is set to 1492 or less. Also it is strongly advisable to set the VPN100 to ‘Keep Alive’ the VPN tunnel so that the tunnel is created whilst the computer is booting –...

  • Page 60: Vpn Passthrough

    VPN endpoints. If the End user wishes to use the VPN100 at a customer’s office which uses a NAT router or Internet Gateway to share their Internet connection the Internet Gateway must allow VPN Pass through in order for the VPN100 to be able to create a connection to the Head Office.
  • Page 61 Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 61...
  • Page 62 The following are screen captures of the VPN configurations of the Head Office router and the VPN100s at Sites 2, 3 & 4. These are shown to help you understand how you would configure each VPN100 to work with the NB5580 (Head office or Remote VPN device). VPN100 at site 2 VPN screen shot VPN100 at site 3 VPN screen shot www.netcomm.com.au...
  • Page 63 VPN100 at site 4 VPN screen shot NB5580 VPN config screen shot for tunnel from VPN100 unit A (site 2) Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 63...
  • Page 64 NB5580 VPN config screen shot for tunnel from VPN100 unit B (site 3) NB5580 VPN config screen shot for tunnel from VPN100 unit C (site 4) www.netcomm.com.au Rev.2 - YML685 Page 64 VPN100 Mobile VPN Firewall...

  • Page 65: Appendix A: Trouble Shooting

    NetComm VPN100. Hardware T: The Power LED is off. Check the USB cable is properly connected to the NetComm VPN100 and that your computer’s USB socket is functional. T: The Link LED is off. Check the hub, switch or modem is properly connected to the ethernet socket of the NetComm VPN100.

  • Page 66: Client Side (Computers)

    Note: If you are not able to get to the web configuration screen for the NetComm VPN100, make sure that you disable the proxy setting within your Internet browser and set your browser to access the Internet via the LAN.

  • Page 67: Appendix B: Frequently Asked Questions

    Q: What is the maximum number of IP Addresses the NetComm VPN100 can support? The DHCP Server in the NetComm VPN100 can support up to 50 IP Addresses usually in the range of 192.168.1.100~192.168.1.150 but, because it connects via USB, it is usually only possible to support one PC.

  • Page 68: Appendix C: Glossary

    A name that identifies one or more IP Addresses. For example, the domain name microsoft.com represents about a dozen IP Addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL http://www.pcwebopedia.com/index.html, the domain name is pcwebopedia.com. www.netcomm.com.au Rev.2 - YML685 Page 68 VPN100 Mobile VPN Firewall...
  • Page 69 255. IPSec Internet Protocol Security is a security standard for network transmission, which is often used for VPN connections. It provides authentication and packet encryption over the Internet. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 69...
  • Page 70 An agreed format for transmitting, sending and receiving data between two devices. Roaming The ability for a wireless device to move from one access point’s range to another without losing the connection. www.netcomm.com.au Rev.2 - YML685 Page 70 VPN100 Mobile VPN Firewall...
  • Page 71 WEP uses a combination of 64-bit/128-bit keys to encrypt data that is transmitted between all points in a wireless network to ensure data security. It is described in the IEEE 802.11 standard. Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 71...

  • Page 72: Appendix D: Updating Your Firmware

    The VPN100 incorporates the TFTP protocol to reliably upload new firmware. These updates are either posted on the NetComm website (www.netcomm.com.au) or Emailed via NetComm's technical staff.

  • Page 73: Appendix E: Cable Connections

    If you are unsure about which cable to use or which socket to connect it to, please refer to the hardware installation section in this manual. If you are still not sure about cable connections, please contact a professional computer technician or NetComm for further advice. RJ-45 Network Ports RJ-45 Network Ports can connect any networking devices that use a standard LAN interface, such as a Hub/Switch Hub or Router.
  • Page 74 An RJ-11 connector is the small, modular plug used for most analog telephones. It has six pin slots in the head, but usually only two or four of them are used. RJ-11 Connector Pin Assignment Normal Assignment Signal Ground +5 Volts In Signal Ground Figure 5 www.netcomm.com.au Rev.2 - YML685 Page 74 VPN100 Mobile VPN Firewall...
  • Page 75 Data Carrier Detect Receive Data (a.k.a RxD, Rx) Transmit Data (a.k.a TxD, Tx) Male Connector Data Terminal Ready SGND Ground Data Set Ready Request To Send Clear To Send Ring Indicator Rev.2 - YML685 www.netcomm.com.au VPN100 Mobile VPN Firewall Page 75...

  • Page 76: Appendix F: Registering Your Netcomm Product

    Trade marks and Notices “NetComm” is a trade mark of NetComm. Windows® is a registered trade mark of Microsoft Corporation. Other brand and product names are trade marks or registered trade marks of their respective holders. Information is subject to change without notice. All rights reserved.
  • Page 77 2. This warranty does not apply to software programs, batteries, power supplies, cables or other accessories supplied in or with the product; 3. You must comply with all of the terms of any relevant agreement with NetComm and any other reasonable requirements of NetComm including producing such evidence of purchase as NetComm may require;...
  • Page 78 5. Your product has been repaired or modified or attempted to be repaired or modified, other than by a qualified person at a service center authorised by NetComm; and, 6. The serial number has been defaced or altered in any way or if the serial number plate has been removed.

Table of Contents