1. Manuals
  2. Brands
  3. Asante Manuals
  4. Network Router
  5. FriendlyNET VR2004 Series
  6. User manual

Asante FriendlyNET VR2004 Series User Manual

Vpn security routers
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
®
FriendlyNET
VR2004 Series
VPN Security Routers
User's Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FriendlyNET VR2004 Series and is the answer not in the manual?

Questions and answers

Related Manuals for Asante FriendlyNET VR2004 Series

Summary of Contents for Asante FriendlyNET VR2004 Series

  • Page 1 ® FriendlyNET VR2004 Series VPN Security Routers User’s Manual...

  • Page 2: Before You Start

    Web browser: Microsoft Internet Explorer or Netscape Communicator, version 4.0 or later, or Apple Safari The following devices are not compatible with the VR2004 Series routers: Cable/DSL modems with USB or Firewire connections, asymmetrical dual media connections, Home PNA or other non- Ethernet compatible communication devices.

  • Page 3: Quick Start Guide

    Quick Start Guide This section will guide you through setting up the Asanté FriendlyNET router with your Cable/DSL modem. Setting up your router requires three basic steps: Determine the TCP/IP settings for your computer and record them in the table provided. Set up your hardware.
  • Page 4 Item No. TCP/IP Control Panel Configure Manually or Using DHCP Server IP Address Subnet Mask Router Address Name Server Address Host Name (DHCP Server Only) Once the information has been recorded, choose Using DHCP Server from the Configure: pull-down menu. Close the dialog box and save your changes.
  • Page 5 Item No. TCP/IP Control Panel Configure Manually or Static IP Address or Using DHCP Server Dynamic IP Address IP Address WAN IP Address Subnet Mask WAN Subnet Mask Router Address WAN Gateway Name Server Address Primary and Secon- dary DNS Host Name (DHCP Client ID No.
  • Page 6 Expand this dialog box by clicking on the More Info >> button. Complete the information in this table: Item No. IP Configuration Host Name DNS Servers Adapter Address IP Address Subnet Mask Default Gateway Tip: Next to the DNS Servers field, click the button to show the Secondary DNS (if available).

  • Page 7: Windows Xp

    Item No. IP Configuration Description Host Name Host Name Primary DNS Primary DNS Physical Address MAC Address IP Address WAN IP Address Subnet Mask WAN Subnet Mask Default Gateway WAN Gateway Windows XP From the Start button, select Settings/Control Panel. Click on Network and Internet Connections.

  • Page 8: Install The Hardware

    The TCP/IP configuration of your computer is now complete. Re- peat steps 1 – 4 and 7 – 10 to configure additional PCs on your net- work. Red Hat Linux In order to gather the information necessary to complete the table, you will need to run the /sbin/ipconfig command.

  • Page 9: Configure Your Router

    3. Configure Your Router From your computer, use your browser to configure the router for your network. Start your web browser. Type http://192.168.123.254 into your browser’s address or location field and press Enter. In a few moments you’ll see the Login screen for the router. Enter the default username, admin (the default password is blank), and click OK.
  • Page 10 FriendlyNET VPN Security Router...

  • Page 11: Table Of Contents

    Table of Contents Before You Start Quick Start Guide Chapter 1. Introduction Chapter 2. Configuration Chapter 3. Advanced Settings Chapter 4. VPN Configuration Appendix A. Warranty Statement and FriendlyCare Support Appendix B. FCC Statement Appendix C. Troubleshooting Appendix D. Renewing Client IP Addresses Appendix E.
  • Page 12 FriendlyNET VPN Security Router...

  • Page 13: Chapter 1. Introduction

    Chapter 1. Introduction Thank you for purchasing the FriendlyNET VR2004 Series VPN Se- curity Router. The router provides an easy, affordable way to com- municate over the Internet, while ensuring a secure connection to another VR2004 (or other compatible VPN solution). Whenever...
  • Page 14 • Hacker Attack Logging: Supports general hacker attack pattern monitoring and logging • High Performance 32-bit RISC CPU Engine: With the most advanced 32-bit RISC CPU engine, the router has full compatibility with present and future Cable/DSL tech- nologies • PPPoE Client: Supports PPPoE client function to connect to the remote PPPoE server •...

  • Page 15: Package Contents

    1.2 Package Contents Please compare the items included in your package to the list be- low. The following items should be included: • FriendlyNET VR2004 Series VPN Security Router • Power adapter • User’s Manual (this document) If any of the above items are damaged or missing, please contact your dealer immediately.
  • Page 16 Color Link/Activity Green LAN ports 1 to 4 Blinking Wireless Green (VR2004AC model only) Blinking Green Green Internet Green Status Blinking Yellow Power From left to right, the rear panel of the router contains the following: Power (5 VDC) plug; Internet (WAN) port; COM port; Reset button; and LAN ports 4, 3, 2 and 1.

  • Page 17: Chapter 2. Configuration

    Chapter 2. Configuration Power up the router first, before powering up the at- tached devices. Launch your web browser and type the default IP address (192.168.123.254) in the browser’s address box. Press Enter. The login window will appear. Type the default user- name admin and press OK.

  • Page 18: Time Zone Settings

    • Time Zone Settings • Device IP Settings • ISP Settings • Additional ISP Settings • Modem Settings • VPN Settings Important! You must save and restart the router in the Save & Re- start screen for your configurations to take effect. 2.1.1 Time Zone Settings From the drop down menu, choose the local time zone.
  • Page 19 Quick Start Guide), and click Next to enter the data. If you use a dynamic IP Address, check the Dynamic IP radio button and click Next to continue to Additional ISP Settings. 2.1.4 Additional ISP Settings In this page, you can enable the type of WAN connection you are using.
  • Page 20 ISPs use the information for authentication purposes, so you must select the check box and enter the requested information for your WAN type. Item Description User Name Account name (assigned by your ISP). Password Password for the account (assigned by your ISP). Idle Time Router attempts to keep the connection on (“keep alive”) until it has reached a specified idle time;...
  • Page 21 Click Next to enter the new data and to proceed to the Wireless Settings page (VR2004AC model only) or to the Modem Settings page. 2.1.5 Wireless Settings (VR2004AC only) The VR2004AC is designed to function as a wireless access point using the default settings shown.

  • Page 22: Modem Settings

    Encryption Most internal LAN traffic does not require additional security meas- ures. If you are transferring sensitive files or other material over the wireless LAN, you may enable the WEP Security Settings. WEP stands for "Wired Equivalent Protocol". Click on either the "40(64) bit" or the "128-bit” radio button to select which Shared Key you will use, and enter a 10 digit hexadecimal number into the Key 1 field.

  • Page 23: Vpn Settings

    2.1.7 VPN Settings The router can be used as an ordinary unencrypted connection to the Internet, or as a secure connection to another VPN router. To set up a Virtual Private Network (VPN), you must enable the VPN feature, which allows a secure connection to the Internet. Please refer to Chapter 4.

  • Page 24: Device Information

    2.2 Device Information This page displays the current settings of the router: • Device Name: The host name of the router • IP Address: The IP address of the router • LAN MAC Address: The MAC address of the router’s LAN port •...

  • Page 25: System Tools

    • VPN Status: View the IPSec Connection Status for VPN tunnels • DHCP Status: Click to refresh the DHCP log 2.4 System Tools From the Main Menu, select the System Tools button to display the status of the router. The following pages are accessible from the System Tools page: •...
  • Page 26 • Upgrade Firmware: Allows you to upgrade the router to the latest version of firmware • Reset Device: Restarts the router FriendlyNET VPN Security Router...

  • Page 27: Chapter 3. Advanced Settings

    Chapter 3. Advanced Settings From the main menu, click on the corresponding button to access the Advanced Settings screen. From here, you can access the following pages for configuration: • DHCP Server Settings • Virtual Server Settings • Wireless Access Control •...

  • Page 28: Virtual Server Settings

    IP Address Pool Range This pool contains the range of IP addresses that will automatically be assigned to the clients on your network. The default setting is 192.168.123.2 to 192.168.123.100. Increase the range if you have more than 98 computers on your network. IP Address Reservation You can configure client computers with static addresses outside the range of the router’s DHCP server, or use this option to provide...
  • Page 29 Enter the IP addresses of the network servers and the Service Port Range to allow remote access to the desired ports. The Server Port is a TCP or UDP port number. See Appendix E for a list of common service ports. A single server or workstation can be placed outside the protective firewall to allow unrestricted access to the server and to ensure complete Internet application compatibility, even if specified ports...
  • Page 30 3.3 Wireless Access Control Settings * This feature should only be used by users with an extensive knowledge of TCP/IP. By default, all users on the router have full access to local and wide area networks. If necessary, network managers can control LAN and WAN access by entering the MAC addresses of clients into a table.

  • Page 31: Routing Settings

    To delete a MAC address, select the corresponding checkbox and click the Del button. The maximum number of entries allowed in the table is 32. Note: At least one client must have full access in order to perform administrative tasks. Click Submit to have your changes take effect.

  • Page 32: Dynamic Routing Settings

    To specify that gateway you need to define a static route. • Destination IP Address: The network address of the re- mote network • Subnet Mask: The subnet mask of the remote network • Gateway IP Address: The IP address to be used as a gate- way to the remote network 3.4.2 Dynamic Routing Settings The router is capable of exchanging routing information with other...

  • Page 33: Filter Settings

    3.5 Filter Settings Filter Settings give you additional control over what users on your local network can see on the Internet, or what users on the Internet can connect to on your local network. LAN filters control what re- sources on the Internet your local users can connect to. WAN filters allow extra control (beyond what the built-in firewall provides) over what users on the Internet can see on your local network.
  • Page 34 Your selections should look like this: • LAN Side Filter Enabled: Enabled • Default LAN Side Filter: Pass • Filter Entry: Block • Protocol: TCP • IP Address Range: 192.168.123.10 to 192.168.123.20 • Destination Port Range: 119-119 Click Save to add the filter rule (to delete a filter rule, check the “del” box and click the del button).

  • Page 35: Administrative Settings

    3.6 Administrative Settings In this screen, you can set several administrative options for the router simply by entering a password or checking various options that are listed. 3.6.1 Password Settings To prevent unauthorized access to the router, it is highly recom- mended that you change from no password (default) to a password of your choosing, and keep it in a safe place.

  • Page 36: Remote System Administration

    3.6.2 Remote System Administration You may configure your router to allow a user on the Internet to ad- minister it. The default setting 0.0.0.0 means that a user from any IP address may administer the router. You should carefully consider the possible security risks of leaving this setting at the default.

  • Page 37: Dynamic Dns Settings

    ISP sets the limit on packet size for PPPoE connection, in which case, you will have to change the MTU setting. See your ISP for details on packet size limits. 3.7 Dynamic DNS Settings Ordinarily, a static IP address is required if you want users on the Internet to be able to find you with a name for your computer rather than a numerical address.

  • Page 38: Url Filter Settings

    may enable the Use wildcards feature. 3.8 URL Filter Settings This feature allows you to block access to certain websites on the Internet. You can specify words or letters that, if they appear in the website name (the URL) or newsgroup name, will cause the site to be blocked by the router.

  • Page 39: Save And Restart

    To enable this feature, access the E-mail Alert screen from the Ad- vanced Settings page and check the box Enable E-mail Notifica- tion. Next, enter the IP address of the outgoing mail server and the destination e-mail address in the given fields and select the fre- quency for receiving E-mail alerts.
  • Page 40 FriendlyNET VPN Security Router...

  • Page 41: Chapter 4. Vpn Configuration

    Chapter 4. VPN Configuration If you require more than an ordinary, unencrypted connection to the Internet, the router supports IPSec to allow secure communications from a network to another network, or from a client to a network. The Virtual Private Network (VPN) protects your data by encrypting it while it is sent across the Internet.
  • Page 42 Your configurations for both ends of the tunnel described in the pre- vious diagram should look like the following: 1. The LAN side of the VR2004 uses one of a set of IP addresses reserved for private ad- dresses, as defined in RFC 1918. They are: From 10.0.0.0...
  • Page 43 VR2004 ‘A’ (West end) • Connection Name: West-East • Local IPSec Identifier: West (Allows you to identify multi- ple tunnels and does not have to match the name used at the other end of the tunnel. May be left blank. The default value is Local.)
  • Page 44 • Remote IP Network: 192.168.123.0 • Remote IP Netmask: 255.255.255.0 • Remote Gateway IP: 172.16.0.123 • Network Interface: WAN ETHERNET 4.2 Client-to-Network To connect a remote client PC to your network, use one of the fol- lowing configurations based on the type of IP address of the client: Mode 1—...
  • Page 45 (the Internet), it needs a way to share a key so that each router can de- crypt the data it receives. User’s Manual VR2004 WAN IP: 10.10.0.123 Netmask: 255.255.255.0 LAN IP: 192.168.100.254...
  • Page 46 The preferred way to do this is with automatic keying using the Internet Key Exchange Protocol (IKE). This requires that your ISP or firewall allows traffic for TCP port 500. Check with your ISP or network administrator if you are not sure if traffic for TCP port 500 is allowed.

  • Page 47: Manual Mode

    4.3.3 Pre-Shared Key IKE can establish a key for the two ends of the tunnel to use to en- crypt the traffic bound for the other network, but it cannot guarantee that the router on the other end of the tunnel can be trusted. The Pre-Shared key is used to establish that trust.

  • Page 48: Authentication Protocol

    The following sections describe the parameters that will need to be entered for a manually keyed tunnel. 4.4.1 Incoming and Outgoing SPI (Security Parameter Index) The SPI is a 32-bit field that the router will use to identify the Secure Association.
  • Page 49 4.4.5 Authentication Key This string is used as key authentication. Use an alpha-numeric value of 16 characters (MD5) or 20 characters (SHA-1). Note: The value entered must match that used by the remote de- vice. After configuring all the VPN values that are required, click on the Save button.
  • Page 50 FriendlyNET VPN Security Router...

  • Page 51: Appendix A. Warranty Statement And Friendlycare Support

    Appendix A. Warranty Statement and FriendlyCare Support Subject to the limitations and exclusions below, Asanté warrants to the origi- nal end user purchaser that the covered products will be free from defects in title, materials and manufacturing workmanship for a period of two years from the date of purchase.

  • Page 52: Online Support

    LOSS, DAMAGE TO PROPERTY AND, TO THE EXTENT PERMITTED BY LAW, DAMAGES FOR PERSONAL INJURY, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE). THESE LIMITATIONS SHALL APPLY EVEN IF ASANTE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF THIS WARRANTY IS FOUND TO FAIL OF ITS ESSENTIAL PURPOSE.

  • Page 53: Appendix B. Fcc Statement

    Appendix B. FCC Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
  • Page 54 FriendlyNET VPN Security Router...

  • Page 55: Appendix C. Troubleshooting

    Appendix C. Troubleshooting Before beginning the troubleshooting process, please check the System Requirements found in Chapter 1 have been met. If not, resolve the System Requirement deficiencies before attempting to troubleshoot further. C.1 Troubleshooting with the Status LEDs Consult Chapter 1.4 for information on the normal operation of the LEDs.
  • Page 56 C.2 Problems Accessing Router If you have problems accessing the router, please check the follow- ing: Can you ping 192.168.123.254? If so, disable the proxy in your browser's setting. If http://192.168.123.254 does not work, try http://192.168.123.254:88. If you are unable to ping the router, do the following: Check the configuration of the computer.

  • Page 57: Cabling Problems

    C.3 Cabling Problems Network cables connect devices in an Ethernet network, such as computers, printers, hubs, routers and Cable/DSL modems. The network connections provided by Ethernet cabling allow the devices to share information, and allow a LAN to access the Internet. Faulty Ethernet cables can cause problems in an otherwise healthy network, creating periods of downtime which can be both frustrat- ing and costly.
  • Page 58 If the port functions correctly, make sure the router is attached to an Uplink Port on the hub or switch. If there is an Uplink button on the hub or switch, make sure it is in the Uplink posi- tion. If there is no uplink port on the hub or switch, then you will need to purchase a crossover cable from your electronics dealer.

  • Page 59: Appendix D. Renewing Client Ip Addresses

    Appendix D. Renewing Client IP Addresses Perform the following to renew the IP addresses of client computers after configuring your VR2004 Series Router: D.1 Windows 98/Me Perform the following steps to Release and Renew the IP Address on each client attached to the router: Go to the Start Button on the lower menu bar.
  • Page 60 FriendlyNET VPN Security Router...

  • Page 61: Appendix E. Service Ports

    Appendix E. Service Ports The table below lists some of the more common TCP and UDP ser- vice ports. Port Service FTP-DATA Telnet, Internet BBS SMTP, Send mail BOOTP bootstrap protocol finger HTTP, worldwide web POP3, receive mail Auth, authentication NNTP, net news SNMP, network management SNMP-TRAP, network management...
  • Page 62 FriendlyNET VPN Security Router...

  • Page 63: Appendix F. Hardware And Software Compatibility

    Appendix F. Hardware and Software Compatibility Protocols Supported TCP/IP, NAT, DHCP, PPP, PPPoE, VPN Network and Client Platforms compatibility Windows 95/98/NT/2000/Workstation Microsoft Windows NT Server UNIX System (Linux, OpenBSD, SCO-UNIX) Application Software Compatibility Microsoft Internet Explorer Netscape Navigator/Communicator FTP related software NetMeeting V3.01 Microsoft Outlook Microsoft Outlook Express...
  • Page 64 FriendlyNET VPN Security Router...

  • Page 65: Appendix G. Specifications

    Appendix G. Specifications Connectors: LAN: 4 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 WAN: 1 Fast Ethernet (100BaseTX, 10BaseT): RJ-45 COM: Serial (analog modem or ISDN TA): DB9 WLAN: 11 Mbps (802.11b) at 18 dBm signal with VR2004AC Status Indicators: Power, Status, Link/Activity (per port), WAN, COM and Wireless (VR2004AC only) ports.
  • Page 66 Advanced Settings DHCP: Dynamic host configuration protocol automatically assigns IP address to specified clients. Choose address pool range. Reserve LAN IP addresses for selected devices (by MAC addresses). Virtual Server: De-Militarized Zone (DMZ) for specific IP address. Forward service port range to specific LAN IP address. Static Routing: Destination IP address, subnet mask and gateway address.
  • Page 67 Intrusion: Detects 11 types of denial of service (DOS) attacks including: ping of death (illegal ping packet), SYN flood (detects if SYN is from the same source), LAND attack (same source and destination addresses), IP spoofing (simulates a LAN packet), Code Red 1 (pattern I), Code Red II (pattern II), UDP loopback (illegal UDP echo), smurf attack (ping with destina- tion address as broadcast), snork attack (same source and destination port), TCP null scan (SYN packets with sequence...
  • Page 68 Performance Processor: 32-bit RISC CPU Memory: Upgradeable FLASH firmware from web browser LAN: 10/100 Mbps WAN: 10/100 Mbps WLAN: Up to 11 Mbps Physical Characteristics Dimensions: 7.9 x 5.9 x 1.7 inches (201 x 151 x 44 mm) Weight: VR2004C: 1.0 pounds (0.45 Kg) VR2004AC: 1.01 pounds (0.46 Kg) Environmental Range Operating Temperature:...

  • Page 69: Appendix H. Configuring A System Log Server

    Appendix H. Configuring a System Log Server Because the router’s memory cannot hold as many messages as a computer with a hard drive, you can have the router send its System Log messages to a server on the network. The ability to receive system log messages is most common on Unix-type sys- tems.
  • Page 70 # /etc/init.d/syslog restart A default install of a recent version of Red Hat Linux has proba- bly also configured a firewall that may be blocking access to the syslog port. Usually ipchains is used by default. To add a rule to the firewall for ipchains, edit the file /etc/sysconfig/ ipchains and add a rule allowing access to UDP port 514: #Allow router to send syslog messages: -A input -s 192.0.2.254/32 -d 0/0 514 -p udp -j ACCEPT...
  • Page 71 ConsoleMessage "Starting system log" if [ -f /etc/syslog.conf ]; then if ! pid=$(GetPID syslog); then rm -f /dev/log syslogd else echo "Warning: syslogd was not started" Add a parameter -u to the end of the line that starts the daemon: syslogd -u Save the file.

  • Page 72: Microsoft Windows

    Select Other under Port Name. Enter 514 and syslog in the Port Number and Description fields, and click OK. You should now see messages begin to appear in the selected router.log file. Note: The default firewall tool provided by Mac OS X doesn't provide a way to limit access only to one IP address.

  • Page 73: Appendix I. Your 802.11B Wireless Network

    Appendix I. Your 802.11b Wireless Network Thank you for choosing Asanté for your wireless networking solu- tions. In order to make wireless networking as safe and easy as possible, please consider the following information when setting up and using your wireless network. Optimum Performance The quality of your wireless network performance depends on numerous factors, including the distance from the access point, structural interfer-...

  • Page 74: Administrator's Password

    • The type of walls, windows, doorways or other building structures will affect the range of the wireless signal. Struc- tures such as metal framed houses, windows containing UV protective film, and residences with multiple floors will all affect the signal quality •...

  • Page 75: Mac Address Control

    MAC Address Control Every network device has a unique hardware address known as a media access control (MAC) address. Enabling MAC address con- trol allows you to control LAN and WAN access for each client in your network. Hackers will be denied access using outside devices. WEP Encryption Wired Equivalency Privacy (WEP) security protocol offers basic pri- vacy protection, but should be used to make it more difficult for...
  • Page 76 Asanté Technologies, Inc. 821 Fox Lane San Jose, CA 95131 FriendlyNET VR2004 Series VPN Security Router User’s Manual SALES 800-662-9686 Home/Office Solutions 800-303-9121 Enterprise Solutions 408-435-8388 TECHNICAL SUPPORT 801-566-8991 Worldwide 801-566-3787 FAX www.asante.com Copyright © 2003 Asanté Technologies, Inc. Asanté is a registered trademark of As- anté...

Table of Contents

Save PDF